last executing test programs:

11m30.968072738s ago: executing program 32 (id=361):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
madvise(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4)

11m22.120814668s ago: executing program 33 (id=521):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000002a00)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

11m15.112917529s ago: executing program 34 (id=391):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f0000000300)="14fd54ab72df97e6256c00000000", 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

11m13.821694719s ago: executing program 35 (id=739):
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$802154_dgram(r0, &(0x7f0000000180)={0x27, @short}, 0x14)

10m49.193770249s ago: executing program 36 (id=1612):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)

10m42.113639191s ago: executing program 37 (id=1901):
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000001080), 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
read$FUSE(r0, &(0x7f0000000ec0)={0x2020}, 0x2020)

10m36.513128769s ago: executing program 38 (id=2090):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0xc00)

10m8.755089388s ago: executing program 39 (id=2598):
mkdir(&(0x7f0000000200)='./bus\x00', 0x0)
mount$incfs(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./bus\x00', 0x0, 0x3ae4c21, &(0x7f0000000140))

9m32.097054328s ago: executing program 40 (id=4733):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

9m26.336651009s ago: executing program 41 (id=4883):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0xffaf)

8m24.223911172s ago: executing program 42 (id=7139):
socket(0x2, 0x3, 0xff)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f0000000a40)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000a80)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000280)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000080)={0x0, 0x0, 0xc8, 0x10001, 0x1, 0x42, 0x0, 0xfffffffffffffffd, 0xe})
lchown(&(0x7f0000000940)='./file0\x00', 0x0, 0x0)

8m18.490645753s ago: executing program 43 (id=6806):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x18}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x8, 0x0, 0x2, 0x8, 0xc, 0x7}, {0x1, 0x0, 0x9, 0x401, 0x0, 0x7fffffff}, 0x2000001, 0x1000, 0x575}}, @TCA_TBF_RATE64={0x0, 0x4, 0x274bdcb7db3981e2}, @TCA_TBF_PRATE64={0xc, 0x5, 0xe1e31d5aa9748ab8}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x404}, 0x0)

8m9.884194238s ago: executing program 44 (id=7522):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x28, 0x14, 0x509, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @empty}, @IFA_FLAGS={0x8, 0x8, 0x600}]}, 0x28}}, 0x0)

7m45.408399573s ago: executing program 45 (id=7754):
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x60840, 0x8)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000340)='.\x00', 0x300)
fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xee01, 0x0, 0x1000)

7m33.923803205s ago: executing program 46 (id=8559):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
unshare(0x2040600)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1})

7m26.575205981s ago: executing program 47 (id=8783):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r1, 0x40045402, &(0x7f0000000140)=0x1)

7m7.618510661s ago: executing program 48 (id=8963):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mount$incfs(&(0x7f0000000400)='./bus\x00', &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x0, 0x0)

6m46.589027403s ago: executing program 49 (id=9467):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f00000001c0)={[{@nobarrier}, {@mblk_io_submit}, {@inlinecrypt}, {@test_dummy_encryption_v1}, {@barrier}, {@mblk_io_submit}, {@nomblk_io_submit}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
unlink(&(0x7f0000000180)='./file1\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x84042, 0x1fb)
write$P9_RUNLINKAT(r0, &(0x7f0000000000)={0xfffffffffffffecb, 0x4d, 0x1}, 0xffffffd7)

6m40.210487844s ago: executing program 50 (id=9627):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r0}, 0x9)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

6m19.023414139s ago: executing program 51 (id=10379):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000001c0)='mm_page_alloc\x00', r0}, 0x18)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0x7000000)

6m5.480660594s ago: executing program 52 (id=10341):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000007702000000000000010000f9"])

5m51.81439672s ago: executing program 53 (id=10705):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fbdbdf2505000000400001800d0001007564703a73797a32"], 0x54}, 0x1, 0x0, 0x0, 0x4081}, 0x4040140)

5m44.408525467s ago: executing program 54 (id=11427):
r0 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
ioctl$int_in(r0, 0x5452, &(0x7f0000000240)=0x5d4)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_DISALLOCATE(r1, 0x5608)

5m25.191663261s ago: executing program 55 (id=11612):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x80c0}, 0x2000000)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001080)=[@cred={{0x1c}}], 0x20}, 0x12140)

5m20.18934378s ago: executing program 56 (id=12033):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)={0x30, r2, 0x8d61ddcfedb48df, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)

4m55.715996157s ago: executing program 57 (id=12914):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x0, 0xff, 0x5a, 0xa3}}]}}]}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
syz_usb_control_io$hid(r0, 0x0, 0x0)

4m54.302978819s ago: executing program 58 (id=12952):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000280)={@dev={0xfe, 0x80, '\x00', 0xd}}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14)

4m19.560965922s ago: executing program 59 (id=14077):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x61}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
readlinkat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0)

4m15.055087312s ago: executing program 60 (id=14285):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000002b"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000002300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

4m9.635653056s ago: executing program 61 (id=14586):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f00000003c0)="84", 0x1}], 0x2}}], 0x1, 0x4400c800)
sendto$inet6(r0, &(0x7f00000000c0)="a0b4c625c23cd396f82b9afce9280d9dda2f5781113c", 0x16, 0x20000000, 0x0, 0x0)

3m51.065297805s ago: executing program 62 (id=15290):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6, @remote}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r1, {0x7}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000840}, 0x20048054)

3m21.334421308s ago: executing program 63 (id=16191):
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000180)={&(0x7f0000000580)={0x1d, r2}, 0x10, &(0x7f0000000100)={&(0x7f00000005c0)=@can={{0x4, 0x0, 0x0, 0x1}, 0x22, 0x3, 0x0, 0x0, "5774c2bc80849452"}, 0x10}, 0x2, 0x0, 0x0, 0x4904}, 0x24000004)

3m10.768717292s ago: executing program 64 (id=16485):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000001740)={[{@keep_last_dots}, {@allow_utime={'allow_utime', 0x3d, 0x6}}, {@utf8}, {@gid}, {@gid}, {@keep_last_dots}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@time_offset={'time_offset', 0x3d, 0xc}}, {@errors_continue}, {@errors_remount}]}, 0x1, 0x1531, &(0x7f0000000200)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k0uiyTJJUkuSZIkSW4JSZMcSUgMuSUNSUguQ3IZQnKZmDTu9/slIUmaJMktt2T9P1P8nU7165xfneN8fvN8P5/9sZ537bX28+5nv/OuvTHfdB5So1HNqg2ICP4U/PmPRACIBYABAHANAAQAUDaubFxmf3aJiX/uIOyv9VDKlc6AXUlc/6yN65+1cf2zNq5/1sb1z9q4/lkb1z9r4/ozlpVtmpb/Wt6y7vaXP//Pfvklfv7/346///8PySg55os1Ja/vAhDzzw7h+mdtXP//s4J/Zieuf9bG9c+qYq90Auy/AH/+s4Jsv9vD9c/auP6MZWVX+vnzld4gkrXPwZW+/hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMZQ1n/GUKAC61r3RejDHGGGOMMcYY++v4bFc6A8YYY4wxxhhjjP37IQiQoCCAGMgGsZAdcoAAgKshF1wDEbgW4uA6yA3XQx7IC/kgP8RDASgIGgxYIAihEBSGKNwAReBGKArFoDiUAAcloRTcBKXhZigDt0BZuBXKwW1QHipARagEt0NluAOqwJ1QFe6CalAdakBNuBtqwT1QG+6FOnAf1IX7oR48APXhQWgAD0FDeBgawSPQGB6FJtAUmkFzaPG/Gv8CdIcXoQf0hEToBb3hJegDfaEf9IcB8DIMhFdgELwKSTAYhsBrMBReh2HwBgyHETAS3oRR8BaMhjEwFsZBMoyHCfA2TIR3YBJMhikwFVJgGkyHd2EGzIRZ8B7MhvdhDsyFeTAfUuEDWAALIQ0+hEXwEaTDYlgCS2EZLIcVsBJWwWpYA2thHayHDbARNsFm2AJbYRtshx3wMeyET2AX7IY98Cnshc/+xfGn/2F8FwQEFChQocIYjMFYjMUcmANzYk7MhbkwghGMwzjMjbkxD+bBfJgP4zEeC2JBNGiQkLAQFsIoRrEIFsGiWBSLY3F06LAUlsLSeDOWwTJYFstiOSyH5bECVsBKWAkrY2WsglWwKlbFalgNa2ANvBvvxl5YG2tjHayDdbHupcdT2AAbYENsiI2wETbGxtgEm2AzbIYtsAW2xJbYClthG2yDbbEttsN2mIAJ2B7bYwfsgB2xI3bCTtgZO2MX7IpdM17IBvgivog9sZrohb2xN/bBpGz9sD/2x5dxIL6Cr+CrmISDcQi+hq/h6zgMT+FwHIEjcSRWFm/haByDJMZhMibjBJyAE3EiTsLJOBmnYgpOw+k4HWfgTJyJ7+FsfB/fx7k4F+djKqbiAlyIaZiGi/A0puNiXIJLcRkux2W4ElfhSlyDa3ENrsf1uBE34mbcjFtxK27H7fgxKgD8BHfjbkzCvbgX9+E+3I/78QAewAzMwIN4EA/hITyMh/EIHsGjeAyP4zE8iSfxFJ7GM3gGz+E5PI/PxX/V8ONiq5NAZFJCiRgRI2JFrMghcoicIqfIJXKJiIiIOBEncovcIo/II/KJfCJexIuCoqAwwggSYQwAiKiIiiKiiCgqioriorhwwolSopQoLUqLMqKMKCtuFeXEbaK8qCBau0qikqgs2rgq4k5RVVQV1UR1UUPUFDVFLVFL1Ba1RR1RR9QVdUU98YCoL3phP3xIZFamkRiMjcUQbCKaCnnxJ1hLMQxbidaijXhCjMDh2E60dAniadFejMYO4m9iDD4rOolx2Fk8L7qIrqKbeEF0F61cD9FTTMJeoreYin1EX9FP9BczsLp4D2dnryFeFUlisBgiXhPz8XUxTLwhhosRYqR4U4wSb4nRYowYK8aJZDFeTBBvi4niHTFJTBZTxFSRIqaJ6eJdMUPMFLPEe2K2eF/MEXPFPDFfpIoPxAKxUKSJD8Ui8ZFIF4vFErFULBPLxQqxUqwSq8UasVasE+vFBrFRbBKbxRaxVWwT28UO8bHYKT4Ru8RusUd8KvaKz8Q+8bnYL74QB8SXIkN8JQ6Kr8Uh8Y04LL4VR8R34qg4Jo6LE+Kk+F6cEqfFGXFWnBM/iPPiR3FBeAESpZBSKhnIGJlNxsrsMoe8SuaUwcWze62Mk9fJ3PJ6mUfmlflkfhkvC8iCUksjrSQZykKysIzKG2QReaMsKovJ4rKEdLKkLCVvkqXlzbKMvEWWlbfKcvI2WV5WkBVlJXm7rCzvkBD5+RjVZHVZQ9aUd8tEuEfWlvfKOvI+WVfeL+vJB2R9+aBsIB+SDeXDspF8RDaWj8omsqlsJpvLFvIx2VI+LlvJ1rKNfEK2lU/KdvIpmSCflu2lv3iJPCs7yedkZ/m87CK7ym7yR3lBetlD9pTQC2Rv+ZLsI/vKfrK/HCBflgPlK3KQfFUmycFyiHxNDpWvy2HyDTlcjpAj5ZtylHxLjpZj5Fg5TibL8XKCfFtOlO/ISXKynCKnyhQ5Tfa7ONMsKf9w/Nu/MX7QT0ffKDfJzXKL3Cq3ye1yh/xY7pQ75S65S+6Re+ReuVfuk/vkfrlfHpAHZIbMkAflQXlIHpKH5WF5RB6RR+UxeVaekCfl9/KUPC1Py7PynDwnz188B6BQCSWVUoGKUdlUrMqucqirVE51tcqlrlERda2KU9ep3Op6lUflVflUfhWvCqiCSiujrCIVqkKqsIqqG/DiBaOKqxLKqZKqlLrpXxmviqgbVVFV7BfjL+WX+Dv5tVAtVEvVUrVSrVQb1Ua1VW1VO9VOJagE1V61Vx1UB9VRdVSdVCfVWXVWXVQX1U11U91Vd9VD9VCJKlH1Vi+pPqqv6qf6qwHqZTVQDVSD1CCVpJLUEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVbJKVhPUBDVRTVST1CQ1RU1RKSpFTVfT1Qw1Q81Ss9RsNVvNUXPUPDVPpapUtUAtUGkqTS1Si1S6WqwWq6VqqVqulquVaqVarVartWqtWq/Wq3S1SW1SW9QWtU1tUzvUDrVT7VS71C61R+1Re9VetU/tU/vVfnVAHVAZKkMdVAfVIXVIHVaH1RF1RB1VR9VxdVydVCfVKXVKnVFn1Dl1Tp1X59UFdSFz2ReIQAQqUEFMEBPEBrFBjiBHkDPIGeQKcgWRIBLEBXFB7uD6IE+QN8gX5A/igwJBwUAHJrCBuFj0aHBDUCS4MSgaFAuKByUCF5QMSgU3BaWDm4MywS1B2eDWoFxwW1A+qBBUDCoFtweVgzuCKsGdQdXgrqBaUD2oEdQM7g5qBfcEtYN7gzrBfUHd4P6gXvBAUD94MGgQPBQ0DB4OGgWPBI2DR4MmQdOgWdA8aPGXzu/9qbyPux66p07UvXRv/ZLuo/vqfrq/HqBf1gP1K3qQflUn6cF6iH5ND9Wv62H6DT1cj9Aj9Zt6lH5Lj9Zj9Fg9Tifr8XqCfltP1O/oSXqynqKn6hQ9TU/X7+oZeqaepd/Ts/X7eo6eq+fp+TpVf6AX6IU6TX+oF+mPdLperJfopRr1cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q3+sd+pP9C69W+/Rn+q9+jO9T3+u9+sv9AH9pc7QX+mD+mt9SH+jD+tv9RH9nT6qj+nj+oQ+qb/Xp/RpfUaf1ef0D/q8/lFf0D5zcZ/59W6UUSbGxJhYE2tymBwmp8lpcplcJmIiJs7Emdwmt8lj8ph8Jp+JN/GmoCloMpEhU8gUMlETNUVMEVPUFDXFTXHjjDOlTClT2pQ2ZUwZU9aUNeVMOVPelDcVTUVzu7nd3GHuMHeaO81d5i5T3VQ3NU1NU8vUMrVNbVPH1DF1TV1Tz9Qz9U1908A0MA1NQ9PINDKNTWPTxDQxzUwz08K0MC1NS9PKtDJtTBvT1rQ17Uw7k2ASTHvT3nQwHUxH09F0Mp1MZ9PZdDFdTDfTzXQ33U0P08MkmkTT2/Q2fUwf08/0MwPMADPQDDSDzCCTZJLMEDPEDDVDzTAzzAw3I8zIzIWqecuMNmPMWDPOJJtkM8FMMBPNRDPJTDJTzBSTYlLMdDPdzDAzzCwzy8w2s80cM8fMM/NMqkk1C8wCk2bSzCKzyKSbdLPELDHLzDKzwqwwq8wqs8asMetgndlgNphNZpPZYraYbWab2WF2mJ1mp9lldpk9Zo/Za/aafWaf2W/2mwPmgMkwGeagOWgOmUPmsDlsjpgj5qg5ao6b4+akOWlOmVPmjDljzpm8F78vvYm12W0Oe5XNaa+2uew19h/jfDa/jbcFbEGrbR6b9xexsdYWtcVscVvCOlvSlrI3/SoubyvYiraSvd1WtnfYKr+Ka9l7bG17r61j77M17d2/iOva+209+4itjwhgm9qGtrltZB+xje2jtoltapvZ5ratfdK2s0/ZBPu0bW+f+VW8wC60q+xqu8autbvsbnvGnrWH7Df2nP3B9rA97QD7sh1oX7GD7Ks2yQ7+VTzSvmlH2bfsaDvGjrXjfhVPsVNtip1mp9t37Qw781dxqv3AzrZpdo6da+fZ+T/FmTml2Q/tIvuRTbcBLLFL7TK73K6wK/9/rkvtervBbrQ77Sd2i91qt9ntdselhbDdbffYT+1e+5k9aL+2++0X9oA9bDPsVz/Fme/vsP3WHrHf2aP2mD1uT9iT9nt1aXTmez9hf7QXrLdASECSFAUUQ9kolrJTDrqKctLVlIuuoQhdS3F0HeWm6ykP5aV8lJ/iqQAVJE2GLBGFVIgKU5RuoEvpFacS5KgklaKbqDTdTGXoFipLt1I5uo3KUwWqSJXodqpMd1AVupOq0l1UjapTDapJd1Mtuodq071Uh+6junQ/1aMHqD49SA3oIWpID1MjeoQa06PUhJpSM2pOLegxakmPUytqTW3oCWpLT1I7eooS6GlqT89QB/obdaRnqRM9R53peepCXakbvUDd6UXqQT0pkXpRb3qJ+lBf6kf9aQC9TAPpFRpEr1ISDaYh9BoNpddpGL1Bw2kEjaQ3aRS9RaNpDI2lcZRM42kCvU0T6R2aRJNpCk2lFJpG0+ldmkEzaRa9R7PpfZpDc2kezadU+oAW0EJKow9pEX1E6bSYltBSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRttpB31MO+kT2kW7aQ99SnvpM9pHn9N++oIO0JeUQV/RQfqaDtE3dJi+9T3pOzpKx+g4naCT9D2dotN0hs7SOfqBztOPdIE8QYihCGWowiCMCbOFsWH2MEd4VZgzvDrMFV4TRsJrw7jwujB3eH2YR0CYL8wfxocFwoKhDk1oQwrDsFBYOIyGN4RFwhvDomGxsHhYInRhybBUeFNYOrw5LBPeEpYNbw3LhbeF5cMK4SP3VQpvDyuHd4RVwjvDquFdYbWwelgjrBneHdYK7wlrh/eGdcL7wjLh/WG98IGwfvhg2CB8KGwYPhw2Ch8JG4ePhk3CpmGzsHnYInwsbBk+HrYKW4dtwifCtuGTYbvwqTAhfDpsHz7zU//9C3+/PzHsFfYOXwpfCr2/V86Lzo+mRj+ILogujKZFP4wuin4UTY8uji6JLo0uiy6ProiujK6Kro6uia6Nrouuj26Ibox6XzMbOHTCSadc4GJcNhfrsrsc7iqX013tcrlrXMRd6+LcdS63u97lcXldPpffxbsCrqDTzjjryIWukCvsou4GV8Td6Iq6Yq64K+GcK+lKueauhWvhWrrHXSvX2rVxT7gn3JPuSfeUe8o97dq7Z1wH9zfX0T3rOrnn3HPuedfFdXXd3Auuuxuf6+fPZKLr7Xq7Pq6P6+f6uQFugBvoBrpBbpBLckluiBvihrqhbpgb5oa74W6kG+lGuVFutBvtxrqxLtkluwlugpvoJrpJbpKb4qa4FJfiprvpboab4SrP/OkB48/cPJfqUt0Cl7lmTHOL3CKX7tLdErfELXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtdDvdLn/Nxfn2un1un9vv9rsD7kuX4b5yB93X7pD7xh1237oj7jt31B1zx90Jd9J970650+6MO+vOuR/cefeju+C8S46Mj0yIvB2ZGHknMikyOTIlMjWSEpkWmR55NzIjMjMyK/JeZHbk/cicyNzIvMj8SGrkg8iCyMJIWuTDyKLIR5H0yOLIksjSyLLI8oj3BbaEvpAv7KP+Bl/E3+iL+mK+uC/hnS/pS/mbfGl/sy/jb/Fl/a2+nL/Nl/cVfEX/qG/im/pmvrlv4R/zLf3jvpVv7dv4J3xb/6Rv55/yCf5p394/4zv4v/mO/lnfyT/nO/vnfRff1XfzL/ju/kXfw/f0ib6X7+1f8n18X9/P9/cD/Mt+oH/FD/Kv+iQ/2A/xr/mh/nU/zL/hh/sRfmTMm37UpVtkGOeT/Xg/wb/tJ/p3/CQ/2U/xU32Kn+an+3f9DD/Tz/Lv+dn+fT/Hz/Xz/Hyf6j/wC/xCn+Y/9Iv8Rz7dL770UNmv8Cv9Kr/ar/Fr/Tq/3m/wG/0mv9lv8Vv9Nr/d7/Af+53+E7/L7/Z7/Kd+r//M7/Of+/3+C3/Af+kz/Ff+oP/aH/Lf+MP+W3/Ef+eP+mP+uD/hT/rv/Sl/2p/xZ/05/4M/73/0F/j/rDHGGGOM/VPGX26KX/b8vGzv9RtjxN/t3BsArt6aP+Pv+zNXlOvy/NzuK+LbRgDg6Z6dH7q0VauWmJh4cd90CUHhuQCX/iYoUwxcjhdDG3gSEqA1lP7N/PuKrufoD+aP3gqQ4+/GxMLl+PL8nwNg4m/M/9gTIxeUC8/E/Q/zzwUoWvjymOxwOV4MbX56vtIayvxO/nlb/kH+2b9IBmj1d2NywuX4cv6l4HF4BhJ+sSdjjDHGGGOMMfazvqJix0v3n5f+xedv3Z/Hq8tjssHl+I/uzxljjDHGGGOMMXblPdu121OPJSS07vivN6r8r0b9snHV73c1hj818xVqZJ7Tf+ch1L8vee8BLr2iAOBPTgiQ2ZD/yRJs/o8cK+niR+cfu5ad9QH8t1yHf75xZX8uMcYYY4wxxv56lxf9v3xdXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxLOg/8evErvR7ZIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxq60/xcAAP//49L8tA==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x100001f, &(0x7f0000000240)={[{@errors_remount}, {@grpquota}, {@i_version}, {@dioread_nolock}]}, 0x21, 0x457, &(0x7f00000007c0)="$eJzs3M1vG0UbAPBnbSd9274lKSof/YAGCiICkTRpgR44UAQSB5CQ4FCOIUmrULdBTZBoFUFAqBxRJQ7cEEck/gJOcEHACYkr3FGlCuXSwslo7XXiOLZTJ3ad1r+ftPKMd9qZx7tjz+zsJoC+NRIRn0XE/yPij4gYioikvsBI5eXWytL0PytL00mUSm/9nZTL3VxZmq4Wrf67veVMLmK5kj/coN6Fy1fOTxWLs5ey/PjihffHFy5feXbuwtS52XOzFydPnTp5YuKF5yef60icaZtuHvpo/sjB19659sb0mWvv/vJdkoUXdXF0yEirnU92uLJe21eTTgo9bAhtyUdEergGyv1/KPKxdvCG4tVPe9o4oKtKpVJpV/PdyyXgHpZEr1sA9Eb1hz6d/1a3OzT02BFunK5MgNK4b2VbZU8hclmZgbr5bSels60zy/9+nW7RnesQAADr/HC68rpx/JeLB2vKvZStDQ1HxP6axY0DEfFARLnsQxHxcJv11y+SbBz/5K63+V+2JR3/vZitba0f/1VHfzGcz3L7yvEPJGfnirPHI+K+iBiNgV1pfqJFHT++8vsXzfaN1Iz/0i2tvzoWzNpxvVB3gW5manFqOzHXuvFJxKFCo/iT1ZWAJCIORsSho1urY+7pb48027d5/C10YJ2p9E3EU5Xjvxx18Vclrdcnx/8Xxdnj49WzYqNff7v6ZrP6241//1erc7aOrLKlx39Pw/N/Nf7hUr5mvXah/Tqu/vl50znNVs//weTtcnowe+/DqcXFSxMRg8nr2fvpN1bsrq+vXG5yrXwa/+ixxv3//lj7JA5HRHoSPxIRj0bE0aztj0XE4xFxrEX8P7/8xHtbj7+70vhnNjn+Se16/RYS+fM/fb+u0uF24k+P/8lyajR753a+/263gdv9/AAAAOBukCvf+5/kxlbTudzYWOV++QOxJ1ecX1h85uz8BxdnKs8IDMdArnqla6jmeuhENq2v5ifr8iey68Zf5neX82PT88WZXgcPfW5vk/6f+ivf69YBXed5Lehf+j/0L/0f+ldhsNctAHqk0fP/9TdOtvgbAcDdrNH4/+MetAO488z/oX+12/8rkwNTArgX+P2H/qX/Q1/aznP93UxU1x92SnvWJUqlzcoUdkpTu5eI3I5ohkSXEj3+YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//gVfl2w==")
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x800, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)

