last executing test programs:

9m52.867852432s ago: executing program 32 (id=6272):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/tcp\x00')
read$FUSE(r0, &(0x7f00000016c0)={0x2020}, 0xfffffce3)

9m45.141484606s ago: executing program 33 (id=6661):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000400)={'ip6tnl0\x00', &(0x7f0000000380)={'syztnl1\x00', 0x0, 0x29, 0x1, 0x0, 0x0, 0x4e, @loopback, @local, 0x80, 0x8000, 0x2, 0x2}})

9m32.048762491s ago: executing program 34 (id=7658):
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x1c0)
open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x40)

9m31.124000653s ago: executing program 35 (id=7724):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0x0)

9m1.139088785s ago: executing program 36 (id=9143):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000280)='3', 0x1}], 0x1)

7m10.638829185s ago: executing program 37 (id=13084):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)

6m32.0936672s ago: executing program 38 (id=14228):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x2)
ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000140)={0x0, 0x5, 0xb})

6m9.852527828s ago: executing program 39 (id=14419):
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
socket$inet_tcp(0x2, 0x1, 0x64)

5m39.883479659s ago: executing program 40 (id=15645):
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
splice(r1, &(0x7f0000000040), r0, 0x0, 0x800000000ff, 0x0)

5m3.96362083s ago: executing program 41 (id=16841):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000280)={0x38, r1, 0x1, 0x70bd28, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}]}, 0x38}}, 0x0)

4m52.459030194s ago: executing program 42 (id=17255):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f00)=ANY=[@ANYBLOB="200000005e00250e00000000000000000c000080eec47c8e670527ab04000180"], 0x20}], 0x1}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r0)
recvmmsg(r0, &(0x7f0000002080)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}}], 0x3, 0x2060, 0x0)

4m42.879160063s ago: executing program 43 (id=17657):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x5c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x2c, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x5c}}, 0x0)

4m14.949759616s ago: executing program 44 (id=18421):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00U\x00=\t\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="20000280", @ANYRES32=r0, @ANYBLOB="0000000000000000000000000a000000000000000000001420000100", @ANYRESOCT], 0x58}}, 0x0)

4m10.021730192s ago: executing program 45 (id=18555):
r0 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8)
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000044000))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

4m9.070331765s ago: executing program 6 (id=18593):
r0 = io_uring_setup(0x4edd, &(0x7f0000000240)={0x0, 0x3})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x14, 0x0, 0x2)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000000), 0x2)

4m8.799415629s ago: executing program 6 (id=18597):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setreuid(0x0, 0xee00)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x1b)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)

4m8.73245057s ago: executing program 6 (id=18599):
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file1\x00', 0xa18c14, &(0x7f0000000240)={[{@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@shortname_mixed}, {@shortname_winnt}, {@fat=@codepage={'codepage', 0x3d, '866'}}, {@utf8no}, {@uni_xlateno}, {@uni_xlate}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@rodir}, {@rodir}, {@rodir}, {@numtail}]}, 0x81, 0x29b, &(0x7f0000000580)="$eJzs3T1rc2UYAOD7pPlUIRmcRPCADg4S3vf9BQ1SoZhJyaCLFtuCJKHQQsAPjJ3cBSfBn+B/8Ae4OLo5OApudhCPJCffTdNW0lb6Xtdy7p7nvs/zkaftdJ58/Gq/e3hydnz+5W9RrSZR2I3duEiiEYWY+joAgMfkIsvizyy3MbEyDbJ6fi0W7nxwAMCduPH/fwDg0Xj/gw/fbbXbe++laTWi/82gk7yVX/P21nF8Gr04iidRj78jspk8fmm/vffDH/PnDWrRieh/9PPk59aobVT/NOrRWK0vT7LSsXijPxx0Rj2PrqV4IYloZUme8izq8XJEVorJQ/LLO/vtvWfp5frolOPN17+fjP+fo2hGPX75JE6iF4fjR8zrv3qapm9n3/31RT6DTkQyHHQq47y5bOfuPw0AAAAAAAAAAAAAAAAAAAAAAJ4XzXSmsXh+zvQ0wGZzffuV5wNNTvgZLpyv8yRN0+kxPoNOKfL6YrxSjOLDzRwAAAAAAAAAAAAAAAAAAAD+P84++7x70OsdnS4FP2WjoLYxZzUoLtyZvtZ/fdX6oPtjxO2rbhLEzmRoveRSF8m0aQt9VW6TXFvXaRSuWsNiL/LBf3v7gb22rQluDKa7q3uQxDXJ1fWbZGHX5dvw12s37XKQrVm6nSuryluae/nF/1peW7tQoy1Zmi3mclV19Eku3Clt+TdlRbLlvzwAAAAAAAAAAAAAAAAAAMCq+Uu/8XtEZbnx/KFGBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3a/79/7MgGqt3VoPhpHh8p7A5uXJ6tqbbxj1PEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfu3wAAAP//td9W7g==")
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80a053, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)