2m24.068915099s ago: executing program 65 (id=18325):
r0 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0xf)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000200)='dirsync\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

1m41.732808617s ago: executing program 66 (id=19735):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f00000002c0)=0x7, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x240540c7, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
close(r0)

1m30.735887758s ago: executing program 67 (id=19625):
userfaultfd(0x1)
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
pwrite64(r0, &(0x7f0000000080)='3', 0x1, 0x0)

1m29.685417175s ago: executing program 68 (id=19641):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
lsetxattr$security_selinux(&(0x7f0000000400)='./file0\x00', &(0x7f0000000000), &(0x7f0000000280)='system_u:object_r:fsadm_exec_t:s0\x00', 0x22, 0x0)

1m16.197428685s ago: executing program 7 (id=20369):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000004000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x14, 0x0, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)

1m16.117945676s ago: executing program 7 (id=20373):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x7}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x0, 0x2, 0x0, 0x0)
shutdown(r0, 0x1)

1m16.021327537s ago: executing program 7 (id=20379):
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r1, &(0x7f0000000040)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000680)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
fcntl$setstatus(r1, 0x4, 0x2000)
splice(r0, 0x0, r2, 0x0, 0x9aa7, 0x0)

1m15.103919111s ago: executing program 7 (id=20422):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000040)='./file0/../file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f00000001c0)='./file0/../file0/file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x103)

1m15.060634412s ago: executing program 7 (id=20425):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = socket$packet(0x11, 0x3, 0x300)
close(r2)

1m14.905637225s ago: executing program 7 (id=20428):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
kcmp(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)

1m14.856600755s ago: executing program 69 (id=20428):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
kcmp(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)

42.783139344s ago: executing program 4 (id=21465):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

42.491527229s ago: executing program 4 (id=21478):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f00000001c0)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noquota}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@errors_continue}, {@orlov}, {@user_xattr}, {@quota}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
capset(&(0x7f00000004c0)={0x20071026}, &(0x7f0000000100))
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0x41009432, 0x0)

42.326103721s ago: executing program 4 (id=21470):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x1c, 0x5, 0xd})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009902"])

42.161796784s ago: executing program 4 (id=21474):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000080)={[{@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x0, 0x506, &(0x7f00000023c0)="$eJzs3c9vHFcdAPDvjL2x67q1C5UKCGgohYCi7Nqb1qp6KhcQqiohKk4cXGNvLMu7Xsu7LrGJFPt/QCISEghOnDkgcYiUE0cEN7jlEg5IASJQjMRh0ewPx4l3s078YxXv5yONZt688Xzfy2re23wTzwtgaF2MiJ2IuBARn0TEVPt80t7ig9aWXffwwY3FvQc3FpNoND7+Z9Ksz87FgZ/JvNy+53hEfP87ET9KDsetbW2vLpTLpY12uVCvrBdqW9tXVioLy6Xl0lqxODc7N/Pe1XeLJ9bXNyu/vf/tlQ9/cPv3X7r3551v/iRr1mS77mA/TlKr67n9OJnRiPjwNIINwEi7PxcG3RCeSxoRn4mIt5rP/1SMND/No+nyWAMAL4BGYyoaUwfLAMB5lzZzYEmab+cCJiNN8/lWDu/1mEjL1Vr98rXq5tpSK1c2Hbn02kq5NNPOFU5HLsnKszez40flYjxevhoRr0XET8deapbzi0fPMwAAJ+vlJ+b//4y15n8A4Jwb73fB/Nm0AwA4O33nfwDg3DH/A8DwMf8DwPAx/wPA8DH/A8CwuduZ/0cG3RIA4Ex876OPsq2x137/9dKnW5ur1U+vLJVqq/nK5mJ+sbqxnl+uVpfLpfxitZL0eelvuVpdn30nNq8X6qVavVDb2p6vVDfX6vPN93rPl3Jn1C8AoLfX3rzz12xK33n/peYWB9ZyMFfD+ZYOugHAwMj5w/DyFm4YXv6OD/Rby7PnfxG+9RzBGjef44eAk3bp8/L/MKzk/2F4yf/D8JL/h+HVaCS91vxP9y8BAM4VOX7gVP/9/xeXn71BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AKYbG7TB8ppms9HvBIR05FLrq2USzMR8WpE/GUsN5aVZwfaYgDg+NK/J+31vy5NvT35ZO2F5L9jzX1E/PjnH//s+kK9vjGbnf/X/vn6rfb54iDaDwD005mnO/N4x8MHNxY721m25/63WouLZnH32lurZjRGs92fxiMXERP/Tlrltuz7ysgJxN/ZjYjPdet/0syNTLdXPn0yfhb7lTONnz4WP23WtfbZn8VnD915rGfMfmu9wrC4k40/H3R7/tK42NyPd138eLw5Qh1fZ/zbOzT+dZ738eZY0238u3jUGO/84bs963YjvjDaLX6yHz/pEf/tI8a/+8Uvv9WrrvGriEvRPf7BWIV6Zb1Q29q+slJZWC4tl9aKxbnZuZn3rr5bLDRz1IVOpvqwf7x/+dWe/f9NxESP+ON9+v+1p/a6sT8A//p/n/zwK73i70Z846vdP//XnxI/mxO//tT4jyxM/K7n8t1Z/KVW/3ef9fM/6qre9/62vXTESwGAM1Db2l5dKJdLGyd6kIsTvuGBg+SU2uzgnB9k38ePe5832imzrtf88Ze338gqB97T3s9OcvSLBzwwAafu0UM/6JYAAAAAAAAAAAAAAAC9HPf3ikb6XZMOuocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcZ/8PAAD//zV4yq8=")
chdir(&(0x7f0000000240)='./file0\x00')
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000100)='./file0\x00')
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000140)='./file1\x00')

41.914137857s ago: executing program 4 (id=21479):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000059c0)={0x8, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1)
madvise(&(0x7f00001c1000/0x3000)=nil, 0x40000, 0x9)

41.589514583s ago: executing program 4 (id=21483):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)

41.499356204s ago: executing program 70 (id=21483):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)

25.065608499s ago: executing program 5 (id=21901):
recvmmsg(0xffffffffffffffff, &(0x7f0000004340)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000007d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x8, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x20000000}, 0x2, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)

25.00190286s ago: executing program 5 (id=21902):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x411a, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x24000800, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @local}, 0x1c)
recvmmsg(r0, &(0x7f00000066c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=""/148, 0x94}, 0x2}], 0x1, 0x2000, 0x0)

24.618589357s ago: executing program 5 (id=21922):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6, 0x0, 0x6c}]}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000440)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x4, 0x3, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2}}}}}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

24.575220607s ago: executing program 5 (id=21923):
fremovexattr(0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x51f, &(0x7f0000000700)="$eJzs3W1rZFcdAPD/vcnsZndTM1WRtWBbbGVXdGeSxrZBpF1B9FVBre/XmExCyCQTMpO6CUVT/ACCiAp+AN8IfgBB+hFEKOh7UVHEbvWl7pU7c6NJZiaZTSaZNPn94GTOuQ/nf84lc+c+HO4N4Mp6PiLuR8RYRHw2IqaK6WmRYreT8uU+ePT2Qp6SyLI3/5FEUkzbqysvj0fErWK1iYj45tcivpN0x21u76zO1+u1zaJcba1tVJvbO/dW1uaXa8u19dnZmVfmXp17eW46K5yqn+WIeO0rf/nJD3/x1dd+8/nv/vHB3+5+L2/Wlz7RaXdELAxQzdiTxu3UXWpviz35Ntp80oousLw/pSfeMgAAjEJ+jP/RiPh0+/h/KsbaR3MAAADAZZK9Phn/TiIyAAAA4NJKI2IykrRSjAWYjDStVDpjeD8eN9N6o9n63FJja30xnxdRjlK6tFKvTRdjhctRSvLyTDHGdq/80qHybEQ8HRE/nrrRLlcWGvXFUV/8AAAAgCvi1nMHz///NZW2893uT5574wAAAIDhKfctAAAAAJeFU34AAAC4/Jz/AwAAwKX29TfeyFO29x7vxbe2t1Ybb91brDVXK2tbC5WFxuZGZbnRWG4/s2/tuPrqjcbGF2J962G1VWu2qs3tnQdrja311oOVA6/ABgAAAM7R08+9+4ckIna/eKOdongOIMABfx51A4BhGht1A4CRGR91A4CRKR27RO89xI0zaAswGskx87sH7xR7gN+eTXsAAIDhu/PJ7vv/14p5x18bAD7MjPUBgKvH/X+4ukonHQF4e9gtAUblI52P6/3m9314xwD3/zvXGLLsRA0DAACGZrKdkrRSHKdPRppWKhFPtV8LUEqWVuq16eL84PdTpet5eaa9ZnLsmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCPLksgAAACASy0i/WvSfpp/xJ2pFycPXh049Navn7/504fzrdbmTMS15P2pfNK1iGj9rJj+UuaVAAAAAHABdM7T43oU5/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMEwfPHp7YS+dZ9y/fzkiyr3ij8dE+3MiShFx859JjO9bL4mIsSHE330nIm73ip/E4yzLykUresW/ccbxy+1N0zt+GhG3hhAfrrJ38/3P/V7fvzSeb3/2/v6NF+m0+u//0v/t/8b67H+eOlTu55n3flXtG/+diGfGe+9/9uInnfgHQuSFFwbs47e/tbPTc8a+KnvF3x+r2lrbqDa3d+6trM0v15Zr67OzM6/MvTr38tx0dWmlXiv+9gzzo0/9+vFR/b/ZJ375YP+7tv+LA/U+i/+89/DRxzqFUq/4d1/o/ft7u0/8tPjt+0yRz+ff2cvvdvL7PfvL3z17VP8Xe/c/mTim/3cH6n+8n33jB3/qOadrawAA56G5vbM6X6/XNo/ITAywzDlnXr8YzRhiJi5GM0aVyb7f+X88XT2nXL0rk51m9fEYQjOudX1Px+KkFSYRu3ldA/5DAgAAl8z/D/qPuoMEAAAAAAAAAAAAAAAAAAAAnKUTPpZsIiIGXvhwzN3RdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ej/DQAA//9kR9Lv")
r0 = socket(0xa, 0x2400000001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000e5f000)=0x90)

24.38842413s ago: executing program 5 (id=21928):
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x0})
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x4c0, @empty=0xe0000001}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @empty=0xe0000001}, {0x0, 0x4e20, 0x8}}}}}, 0x0)

23.725486041s ago: executing program 5 (id=21946):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

23.682374181s ago: executing program 71 (id=21946):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

18.924992995s ago: executing program 6 (id=22077):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000340)='./bus\x00', 0x8d)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

18.900891545s ago: executing program 6 (id=22080):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2020000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfd, {0x60, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}, {0xfff1, 0xfff2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0x3, 0x80000100}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)

18.879280266s ago: executing program 6 (id=22082):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3M1rI2UYAPAn/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6ZJGrKbZEqTprUnDx7Fg/+JKHjy6N/gwbM38aB4E5TMTHXrBwhNm+3294PJM++bN888b1gWnpmSAC6s+eTXn0txI65ExHREXI/IzkvFkVnPwwsRcTMiph47SsX8nxOXIuJqRNwYJc9zloq3Pr89vLX201u/fPPd5ZlrX3z9/eR2DUzaixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+aafbG+3e3sHybC522+nvWStUn2pUr1Tru6mjeaguVqudRt3VpOFVme0rDxo1rrrrTRtdZqVetpdTBZa9Xq5Wk0W7ja32rVeUq1WVipL5bXF4ux28vr995JOI1kYxVfbvb1Bu9NPttPdJP/EYrJcWXl5MblVTd7Z2Ew2H9y7t7H57gd337//ysabrxWL/lFWsrC8tLxcri6Vl6uLF2j/nxRFj3H/cCKlSRcAcP7o/4FJOL3+f/dBxOn3/6H/H4tz1f9e9P7/FPYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sH6Y/fKN7GQ+H18r5p8ppp4rxqWImIqI3//FdFw6lnO6yDP7H+tn/1bDt6XIMoyucbk4rkbEenH89uxpfwsAAADw9Prq45uf5d16/jI/6YI4S/lNm6nrH44p31xEzM7/OKZsU6OX58eULPv3PRMHY8qW3cCaG1Oy/JbbzLiy/S/Tx8LcY6GUh6kzLQcAADgTxzuBs+1CAAAAOEufTroAJqMUR48yj54FZ395/9cDwSvHRgAAAMA5VJp0AQAAAMCpy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KX7ar24vfp93TZnt28nz2gAAACAS7bVelH/M0v9r839782tn02/iIgyIi7N3Ufx6Sxz1ORUL8/fnD5fvarhLqJOOLzHpLm+RMSf5nr80fWnAAAAAB/XZrmap9l6+jMbuiD6lBZtym9/M+UVEVHNHjKllYe8X5nC6u/3OP5nSqsXsKaZwtKS2zhX2pvUP/fjqt30pClSU1582bHIbGMHAAB6NDpr+p2FAAAA0Kd/QxfAMIp43so8bgVOUtNs730+6wEAAADvUDF0AQAAAEDn6vl/T+f/7Z3/BwAAAMNI5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdra2Kq5R9hARBQ96sdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/IecEcom3HPYQwbMyszPZyQ9w/TWzST4fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBp9PYkTrJDZxzHxbnNvYdLWb91qM88Xtuez1oWR3UmfTK8WP0QdZtLBAAAgLMjKev7EMJOur6Q9XEnr//T8pqs5v/26XFc1vOH6/6yL2v/rP3y8+7z+wN1xuNkN725PBxcOppK6/+b5Wx75i+vaOVPPn/3kuRfSPze6nOjNH+e0dcbG++08/BcHdkCAP/ExbIvgvL3oazvN5kYAGdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jFbDk2UchRDmW5M4s7X3cOm4/vHa9nzZrj16tBa+nNwzu0UaQri5PBxcqnU2s+3e/Qe3F4fDwd36g5dCCE2N/lYx/dsfTHFxCI08H8F/FMTFlz0r+ZyMoMEfSgAAnEpp0bK6fiddX8jORXMh/PHdwfr/1Uocpqz/dz+8tlkdq1r/92ub4ezrrdz5tHfv/oPXl+8s3hrcGnz8xuX+m/0r169evd7L35X0vDEBAADg32kXrVr/x3NH1/8vVOIwZf3/2Tf9L6pjJer/Y00W/ZrOBAAA4Gx79uXff4uOOR+12+HzxZWVu/3xcf/z5fGxgVT/tnNFq9b/yVzTWQEAAAB1GK1GB9b/b1TiMOX6/1Pfv/Bj9Z5JCOF8sf5/cemT4Y36pjPT6vhz4qbnCAAAQLPOF626/p/m+//j/S0PcQjhtVfGcfFvAKeq/5N3v/qhOlZ1//+V+qY4k+Lu+HnkfTeEVrfpjAAAADjNnihaVuz/mq4vfPTThffb9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O3PAAAA//9WwT6Z")

18.836204606s ago: executing program 9 (id=22084):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000080)="f20f9500000f20d866ec200000000f22d8d9ea0f01e0652664360f01c866b9800000c00f326635010000000f303ef30f35640f01c566b9800000c06635008000000f300f0f8108001d", 0x49}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

18.667150499s ago: executing program 9 (id=22086):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000080), 0x8000, r0}, 0x38)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

18.525401181s ago: executing program 6 (id=22088):
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f00000007c0), 0x1, 0x73a, &(0x7f0000000800)="$eJzs3E9rXOUaAPDnnCZtb5t7Jxfu4uJKqFih9iRN1a6EiOtCoR+ghslJCDnJhMykNjFg68KFIKgI/ulGv4EbRXBT+h0UwZ2CC0FrGheCi8iZzEx1OpOObdKR+vvBmfO875kzz/vMHF7mwLwTwD/W4+VDEjEWERciotLqTyPicDM6GnF193m3tzar21ub1SR2di7eSsrTmn3t10pa++PRPCX+HxE3RyNOvXZ33vr6xuJMUeSrrfZEY2llor6+cXphaWY+n8+XpyYnz559burZZyb3rdY3X/nkpzc+f/HLD88t/fb8radnk5hu1h1ddeyn3fdkNKa7+pcPItkQJcMeAAAAAym/5x+KiJHmt9RKHGpGAAAAwKNk58gOAAAA8MhLYtgjAAAAAA5W+3cAt7c2q+3tYf7+4McXImL8ztri7U7+keYa4oijMRoRx7aTP61MSHZPgwdy9VpE3Jjucf0nrevv/nWvXLdG+u/nRjn/TPea/9LO/BM95p+R9n8nPKD2/Ld91/x3J/+hPvPfhQFzHFk9+VXf/NciHhvplT/p5E/65H9pwPyfjn3zbb9jOx9HnIze+f+Ya4//h5iYWyjy1mPPHCc+e/XUXvUf65c/2bv+lQHr/+761Hy/uaTM/9SJvT//XvnLa+Kt1jjSiHi7tS/b73TlePLm5Ad71T/bp/57ff4fDVj/F69vfD/gUwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKApjYixSNKsE6dplkUcj4j/xbG0qNUbp+Zqa8uz5bGI8RhN5xaKfDIiKrvtpGyfacZ32lNd7bMR8d+IeLfyr2Y7q9aK2WEXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMfxiBiLJM0iIo2IXyppmmXDHhUAAACw78aHPQAAAADgwLn/BwAAgEef+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIbhw/ny57WxvbVbL9uzl9bXF2uXTs3l9MVtaq2bV2upKNl+rzRd5Vq0t3ev1ilpt5Vwsr12ZaOT1xkR9fePSUm1tuXFpYWlmPr+Ujz6UqgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPirxppbkmYRkTbjNM2yiH9HxHiMJnMLRT4ZEf+JiK8ro0fK9plhDxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB9V1/fWJwpinxVIBAIOsGwZyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIahvr6xOFMU+Wp92CMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABguNIfkogot5OVJ8a6jx5Ofq009xHx8vWL712ZaTRWz5T9P3f6G++3+qeGMX4AAACgW/s+vX0fDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMKj6+sbiTFHkqwcYDLtGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/vweAAD//4rSy1s=")
mount(0x0, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000140)='devtmpfs\x00', 0x800, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

18.419101533s ago: executing program 9 (id=22090):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)

18.359840164s ago: executing program 9 (id=22092):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000340)={[{@nodiscard}, {@dioread_lock}, {@data_err_ignore}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@resuid}, {@norecovery}]}, 0x1, 0x458, &(0x7f0000000680)="$eJzs27tvHEUYAPBv9+yEvLAJ4ZEHYAiIiIcdOwFS0IBAogAJiSaUxnaikEuMYiORKAIHoVCiSPSIEom/gAoaBFRItNCjSBFKQ6A6tL7d3CN359fZC9zvJ609szPrmc+zcze7exfAwBrLfiQRuyPi14gYqWdbK4zVf926eXnmr5uXZ5Ko1d76I1mu9+fNyzNF1eK4XXnmSBqRfpLEwQ7tLly8dHa6Wp27kOcnFs+9N7Fw8dKzZ85Nn547PXd+6sSJ48cmX3h+6rm+xHlP1tcDH84f2v/a29femDl57Z0fv06K+Nvi6JOxXoVP1Gp9bq5ce5rSyVCJHWFNKhGRDdfw8vwfiUo0Bm8kXv241M4Bm6qW61K8VAP+x5IouwdAOYo3+uz6t9i2bvVRvhsv1S+Asrhv5Vu9ZCjSvM5w2/VtP41FxMmlv7/ItljxPoQLawBg477N1j/PdFr/pXF/U72782dDo/mzlL0RcW9E7IuI+yKW6z4QEQ+usf22hyTbI6Jt/ZNeX19kq5Ot/17Mn221rv+K1V+MVvLcnuX4h5NTZ6pzR/P/yZEY3p7lJ3u08d0rv3zWrax5/ZdtWfvFWjDvx/Wh7a3HzE4vTm8k5mY3rkQcGOoUf3J7tZlExP6IOLDONs489dWhbmUrx99DH5bDtS8jnqyP/1K0xV9Iej+fnLgrqnNHJ4qz4k4//Xz1zW7tbyj+PsjGf2fH8/92/KNJ8/PahbW3cfW3T7te04yv6/xv7NiW//5genHxwmTEtuT1eqeb9081ji3yRf0s/iOHO8//vdH4TxyMiOwkfigiHo6IR/KxezQiHouIwz3i/+Hlx9/tVvZvGP/ZtvEfba3SNv6NxLZo39M5UTn7/Tetf7GRXN3r3/HaSNPhvV7/ivNhNf1a39kMAAAA/z1pROyOJB2/nU7T8fH6Z/j3xc60Or+w+PSp+ffPz9a/IzAaw2lxp2uk6X7oZH5ZX+Sn2vLH8vvGn1d2LOfHZ+ars2UHDwNuV6f5X6mX/V4pu3fApvOxMhhc5j8MLvMfBpf5D4Orw/zfUUY/gK3X6f3/oxL6AWy9tvnvsR8MENf/MLjMfxhczfM/KbEfwJZa2BErf0leQuKORKQ961zZeBPFOboF4SSbPAt2b0qf8yncWpQs1Xev5Q/WOhSV9IIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQZ/8EAAD//xL/3co=")
mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1b73404, 0x0)
chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00')

18.301510905s ago: executing program 6 (id=22093):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000800)={'#! ', './file0/../file0', [], 0xa, "c3f7cd02f8333fcb3cbce96c2787d221a1f72ab7d59aab25619a5c11ffed68dac9a944"}, 0x37)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000200), 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="0500000000"], 0x48}}, 0x0)

18.160489867s ago: executing program 9 (id=22096):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0x0, 0x5002004a, 0xb, 0x310, 0xea02, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00'}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x61}, {0x16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}, {}, {}, {}, {}, {}, {}, {0x0, 0x80}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8)

18.157464257s ago: executing program 9 (id=22097):
socket$key(0xf, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a800800", @ANYRES16=r2], 0x44}}, 0x0)

18.084131628s ago: executing program 72 (id=22097):
socket$key(0xf, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a800800", @ANYRES16=r2], 0x44}}, 0x0)

18.065261968s ago: executing program 6 (id=22100):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)

18.065140939s ago: executing program 73 (id=22100):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)

2.502678561s ago: executing program 0 (id=22531):
r0 = io_uring_setup(0x6c4, &(0x7f0000000080)={0x0, 0x4075, 0x18, 0x2})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

2.392684632s ago: executing program 0 (id=22534):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x4)

2.157137126s ago: executing program 1 (id=22547):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, 0x0, 0x1)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000040)={0x3, r3})

2.056807438s ago: executing program 1 (id=22553):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
getgroups(0x0, 0x0)

2.039537738s ago: executing program 3 (id=22555):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000200850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

1.978471229s ago: executing program 1 (id=22556):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x70bd2d, 0x0, {0x1b}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x0)

1.92843256s ago: executing program 1 (id=22559):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xd, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='mm_page_alloc\x00', r1}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r2, &(0x7f0000000f40)=""/243, 0xf3)

1.927988309s ago: executing program 1 (id=22560):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
recvfrom(r0, &(0x7f0000000280)=""/214, 0xd6, 0x62, 0x0, 0x0)

1.90144214s ago: executing program 1 (id=22562):
r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000440)=ANY=[@ANYBLOB="401402"], 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

1.88638103s ago: executing program 3 (id=22563):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9fa0000000f8701d1d10fc4020a1bf7b805000000b908001bfe0fae41d9a0000005009100918b7fae260f3200000f30660fc775022e0fba600c980f320f3566b85700c30fefd0", 0x4c}], 0x1, 0x10, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000040)={0x20, 0x5, 0x10})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.727734913s ago: executing program 3 (id=22570):
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r2 = dup3(r0, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$MON_IOCG_STATS(r2, 0xc0109207, &(0x7f00000001c0))

1.537701595s ago: executing program 3 (id=22577):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_usb_connect(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb4, 0x6a, 0x2c, 0x10, 0x7b4, 0x10a, 0x102, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x2, 0x2, 0x2b, 0x57, 0x33, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x81, 0x2, 0x40, 0x0, 0x3d, 0x1}}]}}]}}]}}, 0x0)

951.067365ms ago: executing program 8 (id=22605):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}, 0x7ff}], 0x1, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0xa, 0x4e20, 0x2000, @mcast1}, 0x1c)

825.636947ms ago: executing program 8 (id=22607):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
statx(0xffffffffffffffff, 0x0, 0x6000, 0x2, 0x0)
mount$tmpfs(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x20000, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x133095, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

819.104217ms ago: executing program 8 (id=22608):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x25c, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002c80)=ANY=[@ANYBLOB="6a0af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a26c7670568982b4e020f698393a1587aee89eb5603111ced3a0f3881f9c24561f1b2607995daa56f151905ea23c22624c12533d3984e835a3c61a7a9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0c884625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130bd030000c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2369149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300005d2c4df17c91e5451f1e44467a1ed30480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf607aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a9963b924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8241ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcfffffffffaffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda420d3e53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fd73c294290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd96058e7bf5b51cce33bd30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c9b2c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbd008fc1be8ea216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d253118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998e340aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1502a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c6d083cf2fb4598a4743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b9314dcdfadafff7ca3243a9c40a67ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b368a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e35fd7834f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e4570600000091c674e6e549227d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb07005dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3badf2f6ffda1360c2786e16937ab61d7dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68ac3c64458943fc59c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5fb3abc96478924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0cb3d67bbcd9b91072659d872976b796e2b81025edb5f45f785e2019ca659be7e8ae953325a27564fdab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfd1016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d0f6c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e7cdd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7b828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c6b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c51ff4040068ae2676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e9f367f2eb36eed56c037991d4026f8c743c1360a29d8177d1250ff303e207f02c33b6009abb9948d7e787c863998f0a5f1b3761e8006c8095dd0adb892e5f020a1e1032f3b4ad237e9573faa2bece611b2af8de93c3157af2a1797f696493dcda51b9c63f31f85f82689d23c1bb1b2027f6583ec9d1418e684183480cb2ce5dae947313be0000000000009b941d0c4e344baf15e63f581e9ead164a550d5d78864b0218ac8a33ee3433de56a991c72a046386223ff52c139ed3ebed412c78112524ee6b3385b2954cc89e2635d4d62d51b18b196716032e9fd4d8a5cefcd8c36125bfb92efc658fb0b7d2e933f9957fc78dc15eb3e0fc77cb84177e41db5a65c7dd3a4b3431d2f52c4c3971a83b12e399b3e91281fa1200591430fcd74269f3f14332b175225120432b0babc737be65257fbc833c096fcb8b1d5731e6f95e8259bc1aa73e75132b28aedf5bb34f5c33c319b4e25b951189d5c03815e0259448ed9c51e6e6c371e387ad82734990a37071c6225a2116db67b503f48460430b6fe6c57eca9b4ddd5c699d1883891f047ac9792eeca5f9465bfe4d6e5faf78d81b376415935d145151a47b23af15d61db53a5afcf0a792afa5e43e2f742449c1a4cbdad69dc5c1013aa36fba2013ffb4b65216618222469ab0a63d141cd11b31caadeea6e9ee58854684350bffc86f09fc563b1a68c03b828ab51fe2e36594ab83cb5a9d4417231b0988bc38b073a88054e8a066b89e24e5d651d891acfd13518f3538c9c6c91bba247ff3a5fd41934a932c7b23bfb7ac9f1a9bf72243e56508ab8e31d99287ad5bb0795e48598b4b752cf801e29d3919ae547b51392bd9bd74b8e2dd5f384b5d721d7a877227797807119746ba65f42c291e3510d80b6c0bcfad2e8bdc51f07c9916f2f9364381b633518d0fc14834aaa5c2302b6040cdc0e09626f3f86cd2eba4736d4c6e0fe8f778851f5484a179fc4c430258f06bf2c08c11a36ff4dd4bd8ff174feaff7c29154d751fbb7c122d515541a9c8421536e032f8fe5170925c83c91600b7e3d9827bf984d30a3193e1b2c3bda2494c67686a7b308ab19d884ff074071b14d8a016758b6aca4b2c9f904cda56ca14fe97b26ba61cc11c95c34e324bceb8d11ccb65744759fb602fdee6f09e07f60a8937da7b2196c6586824961386a81df193491fb050308c96227b84ef9d782b912aed6d2b86e2edb373a0d5a51e6a442eedfe0a3d4b11d8426e6fb6b50a302f03477ee5746189c3765d9c1de0cb0b32f44ef0c8d3e97aecd7a588ce76d4664f7cd4f2d73ef8030144fb459e85656831742dacfcfd018fb1620e5bd2d1913e3d069d0990ddfe4577a4c639485f5fbc7cfe8703842a8e00000000000000000000000000000044013357f3db4f3d593817847481eed577be82a6eb45fb9ffd62ce99fd5e9b5e5ddfada42b2c3a70ad4e21fd09351ce78496f71c28da5e626f6ce1f277021bc094f057a2e9d6f7cd5f778fcb4a6731e03b947740fc8b332eeb9e5104cc8d2bf6eed83907f084f00f616ef29ed7bcbef74319a2ee81ea70b09f0afc61b53b6f96b2edc7e7d76694a8ba9abcc01e1b4476fc254a13d62806ded5170546bc23065572f0a39140659f919f86e0059e22035aae1e954fbb9fa8cf0760cf3c7c1d3e822ec3aecfb1347e947a871c4347571b9f9f6aa21c2257335405cb065dd6e60cfe9d0e5cf4b6ac2f6efa6c4b3d9ce5a41b8b391c8da52e67b5a60c4f791d36fc1f0538301b554ebe115bf2974b17c97f20201fa192eacd8d7c4687e774e08e3d5cd17c5ad52ed0a32fe938ff1d8d4b87d44bab2b3118efb95014c16c5674d8c8c61cd0a8ba3a3f623e4542b30d193a0c81ece179ad4af7db3e3adfce43c886cf50f55b45294f11c1b4fcc42e435f7042651de550b12291cee52c1fb622f654b36918f5de6ac212e847d313bc13c4396e286a085566837d660b51165efb063826ebd341be48ebf9217bb2ea261fd990ed"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000200)='percpu_free_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x48)

757.028818ms ago: executing program 8 (id=22609):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x50483}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x5}]}}}]}, 0x44}}, 0x0)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty}}}], 0x20}}], 0x4000000000002b3, 0x0)

719.694558ms ago: executing program 8 (id=22610):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
alarm(0x1)
alarm(0x40)

719.049998ms ago: executing program 8 (id=22611):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001240)=""/249, 0xf9}], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})
r1 = syz_open_pts(r0, 0x101)
r2 = dup3(r1, r0, 0x0)
ioctl$TCGETS(r2, 0x5401, &(0x7f0000000080))

309.167795ms ago: executing program 2 (id=22633):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
brk(0x689d80000000)

269.395196ms ago: executing program 2 (id=22634):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r1, 0x800448d5, &(0x7f0000000080))

269.205075ms ago: executing program 2 (id=22635):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000780)='sys_enter\x00', r1}, 0x18)
rt_sigaction(0x7, 0x0, 0x0, 0x8, &(0x7f00000004c0))

268.773605ms ago: executing program 2 (id=22636):
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@dev, 0x9})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x9, 0x2, 0x0, 0x4, 0x9, 0x10}, {0x8080000, 0x0, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xfb}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]})

256.463416ms ago: executing program 2 (id=22637):
timer_create(0x3, 0x0, &(0x7f0000000280))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000030000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000480), &(0x7f00000004c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
timer_delete(0x0)

201.094096ms ago: executing program 2 (id=22638):
syz_mount_image$f2fs(&(0x7f0000010580), &(0x7f00000105c0)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303030372c6661756c745f747970653d30303030303030303030303030313030303030342c70726a6a71756f74613d66326673002c75737271756f8fa67fe374613d272c6e6f5f686561702c00"], 0x0, 0x10589, &(0x7f0000020bc0)="$eJzs3E+LG2UcB/Bfdvu/tS7iQVBwQIVdMaHZ/kFvbW0RS1uK2oMnzSbZkDbJLJvsbuxJ8OLBN1DwlXj3XfgGRE+CiCCsZJ5Z6VY92JTE3f18YPqdeWbmmd+UXH6T7ARwZC1lv/5SifNxOiIWI+JcRLFeKZfC1RSvRMTrEbHwxFIpx/8aOBERZyLi/GTyNGel3PX2jRO3bj2+/tvXj29/d3r82pvzu2tg3t6KiP5GWt/pp8w7KR+U443tbpH9S9tlph39h+V2nnKnvVbMsNPYO65R5MVOOj7f2BpOcr3XaE6y010vxjcG6YLD7c7ePMUJDxqbxXarvVZkd5gX2XmU6hqX+Wi4u5vWyvm+KKaP0Wgv03h73E73s/GwyOZgVI6nefNWezzJ7TLLy0Uz77WKOtae9X/5/+92d7A1zrbbm8NuPsgu1+rv1upXqvXNvNUetS9VG/3WlUvZcqc3Oaw6ajf6Vzt53um1a828v5Itd5rNar2eLd9or3Ubg6xer12sXaheXinX3sk+uHs/67Wy5Ule7w62Rt3eMFvPN7N0xkq2Wrv43kr2Rj37+M697N5HN2/euffJZzc+vXvtzofvlwf9raxsefXC6mq1fqG6Wl9x/9P4vTLd+Rxhu/MuAOBgmlf//5P+H460w9H/pz5+o6X/f1YHvv/94Yjf/5T9v/afqfgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcWfd/vPZqsbK0f/yFcuilcrsSEQsRsfsPFuPEvnMXI+JsRBz/l+OPP1XD95UoZphc42S5nImIq+Xyx4tpHwAAAPDfHfv2qy9Tt57+WZp3QcxSemizcO7z5zRfJSKOL/38HGaJ8mFTvDx9Vcnk830sxlPOsldb8QDr1PRVJWejKG6WFvfFqSeikmJhpuUAAAAzsb8TmG0XAgAAwCx9M+8CmI/i28zyt/jlD/hPpii/EDy9bwsAAAA4gPxJPQAAABx+Rf//9Pv/zpY7vf8PAAAADof0/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JOd+8lJHYriAHz49+C9p5EYZywGGTLHuWEFDh2auA3DItyDiyFxCQYMvdfECiSalhLJ9yX1ei/kx2nC5NyWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHdLOcjLpPjw9Vc1brauo5GwAAAGCX2XIyKv4Zpvn/vH6ely7zvBUR7YjY1bt34k8ps5Nzenve3/tSw0tEkbD5jH4+/kXEdT7eLtJrAAAAwM/NF+Np6tbTn+GxC6JJadOmfXZbU14rInrD1xpSIm82xVX1qpLN97sb9xVTPmorNrAG1atKii23bl1p39IpDYNPQysN7UbLAQAAGlHuBJrtQgAAAGjS3bEL4DiKq5n5Xvx8A38/DfmC4N/SDAAAAPiF/KQeAAAATl/R/3v+HwAAAJy29Pw/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmm2nIzmi/G0as5qveV5e2m/es4GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCd/XlHgRAIgzDYu74zmfsfVho0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725yUFQiAIomDO+N9J3/+wkqBnECECGh5V1KIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC527ti3jSoMAPg7n+1SEOIwkgeygBhggLrGHcxoqSxs4T+IUrdEuBi1EWqrMmTswAJjJVRGNkT/Av6BboCHrh0yeCiCueid75xriUoB6c40v5/0+X05Wfe+50hRvnsvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKy8lRnsaXbJW3imu/Pry5G8fFE2M0f7DIYsQ8qbPo/6Gk33QFAAAAnARp2d+HELYPJ1txbGV5/98p3xN7/jsvr/Kyn3+y7y/H8/dvZ2XMe9d+WU+UreaJN724N5uerW2Fm++Vv31HO//k82cvaf4NaX108Nqyk3+eyVf37n3YzdNTdVQLAPwbZ8qxSMrfh+I4bLIwAE6MdhGh0v+nWbM1AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANRheRBeKvMkhPB6+yiPFg9v7h43nr9/Oyvj55/evFW9Z7xFJ4RwcW82PVvjWjbd1es3Pt2ZzaZXJBKJZJ00/ZMJAIDnTaeI2NdvH0624rWkF8Kj7x7v/9+u5OEZ+/8v70x+rM5V7f+Hta1w8w32L38+uHr9xnt7l3cuTS9NPxuOz43PjcYfjMaD/FnJwBMTAAAA/ptuEdX+v9X76/7/i5U8PGP/37716PvqXKn+/1hHm35NVwIAAHCyvfrGH78lx1xPut1wbWd//8pw9br++v3VawOl/mOniqj2/2mv6aoAAACAOiwPksf2/y9U8vCU/f/5g0VWxt1PRp3qPdMQwuli///M7nx2ob7lbLQ6/py46TUCAADQrNNFVPf/O/n5/9b6yEMrhPDOW6u8+DeATz3/H3v/OP6+/fUX1bmq5/9H9S1xI7V+mKySfghpP4R2v+mKAAAAeJ69UERs9j8+nGzd/fbdb7rO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJ/tzb5swEMZx+PUlUeI2GSG9lcAMNFQIRuBDQrLkGRiAhWioaC0WgRVAgnNNZyiep/n/iivuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABe3uXhi7eIKCJ1mSKNNz+n94j4iLRt29HnLYvd+dh83XO2P0xyfsf0t4yIMoo+zgEA6F3VbY7Vul7+5f3PO8g7zFvNm3rxzE8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgrAAD///YaVM0=")
chdir(&(0x7f00000001c0)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x24)
io_setup(0x6, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="7f", 0xfffe, 0x1000000}])

136.580168ms ago: executing program 0 (id=22639):
r0 = socket(0x28, 0x5, 0x0)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r1, 0x4)
connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f0000001580)=[{0x0}, {&(0x7f00000002c0)='*', 0x1}], 0x2}}], 0x1, 0x84)

120.231718ms ago: executing program 0 (id=22640):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x36e084fcb6392193, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)={0x38, r1, 0x1, 0x0, 0x1, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x38}}, 0x4000)

61.201479ms ago: executing program 0 (id=22641):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000400000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
set_robust_list(0x0, 0x0)

60.900749ms ago: executing program 0 (id=22642):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x3b9aca00)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000009c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x10)

46.940299ms ago: executing program 3 (id=22643):
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x8, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0xb0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='tmpfs\x00', 0x0, &(0x7f0000000240)='nolazytime')