4m8.67807886s ago: executing program 2 (id=18602):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x14004, &(0x7f0000000840)={[{@test_dummy_encryption}, {@init_itable}, {@mb_optimize_scan}]}, 0x3, 0x466, &(0x7f0000001f80)="$eJzs3MtvVNUfAPDvve2UX38FWxFf4KOKRuKjpYDKwoUaTVxgYqILXU7aQpAChtZESBOLC1wZY+LeuPRfcKUbY1yZuNW9ISGGjeBqzJ25t/PozNCWmQ4yn08y7Tn3Med8594zcx6dBjC0prMfScTuiPg9IiZr2eYDpmu/blxfnb95fXU+iUrl3b+S6nF/X1+dLw4tzptozEQSB9qUu3zx0pny0tLihTw/u3L2o9nli5deOH22fGrx1OK5I8ePHzs69/JLR17sSZwTkeaptz746u0TXzTF3xJHj0x32/l0pdLj4gZrT0M6GR1gRdiSkYjILlep2v4nYyTqF28y3vxsPfPpgCoI9E2lUqlMdN69VgHuXqO194A6TR6GRfFBX4x/242DX+1b72Pwrr1WGwBlcd/IH7U9o+szBqWW8W0vTUfE+2v/fJM9oj/zEAAATX7I+j/PZ72d1fms71Hvf6TxQMNx9+RrQ1MRcW9E7I2I++Jc7IuI+yOqxz4YEQ9tsfzWRZKN/Z/06rYC26Ss//dKvrbV3P8ren8xNZLn9lTjLyUnTy8tHs5fk0NR2pXl57qU8eMbv33ZaV9j/y97ZOUXfcG8HldHdzWfs1BeKd9OzI2uXY7YP9ou/mR9JSCJiIcjYn+7J0hvXcbpZ797pNO+W8ffRQ/WmSrfRjxTu/5r0RJ/Iem+Pjn7v1haPDxb3BUb/fLrlXc6lb/5+CuTtx/tRtn1/3/b+389/qmkcb12eetlXPnj845jmu3c/2vllfJY8l41PZZv+6S8snJhLmIsORH5tHZ9+5H6uUW+OD6L/9DB9u1/b9RfiQMRkd3Ej0bEYxHxeF73JyLiyYg42CX+n19/6sPWbeObjr+/svgXtnT964mxaN3SPjFy5qfvmwqdqifz+G92v/7HqqlD+ZbNvP9tpl7bu5sBAADgvyeNiN2RpDPr6TSdman9Df++iHTp/PLKcyfPf3xuofYdgakopcVM12TDfOhcPqyv5S9HRG3+pdh/NNLqvPHXI+PV/Mz8+aWFQQcPQ26iQ/vP/Dky6NoBfef7WjC8tH8YXl3bf2nn6gHsvA3tv2ub39XXugA7q83n//gg6gHsvHb9f//vB4ZDS/u37AdDxPw/DC/tH4aX9g9DaXk8bv0l+a6J4pm2efpdm4jSHVGNviUivSOqIdGnxGDflwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrl3wAAAP//m77ebg==")
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

4m8.661529621s ago: executing program 6 (id=18604):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000500)={[{@discard}, {@abort}, {@dioread_lock}, {@sysvgroups}, {@acl}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}, {@resuid}, {@init_itable_val}, {@jqfmt_vfsv1}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
setresuid(0xee01, 0xee00, 0x0)
lremovexattr(&(0x7f0000000380)='./file0\x00', &(0x7f0000000480)=@known='system.posix_acl_default\x00')

4m8.462370763s ago: executing program 2 (id=18607):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000300)=r1, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000160039030000000000000000e000000100000000000000000000000000000000000000000000ffff00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x002'], 0xf8}}, 0x0)

4m8.445308754s ago: executing program 6 (id=18608):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x6, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000300)="10031200e4ff020002004788aa96a13bb100001100007fca1a00a08e074ef9a38aa86e17a3550e0f70f71f7057f5", 0x2e, 0x20000041, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14)