0s ago: executing program 3 (id=22644):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1_to_bond\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@setlink={0x2c, 0x13, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0x1ee86, 0x409}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r3}]}]}, 0x2c}}, 0x24008844)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@dellink={0x20, 0x11, 0x1, 0x70bd2c, 0x25dfdc00, {0x0, 0x0, 0x0, r2, 0xc0a742c700a80d57, 0x25aa6}}, 0x20}}, 0x2000e844)

kernel console output (not intermixed with test programs):

duct=0, SerialNumber=0
[  676.767004][T15674] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002]
[  676.774184][T27658] usb 6-1: config 0 descriptor??
[  676.781395][T15674] System zones: 1-12
[  676.790758][T15674] EXT4-fs error (device loop9): ext4_xattr_ibody_find:2195: inode #15: comm syz.9.21030: corrupted in-inode xattr
[  676.803251][T15674] EXT4-fs error (device loop9): ext4_orphan_get:1405: comm syz.9.21030: couldn't read orphan inode 15 (err -117)
[  677.217726][T27658] plantronics 0003:047F:FFFF.006D: No inputs registered, leaving
[  677.235502][T27658] plantronics 0003:047F:FFFF.006D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  677.331148][T15713] incfs: Options parsing error. -22
[  677.336694][T15713] incfs: mount failed -22
[  677.729337][T15722] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q��k�p
[  677.729337][T15722] �C<+�
[  677.762810][T15724] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  677.871864][T15732] netlink: 'syz.9.21056': attribute type 15 has an invalid length.
[  678.033560][T15746] loop8: detected capacity change from 0 to 2048
[  678.101071][T15746]  loop8: p1 < > p4
[  678.108583][T15746] loop8: p4 size 8388608 extends beyond EOD, truncated
[  678.394632][T15803] overlayfs: failed to clone upperpath
[  678.564503][T15829] xt_hashlimit: size too large, truncated to 1048576
[  678.734460][   T39] kernel write not supported for file /274/clear_refs (pid: 39 comm: kworker/1:1)
[  678.795940][T15850] netlink: 'syz.2.21112': attribute type 2 has an invalid length.
[  679.138533][T15878] loop9: detected capacity change from 0 to 40427
[  679.146005][T15878] F2FS-fs (loop9): fault_injection options not supported
[  679.153230][T15878] F2FS-fs (loop9): Image doesn't support compression
[  679.160163][T15878] F2FS-fs (loop9): Image doesn't support compression
[  679.167814][T15878] F2FS-fs (loop9): invalid crc value
[  679.185814][T15878] F2FS-fs (loop9): Found nat_bits in checkpoint
[  679.227435][T15878] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  679.256399][T14303] syz-executor: attempt to access beyond end of device
[  679.256399][T14303] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  679.297943][   T28] kauditd_printk_skb: 307 callbacks suppressed
[  679.297962][   T28] audit: type=1326 audit(1946.441:31874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fec2492ab89 code=0x7ffc0000
[  679.353869][   T28] audit: type=1326 audit(1946.469:31875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2498e9a9 code=0x7ffc0000
[  679.377504][   T28] audit: type=1326 audit(1946.469:31876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2498e9a9 code=0x7ffc0000
[  679.416419][   T28] audit: type=1326 audit(1946.469:31877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2498e9a9 code=0x7ffc0000
[  679.441272][   T28] audit: type=1326 audit(1946.469:31878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fec2492ab89 code=0x7ffc0000
[  679.466774][   T28] audit: type=1326 audit(1946.478:31879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2498e9a9 code=0x7ffc0000
[  679.510870][   T28] audit: type=1326 audit(1946.488:31880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fec2492ab89 code=0x7ffc0000
[  679.543733][  T330] usb 6-1: USB disconnect, device number 16
[  679.594059][   T28] audit: type=1326 audit(1946.488:31881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2498e9a9 code=0x7ffc0000
[  679.676277][   T28] audit: type=1326 audit(1946.488:31882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2498e9a9 code=0x7ffc0000
[  679.733459][T15893] loop9: detected capacity change from 0 to 2048
[  679.741717][   T28] audit: type=1326 audit(1946.488:31883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15875 comm="syz.2.21126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fec2492ab89 code=0x7ffc0000
[  679.801332][T15893]  loop9: p1 < > p4
[  679.809948][T15893] loop9: p4 size 8388608 extends beyond EOD, truncated
[  680.276824][T15897] loop4: detected capacity change from 0 to 40427
[  680.291175][T15914] netlink: 1 bytes leftover after parsing attributes in process `syz.8.21142'.
[  680.300960][T15897] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  680.309000][T15897] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  680.335640][T15897] F2FS-fs (loop4): Found nat_bits in checkpoint
[  680.388106][    T6] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  680.446726][T15897] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  680.454119][T15897] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  680.536639][T15922] kvm [15921]: vcpu10, guest rIP: 0x9121 disabled perfctr wrmsr: 0xc1 data 0x1000005d8
[  680.592997][    T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  680.604433][T15922] kvm [15921]: vcpu10, guest rIP: 0x9134 disabled perfctr wrmsr: 0xc1 data 0x100
[  680.614071][T15922] kvm [15921]: vcpu10, guest rIP: 0x9121 disabled perfctr wrmsr: 0xc2 data 0x104
[  680.623488][T15922] kvm [15921]: vcpu10, guest rIP: 0x9134 disabled perfctr wrmsr: 0xc2 data 0x100
[  680.633041][    T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  680.641030][T15922] kvm [15921]: vcpu10, guest rIP: 0x9121 disabled perfctr wrmsr: 0xc1 data 0x1000005d8
[  680.652920][T15922] kvm [15921]: vcpu10, guest rIP: 0x9134 disabled perfctr wrmsr: 0xc1 data 0x100
[  680.662572][T15922] kvm [15921]: vcpu10, guest rIP: 0x9121 disabled perfctr wrmsr: 0xc2 data 0x104
[  680.672155][T15922] kvm [15921]: vcpu10, guest rIP: 0x9134 disabled perfctr wrmsr: 0xc2 data 0x100
[  680.676591][    T6] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  680.689695][T15922] kvm [15921]: vcpu10, guest rIP: 0x9121 disabled perfctr wrmsr: 0xc1 data 0x1000005d8
[  680.719749][T15922] kvm [15921]: vcpu10, guest rIP: 0x9134 disabled perfctr wrmsr: 0xc1 data 0x100
[  680.725100][    T6] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  680.753461][    T6] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.771818][    T6] usb 6-1: config 0 descriptor??
[  681.218778][    T6] plantronics 0003:047F:FFFF.006E: No inputs registered, leaving
[  681.235775][    T6] plantronics 0003:047F:FFFF.006E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  681.556625][    T6] usb 6-1: USB disconnect, device number 17
[  682.755122][T15999] loop4: detected capacity change from 0 to 131072
[  682.788716][T15999] F2FS-fs (loop4): Found nat_bits in checkpoint
[  682.830473][T15999] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  682.872803][T15999] F2FS-fs (loop4): lookup inode (7) has corrupted xattr
[  682.880505][T15999] F2FS-fs (loop4): lookup inode (7) has corrupted xattr
[  682.889126][T15999] F2FS-fs (loop4): lookup inode (7) has corrupted xattr
[  682.922962][    T6] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  682.964620][T16019] loop9: detected capacity change from 0 to 40427
[  682.972503][T16019] F2FS-fs (loop9): invalid crc value
[  682.998490][T16019] F2FS-fs (loop9): Found nat_bits in checkpoint
[  683.060135][T16019] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e4
[  683.124895][    T6] usb 6-1: Using ep0 maxpacket: 16
[  683.131204][    T6] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  683.173532][    T6] usb 6-1: config 0 interface 0 has no altsetting 0
[  683.180378][    T6] usb 6-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  683.189760][  T317] kworker/u4:4: attempt to access beyond end of device
[  683.189760][  T317] loop9: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  683.217105][T16019] VFS:Filesystem freeze failed
[  683.222048][    T6] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.242749][    T6] usb 6-1: config 0 descriptor??
[  683.516250][T16079] loop8: detected capacity change from 0 to 512
[  683.524170][T16079] EXT4-fs (loop8): Test dummy encryption mode enabled
[  683.531030][T16079] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  683.542793][T16079] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.21209: bad orphan inode 131083
[  683.553550][T16079] EXT4-fs mount: 6 callbacks suppressed
[  683.553568][T16079] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  683.583352][ T4872] EXT4-fs (loop8): unmounting filesystem.
[  683.686519][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.701145][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.708793][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.716738][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.724648][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.732252][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.739787][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.747436][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.755024][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.764588][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.772205][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.779804][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.787285][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.797003][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.806254][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.813920][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.828183][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.845850][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.861559][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x4
[  683.873796][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.881379][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.890568][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.898927][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.906819][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.914536][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.922306][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.931451][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.939008][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.946709][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.954445][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.962133][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.975757][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.983450][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.991045][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  683.998581][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  684.006267][    T6] hid-generic 0003:060B:500A.006F: unknown main item tag 0x0
[  684.014121][    T6] hid-generic 0003:060B:500A.006F: unexpected long global item
[  684.022157][    T6] hid-generic: probe of 0003:060B:500A.006F failed with error -22
[  684.031798][    T6] usb 6-1: USB disconnect, device number 18
[  684.165661][T16094] loop4: detected capacity change from 0 to 131072
[  684.172776][T16094] F2FS-fs (loop4): Segment count (31) mismatch with total segments from devices (0)
[  684.182399][T16094] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  684.191379][T16094] F2FS-fs (loop4): invalid crc value
[  684.205204][T16094] F2FS-fs (loop4): Found nat_bits in checkpoint
[  684.242366][T16094] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  684.249631][T16094] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  684.295826][T16094] F2FS-fs (loop4): f2fs_fill_dentries: corrupted namelen=24152, run fsck to fix.
[  684.313453][T16094] F2FS-fs (loop4): checksum invalid, nid = 4, ino_of_node = 4, efdbe231 vs. 15bb5891
[  684.402856][T16131] loop9: detected capacity change from 0 to 512
[  684.411614][T16131] EXT4-fs: Ignoring removed oldalloc option
[  684.420780][T16131] EXT4-fs (loop9): 1 truncate cleaned up
[  684.426539][T16131] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  684.483606][T14303] EXT4-fs (loop9): unmounting filesystem.
[  684.562434][T16146] netlink: 96 bytes leftover after parsing attributes in process `syz.9.21237'.
[  684.687893][   T28] kauditd_printk_skb: 3821 callbacks suppressed
[  684.687910][   T28] audit: type=1400 audit(1951.483:35705): avc:  denied  { relabelto } for  pid=16176 comm="syz.2.21251" name="file0" dev="tmpfs" ino=16079 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  684.721492][   T28] audit: type=1400 audit(1951.483:35706): avc:  denied  { associate } for  pid=16176 comm="syz.2.21251" name="file0" dev="tmpfs" ino=16079 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0"
[  684.758919][   T28] audit: type=1400 audit(1951.548:35707): avc:  denied  { rmdir } for  pid=16540 comm="syz-executor" name="file0" dev="tmpfs" ino=16079 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  684.809366][T16188] incfs: Options parsing error. -22
[  684.815760][T16188] incfs: mount failed -22
[  684.851869][T16192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21258'.
[  684.948234][T16182] loop5: detected capacity change from 0 to 40427
[  684.972586][T16182] F2FS-fs (loop5): Found nat_bits in checkpoint
[  685.012179][T16182] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  685.037128][T16182] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  685.059740][   T28] audit: type=1400 audit(1951.829:35708): avc:  denied  { mounton } for  pid=16221 comm="syz.9.21270" path="/171/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  685.084156][T16182] syz.5.21253: attempt to access beyond end of device
[  685.084156][T16182] loop5: rw=10241, sector=53248, nr_sectors = 8 limit=40427
[  685.107585][T16182] syz.5.21253: attempt to access beyond end of device
[  685.107585][T16182] loop5: rw=2049, sector=53256, nr_sectors = 64 limit=40427
[  685.114131][T16223] 9pnet_fd: p9_fd_create_unix (16223): problem connecting socket: ./file0: -5
[  685.132574][T13124] syz-executor: attempt to access beyond end of device
[  685.132574][T13124] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  685.169344][   T28] audit: type=1400 audit(1951.932:35709): avc:  denied  { setopt } for  pid=16230 comm="syz.9.21275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  685.223606][   T28] audit: type=1400 audit(1951.988:35710): avc:  denied  { write } for  pid=16234 comm="syz.9.21277" path="socket:[221966]" dev="sockfs" ino=221966 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  685.365830][T16253] loop5: detected capacity change from 0 to 4096
[  685.368590][T16258] netlink: 51 bytes leftover after parsing attributes in process `syz.8.21287'.
[  685.383632][T16253] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  685.402703][   T28] audit: type=1400 audit(1952.156:35711): avc:  denied  { link } for  pid=16252 comm="syz.5.21285" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  685.432169][T13124] EXT4-fs (loop5): unmounting filesystem.
[  685.453702][T16263] netlink: 32 bytes leftover after parsing attributes in process `syz.5.21289'.
[  685.463555][T16263] netem: unknown loss type 13
[  685.468558][T16263] netem: change failed
[  685.569000][T16278] loop5: detected capacity change from 0 to 1024
[  685.577744][T16280] loop9: detected capacity change from 0 to 256
[  685.584501][T16280] exfat: Deprecated parameter 'namecase'
[  685.590609][T16280] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[  685.596549][T16278] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  685.602689][T16280] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d)
[  685.613540][   T28] audit: type=1400 audit(1952.343:35712): avc:  denied  { map } for  pid=16277 comm="syz.5.21294" path="socket:[222807]" dev="sockfs" ino=222807 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  685.637635][T16278] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: block 1: comm syz.5.21294: lblock 1 mapped to illegal pblock 1 (length 1)
[  685.647948][   T28] audit: type=1400 audit(1952.362:35713): avc:  denied  { mounton } for  pid=16279 comm="syz.9.21295" path="/182/file0" dev="loop9" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  685.658825][T16278] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 117
[  685.692040][   T28] audit: type=1400 audit(1952.390:35714): avc:  denied  { unmount } for  pid=14303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  685.693741][T16278] EXT4-fs (loop5): This should not happen!! Data will be lost
[  685.693741][T16278] 
[  685.727967][T16283] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: block 3: comm syz.5.21294: lblock 3 mapped to illegal pblock 3 (length 5)
[  685.759782][T16283] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 5 with error 117
[  685.790185][T16283] EXT4-fs (loop5): This should not happen!! Data will be lost
[  685.790185][T16283] 
[  685.826983][T13124] EXT4-fs (loop5): unmounting filesystem.
[  685.861477][T16295] netlink: 76 bytes leftover after parsing attributes in process `syz.5.21300'.
[  685.922000][T16297] SELinux: failed to load policy
[  686.243684][T16310] loop5: detected capacity change from 0 to 40427
[  686.252444][T16310] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  686.260410][T16310] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  686.294489][T16310] F2FS-fs (loop5): Found nat_bits in checkpoint
[  686.364227][T16342] xt_bpf: check failed: parse error
[  686.380636][T16310] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  686.390879][T16310] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  686.867747][T16394] bpf setsockopt: ignoring program buffer with optlen=65520 (max_optlen=4096)
[  686.879073][T16395] netlink: 96 bytes leftover after parsing attributes in process `syz.8.21341'.
[  686.953900][T16405] serio: Serial port ptm0
[  686.959428][T16407] netlink: 32 bytes leftover after parsing attributes in process `syz.5.21347'.
[  687.026421][T16423] loop9: detected capacity change from 0 to 1024
[  687.034329][T16423] EXT4-fs: Ignoring removed oldalloc option
[  687.041137][T16423] EXT4-fs: Ignoring removed bh option
[  687.047036][T16423] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  687.077632][T16434] netlink: 16 bytes leftover after parsing attributes in process `syz.8.21368'.
[  687.088163][T16423] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  687.129016][T14303] EXT4-fs (loop9): unmounting filesystem.
[  687.146028][T16443] loop8: detected capacity change from 0 to 512
[  687.152990][T16443] ext4: Unknown parameter 'fsname'
[  687.176073][T16445] loop9: detected capacity change from 0 to 4096
[  687.184092][T16445] EXT4-fs (loop9): Test dummy encryption mode enabled
[  687.193010][T16445] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  687.194029][T16443] netlink: 16 bytes leftover after parsing attributes in process `syz.8.21362'.
[  687.201358][T16445] System zones: 0-5
[  687.215440][T16445] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  687.232269][    T6] kernel write not supported for file bpf-prog (pid: 6 comm: kworker/0:0)
[  687.276525][T14303] EXT4-fs (loop9): unmounting filesystem.
[  687.369408][T16465] device bridge0 entered promiscuous mode
[  687.772689][T16515] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  687.974054][T16518] loop5: detected capacity change from 0 to 40427
[  687.981819][T16518] F2FS-fs (loop5): invalid crc value
[  687.988851][T16518] F2FS-fs (loop5): Found nat_bits in checkpoint
[  688.033026][T16518] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  688.072610][  T304] kworker/u4:3: attempt to access beyond end of device
[  688.072610][  T304] loop5: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  688.087390][T16518] VFS:Filesystem freeze failed
[  688.160084][T16542] loop4: detected capacity change from 0 to 128
[  688.175075][T16542] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  688.202350][T12721] EXT4-fs (loop4): unmounting filesystem.
[  688.389741][T16565] loop5: detected capacity change from 0 to 512
[  688.398774][T16565] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.21414: casefold flag without casefold feature
[  688.412400][T16565] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.21414: couldn't read orphan inode 15 (err -117)
[  688.425433][T16565] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  688.442083][T16565] EXT4-fs error (device loop5): ext4_check_dx_root:2266: inode #2: comm syz.5.21414: Corrupt dir, invalid name_len for '.', running e2fsck is recommended
[  688.467146][T13124] EXT4-fs (loop5): unmounting filesystem.
[  688.642720][T16598] loop9: detected capacity change from 0 to 256
[  688.649387][T16598] exfat: Deprecated parameter 'utf8'
[  688.654778][T16598] exfat: Unknown parameter 'gi'
[  688.731911][T16604] kvm [16603]: vcpu2, guest rIP: 0x9136 ignored wrmsr: 0x11e data 0xc005
[  688.749741][T16604] kvm_set_msr_common: 14 callbacks suppressed
[  688.749765][T16604] kvm [16603]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0x186 data 0x4005
[  688.766954][T16604] kvm [16603]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0x187 data 0x160a
[  688.791830][T16604] kvm [16603]: vcpu2, guest rIP: 0x9136 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x760a, nop
[  688.814418][T16618] netem: change failed
[  689.084049][T16612] loop8: detected capacity change from 0 to 40427
[  689.095160][T16612] F2FS-fs (loop8): fault_type options not supported
[  689.103485][T16612] F2FS-fs (loop8): invalid crc value
[  689.109930][T16612] F2FS-fs (loop8): Found nat_bits in checkpoint
[  689.145692][T16645] loop9: detected capacity change from 0 to 1024
[  689.152297][T16612] F2FS-fs (loop8): Start checkpoint disabled!
[  689.160279][T16612] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  689.194344][T16645] EXT4-fs: Ignoring removed nobh option
[  689.208009][T16645] EXT4-fs: Ignoring removed bh option
[  689.215175][T16645] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  689.262621][T16635] loop5: detected capacity change from 0 to 40427
[  689.270772][T16645] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  689.288272][T16661] IPv6: ADDRCONF(NETDEV_CHANGE): ip6tnl1: link becomes ready
[  689.288385][T16635] F2FS-fs (loop5): invalid crc value
[  689.311398][T14303] EXT4-fs (loop9): unmounting filesystem.
[  689.318312][T16635] F2FS-fs (loop5): Found nat_bits in checkpoint
[  689.344590][  T317] kworker/u4:4: attempt to access beyond end of device
[  689.344590][  T317] loop8: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  689.371603][T16635] F2FS-fs (loop5): Start checkpoint disabled!
[  689.394114][T16635] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  689.466821][T16635] F2FS-fs (loop5): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  689.525649][  T304] kworker/u4:3: attempt to access beyond end of device
[  689.525649][  T304] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  689.672373][T16686] overlayfs: failed to resolve './file0': -2
[  689.683424][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  689.732187][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  689.740540][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  689.762791][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  689.776934][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  689.791628][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  689.804743][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  689.819104][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  689.835660][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  689.933225][T16700] loop4: detected capacity change from 0 to 1024
[  689.976620][T16700] EXT4-fs: Ignoring removed oldalloc option
[  690.006603][T16700] EXT4-fs: Ignoring removed orlov option
[  690.040226][T16700] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  690.089278][T12721] EXT4-fs (loop4): unmounting filesystem.
[  690.273661][T16718] loop4: detected capacity change from 0 to 512
[  690.322386][T16718] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  690.360045][   T28] kauditd_printk_skb: 208 callbacks suppressed
[  690.360062][   T28] audit: type=1400 audit(1956.787:35923): avc:  denied  { mounton } for  pid=16717 comm="syz.4.21474" path="/353/file0/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  690.405590][T16718] overlayfs: failed to resolve './file1': -2
[  690.499251][T12721] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[  690.523446][   T28] audit: type=1400 audit(1956.824:35924): avc:  denied  { read } for  pid=16717 comm="syz.4.21474" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  690.546134][T12721] EXT4-fs (loop4): Remounting filesystem read-only
[  690.569323][   T28] audit: type=1400 audit(1956.871:35925): avc:  denied  { read } for  pid=16717 comm="syz.4.21474" name="file1" dev="overlay" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  690.603412][T12721] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[  690.657810][T12721] EXT4-fs (loop4): Remounting filesystem read-only
[  690.763311][T15954] EXT4-fs (loop4): unmounting filesystem.