4m8.337500165s ago: executing program 2 (id=18612):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_XSAVE2(r2, 0x9000aecf, &(0x7f0000002000/0x4000)=nil)

4m8.201740337s ago: executing program 6 (id=18614):
r0 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
write$selinux_access(r0, &(0x7f0000000880)={'system_u:object_r:ptmx_t:s0', 0x20, '/usr/sbin/cupsd', 0x20, 0x8001}, 0x41)

4m8.087954469s ago: executing program 46 (id=18614):
r0 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
write$selinux_access(r0, &(0x7f0000000880)={'system_u:object_r:ptmx_t:s0', 0x20, '/usr/sbin/cupsd', 0x20, 0x8001}, 0x41)

4m8.060230659s ago: executing program 2 (id=18619):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000500)={[{@discard}, {@abort}, {@dioread_lock}, {@sysvgroups}, {@acl}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}, {@resuid}, {@init_itable_val}, {@jqfmt_vfsv1}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
setresuid(0xee01, 0xee00, 0x0)
lremovexattr(&(0x7f0000000380)='./file0\x00', &(0x7f0000000480)=@known='system.posix_acl_default\x00')

4m7.880159711s ago: executing program 2 (id=18622):
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
chroot(&(0x7f0000000180)='./file0\x00')
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0)

4m7.665876184s ago: executing program 2 (id=18626):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000280)={0x0, &(0x7f0000000080)}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000002c0)={'gre0\x00', 0x0, 0x8, 0x0, 0x2, 0x400, {{0x5, 0x4, 0x2, 0xd, 0x14, 0x65, 0x0, 0x4, 0x29, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}}}}})
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9402000021000100fcffffff00000000ac1414aae5fffff8b49ed9825133a900fc0100000000000000070000000000000000add500200000000000801aeaaec1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000700004e6706362632874776f666973682900000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000040010000dc06216ef2c68e9f6da05d886dbc3273ef99796b36698e2bd5179c3eea5474fc78c9720bfc4f90a708001f0001000000cc0111"], 0x294}}, 0x0)

4m7.612555745s ago: executing program 47 (id=18626):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000280)={0x0, &(0x7f0000000080)}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000002c0)={'gre0\x00', 0x0, 0x8, 0x0, 0x2, 0x400, {{0x5, 0x4, 0x2, 0xd, 0x14, 0x65, 0x0, 0x4, 0x29, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}}}}})
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9402000021000100fcffffff00000000ac1414aae5fffff8b49ed9825133a900fc0100000000000000070000000000000000add500200000000000801aeaaec1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000700004e6706362632874776f666973682900000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000040010000dc06216ef2c68e9f6da05d886dbc3273ef99796b36698e2bd5179c3eea5474fc78c9720bfc4f90a708001f0001000000cc0111"], 0x294}}, 0x0)

3m44.184859738s ago: executing program 8 (id=19513):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000290000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r1}, &(0x7f0000000440), &(0x7f0000000480)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r1, &(0x7f0000000100)}, 0x20)

3m44.159635349s ago: executing program 8 (id=19515):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x111, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc24f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x9, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x7, 0x84, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x5}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000f80)={0x0, 0x22, 0x7, {[@global=@item_012={0x1, 0x1, 0x0, '4'}, @main=@item_012={0x2, 0x0, 0xa, "b608"}, @global=@item_012={0x1, 0x1, 0x4, '\x00'}]}}, 0x0}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

3m42.398243432s ago: executing program 8 (id=19548):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