[  690.929125][   T28] audit: type=1400 audit(1957.329:35926): avc:  denied  { execmem } for  pid=16736 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  690.990823][   T28] audit: type=1400 audit(1957.376:35927): avc:  denied  { sys_module } for  pid=16742 comm="syz.5.21487" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  691.032930][   T28] audit: type=1400 audit(1957.376:35928): avc:  denied  { module_request } for  pid=16742 comm="syz.5.21487" kmod="tty-ldisc-13" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  691.104850][   T28] audit: type=1400 audit(1957.488:35929): avc:  denied  { mount } for  pid=16748 comm="syz.5.21489" name="/" dev="configfs" ino=14632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  691.134402][   T28] audit: type=1400 audit(1957.507:35930): avc:  denied  { read } for  pid=16750 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  691.184771][   T28] audit: type=1400 audit(1957.507:35931): avc:  denied  { open } for  pid=16750 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  691.211464][   T28] audit: type=1400 audit(1957.507:35932): avc:  denied  { mounton } for  pid=16750 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  691.352830][  T317] device vlan2 left promiscuous mode
[  691.361224][  T317] device dummy0 left promiscuous mode
[  691.368555][  T317] bridge0: port 3(vlan2) entered disabled state
[  691.376956][  T317] device bridge_slave_1 left promiscuous mode
[  691.383514][  T317] bridge0: port 2(bridge_slave_1) entered disabled state
[  691.393610][  T317] device bridge_slave_0 left promiscuous mode
[  691.400768][  T317] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.431198][  T317] device veth1_macvtap left promiscuous mode
[  691.441711][  T317] device veth0_vlan left promiscuous mode
[  691.615865][T16750] bridge0: port 1(bridge_slave_0) entered blocking state
[  691.622970][T16750] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.630345][T16773] loop5: detected capacity change from 0 to 4096
[  691.637690][T16750] device bridge_slave_0 entered promiscuous mode
[  691.646927][T16750] bridge0: port 2(bridge_slave_1) entered blocking state
[  691.654082][T16750] bridge0: port 2(bridge_slave_1) entered disabled state
[  691.662026][   T39] usb 10-1: new low-speed USB device number 20 using dummy_hcd
[  691.666978][T16750] device bridge_slave_1 entered promiscuous mode
[  691.670994][T16773] EXT4-fs (loop5): Test dummy encryption mode enabled
[  691.686734][T16773] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  691.695045][T16773] System zones: 0-5
[  691.707399][T16773] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  691.766768][T13124] EXT4-fs (loop5): unmounting filesystem.
[  691.776898][T16750] bridge0: port 2(bridge_slave_1) entered blocking state
[  691.783969][T16750] bridge0: port 2(bridge_slave_1) entered forwarding state
[  691.791456][T16750] bridge0: port 1(bridge_slave_0) entered blocking state
[  691.798510][T16750] bridge0: port 1(bridge_slave_0) entered forwarding state
[  691.837012][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  691.846473][  T304] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.919109][  T304] bridge0: port 2(bridge_slave_1) entered disabled state
[  691.927059][   T39] usb 10-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  691.936548][   T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.957886][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  691.970866][   T39] usb 10-1: config 0 descriptor??
[  691.978732][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  691.993167][  T304] bridge0: port 1(bridge_slave_0) entered blocking state
[  692.000287][  T304] bridge0: port 1(bridge_slave_0) entered forwarding state
[  692.009548][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  692.018105][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  692.029843][  T304] bridge0: port 2(bridge_slave_1) entered blocking state
[  692.037041][  T304] bridge0: port 2(bridge_slave_1) entered forwarding state
[  692.052232][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  692.060765][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  692.069080][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  692.077537][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  692.103942][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  692.120836][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  692.140764][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  692.151436][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  692.164439][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  692.178369][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  692.191776][T16750] device veth0_vlan entered promiscuous mode
[  692.209881][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  692.221872][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  692.242527][T16750] device veth1_macvtap entered promiscuous mode
[  692.263775][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  692.275458][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  692.294088][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  692.329307][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  692.345139][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  692.417930][  T304] Bluetooth: hci0: Frame reassembly failed (-84)
[  692.875991][T16860] netlink: 96 bytes leftover after parsing attributes in process `syz.2.21537'.
[  692.894593][T16862] loop8: detected capacity change from 0 to 1024
[  692.951283][T16862] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  692.970815][T16870] overlayfs: failed to clone upperpath
[  692.976830][T16862] EXT4-fs error (device loop8): ext4_map_blocks:745: inode #15: block 1: comm syz.8.21538: lblock 1 mapped to illegal pblock 1 (length 3)
[  693.000598][T16862] EXT4-fs error (device loop8): ext4_map_blocks:745: inode #15: block 3: comm syz.8.21538: lblock 3 mapped to illegal pblock 3 (length 1)
[  693.022773][T16862] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  693.047320][T16862] EXT4-fs (loop8): This should not happen!! Data will be lost
[  693.047320][T16862] 
[  693.063749][T16874] EXT4-fs error (device loop8): ext4_map_blocks:635: inode #15: block 3: comm syz.8.21538: lblock 3 mapped to illegal pblock 3 (length 1)
[  693.088661][  T304] EXT4-fs error (device loop8): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:3: lblock 8 mapped to illegal pblock 8 (length 8)
[  693.103569][  T304] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  693.116299][  T304] EXT4-fs (loop8): This should not happen!! Data will be lost
[  693.116299][  T304] 
[  693.127583][ T4872] EXT4-fs (loop8): unmounting filesystem.
[  693.146153][T16822] loop6: detected capacity change from 0 to 131072
[  693.157864][T16822] F2FS-fs (loop6): Test dummy encryption mode enabled
[  693.172118][T16822] F2FS-fs (loop6): invalid crc value
[  693.181882][T16822] F2FS-fs (loop6): Found nat_bits in checkpoint
[  693.242647][T16822] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  693.282191][   T39] asix 10-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  693.293857][   T39] asix 10-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  693.304831][   T39] asix: probe of 10-1:0.0 failed with error -71
[  693.313865][   T39] usb 10-1: USB disconnect, device number 20
[  693.437672][T16895] Invalid ELF header len 8
[  693.452200][  T330] usb 9-1: new high-speed USB device number 40 using dummy_hcd
[  693.669979][  T330] usb 9-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  693.685133][  T330] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.703774][  T330] usb 9-1: config 0 descriptor??
[  693.873404][T16917] device veth1_macvtap left promiscuous mode
[  693.879848][T16917] device macsec0 entered promiscuous mode
[  693.981626][T16929] loop6: detected capacity change from 0 to 1024
[  694.007359][T16929] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  694.021604][T16929] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  694.037806][T16929] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[  694.050366][T16929] EXT4-fs (loop6): This should not happen!! Data will be lost
[  694.050366][T16929] 
[  694.060566][T16929] EXT4-fs (loop6): Total free blocks count 0
[  694.067133][T16929] EXT4-fs (loop6): Free/Dirty block details
[  694.073698][T16929] EXT4-fs (loop6): free_blocks=4293918720
[  694.079551][T16929] EXT4-fs (loop6): dirty_blocks=16
[  694.084886][T16929] EXT4-fs (loop6): Block reservation details
[  694.091003][T16929] EXT4-fs (loop6): i_reserved_data_blocks=1
[  694.094977][T16939] loop9: detected capacity change from 0 to 512
[  694.103589][T16939] EXT4-fs: Ignoring removed mblk_io_submit option
[  694.111910][T16939] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  694.123676][T16939] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  694.134966][T16750] EXT4-fs (loop6): unmounting filesystem.
[  694.135639][T16939] EXT4-fs (loop9): 1 truncate cleaned up
[  694.146739][T16939] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  694.185952][T14303] EXT4-fs (loop9): unmounting filesystem.
[  694.429408][  T330] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  694.446371][  T330] asix: probe of 9-1:0.0 failed with error -71
[  694.456863][  T330] usb 9-1: USB disconnect, device number 40
[  694.506107][T16974] loop9: detected capacity change from 0 to 512
[  694.513541][T16974] EXT4-fs (loop9): can't mount with data_err=abort, fs mounted w/o journal
[  694.615064][T16984] netlink: 12 bytes leftover after parsing attributes in process `syz.9.21590'.
[  694.624591][T13353] Bluetooth: hci0: command 0x1003 tx timeout
[  694.633352][ T7109] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  694.669582][T16988] serio: Serial port ptm0
[  694.868299][T17004] loop5: detected capacity change from 0 to 40427
[  694.875478][T17004] F2FS-fs (loop5): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  694.883255][T17004] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  694.891812][T17004] F2FS-fs (loop5): fault_injection options not supported
[  694.899855][T17004] F2FS-fs (loop5): invalid crc value
[  694.906322][T17004] F2FS-fs (loop5): Found nat_bits in checkpoint
[  694.935756][T17004] F2FS-fs (loop5): Start checkpoint disabled!
[  694.942882][T17004] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  694.950163][T17004] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  695.031453][T17016] syz.5.21600: attempt to access beyond end of device
[  695.031453][T17016] loop5: rw=10241, sector=53248, nr_sectors = 8 limit=40427
[  695.071304][    T8] kworker/u4:0: attempt to access beyond end of device
[  695.071304][    T8] loop5: rw=1, sector=53248, nr_sectors = 8 limit=40427
[  695.085941][    T8] kworker/u4:0: attempt to access beyond end of device
[  695.085941][    T8] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  695.167462][T17024] loop5: detected capacity change from 0 to 512
[  695.174717][T17024] EXT4-fs (loop5): Test dummy encryption mode enabled
[  695.183405][T17024] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  695.193417][T17024] EXT4-fs (loop5): unmounting filesystem.
[  695.393780][T17032] loop8: detected capacity change from 0 to 40427
[  695.400890][T17032] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  695.408975][T17032] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  695.419717][T17032] F2FS-fs (loop8): Found nat_bits in checkpoint
[  695.449373][T17032] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  695.456686][T17032] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  695.536732][  T330] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  695.606027][T17041] loop9: detected capacity change from 0 to 128
[  695.622839][T17041] EXT4-fs: Ignoring removed nomblk_io_submit option
[  695.629685][T17041] EXT4-fs: Ignoring removed nomblk_io_submit option
[  695.637095][T17041] EXT4-fs (loop9): Test dummy encryption mode enabled
[  695.646042][T17041] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  695.668532][T14303] EXT4-fs (loop9): unmounting filesystem.
[  695.750590][  T330] usb 6-1: Using ep0 maxpacket: 16
[  695.761119][   T28] kauditd_printk_skb: 47 callbacks suppressed
[  695.761148][   T28] audit: type=1400 audit(1961.838:35980): avc:  denied  { watch watch_reads } for  pid=17060 comm="syz.8.21621" path="/1036" dev="tmpfs" ino=5443 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  695.767404][  T330] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  695.825373][  T330] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  695.835194][  T330] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  695.860248][  T330] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  695.872672][  T330] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.882332][  T330] usb 6-1: config 0 descriptor??
[  696.035303][T17071] netlink: 56 bytes leftover after parsing attributes in process `syz.9.21625'.
[  696.178603][   T28] audit: type=1326 audit(1962.231:35981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17076 comm="syz.8.21628" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0f60b8e9a9 code=0x0
[  696.201514][   T28] audit: type=1400 audit(1962.231:35982): avc:  denied  { mount } for  pid=17078 comm="syz.9.21629" name="/" dev="pstore" ino=14783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  696.224561][   T28] audit: type=1400 audit(1962.231:35983): avc:  denied  { watch } for  pid=17078 comm="syz.9.21629" path="/261/file0" dev="pstore" ino=14783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=dir permissive=1
[  696.247179][   T28] audit: type=1400 audit(1962.259:35984): avc:  denied  { unmount } for  pid=14303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  696.249060][T17083] xt_CT: You must specify a L4 protocol and not use inversions on it
[  696.321224][  T330] HID 045e:07da: Invalid code 65791 type 1
[  696.333359][  T330] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0070/input/input111
[  696.345810][   T28] audit: type=1400 audit(1962.380:35985): avc:  denied  { read } for  pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=1067 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  696.346505][  T330] microsoft 0003:045E:07DA.0070: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  696.368260][   T28] audit: type=1400 audit(1962.380:35986): avc:  denied  { open } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1067 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  696.413791][   T28] audit: type=1400 audit(1962.455:35987): avc:  denied  { ioctl } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1067 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  696.555332][  T330] usb 6-1: USB disconnect, device number 19
acpid: input device has been disconnected, fd 3
[  696.637995][T10340] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[  696.830330][T10340] usb 10-1: Using ep0 maxpacket: 16
[  696.836795][T10340] usb 10-1: config 0 has no interfaces?
[  696.843241][T10340] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  696.852534][T10340] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  696.860634][T10340] usb 10-1: SerialNumber: syz
[  696.866349][T10340] usb 10-1: config 0 descriptor??
[  697.090166][   T28] audit: type=1400 audit(1963.082:35988): avc:  denied  { mounton } for  pid=17089 comm="syz.9.21634" path="/proc/567/task" dev="proc" ino=225976 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  697.096155][  T330] usb 10-1: USB disconnect, device number 21
[  697.131944][   T28] audit: type=1400 audit(1963.119:35989): avc:  denied  { create } for  pid=17106 comm="syz.8.21642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  697.177118][T17119] loop5: detected capacity change from 0 to 512
[  697.196652][T17119] EXT4-fs error (device loop5): ext4_ext_check_inode:520: inode #3: comm syz.5.21648: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  697.215911][T17119] EXT4-fs error (device loop5): ext4_quota_enable:7012: comm syz.5.21648: Bad quota inode: 3, type: 0
[  697.224454][T17125] netlink: 96 bytes leftover after parsing attributes in process `syz.8.21650'.
[  697.227472][T17119] EXT4-fs warning (device loop5): ext4_enable_quotas:7053: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  697.252002][T17119] EXT4-fs (loop5): mount failed
[  697.557354][T10340] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[  697.703220][T17182] loop6: detected capacity change from 0 to 4096
[  697.710622][T17182] EXT4-fs (loop6): Test dummy encryption mode enabled
[  697.718599][T17182] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  697.726891][T17182] System zones: 0-5
[  697.734668][T17182] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  697.749725][T10340] usb 9-1: Using ep0 maxpacket: 32
[  697.756534][T10340] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  697.767947][T10340] usb 9-1: config 0 has no interface number 0
[  697.776863][T10340] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  697.786576][T10340] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.795065][T10340] usb 9-1: Product: syz
[  697.799562][T10340] usb 9-1: Manufacturer: syz
[  697.804290][T10340] usb 9-1: SerialNumber: syz
[  697.809770][T10340] usb 9-1: config 0 descriptor??
[  697.813640][T16750] EXT4-fs (loop6): unmounting filesystem.
[  697.815791][T10340] smsc95xx v2.0.0
[  697.890162][T17199] loop6: detected capacity change from 0 to 1024
[  697.896994][T17199] EXT4-fs: Ignoring removed nobh option
[  697.903943][T17199] EXT4-fs: Ignoring removed bh option
[  697.919668][T17199] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  697.947736][T17199] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  698.044812][T16750] EXT4-fs (loop6): unmounting filesystem.
[  698.141211][T17211] syz.2.21689[17211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  698.141311][T17211] syz.2.21689[17211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  698.245548][T10340] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  698.300116][T10340] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  698.427068][T17217] loop9: detected capacity change from 0 to 32768
[  698.562245][T15037] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  698.638267][T17239] loop9: detected capacity change from 0 to 128
[  698.645510][T17239] EXT4-fs (loop9): Test dummy encryption mode enabled
[  698.673480][T17239] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  698.713190][T14303] EXT4-fs (loop9): unmounting filesystem.
[  698.738463][T10340] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  698.755766][T10340] smsc95xx: probe of 9-1:0.67 failed with error -71
[  698.766480][T10340] usb 9-1: USB disconnect, device number 41
[  698.769203][T15037] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  698.794461][T15037] usb 6-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  698.825842][T15037] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  698.841624][T15037] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  698.861576][T15037] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.880532][T15037] usb 6-1: Product: syz
[  698.884839][T15037] usb 6-1: Manufacturer: syz
[  698.889475][T15037] usb 6-1: SerialNumber: syz
[  699.324658][T17267] kvm [17266]: vcpu1, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010002 data 0x18
[  699.354954][T17274] loop6: detected capacity change from 0 to 128
[  699.374727][T10340] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  699.387487][T17274] FAT-fs (loop6): error, invalid FAT chain (i_pos 548, last_block 8)
[  699.396097][T17274] FAT-fs (loop6): Filesystem has been set read-only
[  699.403160][T17274] FAT-fs (loop6): error, corrupted file size (i_pos 548, 522)
[  699.413735][T17274] FAT-fs (loop6): error, corrupted file size (i_pos 548, 522)
[  699.449030][T17278] loop7: detected capacity change from 0 to 7
[  699.568597][T10340] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.580013][T10340] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  699.590116][T10340] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  699.603590][T10340] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  699.613230][T10340] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.623634][T10340] usb 10-1: config 0 descriptor??
[  699.676626][  T317] Bluetooth: hci0: Frame reassembly failed (-84)
[  700.059862][T10340] plantronics 0003:047F:FFFF.0071: No inputs registered, leaving
[  700.069022][T10340] plantronics 0003:047F:FFFF.0071: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  700.191454][T15037] cdc_ncm 6-1:1.0: bind() failure
[  700.197511][T15037] cdc_ncm: probe of 6-1:1.1 failed with error -71
[  700.204509][T15037] cdc_mbim: probe of 6-1:1.1 failed with error -71
[  700.212218][T15037] usb 6-1: USB disconnect, device number 20
[  700.403020][T10340] usb 10-1: USB disconnect, device number 22
[  701.016714][T17343] Invalid ELF header magic: != ELF
[  701.129570][T17352] loop5: detected capacity change from 0 to 128
[  701.144602][   T28] kauditd_printk_skb: 38 callbacks suppressed
[  701.144619][   T28] audit: type=1400 audit(1966.870:36028): avc:  denied  { mounton } for  pid=17351 comm="syz.5.21752" path="/335/file0/file0/file3" dev="loop5" ino=1049703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[  701.189272][   T28] audit: type=1400 audit(1966.917:36029): avc:  denied  { create } for  pid=17351 comm="syz.5.21752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  701.250212][T17363] binder: 17362:17363 ioctl 4018620d 0 returned -22
[  701.257657][T17363] binder: 17362:17363 ioctl c018620c 0 returned -14
[  701.342578][   T28] audit: type=1400 audit(1967.067:36030): avc:  denied  { mount } for  pid=17373 comm="syz.2.21762" name="/" dev="ramfs" ino=227433 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  701.406608][   T28] audit: type=1400 audit(1967.123:36031): avc:  denied  { create } for  pid=17382 comm="syz.5.21766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  701.553792][   T28] audit: type=1400 audit(1967.254:36032): avc:  denied  { bind } for  pid=17389 comm="syz.2.21769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  701.573359][   T28] audit: type=1400 audit(1967.254:36033): avc:  denied  { name_bind } for  pid=17389 comm="syz.2.21769" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  701.594294][T10340] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[  701.597729][   T28] audit: type=1400 audit(1967.254:36034): avc:  denied  { node_bind } for  pid=17389 comm="syz.2.21769" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  701.626248][T17394] xt_hashlimit: size too large, truncated to 1048576
[  701.726620][  T330] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  701.822829][T10340] usb 10-1: Using ep0 maxpacket: 16
[  701.836466][T10340] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  701.851410][T10340] usb 10-1: config 0 interface 0 has no altsetting 0
[  701.858604][T10340] usb 10-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  701.867966][T10340] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.877078][T10340] usb 10-1: config 0 descriptor??
[  701.887027][T13353] Bluetooth: hci0: command 0x1003 tx timeout
[  701.893205][ T7109] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  701.915323][   T28] audit: type=1400 audit(1967.590:36035): avc:  denied  { read write } for  pid=17414 comm="syz.6.21782" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  701.938812][  T330] usb 6-1: Using ep0 maxpacket: 16
[  701.946034][  T330] usb 6-1: config 0 has no interfaces?
[  701.955523][  T330] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  701.964875][  T330] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.975010][   T28] audit: type=1400 audit(1967.628:36036): avc:  denied  { open } for  pid=17414 comm="syz.6.21782" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  701.975235][  T330] usb 6-1: config 0 descriptor??
[  702.003951][   T28] audit: type=1400 audit(1967.637:36037): avc:  denied  { ioctl } for  pid=17414 comm="syz.6.21782" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  702.092348][T17424] loop8: detected capacity change from 0 to 8192
[  702.220604][  T330] usb 6-1: USB disconnect, device number 21
[  702.247325][T17427] loop6: detected capacity change from 0 to 40427
[  702.261133][T17427] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  702.269479][T17427] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  702.298950][T17441] loop8: detected capacity change from 0 to 256
[  702.306421][T17441] exfat: Deprecated parameter 'namecase'
[  702.312183][T17427] F2FS-fs (loop6): Found nat_bits in checkpoint
[  702.321197][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.330959][T17441] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  702.343559][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.354174][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.368087][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.382289][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.397903][T17427] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  702.397936][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.408429][T17427] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  702.422368][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.430070][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.437688][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.446588][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.454350][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.462199][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.470007][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.477599][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.486210][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.493886][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.501609][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.509422][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.517006][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x4
[  702.524820][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.532951][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.540690][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.548329][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.555989][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.563559][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.571271][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.578773][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.586655][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.593170][T17434] overlayfs: failed to clone upperpath
[  702.594741][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.607365][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.614883][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.622307][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.629767][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.637602][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.645374][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.653019][T10340] hid-generic 0003:060B:500A.0072: unknown main item tag 0x0
[  702.660670][T10340] hid-generic 0003:060B:500A.0072: unexpected long global item
[  702.669004][T10340] hid-generic: probe of 0003:060B:500A.0072 failed with error -22
[  702.679397][T10340] usb 10-1: USB disconnect, device number 23
[  703.012030][T17490] netlink: 'syz.8.21812': attribute type 4 has an invalid length.
[  703.048486][T17490] netlink: 'syz.8.21812': attribute type 4 has an invalid length.
[  703.136505][T17512] loop9: detected capacity change from 0 to 1024
[  703.170502][T17512] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  703.183073][T17512] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:3841: comm syz.9.21823: Allocating blocks 465-513 which overlap fs metadata
[  703.199295][T17512] EXT4-fs (loop9): pa ffff8881328a4498: logic 256, phys. 369, len 9
[  703.207611][T17512] EXT4-fs error (device loop9): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 3
[  703.218469][T17512] EXT4-fs error (device loop9): mb_free_blocks:1815: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt.
[  703.241831][T14303] EXT4-fs (loop9): unmounting filesystem.
[  703.262395][  T317] Bluetooth: hci0: Frame reassembly failed (-84)
[  703.269379][T17528] loop5: detected capacity change from 0 to 128
[  703.276307][T17528] EXT4-fs: Ignoring removed nobh option
[  703.284791][T17528] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  703.305333][T13124] EXT4-fs (loop5): unmounting filesystem.
[  703.520522][T17554] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  703.813299][T17570] loop5: detected capacity change from 0 to 40427
[  703.820397][T17570] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  703.828192][T17570] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  703.839111][T17570] F2FS-fs (loop5): Found nat_bits in checkpoint
[  703.871734][T17570] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  703.879087][T17570] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  704.474077][  T330] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  704.667654][  T330] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  704.676431][  T330] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  704.689039][  T330] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  704.700288][  T330] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  704.710135][  T330] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  704.719974][  T330] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  704.748247][T17603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21859'.
[  704.757488][  T330] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  704.773545][  T330] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.791836][  T330] usb 6-1: Product: syz
[  704.796349][  T330] usb 6-1: Manufacturer: syz
[  704.807069][  T330] usb 6-1: SerialNumber: syz
[  705.479148][ T7109] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  705.480353][T13353] Bluetooth: hci0: command 0x1003 tx timeout
[  706.016399][T17633] xt_NFQUEUE: number of total queues is 0
[  706.312950][   T39] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  706.512447][  T330] cdc_ncm 6-1:1.0: bind() failure
[  706.517765][   T39] usb 10-1: Using ep0 maxpacket: 16
[  706.523744][  T330] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  706.530677][  T330] cdc_ncm 6-1:1.1: bind() failure
[  706.536826][   T39] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  706.547658][   T39] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  706.558281][   T39] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  706.567632][   T39] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.575951][   T39] usb 10-1: Product: syz
[  706.580280][   T39] usb 10-1: Manufacturer: syz
[  706.585297][   T39] usb 10-1: SerialNumber: syz
[  706.733715][T10340] usb 6-1: USB disconnect, device number 22
[  707.023164][   T39] usb 10-1: 0:2 : does not exist
[  707.048304][   T28] kauditd_printk_skb: 11 callbacks suppressed
[  707.048322][   T28] audit: type=1400 audit(1972.398:36049): avc:  denied  { unmount } for  pid=16750 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  707.091275][T17664] overlayfs: failed to clone upperpath
[  707.158157][   T28] audit: type=1400 audit(1972.501:36050): avc:  denied  { read } for  pid=17675 comm="syz.6.21891" name="cgroup.procs" dev="cgroup" ino=369 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object"
[  707.202848][T17680] netlink: 4 bytes leftover after parsing attributes in process `syz.6.21893'.
[  707.212989][T17680] device veth1_macvtap left promiscuous mode
[  707.275553][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  707.285244][   T28] audit: type=1326 audit(1972.614:36051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17689 comm="syz.8.21898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f60b8e9a9 code=0x7ffc0000
[  707.309339][   T28] audit: type=1326 audit(1972.642:36052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17689 comm="syz.8.21898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f60b8e9a9 code=0x7ffc0000
[  707.359693][   T28] audit: type=1326 audit(1972.660:36053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17689 comm="syz.8.21898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f0f60b8e9a9 code=0x7ffc0000
[  707.384309][   T28] audit: type=1326 audit(1972.660:36054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17689 comm="syz.8.21898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f60b8e9a9 code=0x7ffc0000
[  707.416431][   T28] audit: type=1326 audit(1972.660:36055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17689 comm="syz.8.21898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f60b8e9a9 code=0x7ffc0000
[  707.600662][T17722] loop6: detected capacity change from 0 to 1024
[  707.629013][T17722] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  707.682236][   T39] usb 10-1: USB disconnect, device number 24
[  707.708202][T16750] EXT4-fs (loop6): unmounting filesystem.
[  707.861104][T17746] loop5: detected capacity change from 0 to 512
[  707.907974][T17746] EXT4-fs (loop5): 1 orphan inode deleted
[  707.924704][T17746] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  707.933938][  T317] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  707.946271][  T317] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:4: Failed to release dquot type 1
[  707.960061][   T28] audit: type=1400 audit(1973.250:36056): avc:  denied  { mount } for  pid=17753 comm="syz.2.21926" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  707.969005][T17743] loop6: detected capacity change from 0 to 40427
[  707.991439][T17743] F2FS-fs (loop6): Wrong SIT boundary, start(1536) end(2560) blocks(3072)
[  708.000439][T17743] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  708.009259][  T330] usb 9-1: new high-speed USB device number 42 using dummy_hcd
[  708.019213][T17743] F2FS-fs (loop6): quotafile must be on filesystem root
[  708.024555][T13124] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /376/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.048135][T13124] EXT4-fs error (device loop5): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.067281][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.079213][T13124] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /376/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.104222][T13124] EXT4-fs error (device loop5): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.123402][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.145820][T13124] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /376/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.193399][T13124] EXT4-fs error (device loop5): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.212524][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.217015][  T330] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  708.224862][T13124] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /376/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.256479][  T330] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  708.256509][  T330] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.269497][  T330] usb 9-1: config 0 descriptor??
[  708.290036][T13124] EXT4-fs error (device loop5): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.323365][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.355151][T13124] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /376/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1
[  708.367900][   T28] audit: type=1400 audit(1973.624:36057): avc:  denied  { getopt } for  pid=17772 comm="syz.6.21936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  708.396055][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.420027][T17777] netlink: 24 bytes leftover after parsing attributes in process `syz.6.21937'.
[  708.423369][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.454808][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.468021][T17779] netlink: 224 bytes leftover after parsing attributes in process `syz.2.21939'.
[  708.468188][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.489543][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.498509][T17779] netlink: 224 bytes leftover after parsing attributes in process `syz.2.21939'.
[  708.501596][T13124] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  708.525907][T17779] netlink: 38 bytes leftover after parsing attributes in process `syz.2.21939'.
[  708.625595][T13124] EXT4-fs (loop5): unmounting filesystem.
[  708.632364][   T10] tipc: Left network mode
[  708.726634][  T330] keytouch 0003:0926:3333.0073: fixing up Keytouch IEC report descriptor
[  708.741706][  T330] input: HID 0926:3333 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0926:3333.0073/input/input112
[  708.838385][  T330] keytouch 0003:0926:3333.0073: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.8-1/input0
[  708.996735][T17804] bridge0: port 1(bridge_slave_0) entered blocking state
[  709.004173][T17804] bridge0: port 1(bridge_slave_0) entered disabled state
[  709.012367][T17804] device bridge_slave_0 entered promiscuous mode
[  709.020305][T17804] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.027426][T17804] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.035473][T17804] device bridge_slave_1 entered promiscuous mode
[  709.058338][T17819] loop9: detected capacity change from 0 to 2048
[  709.072546][T17819] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  709.087053][T17819] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  709.114729][T14303] EXT4-fs (loop9): unmounting filesystem.
[  709.184238][T17804] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.191359][T17804] bridge0: port 2(bridge_slave_1) entered forwarding state
[  709.198675][T17804] bridge0: port 1(bridge_slave_0) entered blocking state
[  709.205846][T17804] bridge0: port 1(bridge_slave_0) entered forwarding state
[  709.216545][   T10] device bridge_slave_1 left promiscuous mode
[  709.223594][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.231549][   T10] device bridge_slave_0 left promiscuous mode
[  709.237778][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  709.246512][   T10] device veth1_macvtap left promiscuous mode
[  709.252598][   T10] device veth0_vlan left promiscuous mode
acpid: input layer read error: Resource temporarily unavailable (11)
[  709.425991][  T304] bridge0: port 1(bridge_slave_0) entered disabled state
[  709.450315][  T304] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.523704][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  709.533083][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  709.564526][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  709.574625][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  709.583970][  T304] bridge0: port 1(bridge_slave_0) entered blocking state
[  709.591273][  T304] bridge0: port 1(bridge_slave_0) entered forwarding state
[  709.598944][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  709.607632][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  709.616473][  T304] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.623568][  T304] bridge0: port 2(bridge_slave_1) entered forwarding state
[  709.632081][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  709.640529][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  709.648858][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  709.658930][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  709.670956][T17845] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  709.693145][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  709.723198][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  709.738837][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  709.756100][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  709.764717][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  709.773380][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  709.781908][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  709.790568][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  709.799148][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  709.806906][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  709.838362][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  709.848371][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  709.870175][T17804] device veth0_vlan entered promiscuous mode
[  709.883336][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  709.898401][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  709.908673][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  709.916779][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  709.931419][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  709.948223][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  709.982031][T17804] device veth1_macvtap entered promiscuous mode
[  710.001512][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  710.009926][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  710.019727][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  710.039373][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  710.048372][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  710.069611][T17872] netlink: 28 bytes leftover after parsing attributes in process `syz.2.21988'.
[  710.079145][T17872] netlink: 28 bytes leftover after parsing attributes in process `syz.2.21988'.
[  710.282563][T17901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.21991'.
[  710.305811][T17901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.21991'.
[  710.474267][T17931] netlink: 28 bytes leftover after parsing attributes in process `syz.9.22004'.
[  710.483782][T17931] netlink: 28 bytes leftover after parsing attributes in process `syz.9.22004'.
[  710.573150][T17940] loop9: detected capacity change from 0 to 512
[  710.591092][T17940] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  710.641599][T14303] EXT4-fs (loop9): unmounting filesystem.
[  710.728158][    T6] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  710.922105][    T6] usb 4-1: unable to get BOS descriptor or descriptor too short
[  710.936321][  T827] usb 9-1: USB disconnect, device number 42
[  710.943133][    T6] usb 4-1: config 1 has an invalid interface number: 38 but max is 0
[  710.951457][    T6] usb 4-1: config 1 has no interface number 0
acpid: input device has been disconnected, fd 3
[  710.977279][    T6] usb 4-1: config 1 interface 38 has no altsetting 0
[  710.994789][    T6] usb 4-1: string descriptor 0 read error: -22
[  711.001356][    T6] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=fd.63
[  711.011249][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.028697][    T6] snd-usb-audio: probe of 4-1:1.38 failed with error -22
[  711.118308][T17979] incfs_lookup_dentry err:-13
[  711.228654][T17998] loop8: detected capacity change from 0 to 128
[  711.243299][  T287] usb 4-1: USB disconnect, device number 41
[  711.255040][T17998] syz.8.22034: attempt to access beyond end of device
[  711.255040][T17998] loop8: rw=2049, sector=145, nr_sectors = 8 limit=128
[  711.355655][  T304] kworker/u4:3: attempt to access beyond end of device
[  711.355655][  T304] loop8: rw=1, sector=153, nr_sectors = 888 limit=128
[  712.079762][T18041] serio: Serial port ptm0
[  712.235731][T18047] loop9: detected capacity change from 0 to 16
[  712.243243][T18047] erofs: (device loop9): z_erofs_parse_cfgs: algorithm 1 isn't enabled on this kernel
[  712.630393][T18063] loop8: detected capacity change from 0 to 4096
[  712.639709][T18063] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  712.662011][ T4872] EXT4-fs (loop8): unmounting filesystem.
[  712.680034][T18061] loop9: detected capacity change from 0 to 40427
[  712.687209][T18061] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  712.695394][T18061] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  712.704999][T18061] F2FS-fs (loop9): invalid crc value
[  712.712498][T18061] F2FS-fs (loop9): Found nat_bits in checkpoint
[  712.756892][T18061] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  712.764256][T18061] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  712.798483][T18061] syz.9.22061: attempt to access beyond end of device
[  712.798483][T18061] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  712.814244][T18061] syz.9.22061: attempt to access beyond end of device
[  712.814244][T18061] loop9: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  712.837495][T18067] loop8: detected capacity change from 0 to 40427
[  712.844875][T18067] F2FS-fs (loop8): fault_injection options not supported
[  712.852017][T18067] F2FS-fs (loop8): fault_type options not supported
[  712.859490][T18067] F2FS-fs (loop8): invalid crc value
[  712.864240][  T304] kworker/u4:3: attempt to access beyond end of device
[  712.864240][  T304] loop9: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  712.866690][T18067] F2FS-fs (loop8): Found nat_bits in checkpoint
[  712.881719][T14303] syz-executor: attempt to access beyond end of device
[  712.881719][T14303] loop9: rw=2051, sector=45104, nr_sectors = 8 limit=40427
[  712.899282][T14303] F2FS-fs (loop9): Issue discard(5638, 5638, 1) failed, ret: -5
[  712.921172][T18067] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  712.978304][ T4872] syz-executor: attempt to access beyond end of device
[  712.978304][ T4872] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  713.035664][T18081] xt_hashlimit: size too large, truncated to 1048576
[  713.408393][   T28] kauditd_printk_skb: 114 callbacks suppressed
[  713.408411][   T28] audit: type=1400 audit(1978.348:36069): avc:  denied  { ioctl } for  pid=18100 comm="syz.3.22076" path="/dev/usbmon6" dev="devtmpfs" ino=177 ioctlcmd=0x920a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  713.464733][T18106] netlink: 24 bytes leftover after parsing attributes in process `syz.6.22077'.
[  713.490017][T18106] netlink: 24 bytes leftover after parsing attributes in process `syz.6.22077'.
[  713.693300][T18125] syz.3.22085[18125] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  713.693392][T18125] syz.3.22085[18125] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  713.707095][T18125] syz.3.22085[18125] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  713.719246][T18125] syz.3.22085[18125] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  713.747608][T18123] loop6: detected capacity change from 0 to 40427
[  713.768098][T18123] F2FS-fs (loop6): invalid crc value
[  713.777035][T18123] F2FS-fs (loop6): Found nat_bits in checkpoint
[  713.822713][T18123] F2FS-fs (loop6): Start checkpoint disabled!
[  713.836648][T18123] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  713.874989][T18129] loop3: detected capacity change from 0 to 4096
[  713.894027][T18129] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  713.946564][T17804] EXT4-fs (loop3): unmounting filesystem.
[  713.973937][T18135] loop6: detected capacity change from 0 to 2048
[  714.003985][T18135] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  714.018023][T18145] loop9: detected capacity change from 0 to 512
[  714.028945][   T28] audit: type=1400 audit(1978.927:36070): avc:  denied  { mount } for  pid=18134 comm="syz.6.22088" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  714.036130][T18145] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  714.051629][   T28] audit: type=1400 audit(1978.927:36071): avc:  denied  { mounton } for  pid=18134 comm="syz.6.22088" path="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  714.084446][   T28] audit: type=1400 audit(1978.927:36072): avc:  denied  { mounton } for  pid=18134 comm="syz.6.22088" path="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  714.110746][   T28] audit: type=1400 audit(1978.927:36073): avc:  denied  { unmount } for  pid=16750 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  714.111827][T17782] EXT4-fs (loop6): unmounting filesystem.
[  714.131626][   T28] audit: type=1400 audit(1978.984:36074): avc:  denied  { unmount } for  pid=16750 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  714.157990][T18145] EXT4-fs error (device loop9): ext4_find_inline_data_nolock:164: inode #17: comm syz.9.22092: inline data xattr refers to an external xattr inode
[  714.173617][T18145] EXT4-fs error (device loop9): ext4_orphan_get:1405: comm syz.9.22092: couldn't read orphan inode 17 (err -117)
[  714.186085][T18145] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  714.209768][T14303] VFS: Lookup of '.' in ext4 loop9 would have caused loop
[  714.218523][T14303] VFS: Lookup of '.' in ext4 loop9 would have caused loop
[  714.219013][T18150] netlink: 88 bytes leftover after parsing attributes in process `syz.2.22095'.
[  714.235317][T18150] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22095'.
[  714.239049][T14303] EXT4-fs (loop9): unmounting filesystem.
[  714.375652][T18157] loop3: detected capacity change from 0 to 256
[  714.389330][T18161] loop8: detected capacity change from 0 to 1024
[  714.389664][T18157] FAT-fs (loop3): Directory bread(block 64) failed
[  714.404125][T18157] FAT-fs (loop3): Directory bread(block 65) failed
[  714.410979][T18157] FAT-fs (loop3): Directory bread(block 66) failed
[  714.418024][T18157] FAT-fs (loop3): Directory bread(block 67) failed
[  714.432450][T18157] FAT-fs (loop3): Directory bread(block 68) failed
[  714.447275][T18157] FAT-fs (loop3): Directory bread(block 69) failed
[  714.457419][T18157] FAT-fs (loop3): Directory bread(block 70) failed
[  714.470334][T18157] FAT-fs (loop3): Directory bread(block 71) failed
[  714.477290][T18157] FAT-fs (loop3): Directory bread(block 72) failed
[  714.477897][T18161] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  714.484036][T18157] FAT-fs (loop3): Directory bread(block 73) failed
[  714.505854][   T28] audit: type=1400 audit(1979.376:36075): avc:  denied  { map } for  pid=18160 comm="syz.8.22103" path="/1112/file1/file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  714.562747][   T28] audit: type=1400 audit(1979.405:36076): avc:  denied  { execute } for  pid=18160 comm="syz.8.22103" path="/1112/file1/file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  714.586330][  T304] EXT4-fs error (device loop8): ext4_map_blocks:745: inode #15: block 1: comm kworker/u4:3: lblock 1 mapped to illegal pblock 1 (length 3)
[  714.619086][  T304] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117
[  714.632066][  T304] EXT4-fs (loop8): This should not happen!! Data will be lost
[  714.632066][  T304] 
[  714.644298][ T4872] EXT4-fs (loop8): unmounting filesystem.
[  714.668536][T18171] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.676442][T18171] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.684377][T18171] device bridge_slave_0 entered promiscuous mode
[  714.712757][T18171] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.727272][T18171] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.738779][T18171] device bridge_slave_1 entered promiscuous mode
[  714.755137][T18191] SELinux:  unknown common 
[  714.761559][   T28] audit: type=1400 audit(1979.601:36077): avc:  denied  { load_policy } for  pid=18190 comm="syz.8.22115" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  714.761712][T18191] SELinux: failed to load policy
[  714.864934][T18173] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.871081][   T28] audit: type=1400 audit(1979.713:36078): avc:  denied  { write } for  pid=18203 comm="syz.8.22119" path="socket:[230248]" dev="sockfs" ino=230248 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  714.872696][T18173] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.897869][T18204] loop8: detected capacity change from 0 to 16