3m42.264134434s ago: executing program 8 (id=19559):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000004c0)={[{@acl}, {@barrier}, {@barrier_val}, {@sysvgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resuid}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xfc, 0x587, &(0x7f0000002100)="$eJzs3U1rG9caAOB3ZMn5cO6NAyHcexeXQBZNSSPHdj9SKDRdljY00O5TYSsmWI6CJYfYDTRZNJtuSiiU0kDpD+i+y9A/0F8RaAOhBNMuSkFl5JGt2JIdOzJSoueBSc6ZD595feY9PqORUABD62T6Ty7ivxHxVRJxtG1bPrKNJ9f2W31yayZdkmg0Pv49iSRb19o/yf4fyyr/iYifv4g4k9vabm15Zb5UqZQXs/pEfeH6RG155ezVhdJcea58bWp6+vwb01Nvv/Vmz2J99dKf33704P3zX55a/ebHR8fuJXEhjmTb2uN4DrfbKydLf2elQlzYtONkDxobJEm/T4A9GcnyvBDpGHA0RrKsB15+n0dEY02uAQyZpJn/YxvjADAkWvOA1r19j+6DXxiP31u7AWrGPtoef37ttZE42Lw3OryaPHVnlN7vjveg/bSNn367fy9dYvvXIQ7tUAfYldt3IuJcPr91/E+y8W/vzjVfPN7e5jaG7e8P9NODdP7zWqf5X259/hMd5j9jHXJ3L3bO/9yjHjTTVTr/e6fj/Hd96BofyWr/as75CsmVq5XyuYj4d0ScjsKBtL7d85zzqw8b3ba1z//SJW2/NRfMzuNR/sDTx8yW6qWIGH2euFse34n4X75T/Ml6/ycd+j/9fVzq+BMLW9acKN//f7f2d45/fzV+iHilY/9vPNFKtn8+OdG8HiZaV8VWf9w98Uu39vsdf9r/h7ePfzxpf15b230b3x/8q9xt216v/9Hkk2a5lQQ3S/X64mTEaPJhs36wff3UxrGtemv/NP7Tp7Yf/zpd/+nN16fPGP/d43e77joI/T+7q/7ffeHhB5991639Z+v/15ul09mabPzrLLtWnvUEn/f3BwAAAAAAAIMkFxFHIskV18u5XLG49v6O43E4V6nW6meuVJeuzUbzs7LjUci1nnQfbXs/xGT2fthWfWpTfToijkXE1yOHmvXiTLUy2+/gAQAAAAAAAAAAAAAAAAAAYECMdfn8f+rXkX6fHbDvml9scKDfZwH0w45f+d+Lb3oCBtKO+Q+8tOQ/DC/5D8NL/sPwkv8wvOQ/DC/5D8NL/gMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXbp4MV0aq09uzaT12RvLS/PVG2dny7X54sLSTHGmuni9OFetzlXKxZnqwk4/r1KtXp+ciqWbE/VyrT5RW165vFBdula/fHWhNFe+XC5s7Jrb38gAAAAAAAAAAAAAAAAAAADgxVFbXpkvVSrlRYWuhXdjIE5jPwNcs6fD84MShUKXwp2se3d3VB8HJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY5J8AAAD//9ybLZI=")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
sendfile(r1, r0, 0x0, 0x80000000)

3m42.187648305s ago: executing program 8 (id=19551):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x1)
unlink(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3m42.150740425s ago: executing program 8 (id=19553):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
rt_sigqueueinfo(r0, 0x31, &(0x7f0000000ac0)={0x0, 0xc4, 0xff7ffffe})
ptrace$peeksig(0x4209, r0, &(0x7f0000000280)={0xffffffffffffffff, 0x1, 0x2}, &(0x7f00000006c0)=[{}, {}])

3m25.876649533s ago: executing program 48 (id=19553):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
rt_sigqueueinfo(r0, 0x31, &(0x7f0000000ac0)={0x0, 0xc4, 0xff7ffffe})
ptrace$peeksig(0x4209, r0, &(0x7f0000000280)={0xffffffffffffffff, 0x1, 0x2}, &(0x7f00000006c0)=[{}, {}])

2m30.286375618s ago: executing program 3 (id=21956):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x48, 0x11, 0x0, @remote, @mcast2, {[], {0x4e20, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "88c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c70", "e13808caffffffffe5fff9620915b6f78670bdaf9acf6b7931c9b4400100"}}}}}}}, 0x0)

2m30.274660248s ago: executing program 3 (id=21960):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000084000040"])

2m30.10936085s ago: executing program 3 (id=21970):
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x200408, &(0x7f0000000280)=ANY=[@ANYRES8=0x0, @ANYRESHEX=0xee00, @ANYRES32=0x0], 0x1, 0x1d3, &(0x7f0000001a00)="$eJzs3cFqE1EUBuAzsTapIHYniOCAG1dBfYKKRBAHRCULXSm0bhoRks3oxvoWPqAPIF11IyNmxsaWZGxjzJj0+zb5yTmTey+ESTY5eX3z3f7u+9Hbr9e/RKeTRGsnduIoie1oxS8HAQCsk6OiiG9FsdH0PgCA5ak+/8dmtHyvu94XBwBYPS9evnryIMt6z9O0E3F4kPfzfvlY1h89znp307HtyVWHed6/dFy/V9bTk/XLcSUitiLr3Z9a34w7t8fXf/5Ze/g0O1Vvx+6/Pz4AAAAAAAAAAAAAAAAAAAAAADSimx6bOt+n251VL9Nv84FOze/ZiBuGAwIAAAAAAAAAAAAAAAAAAMCZjD583H8zGOwNJ6EdESefmS8U12YuMS2kEfH3i543tGJ5a61aSP6PbZwzRDV1oqbn1mLe4c+u/qkn5nvlzYio79mqP+AiwuQe0W7m1gQAAAAAAAAAAAAAAAAAABdO9VvfZDhqeicAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Jzy//8He8N5wqeIOENztVTS8FEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYYz8CAAD//x8yIRo=")
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x24, 0x1, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x4000)
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)

2m30.031174051s ago: executing program 3 (id=21975):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x2808080, &(0x7f0000000680)={[{@shortname_winnt}, {@numtail}, {@utf8}, {@shortname_winnt}, {@uni_xlateno}, {@fat=@codepage={'codepage', 0x3d, '866'}}, {@rodir}, {@shortname_mixed}, {@rodir}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {@uni_xlate}, {@shortname_mixed}]}, 0x81, 0x2ba, &(0x7f00000003c0)="$eJzs3c+KI0UYAPCvJ52ZRBeSgycRbNCDp2Fnn2AHGWFxTkof9KLiZkEmYWECgVUx7sm74Ml38Am8+ABeBB/Ag0fBm3sQW5Lu/J1O2JFMlPH3u8zXVfVVV1XXzECgKx++Mrh4+Hj46Onnv0SrlcTB/bgfz5LoxkHMfBkAwG3yrCji96IUcbi1bTqtLzrV1cF+RggA7Nrq/38A4P/g3ffef/v0/PzsnSxrRQy+GuVJRAySUV7Wnz6KT6Ifvbgbnfgzopgr4zsPzs8izbLZhwGjduQRgw9+rK5Pf4uY5p9EJ7pX8996cH52kpXi9cF4lE/uPPnZjBeSiNMiKTu6F514KaJoRtXJIv9eTX7kh/HGa99W4/+rF8fRiZ8+jsfRj4fTLhb5X5xk2ZvFN398Vs4gj0jGo/xo2m6haOztoQAAAAAAAAAAAAAAAAAAAAAAcOsdZ3Pd5fNzZqcBHh/X10/PB2rUnA9UnfAzXjpf526WZbNjfEZ5M8r8NF5OI/1XJw8AAAAAAAAAAAAAAAAAAAD/EcMnn1581O/3LleCH4r1kpqgeqM/qpJ0qSpdrdreT01w8V3E9bOeJ4hGNbR+cuUWswk9d4fp5sZH1xlYu66fONi0hmk/ysF/ff1FeHXrBBs1WcU/WOfZ7ppski2NGzF80ioneKe9WrW0M9tVZ5fD6QNqb9q0q0FRs3SNjVmHO9pjhy/udtNOZtycL+Zqm9bkSS6VNHf8m7ImuYk/PwAAAAAAAAAAAAAAAAAAwJLFS7/x65XKp1tTv//5BscFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPu0+P7/eRDd9ZL1YFwl9+rS14Kjy2HNbbt7niYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC33N8BAAD//w2EV5M=")
socket$inet_udp(0x2, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)

2m29.945932382s ago: executing program 3 (id=21977):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

2m29.728139105s ago: executing program 3 (id=21982):
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

2m13.307397865s ago: executing program 49 (id=21982):
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

51.220974734s ago: executing program 7 (id=24138):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
request_key(&(0x7f0000000180)='asymmetric\x00', &(0x7f0000002240)={'syz', 0x0}, &(0x7f0000002280)='kfree\x00', 0x0)

51.202138784s ago: executing program 7 (id=24139):
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
setuid(0xee01)
r0 = socket(0x1e, 0x4, 0x0)
recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
setresuid(0xee01, 0xee01, 0x0)