[  714.904087][T18173] device bridge_slave_0 entered promiscuous mode
[  714.917807][T18204] erofs: (device loop8): z_erofs_parse_cfgs: algorithm 1 isn't enabled on this kernel
[  714.930061][T18173] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.937341][T18173] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.945148][T18173] device bridge_slave_1 entered promiscuous mode
[  715.041194][T18171] bridge0: port 2(bridge_slave_1) entered blocking state
[  715.048674][T18171] bridge0: port 2(bridge_slave_1) entered forwarding state
[  715.124431][  T317] bridge0: port 2(bridge_slave_1) entered disabled state
[  715.134926][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  715.142707][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  715.153264][T18220] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22124'.
[  715.175702][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  715.184127][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  715.192463][  T317] bridge0: port 1(bridge_slave_0) entered blocking state
[  715.199624][  T317] bridge0: port 1(bridge_slave_0) entered forwarding state
[  715.207235][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  715.215736][  T317] bridge0: port 2(bridge_slave_1) entered blocking state
[  715.222886][  T317] bridge0: port 2(bridge_slave_1) entered forwarding state
[  715.246130][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  715.261357][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  715.276364][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  715.297041][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  715.305557][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  715.313183][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  715.323191][T18171] device veth0_vlan entered promiscuous mode
[  715.337782][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  715.353118][T18171] device veth1_macvtap entered promiscuous mode
[  715.361903][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  715.371458][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  715.380220][  T317] bridge0: port 1(bridge_slave_0) entered blocking state
[  715.387474][  T317] bridge0: port 1(bridge_slave_0) entered forwarding state
[  715.395992][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  715.405873][    T8] device bridge_slave_1 left promiscuous mode
[  715.412148][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  715.419817][    T8] device bridge_slave_0 left promiscuous mode
[  715.426434][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.435211][    T8] device bridge_slave_1 left promiscuous mode
[  715.441494][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  715.449283][    T8] device bridge_slave_0 left promiscuous mode
[  715.455640][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.464683][    T8] device veth0_vlan left promiscuous mode
[  715.471024][    T8] device veth0_vlan left promiscuous mode
[  715.678809][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  715.687406][  T317] bridge0: port 2(bridge_slave_1) entered blocking state
[  715.694774][  T317] bridge0: port 2(bridge_slave_1) entered forwarding state
[  715.702682][T18233] netlink: 'syz.3.22131': attribute type 4 has an invalid length.
[  715.726778][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  715.735939][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  715.746789][T18233] netlink: 'syz.3.22131': attribute type 4 has an invalid length.
[  715.759713][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  715.769800][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  715.819322][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  715.831125][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  715.845168][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  715.862001][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  715.890701][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  715.903988][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  715.920056][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  715.933904][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  715.950713][T18173] device veth0_vlan entered promiscuous mode
[  715.970571][T18244] SELinux: security policydb version 18 (MLS) not backwards compatible
[  715.992397][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  716.004624][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  716.017778][T18244] SELinux: failed to load policy
[  716.025781][T18173] device veth1_macvtap entered promiscuous mode
[  716.061288][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  716.080369][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  716.101896][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  716.128223][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  716.147681][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  716.509377][  T317] Bluetooth: hci0: Frame reassembly failed (-84)
[  716.558663][T18293] device veth0 entered promiscuous mode
[  716.567610][T18292] device veth0 left promiscuous mode
[  716.575849][  T330] usb 9-1: new high-speed USB device number 43 using dummy_hcd
[  716.602874][T18299] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18299 comm=syz.3.22158
[  718.227499][    T8] tipc: Left network mode
[  718.649879][ T7109] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  718.650078][T13353] Bluetooth: hci0: command 0x1003 tx timeout
[  718.707602][  T330] usb 9-1: device descriptor read/all, error -71
[  718.735890][T18308] netlink: 96 bytes leftover after parsing attributes in process `syz.3.22161'.
[  718.758096][    T8] device bridge_slave_1 left promiscuous mode
[  718.773030][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.783514][T18314] loop3: detected capacity change from 0 to 128
[  718.791449][    T8] device bridge_slave_0 left promiscuous mode
[  718.816273][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  718.829822][    T8] device veth1_macvtap left promiscuous mode
[  718.836319][    T8] device veth0_vlan left promiscuous mode
[  718.966153][T18335] syz.3.22175[18335] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  718.966238][T18335] syz.3.22175[18335] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  719.118567][T18339] netlink: 'syz.1.22177': attribute type 1 has an invalid length.
[  719.275526][   T28] audit: type=1400 audit(1983.838:36079): avc:  denied  { setopt } for  pid=18351 comm="syz.8.22182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  719.462905][T18370] x_tables: duplicate underflow at hook 1
[  719.632584][   T28] audit: type=1400 audit(1984.166:36080): avc:  denied  { write } for  pid=18392 comm="syz.1.22201" name="file0" dev="tmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  719.672638][T18383] xt_CT: You must specify a L4 protocol and not use inversions on it
[  719.683949][   T28] audit: type=1400 audit(1984.166:36081): avc:  denied  { open } for  pid=18392 comm="syz.1.22201" path="/20/file0" dev="tmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  719.708358][T18399] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18399 comm=syz.1.22204
[  719.743909][   T28] audit: type=1400 audit(1984.194:36082): avc:  denied  { getopt } for  pid=18392 comm="syz.1.22201" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  719.770479][T18405] loop8: detected capacity change from 0 to 512
[  719.795877][   T28] audit: type=1400 audit(1984.194:36083): avc:  denied  { ioctl } for  pid=18392 comm="syz.1.22201" path="/20/file0" dev="tmpfs" ino=121 ioctlcmd=0x70c9 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  719.800770][T18409] loop3: detected capacity change from 0 to 1024
[  719.832887][T18413] syz.2.22211[18413] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  719.832971][T18413] syz.2.22211[18413] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  719.836957][   T28] audit: type=1400 audit(1984.353:36084): avc:  denied  { write } for  pid=18410 comm="syz.1.22210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  719.879645][   T28] audit: type=1400 audit(1984.353:36085): avc:  denied  { nlmsg_write } for  pid=18410 comm="syz.1.22210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  719.904382][T18416] netlink: 96 bytes leftover after parsing attributes in process `syz.1.22212'.
[  719.914611][T18405] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  719.929630][T18409] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  719.934304][   T28] audit: type=1400 audit(1984.446:36086): avc:  denied  { setattr } for  pid=18404 comm="syz.8.22206" path="/1135/file1/file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  719.962533][T18405] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  719.985988][T18405] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 2 with error 28
[  719.987855][T18422] loop1: detected capacity change from 0 to 256
[  720.005646][T18405] EXT4-fs (loop8): This should not happen!! Data will be lost
[  720.005646][T18405] 
[  720.016086][T18405] EXT4-fs (loop8): Total free blocks count 0
[  720.022330][T18422] FAT-fs (loop1): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  720.022888][   T28] audit: type=1400 audit(1984.540:36087): avc:  denied  { rename } for  pid=18408 comm="syz.3.22209" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  720.054114][T18409] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  720.065138][T18405] EXT4-fs (loop8): Free/Dirty block details
[  720.076783][T18405] EXT4-fs (loop8): free_blocks=65280
[  720.082158][T18405] EXT4-fs (loop8): dirty_blocks=2
[  720.087321][T18405] EXT4-fs (loop8): Block reservation details
[  720.093420][T18405] EXT4-fs (loop8): i_reserved_data_blocks=2
[  720.106465][T18423] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 201 with error 28
[  720.137827][T17804] EXT4-fs (loop3): unmounting filesystem.
[  720.167062][T18437] loop8: detected capacity change from 0 to 256
[  720.287615][T18460] loop8: detected capacity change from 0 to 256
[  720.295480][T18458] loop1: detected capacity change from 0 to 1024
[  720.303000][T18460] FAT-fs (loop8): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  720.320457][T18458] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  720.360205][T18458] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  720.438763][T18171] EXT4-fs (loop1): unmounting filesystem.
[  720.454511][T18462] loop3: detected capacity change from 0 to 40427
[  720.471033][T18462] F2FS-fs (loop3): invalid crc value
[  720.493334][T18462] F2FS-fs (loop3): Found nat_bits in checkpoint
[  720.537961][T18462] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  720.561118][T18462] F2FS-fs (loop3): Inconsistent segment (8) type [1, 0] in SSA and SIT
[  720.571040][   T28] audit: type=1400 audit(1985.045:36088): avc:  denied  { setattr } for  pid=18461 comm="syz.3.22231" path="/50/file0" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  721.036355][T18513] loop3: detected capacity change from 0 to 1024
[  721.046241][T18513] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  721.070229][T17804] EXT4-fs (loop3): unmounting filesystem.
[  721.255242][T18546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22265'.
[  721.290966][T18548] netlink: 'syz.0.22267': attribute type 4 has an invalid length.
[  721.298931][T18548] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.22267'.
[  721.559864][T18593] 9pnet: p9_errstr2errno: server reported unknown error �@c�F�����"��42���{��
[  721.579062][  T827] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  721.772817][  T827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  721.784236][  T827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  721.794214][  T827] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  721.807166][  T827] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  721.816547][  T827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.825883][  T827] usb 4-1: config 0 descriptor??
[  721.985394][  T287] usb 9-1: new high-speed USB device number 45 using dummy_hcd
[  722.001128][T18628] loop1: detected capacity change from 0 to 128
[  722.010156][T18628] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  722.019361][T18628] ext4 filesystem being mounted at /43/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  722.045417][T18171] EXT4-fs (loop1): unmounting filesystem.
[  722.061054][T18631] SELinux:  policydb version 0 does not match my version range 15-33
[  722.069246][T18631] SELinux: failed to load policy
[  722.178876][  T287] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  722.189965][  T287] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  722.199786][  T287] usb 9-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  722.209235][  T287] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.218704][  T287] usb 9-1: config 0 descriptor??
[  722.267731][  T827] plantronics 0003:047F:FFFF.0074: No inputs registered, leaving
[  722.277498][  T827] plantronics 0003:047F:FFFF.0074: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  722.353308][T18635] loop1: detected capacity change from 0 to 40427
[  722.361173][T18635] F2FS-fs (loop1): invalid crc value
[  722.368059][T18635] F2FS-fs (loop1): Found nat_bits in checkpoint
[  722.401390][T18635] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  722.427292][T18635] F2FS-fs (loop1): Inconsistent segment (8) type [1, 0] in SSA and SIT
[  722.672263][  T287] sony 0003:054C:0268.0075: item fetching failed at offset 4/5
[  722.680556][  T287] sony 0003:054C:0268.0075: parse failed
[  722.686388][  T287] sony: probe of 0003:054C:0268.0075 failed with error -22
[  722.896165][  T287] usb 9-1: USB disconnect, device number 45
[  723.220250][T18689] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  723.234043][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  723.243043][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  723.260015][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  723.273828][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  723.282850][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  723.291726][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  723.301317][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  723.309833][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  723.602156][T18715] binder: 18714:18715 ioctl c0306201 2000000003c0 returned -14
[  723.623524][T18724] syz.1.22345[18724] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  723.623639][T18724] syz.1.22345[18724] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  723.660812][T18728] loop8: detected capacity change from 0 to 128
[  723.687123][T18724] SELinux: failed to load policy
[  723.698770][    T8] tipc: Left network mode
[  724.241949][    T8] device bridge_slave_1 left promiscuous mode
[  724.250941][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.277917][    T8] device bridge_slave_0 left promiscuous mode
[  724.289237][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.313395][    T8] device veth0_vlan left promiscuous mode
[  724.433494][T15037] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  724.562073][  T330] usb 4-1: USB disconnect, device number 42
[  724.625927][T15037] usb 2-1: Using ep0 maxpacket: 32
[  724.632530][T15037] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  724.640886][T15037] usb 2-1: config 0 has no interface number 0
[  724.647053][T15037] usb 2-1: config 0 interface 184 has no altsetting 0
[  724.655327][T15037] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  724.664829][T15037] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.673101][T15037] usb 2-1: Product: syz
[  724.677811][T15037] usb 2-1: Manufacturer: syz
[  724.693467][T15037] usb 2-1: SerialNumber: syz
[  724.700814][T15037] usb 2-1: config 0 descriptor??
[  724.709273][T18836] loop3: detected capacity change from 0 to 2048
[  724.716097][T15037] smsc75xx v1.0.0
[  724.724740][T18836] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  724.804219][T18836] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.22396: bg 0: block 234: padding at end of block bitmap is not set
[  724.824073][T18836] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1680 with error 117
[  724.850083][T18836] EXT4-fs (loop3): This should not happen!! Data will be lost
[  724.850083][T18836] 
[  724.912004][   T28] kauditd_printk_skb: 96 callbacks suppressed
[  724.912023][   T28] audit: type=1400 audit(2000000003.535:36185): avc:  denied  { module_request } for  pid=18848 comm="syz.0.22400" kmod="ip6t_" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  724.980694][T18841] loop8: detected capacity change from 0 to 40427
[  724.988169][T18841] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  724.996355][T18841] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  725.027589][T18841] F2FS-fs (loop8): Found nat_bits in checkpoint
[  725.069413][T17804] EXT4-fs (loop3): unmounting filesystem.
[  725.079595][T18841] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  725.087741][T18841] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  725.103645][   T28] audit: type=1400 audit(2000000003.713:36186): avc:  denied  { mounton } for  pid=18860 comm="syz.0.22405" path="/39/file1" dev="tmpfs" ino=220 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  725.127577][   T28] audit: type=1400 audit(2000000003.713:36187): avc:  denied  { create } for  pid=18840 comm="syz.8.22397" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  725.156448][   T28] audit: type=1400 audit(2000000003.713:36188): avc:  denied  { setattr } for  pid=18840 comm="syz.8.22397" name="file0" dev="loop8" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  725.319176][   T28] audit: type=1400 audit(2000000003.919:36189): avc:  denied  { remount } for  pid=18840 comm="syz.8.22397" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  725.320090][T18841] F2FS-fs (loop8): Start checkpoint disabled!
[  725.459774][  T330] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  725.551946][   T28] audit: type=1400 audit(2000000004.134:36190): avc:  denied  { mount } for  pid=18877 comm="syz.2.22411" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  725.600938][T18881] xt_CT: You must specify a L4 protocol and not use inversions on it
[  725.609261][T18883] loop8: detected capacity change from 0 to 256
[  725.621795][T18883] FAT-fs (loop8): Directory bread(block 64) failed
[  725.628484][T18883] FAT-fs (loop8): Directory bread(block 65) failed
[  725.635655][T18883] FAT-fs (loop8): Directory bread(block 66) failed
[  725.642434][T18883] FAT-fs (loop8): Directory bread(block 67) failed
[  725.649114][T18883] FAT-fs (loop8): Directory bread(block 68) failed
[  725.655881][T18883] FAT-fs (loop8): Directory bread(block 69) failed
[  725.662481][T18883] FAT-fs (loop8): Directory bread(block 70) failed
[  725.669574][T18883] FAT-fs (loop8): Directory bread(block 71) failed
[  725.676346][T18883] FAT-fs (loop8): Directory bread(block 72) failed
[  725.683190][T18883] FAT-fs (loop8): Directory bread(block 73) failed
[  725.690920][  T330] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  725.706991][T18889] device veth1_macvtap left promiscuous mode
[  725.713117][  T330] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  725.717971][T18889] device macsec0 left promiscuous mode
[  725.723676][T18883] FAT-fs (loop8): error, fat_free_clusters: deleting FAT entry beyond EOF
[  725.738907][  T330] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  725.752069][  T330] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.761865][  T330] usb 4-1: Product: syz
[  725.766389][  T330] usb 4-1: Manufacturer: syz
[  725.771160][  T330] usb 4-1: SerialNumber: syz
[  725.777619][  T317] kworker/u4:4: attempt to access beyond end of device
[  725.777619][  T317] loop8: rw=1, sector=1224, nr_sectors = 4 limit=256
[  725.797340][T15037] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  725.923746][T18909] loop8: detected capacity change from 0 to 2048
[  725.945643][T18909] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  725.976391][   T28] audit: type=1326 audit(2000000004.536:36191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18915 comm="syz.2.22428" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec2498e9a9 code=0x0
[  726.008151][T18866] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  726.015877][T15037] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  726.027737][T15037] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  726.037879][T18909] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.22425: bg 0: block 234: padding at end of block bitmap is not set
[  726.037893][T15037] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  726.063619][T15037] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  726.063882][T18909] EXT4-fs (loop8): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1618 with error 117
[  726.073175][T15037] smsc75xx: probe of 2-1:0.184 failed with error -71
[  726.093951][T15037] usb 2-1: USB disconnect, device number 26
[  726.101517][T18909] EXT4-fs (loop8): This should not happen!! Data will be lost
[  726.101517][T18909] 
[  726.141803][T18921] netlink: 96 bytes leftover after parsing attributes in process `syz.0.22430'.
[  726.200859][ T4872] EXT4-fs (loop8): unmounting filesystem.
[  726.377034][T18933] netlink: 24 bytes leftover after parsing attributes in process `syz.8.22434'.
[  726.388594][T18933] netlink: 24 bytes leftover after parsing attributes in process `syz.8.22434'.
[  726.600307][T18948] netlink: 28 bytes leftover after parsing attributes in process `syz.1.22440'.
[  726.671964][T18866] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  726.892350][  T836] usb 9-1: new high-speed USB device number 46 using dummy_hcd
[  726.900876][  T330] cdc_mbim 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  726.907592][T15037] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  726.915662][  T330] cdc_mbim 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  726.923681][  T330] cdc_mbim 4-1:1.0: setting rx_max = 2048
[  727.106077][  T836] usb 9-1: Using ep0 maxpacket: 8
[  727.112876][  T836] usb 9-1: unable to get BOS descriptor or descriptor too short
[  727.120845][T15037] usb 2-1: Using ep0 maxpacket: 16
[  727.127275][  T836] usb 9-1: config 0 has an invalid interface number: 88 but max is 0
[  727.136435][  T330] cdc_mbim 4-1:1.0: setting tx_max = 184
[  727.142290][T15037] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  727.150946][  T836] usb 9-1: config 0 has no interface number 0
[  727.157067][  T836] usb 9-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  727.168594][  T330] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device
[  727.174745][T15037] usb 2-1: config 0 has no interface number 0
[  727.183006][  T330] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  727.193670][T15037] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  727.204856][  T836] usb 9-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  727.216389][T15037] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  727.227016][  T330] usb 4-1: USB disconnect, device number 43
[  727.234346][  T836] usb 9-1: config 0 interface 88 has no altsetting 0
[  727.241744][  T330] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  727.259117][T15037] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  727.268784][T15037] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.288470][T15037] usb 2-1: config 0 descriptor??
[  727.295035][  T836] usb 9-1: language id specifier not provided by device, defaulting to English
[  727.308537][  T836] usb 9-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  727.317794][  T836] usb 9-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  727.326307][  T836] usb 9-1: Product: syz
[  727.332109][  T836] usb 9-1: SerialNumber: syz
[  727.352265][  T836] usb 9-1: config 0 descriptor??
[  727.428822][T18967] overlayfs: missing 'lowerdir'
[  727.446800][   T28] audit: type=1400 audit(2000000005.902:36192): avc:  denied  { block_suspend } for  pid=18968 comm="syz.2.22450" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  727.574609][  T836] input: syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.88/input/input113
[  727.584527][   T28] audit: type=1400 audit(2000000006.033:36193): avc:  denied  { read } for  pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=1100 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  727.586003][  T836] usb 9-1: USB disconnect, device number 46
[  727.607335][   T28] audit: type=1400 audit(2000000006.033:36194): avc:  denied  { open } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1100 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  727.951985][T15037] uclogic 0003:28BD:0071.0076: pen parameters not found
[  727.959043][T15037] uclogic 0003:28BD:0071.0076: interface is invalid, ignoring
[  727.975448][    T8] Bluetooth: hci0: Frame reassembly failed (-84)
[  728.183019][T15037] usb 2-1: USB disconnect, device number 27
[  728.205309][T19032] syz.2.22481[19032] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  728.205394][T19032] syz.2.22481[19032] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  728.260542][T19039] device veth0_to_hsr entered promiscuous mode
[  728.284014][T19039] device veth0_to_hsr left promiscuous mode
[  728.311402][T19041] netlink: 24 bytes leftover after parsing attributes in process `syz.2.22485'.
[  728.321713][T19041] netlink: 24 bytes leftover after parsing attributes in process `syz.2.22485'.
[  728.986731][T19106] loop1: detected capacity change from 0 to 40427