50.242301827s ago: executing program 7 (id=24143):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003460200bfa300000000dd001702000000feffff7a0a00fe14ffffff79a4f0ff00000000b7060000ff0800007e640200000000005502fa000001007d60a6040000001000006a0a58fe"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f00000105c0)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x105d6, &(0x7f0000020c00)="$eJzs3M1uG1UbB/DHzdum7VtKhPrBjpEQUiJhK07SigoJArQCpKaK+FiwARx7Yrm1PSF2nJA1SCy4je4QGxZcARvuAwkhNiCxA4E8M6maqhItNUlLfj9p8j9zfPz4HCsLH08yARxZM8lvv1bibJyKiKmIOBORtyvlkVsu4tmIeC4ijt11VMr+Ox0nIuJ0RJwdFy9qVsqHvv7k2z9Gu9e/uP3yTx9euf1L5fBWDRy0V+85fyEiehtFe7tXZNYu8mbZ3xh18uwtjcosHujdKs+zIrfTtbzCdmNvXCPPxXYxPtvYGoxzvdtojrPdWc/7N/rFCw5G7b06+RNuNjbz81a6lmdnkOXZ3i3mtVPm7mBY1GmV9T7Ny8dwuJdFf7qTFuvZuJVnsz8s+4u6WSvdGeeozPLlopl1W/k81h7qrX6iXO/0t3aSUbo56GT95FKt/lKtfrla38xa6TBdqjZ6rctLyWy7Ox5WHaaN3nI7y9rdtNbMenPJbLvZrNbryezVdK3T6Cf1em2xNl+9NFe2XkzevPF+0m0ls+N8vdPfGna6g2Q920yKZ8wlC7XFK3PJ8/Xk3ZXVZPWda9dWVt/76OoHN15befuNctDetKbz34lhupTMLswvLFTr89WF+tzRWf+daU1w/fBIfJIEeGiT3/9P2f8Df8v+f//+f9r+/0juf4/6+uGR+CQJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBk/XD8m7fyxkxx/v+y/6my65mIuBgRFyLifET8eR9TcWJfzXMRUSnb9xt//J45fFeJvML4OdPlcToilsvj96f/7XcBAAAA/ru++v6zzyOmxs38xyuHPSEOUvmlzclJ1cu/8vnfpKqdy4vtTKja+b2SE3EhIo7P/Dyhahcj4tiZjydU7YFM7YuTd0WliGMHORsAAOBg7N8JTGz3BgAAwGPny8OeAIcjv15b/i1+eS14uojyguCpfWcAAADAE6hy2BMAAAAAHtg//V/dfP8/6fv//ej+fwAAAPBYKe7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7Fz9zhqA1EcwB84DvlUUMTHVaiilBQcIkdImQMkt0nHEaJIiHOQLkeIIGI8W3hFsVqP8S76/STzZiz484BqPMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAn/7U2/XP/fcfXXOOv06dlPk0AAAAwCWHertOg2kzf5vPv8+nPkbEMiIWETGPiEtr9ypetjJnETHK40vPr+/18DsiJZxfM8nHm4j4nI9/H/r+FgAAAOB27XerTUR1HqaHT0M3xDXlizavSuWlSz4vSqXNUti3Qmnzu8giFhFRT/8WSltGxPjdl0JpD1Ll0vrt02TUlPE1uwEAAK6japViqzcAAACenK9DN8Aw0n5t/i9+3gueNCVvC75uzQAAAIBnaDR0AwAAAEDv0vrf/f8AAADgtjX3/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBPh3q73u9Wm645x1M3j3rTcdeuAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+M/+vJxACIRBGOxd3zkN5h+WNGgMHqwC4eNvPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzL7/7yf2JqnEnmXhtLzyPJ2qmxdWrsnRtHfxhvvwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GJ/7k4gBIIgDPad/zkt5h+WNGgMIlTBwscM87AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYn3vbhIEwjsOvL4kSt8kI6a18zEBDhWAEPiQkS56BAViIhorWYhFYASQ414gCNzxP8/8VJ90dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyn080TLxFRROoyRRquvg6vEfEWad22g/dLFpvjvvm45mS7G+X8jPF3GRFlFH18BwCgd1W3ORbLev6T9zfvX97/vNW0qWf3XFI+4OEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJmdu2dt6gsDAP6keWn67/RfXFwEhXbRmPqWQlehIoiLg2NpYymmWtoKtohYv4Hgx9Cpq5/B3cFBJ0E6qIjgJGluzLEEDGpzQ/v7wbn3OQfueckQeO45CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMD2dmKyGxeiFL24482nR4v97h+/vD7RLbdfldbSPtu9lCPizkqreX5YCxlBjw/UN7a27y60Ws31QwzGI54Ma6x/FVTjkHqujsgCDyWIGIlpCJIgin/2eD7fTwAAHF3lrLTz+nfl3fl2W2Eu2tlikv9HTCVxDJj/f3vx9Fo6Vpr/14e2wtFX21xdq21sbZ9dWV1Ybi4379VnZy9ealy5PFOv7b8rqR33NyYAAAD8rUpW0vx/bO7g/n/Ef0kcA+b/D67fPNluq2bPFOX/ffU2/fKeCQAAwPH2/6mvnwt92guVSjxc2Nxcr3euP+sznWsOU/29W79Wx7OS5v/FuZzmBgAAAAzV3k5hMiJ2u/Wl7N53/3+691y6///2eelG2mcxIiay/f9zi/dbS0NZyegbxo+Q814jAAAA+ZrISrr/X94//9/7z7+xiJg+3Ym7rYOc/5868/JDOlZ6/v/C0FY4msYanc9j/96IKDXynhEAAABHWTUr7fz/fTnm178/u1px/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgBzt2jxIxEAUAONnZaCUuCDY2nkC0s1qwELyHKAgewSt4B+/gPVKKltayhVjYyptkdNlmwSLx5/tg8l7CkHmZKm8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1lqcfOUpLrMun/TPHl9vziM+rcTw8tbuxoi8HrLoX6g+HrsCAAAA/oNU+vuqqp6b+7OIk3nu/5syJ3r+u60uL/38at9fYun9Y+ylh/fPhWbdOvHSy6vri8PBvvDn2147Y5p3Pp+9pHIIs7No8n7Wt217upHTzQGKBQC+5aDEPin/QxGPxiwMgL9sf/lm2o9qqf9P81HqAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjURwAAAP//BaRpww==")
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000003c0)=ANY=[], 0x700, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000005a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98}}, {{&(0x7f0000005840)=@file={0x1, './file2\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x0)

49.809742543s ago: executing program 7 (id=24147):
keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x8, &(0x7f00000005c0)={[{@errors_remount}, {}]}, 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3cGBgY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//TwTJNg==")
open(&(0x7f00000002c0)='./file0/file0\x00', 0x141840, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
unlink(&(0x7f0000000280)='./file0/file0\x00')

49.604985396s ago: executing program 7 (id=24148):
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x400, 0xcf, 0x0, 0xfffe, 0x15, "4415264a88b81113fb235920b1a90a13bc040b"})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x44004)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)

49.462253298s ago: executing program 7 (id=24149):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000440)={0x0, r2}, 0x10)

49.429036058s ago: executing program 50 (id=24149):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000440)={0x0, r2}, 0x10)

3.910380557s ago: executing program 5 (id=25514):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x11)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x28, r2, 0x70f, 0x0, 0x0, {{}, {@void, @val={0x8, 0xe}, @val={0xc, 0x99, {0x0, 0x39}}}}}, 0x28}}, 0x0)

3.893846077s ago: executing program 5 (id=25515):
syz_open_procfs(0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x1, 0x2)
syz_usb_disconnect(r0)
syz_usb_connect(0x4, 0x24, &(0x7f00000002c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x40085507, &(0x7f0000000280)=0x80000000)

3.334650265s ago: executing program 4 (id=25520):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
mount_setattr(0xffffffffffffffff, 0x0, 0x100, 0x0, 0x0)