[  728.993817][T19106] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  729.001794][T19106] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  729.011125][T19106] F2FS-fs (loop1): invalid crc value
[  729.018023][T19106] F2FS-fs (loop1): Found nat_bits in checkpoint
[  729.047843][T19106] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  729.055066][T19106] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  729.162035][T19114] syz.1.22518[19114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  729.162094][T19114] syz.1.22518[19114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  729.176957][T19114] loop1: detected capacity change from 0 to 256
[  729.196123][T19114] FAT-fs (loop1): bogus number of FAT sectors
[  729.202911][T19114] FAT-fs (loop1): Can't find a valid FAT filesystem
[  729.630428][T19120] loop1: detected capacity change from 0 to 40427
[  729.638530][T19120] F2FS-fs (loop1): invalid crc value
[  729.658642][T19120] F2FS-fs (loop1): Found nat_bits in checkpoint
[  729.709706][T19116] loop8: detected capacity change from 0 to 131072
[  729.717518][T19116] F2FS-fs (loop8): Wrong CP boundary, start(512) end(1536) blocks(0)
[  729.725990][T19116] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  729.735100][T19116] F2FS-fs (loop8): invalid crc value
[  729.742221][T19120] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  729.767620][T19116] F2FS-fs (loop8): Found nat_bits in checkpoint
[  729.780416][T19120] syz.1.22520: attempt to access beyond end of device
[  729.780416][T19120] loop1: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  729.797956][T19120] syz.1.22520: attempt to access beyond end of device
[  729.797956][T19120] loop1: rw=2049, sector=77960, nr_sectors = 120 limit=40427
[  729.812619][T19120] syz.1.22520: attempt to access beyond end of device
[  729.812619][T19120] loop1: rw=2049, sector=77824, nr_sectors = 16 limit=40427
[  729.840010][T19116] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  729.855384][T19116] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e4
[  729.871351][T18171] syz-executor: attempt to access beyond end of device
[  729.871351][T18171] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  730.048132][    T8] Bluetooth: hci1: Frame reassembly failed (-84)
[  730.195704][T13353] Bluetooth: hci0: command 0x1003 tx timeout
[  730.195864][ T7109] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  730.210441][T19019] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  730.368396][   T28] kauditd_printk_skb: 25 callbacks suppressed
[  730.368413][   T28] audit: type=1400 audit(2000000008.643:36220): avc:  denied  { relabelfrom } for  pid=19196 comm="syz.2.22554" name="" dev="pipefs" ino=234699 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  730.398074][   T28] audit: type=1400 audit(2000000008.671:36221): avc:  denied  { mac_admin } for  pid=19196 comm="syz.2.22554" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  730.576691][T19224] loop8: detected capacity change from 0 to 512
[  730.605870][T19224] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  730.615112][T19224] ext4 filesystem being mounted at /1193/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  730.644388][ T4872] EXT4-fs (loop8): unmounting filesystem.
[  730.689492][   T28] audit: type=1400 audit(2000000008.942:36222): avc:  denied  { read } for  pid=19240 comm="syz.3.22570" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  730.738283][   T28] audit: type=1400 audit(2000000008.942:36223): avc:  denied  { open } for  pid=19240 comm="syz.3.22570" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  730.805078][  T330] usb 2-1: new low-speed USB device number 28 using dummy_hcd
[  730.816720][   T28] audit: type=1400 audit(2000000009.064:36224): avc:  denied  { ioctl } for  pid=19240 comm="syz.3.22570" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  730.894894][   T28] audit: type=1400 audit(2000000009.138:36225): avc:  denied  { connect } for  pid=19257 comm="syz.8.22579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  730.916801][   T28] audit: type=1400 audit(2000000009.138:36226): avc:  denied  { write } for  pid=19257 comm="syz.8.22579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  730.931400][T19260] netlink: 20 bytes leftover after parsing attributes in process `syz.2.22580'.
[  730.954516][   T28] audit: type=1400 audit(2000000009.185:36227): avc:  denied  { read write } for  pid=19261 comm="syz.8.22581" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  730.979618][   T28] audit: type=1400 audit(2000000009.185:36228): avc:  denied  { open } for  pid=19261 comm="syz.8.22581" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  731.031364][  T330] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  731.040555][  T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.049284][  T330] usb 2-1: config 0 descriptor??
[  731.057521][T19266] kvm [19265]: vcpu2, guest rIP: 0x9133 ignored wrmsr: 0x11e data 0xbe702111
[  731.156873][   T28] audit: type=1400 audit(2000000009.372:36229): avc:  denied  { mounton } for  pid=19284 comm="syz.8.22592" path="/1201/file0" dev="tmpfs" ino=6311 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  731.183525][T10340] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  731.230743][T19293] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q��k�p
[  731.230743][T19293] �C<+
[  731.264072][T19296] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19296 comm=syz.8.22594
[  731.301206][T19302] loop8: detected capacity change from 0 to 1024
[  731.308466][T19302] EXT4-fs: Ignoring removed bh option
[  731.320135][T19302] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  731.337410][T19302] EXT4-fs error (device loop8): ext4_check_all_de:666: inode #12: block 7: comm syz.8.22600: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0
[  731.358633][T19302] EXT4-fs (loop8): Remounting filesystem read-only
[  731.375244][ T4872] EXT4-fs (loop8): unmounting filesystem.
[  731.393083][T10340] usb 4-1: Using ep0 maxpacket: 16
[  731.401095][T10340] usb 4-1: config 1 has an invalid interface number: 214 but max is 0
[  731.418278][T10340] usb 4-1: config 1 has no interface number 0
[  731.428444][T10340] usb 4-1: config 1 interface 214 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  731.438555][T10340] usb 4-1: config 1 interface 214 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[  731.449554][T10340] usb 4-1: config 1 interface 214 has no altsetting 0
[  731.473731][T10340] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[  731.488737][T19316] syz.2.22606[19316] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  731.488888][T19316] syz.2.22606[19316] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  731.491115][T10340] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  731.520225][T10340] usb 4-1: Product: syz
[  731.525103][T10340] usb 4-1: Manufacturer: syz
[  731.535886][T10340] usb 4-1: SerialNumber: syz
[  731.553425][T19252] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  731.560693][T19252] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  731.575436][T10340] ums-alauda 4-1:1.214: USB Mass Storage device detected
[  731.592195][T10340] scsi host1: usb-storage 4-1:1.214
[  731.809716][T10340] usb 4-1: USB disconnect, device number 44
[  732.248339][ T7109] Bluetooth: hci1: command 0x1003 tx timeout
[  732.254770][T30666] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  732.370153][  T330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  732.382271][  T330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  732.402651][  T330] asix: probe of 2-1:0.0 failed with error -71
[  732.415900][  T330] usb 2-1: USB disconnect, device number 28
[  732.422119][    C1] ==================================================================
[  732.422137][    C1] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0
[  732.422188][    C1] Write of size 8 at addr ffff888129558a00 by task kworker/1:3/330
[  732.422208][    C1] 
[  732.422216][    C1] CPU: 1 PID: 330 Comm: kworker/1:3 Tainted: G        W          6.1.141-syzkaller-00041-gde932537be34 #0
[  732.422242][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  732.422257][    C1] Workqueue: usb_hub_wq hub_event
[  732.422382][    C1] Call Trace:
[  732.422418][    C1]  <IRQ>
[  732.422428][    C1]  __dump_stack+0x21/0x24
[  732.422518][    C1]  dump_stack_lvl+0xee/0x150
[  732.422549][    C1]  ? __cfi_dump_stack_lvl+0x8/0x8
[  732.422605][    C1]  ? __run_timers+0x32b/0x9a0
[  732.422631][    C1]  print_address_description+0x71/0x210
[  732.422705][    C1]  print_report+0x4a/0x60
[  732.422732][    C1]  kasan_report+0x122/0x150
[  732.422785][    C1]  ? __run_timers+0x32b/0x9a0
[  732.422814][    C1]  __asan_report_store8_noabort+0x17/0x20
[  732.422845][    C1]  __run_timers+0x32b/0x9a0
[  732.422874][    C1]  ? sched_clock+0x9/0x10
[  732.422900][    C1]  ? sched_clock_cpu+0x6e/0x250
[  732.422924][    C1]  ? calc_index+0x200/0x200
[  732.422951][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  732.422982][    C1]  run_timer_softirq+0x6a/0xf0
[  732.423007][    C1]  handle_softirqs+0x1d7/0x600
[  732.423030][    C1]  ? irqtime_account_irq+0xc4/0x240
[  732.423060][    C1]  __irq_exit_rcu+0x52/0xf0
[  732.423081][    C1]  irq_exit_rcu+0x9/0x10
[  732.423101][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  732.423149][    C1]  </IRQ>
[  732.423199][    C1]  <TASK>
[  732.423208][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  732.423255][    C1] RIP: 0010:console_emit_next_record+0x9e3/0xbc0
[  732.423287][    C1] Code: de 48 81 e6 00 02 00 00 31 ff e8 28 49 19 00 48 81 e3 00 02 00 00 75 07 e8 5a 44 19 00 eb 06 e8 53 44 19 00 fb 0f b6 5c 24 07 <48> c7 84 24 80 00 00 00 0e 36 e0 45 4b c7 04 2e 00 00 00 00 4b c7
[  732.423307][    C1] RSP: 0018:ffffc9000dcaf260 EFLAGS: 00000287
[  732.423354][    C1] RAX: ffffffff8156b31d RBX: 0000000000000001 RCX: 0000000000100000
[  732.423370][    C1] RDX: ffffc9000dedb000 RSI: 00000000000012d1 RDI: 00000000000012d2
[  732.423385][    C1] RBP: ffffc9000dcaf470 R08: 0000000000000004 R09: 0000000000000003
[  732.423400][    C1] R10: fffff52001b95e3c R11: 1ffff92001b95e3c R12: ffffc9000dcaf4bf
[  732.423416][    C1] R13: dffffc0000000000 R14: 1ffff92001b95e5c R15: 0000000000000041
[  732.423434][    C1]  ? console_emit_next_record+0x9dd/0xbc0
[  732.423466][    C1]  ? __kasan_check_write+0x14/0x20
[  732.423505][    C1]  ? info_print_prefix+0x300/0x300
[  732.423536][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  732.423588][    C1]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  732.423631][    C1]  ? __cfi_vprintk_store+0x10/0x10
[  732.423652][    C1]  ? format_decode+0xbbf/0x1520
[  732.423710][    C1]  console_unlock+0x23d/0x550
[  732.423732][    C1]  ? down_trylock+0x52/0xb0
[  732.423756][    C1]  ? __cfi_console_unlock+0x10/0x10
[  732.423780][    C1]  ? snprintf+0xd7/0x120
[  732.423800][    C1]  vprintk_emit+0x14d/0x410
[  732.423823][    C1]  ? __cfi_vprintk_emit+0x10/0x10
[  732.423845][    C1]  ? __stack_depot_save+0x36/0x480
[  732.423921][    C1]  ? dev_vprintk_emit+0x15c/0x3d8
[  732.423950][    C1]  dev_vprintk_emit+0x330/0x3d8
[  732.423977][    C1]  ? __cfi_dev_vprintk_emit+0x8/0x8
[  732.424004][    C1]  ? __kasan_slab_free+0x11/0x20
[  732.424027][    C1]  ? ret_from_fork+0x1f/0x30
[  732.424054][    C1]  dev_printk_emit+0xdd/0x120
[  732.424084][    C1]  ? __cfi_dev_printk_emit+0x8/0x8
[  732.424115][    C1]  __dev_printk+0x17f/0x1b0
[  732.424172][    C1]  _dev_info+0x107/0x150
[  732.424200][    C1]  ? __cfi__dev_info+0x8/0x8
[  732.424231][    C1]  usb_disconnect+0xe3/0x860
[  732.424260][    C1]  hub_event+0x1bd5/0x4680
[  732.424304][    C1]  ? __cfi_hub_event+0x10/0x10
[  732.424332][    C1]  ? __kasan_check_write+0x14/0x20
[  732.424361][    C1]  ? _raw_spin_lock_irq+0x8f/0xe0
[  732.424390][    C1]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  732.424421][    C1]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[  732.424454][    C1]  process_one_work+0x71f/0xc40
[  732.424478][    C1]  worker_thread+0xd2e/0x11f0
[  732.424516][    C1]  kthread+0x281/0x320
[  732.424537][    C1]  ? __cfi_worker_thread+0x10/0x10
[  732.424556][    C1]  ? __cfi_kthread+0x10/0x10
[  732.424578][    C1]  ret_from_fork+0x1f/0x30
[  732.424607][    C1]  </TASK>
[  732.424614][    C1] 
[  732.424619][    C1] Allocated by task 19019:
[  732.424654][    C1]  kasan_set_track+0x4b/0x70
[  732.424673][    C1]  kasan_save_alloc_info+0x25/0x30
[  732.424699][    C1]  __kasan_kmalloc+0x95/0xb0
[  732.424717][    C1]  __kmalloc+0xb1/0x1e0
[  732.424785][    C1]  hci_alloc_dev_priv+0x27/0x1bd0
[  732.424829][    C1]  hci_uart_tty_ioctl+0x3d6/0xa20
[  732.424880][    C1]  tty_ioctl+0x8ef/0xc60
[  732.424921][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  732.424988][    C1]  __x64_sys_ioctl+0x7b/0x90
[  732.425016][    C1]  x64_sys_call+0x58b/0x9a0
[  732.425037][    C1]  do_syscall_64+0x4c/0xa0
[  732.425054][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  732.425075][    C1] 
[  732.425079][    C1] Freed by task 19019:
[  732.425090][    C1]  kasan_set_track+0x4b/0x70
[  732.425110][    C1]  kasan_save_free_info+0x31/0x50
[  732.425136][    C1]  ____kasan_slab_free+0x132/0x180
[  732.425158][    C1]  __kasan_slab_free+0x11/0x20
[  732.425179][    C1]  slab_free_freelist_hook+0xc2/0x190
[  732.425227][    C1]  __kmem_cache_free+0xb7/0x1b0
[  732.425249][    C1]  kfree+0x6f/0xf0
[  732.425273][    C1]  hci_release_dev+0x13ad/0x1500
[  732.425294][    C1]  bt_host_release+0x82/0x90
[  732.425359][    C1]  device_release+0xa4/0x1d0
[  732.425377][    C1]  kobject_put+0x19d/0x280
[  732.425420][    C1]  put_device+0x1f/0x30
[  732.425445][    C1]  hci_dev_cmd+0x265/0x720
[  732.425498][    C1]  hci_sock_ioctl+0x41e/0x7f0
[  732.425518][    C1]  sock_do_ioctl+0x101/0x310
[  732.425572][    C1]  sock_ioctl+0x4d8/0x6e0
[  732.425593][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  732.425619][    C1]  __x64_sys_ioctl+0x7b/0x90
[  732.425646][    C1]  x64_sys_call+0x58b/0x9a0
[  732.425668][    C1]  do_syscall_64+0x4c/0xa0
[  732.425684][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  732.425704][    C1] 
[  732.425709][    C1] Last potentially related work creation:
[  732.425716][    C1]  kasan_save_stack+0x3a/0x60
[  732.425734][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[  732.425761][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  732.425787][    C1]  insert_work+0x51/0x300
[  732.425814][    C1]  __queue_work+0x9b1/0xd30
[  732.425837][    C1]  queue_work_on+0xd2/0x140
[  732.425859][    C1]  __hci_cmd_sync_sk+0xa3e/0xcf0
[  732.425903][    C1]  hci_cmd_sync_status+0x53/0x120
[  732.425922][    C1]  hci_dev_cmd+0x628/0x720
[  732.425947][    C1]  hci_sock_ioctl+0x41e/0x7f0
[  732.425967][    C1]  sock_do_ioctl+0x101/0x310
[  732.425990][    C1]  sock_ioctl+0x4d8/0x6e0
[  732.426012][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  732.426039][    C1]  __x64_sys_ioctl+0x7b/0x90
[  732.426066][    C1]  x64_sys_call+0x58b/0x9a0
[  732.426088][    C1]  do_syscall_64+0x4c/0xa0
[  732.426104][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  732.426124][    C1] 
[  732.426128][    C1] Second to last potentially related work creation:
[  732.426136][    C1]  kasan_save_stack+0x3a/0x60
[  732.426154][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[  732.426180][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  732.426206][    C1]  insert_work+0x51/0x300
[  732.426233][    C1]  __queue_work+0x9b1/0xd30
[  732.426255][    C1]  queue_work_on+0xd2/0x140
[  732.426277][    C1]  hci_cmd_timeout+0x191/0x200
[  732.426297][    C1]  process_one_work+0x71f/0xc40
[  732.426314][    C1]  worker_thread+0xa29/0x11f0
[  732.426331][    C1]  kthread+0x281/0x320
[  732.426349][    C1]  ret_from_fork+0x1f/0x30
[  732.426370][    C1] 
[  732.426375][    C1] The buggy address belongs to the object at ffff888129558000
[  732.426375][    C1]  which belongs to the cache kmalloc-8k of size 8192
[  732.426393][    C1] The buggy address is located 2560 bytes inside of
[  732.426393][    C1]  8192-byte region [ffff888129558000, ffff88812955a000)
[  732.426414][    C1] 
[  732.426418][    C1] The buggy address belongs to the physical page:
[  732.426451][    C1] page:ffffea0004a55600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x129558
[  732.426472][    C1] head:ffffea0004a55600 order:3 compound_mapcount:0 compound_pincount:0
[  732.426495][    C1] flags: 0x4000000000010200(slab|head|zone=1)
[  732.426528][    C1] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[  732.426547][    C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  732.426558][    C1] page dumped because: kasan: bad access detected
[  732.426567][    C1] page_owner tracks the page as allocated
[  732.426573][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 19013, tgid 19012 (syz.3.22472), ts 727915702498, free_ts 727842416426
[  732.426615][    C1]  post_alloc_hook+0x1f5/0x210
[  732.426679][    C1]  prep_new_page+0x1c/0x110
[  732.426702][    C1]  get_page_from_freelist+0x2c7b/0x2cf0
[  732.426726][    C1]  __alloc_pages+0x19e/0x3a0
[  732.426748][    C1]  alloc_slab_page+0x6e/0xf0
[  732.426773][    C1]  new_slab+0x98/0x3d0
[  732.426798][    C1]  ___slab_alloc+0x6f6/0xb50
[  732.426820][    C1]  __slab_alloc+0x5e/0xa0
[  732.426842][    C1]  __kmem_cache_alloc_node+0x203/0x2c0
[  732.426865][    C1]  kmalloc_trace+0x29/0xb0
[  732.426891][    C1]  audit_log_d_path+0xc6/0x240
[  732.426945][    C1]  common_lsm_audit+0x327/0x16d0
[  732.426992][    C1]  slow_avc_audit+0x1ac/0x220
[  732.427055][    C1]  avc_has_perm+0x1e6/0x240
[  732.427078][    C1]  selinux_file_open+0x467/0x620
[  732.427097][    C1]  security_file_open+0x73/0xb0
[  732.427138][    C1] page last free stack trace:
[  732.427145][    C1]  free_unref_page_prepare+0x742/0x750
[  732.427168][    C1]  free_unref_page+0x8f/0x530
[  732.427190][    C1]  __free_pages+0x67/0x100
[  732.427214][    C1]  __free_slab+0xca/0x1a0
[  732.427239][    C1]  discard_slab+0x29/0x40
[  732.427263][    C1]  __slab_free+0x201/0x280
[  732.427286][    C1]  ___cache_free+0xbf/0xd0
[  732.427307][    C1]  qlist_free_all+0xc6/0x140
[  732.427358][    C1]  kasan_quarantine_reduce+0x14a/0x170
[  732.427387][    C1]  __kasan_slab_alloc+0x24/0x80
[  732.427408][    C1]  slab_post_alloc_hook+0x4f/0x2d0
[  732.427431][    C1]  kmem_cache_alloc+0x16e/0x330
[  732.427452][    C1]  getname_flags+0xb9/0x500
[  732.427479][    C1]  user_path_at_empty+0x30/0x1c0
[  732.427502][    C1]  __x64_sys_umount+0xf1/0x160
[  732.427565][    C1]  x64_sys_call+0x86a/0x9a0
[  732.427587][    C1] 
[  732.427592][    C1] Memory state around the buggy address:
[  732.427603][    C1]  ffff888129558900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  732.427617][    C1]  ffff888129558980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  732.427631][    C1] >ffff888129558a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  732.427642][    C1]                    ^
[  732.427653][    C1]  ffff888129558a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  732.427666][    C1]  ffff888129558b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  732.427677][    C1] ==================================================================
[  732.427686][    C1] Disabling lock debugging due to kernel taint
[  732.427749][    C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  732.427803][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  732.427818][    C1] CPU: 1 PID: 330 Comm: kworker/1:3 Tainted: G    B   W          6.1.141-syzkaller-00041-gde932537be34 #0
[  732.427842][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  732.427857][    C1] Workqueue: usb_hub_wq hub_event
[  732.427888][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  732.427915][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 b8 d2 28 00 4c 89 ff e8 f0 1f a9 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 5c 2c 6d 00 49 8b 7d 00 e8 d3 1b
[  732.427933][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  732.427951][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888113936540
[  732.427966][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  732.427981][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[  732.427996][    C1] R10: ffffed10252ab139 R11: 1ffff110252ab139 R12: dffffc0000000000
[  732.428012][    C1] R13: 0000000000000000 R14: ffff8881295589c8 R15: 0000000000000008
[  732.428027][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  732.428045][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  732.428060][    C1] CR2: 00007ffdbc595aa8 CR3: 000000012b4f1000 CR4: 00000000003506a0
[  732.428080][    C1] Call Trace:
[  732.428086][    C1]  <IRQ>
[  732.428098][    C1]  delayed_work_timer_fn+0x61/0x80
[  732.428124][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  732.428150][    C1]  call_timer_fn+0x46/0x2a0
[  732.428175][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  732.428200][    C1]  __run_timers+0x667/0x9a0
[  732.428229][    C1]  ? calc_index+0x200/0x200
[  732.428257][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  732.428289][    C1]  run_timer_softirq+0x6a/0xf0
[  732.428313][    C1]  handle_softirqs+0x1d7/0x600
[  732.428336][    C1]  ? irqtime_account_irq+0xc4/0x240
[  732.428365][    C1]  __irq_exit_rcu+0x52/0xf0
[  732.428386][    C1]  irq_exit_rcu+0x9/0x10
[  732.428406][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  732.428431][    C1]  </IRQ>
[  732.428438][    C1]  <TASK>
[  732.428445][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  732.428468][    C1] RIP: 0010:console_emit_next_record+0x9e3/0xbc0
[  732.428503][    C1] Code: de 48 81 e6 00 02 00 00 31 ff e8 28 49 19 00 48 81 e3 00 02 00 00 75 07 e8 5a 44 19 00 eb 06 e8 53 44 19 00 fb 0f b6 5c 24 07 <48> c7 84 24 80 00 00 00 0e 36 e0 45 4b c7 04 2e 00 00 00 00 4b c7
[  732.428521][    C1] RSP: 0018:ffffc9000dcaf260 EFLAGS: 00000287
[  732.428539][    C1] RAX: ffffffff8156b31d RBX: 0000000000000001 RCX: 0000000000100000
[  732.428553][    C1] RDX: ffffc9000dedb000 RSI: 00000000000012d1 RDI: 00000000000012d2
[  732.428568][    C1] RBP: ffffc9000dcaf470 R08: 0000000000000004 R09: 0000000000000003
[  732.428582][    C1] R10: fffff52001b95e3c R11: 1ffff92001b95e3c R12: ffffc9000dcaf4bf
[  732.428597][    C1] R13: dffffc0000000000 R14: 1ffff92001b95e5c R15: 0000000000000041
[  732.428615][    C1]  ? console_emit_next_record+0x9dd/0xbc0
[  732.428646][    C1]  ? __kasan_check_write+0x14/0x20
[  732.428677][    C1]  ? info_print_prefix+0x300/0x300
[  732.428708][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  732.428738][    C1]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  732.428769][    C1]  ? __cfi_vprintk_store+0x10/0x10
[  732.428790][    C1]  ? format_decode+0xbbf/0x1520
[  732.428811][    C1]  console_unlock+0x23d/0x550
[  732.428833][    C1]  ? down_trylock+0x52/0xb0
[  732.428856][    C1]  ? __cfi_console_unlock+0x10/0x10
[  732.428879][    C1]  ? snprintf+0xd7/0x120
[  732.428898][    C1]  vprintk_emit+0x14d/0x410
[  732.428921][    C1]  ? __cfi_vprintk_emit+0x10/0x10
[  732.428943][    C1]  ? __stack_depot_save+0x36/0x480
[  732.428972][    C1]  ? dev_vprintk_emit+0x15c/0x3d8
[  732.429001][    C1]  dev_vprintk_emit+0x330/0x3d8
[  732.429028][    C1]  ? __cfi_dev_vprintk_emit+0x8/0x8
[  732.429053][    C1]  ? __kasan_slab_free+0x11/0x20
[  732.429076][    C1]  ? ret_from_fork+0x1f/0x30
[  732.429103][    C1]  dev_printk_emit+0xdd/0x120
[  732.429132][    C1]  ? __cfi_dev_printk_emit+0x8/0x8
[  732.429163][    C1]  __dev_printk+0x17f/0x1b0
[  732.429193][    C1]  _dev_info+0x107/0x150
[  732.429221][    C1]  ? __cfi__dev_info+0x8/0x8
[  732.429251][    C1]  usb_disconnect+0xe3/0x860
[  732.429279][    C1]  hub_event+0x1bd5/0x4680
[  732.429323][    C1]  ? __cfi_hub_event+0x10/0x10
[  732.429351][    C1]  ? __kasan_check_write+0x14/0x20
[  732.429379][    C1]  ? _raw_spin_lock_irq+0x8f/0xe0
[  732.429408][    C1]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  732.429439][    C1]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[  732.429472][    C1]  process_one_work+0x71f/0xc40
[  732.429502][    C1]  worker_thread+0xd2e/0x11f0
[  732.429530][    C1]  kthread+0x281/0x320
[  732.429551][    C1]  ? __cfi_worker_thread+0x10/0x10
[  732.429570][    C1]  ? __cfi_kthread+0x10/0x10
[  732.429591][    C1]  ret_from_fork+0x1f/0x30
[  732.429619][    C1]  </TASK>
[  732.429627][    C1] Modules linked in:
[  732.429639][    C1] ---[ end trace 0000000000000000 ]---
[  732.429647][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  732.429684][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 b8 d2 28 00 4c 89 ff e8 f0 1f a9 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 5c 2c 6d 00 49 8b 7d 00 e8 d3 1b
[  732.429700][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  732.429717][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888113936540
[  732.429732][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  732.429745][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[  732.429759][    C1] R10: ffffed10252ab139 R11: 1ffff110252ab139 R12: dffffc0000000000
[  732.429775][    C1] R13: 0000000000000000 R14: ffff8881295589c8 R15: 0000000000000008
[  732.429788][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  732.429806][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  732.429821][    C1] CR2: 00007ffdbc595aa8 CR3: 000000012b4f1000 CR4: 00000000003506a0
[  732.429841][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  732.430257][    C1] Kernel Offset: disabled
[  734.126269][    C1] Rebooting in 86400 seconds..