3.334313685s ago: executing program 4 (id=25521):
r0 = socket$unix(0x1, 0x1, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x442, 0x108)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x8000, &(0x7f0000000480)={[{@dmask={'dmask', 0x3d, 0x7}}, {@allow_utime={'allow_utime', 0x3d, 0x5}}, {@time_offset={'time_offset', 0x3d, 0x9}}, {@utf8}, {@dmask={'dmask', 0x3d, 0x2}}, {@dmask={'dmask', 0x3d, 0x8}}, {@umask={'umask', 0x3d, 0x7}}, {@iocharset={'iocharset', 0x3d, 'default'}}, {@keep_last_dots}, {@sys_tz}]}, 0x1, 0x1548, &(0x7f0000001900)="$eJzs3AuYTdX7OPD3XWvtMSSdJrkMa613c5LLMkmSS5JckiRJktwSkib5SkJiyC1pSEJyGZLLEJLLxKRxv98vCU2SJklCckvW/1H8fftVv++lvl/P85v38zz7sd6z9rv22vOeM2fvdZz5psvQmo1rVWtIRPCn4C//JAFALAAMBIBrACAAgHJx5eIu9OeUmPTnDsL+Wg+lXukZsCuJ65+9cf2zN65/9sb1z964/tkb1z974/pnb1x/xrKzzdMLXstb9t14/T874/f//0OySo/9Ym3p67sCxPyzKVz/7I3r/39W8M/sxPXP3rj+2VXslZ4A+yvN/vfS+PWfHeT4wx6uf/bG9WcsO/t5HTgnXPF16Cu1QSR7fwZypZ9/jDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcayh9P+MgUAl9pXel6MMcYYY4wxxhj76/gcV3oGjDHGGGOMMcYY+89DECBBQQAxkANiISfkAgEAV0MeuAYicC3EwXWQF66HfJAfCkBBiIdCUBg0GLBAEEIRKApRuAGKwY1QHEpASSgFDkpDAtwEZeBmKAu3QDm4FcrDbVABKkIlqAy3QxW4A6rCnVAN7oLqUANqQi24G2rDPVAH7oW6cB/Ug/uhPjwADeBBaAgPQSN4GBrDI9AEHoWm0AyaQwto+W/lvwA94EXoCb0gCXpDH3gJ+kI/6A8DYCC8DIPgFRgMr0IyDIGh8BoMg9dhOLwBI2AkjII3YTS8BWNgLIyD8ZACE2AivA2T4B2YDFNgKkyDVJgOM+BdmAmzYDa8B3PgfZgL82A+LIA0+AAWwiJIhw9hMXwEGbAElsIyWA4rYCWsgtWwBtbCuh/7wgbYCJtgM2yBrbANtsMO2Akfwy74BHbDntfnAUAmfPZH+bD+d/NPXcqHvfApZEJXBAQUKFChwhiMwViMxVyYC3NjbsyDeTCCEYzDOMyLeTEf5sMCWADjMR4LY2E0aJCQsAgWwShGsRgWw+JYHEtiSXToMAETsAzejGWxLJbDclgey2MFrIgVsTJWxipYBatiVayG1bA6VseaWBPvxruxN9bBOlgX62I9rHdpeQobYkNshI2wMTbGJtgEm2JTbI7NsSW2xFbYCltja2yLbbEdtsP22B4TMRE7YAfsiB2xE3bCztgZu2AX7IrdsFvWCzkAX8QXsRdWF72xD/bBvpicoz8OwAH4Mg7CV/AVfBWTcQgOxdfwNXwdh+NJHIEjcRSOwiriLRyDY5HEeEzBFJyIE3ESTsLJOAWn4DRMxek4A2fgTJyFs/A9nIPv4/s4D+fhAkzDNFyIizAd03ExnsIMXIJLcRkuxxW4HFfhalyFa3EdrsUNuAE34SbcgltwG27DHbgDP0YFgJ/gHtyDyZiJmbgP9+F+3I8H8ABmYRYexIN4CA/hYTyMR/AIHsVjeByP4Qk8gSfxFJ7G03gWz+I5fC7+q0Yfl1iTDOICJZSIETEiVsSKXCKXyC1yizwij4iIiIgTcSKvyCvyiXyigCgg4kW8KCwKCyOMIBHGAICIiqgoJoqJ4qK4KClKCiecSBAJoowoI8qKsqKcuFWUF7eJCqKiaOMqi8qiimjrqoo7RTVRTVQXNURNUUvUErVFbVFH1BF1RV1RT9QT9cUDooHojf3xIXGhMo3FEGwihmJT0UzIi7/BWonh2Fq0EW3FE2IkjsD2opVLFE+LDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo7XqKXmIy9hZ9xDTsK/qJ/mKAmIk1xHs4J2dN8apIFkPEUPGaWICvi+HiDTFCjBSjxJtitHhLjBFjxTgxXqSICWKieFtMEu+IyWKKmCqmiVQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJNfCAWikUiXXwoFouPRIZYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdoqPxS7xidgt9oi94lORKT4T+8TnYr/4QhwQX4os8ZU4KL4Wh8Q34rD4VhwR34mj4pg4Lr4XJ8QP4qQ4JU6LM+Ks+FGcEz+J88ILkCiFlFLJQMbIHDJW5pS55FUytwwu/nSvlXHyOplXXi/zyfyygCwo42UhWVhqaaSVJENZRBaVUXmDLCZvlMVlCVlSlpJOlpYJ8iZZRt4sy8pbZDl5qywvb5MVZEVZSVaWt8sq8g4JkV+OUV3WkDVlLXm3TIJ7ZB15r6wr75P15P2yvnxANpAPyobyIdlIPiwby0dkE/mobCqbyeayhWwpH5Ot5OOytWwj28onZDv5pGwvn5KJ8mnZQfqLT5FnZWf5nOwin5ddZTfZXf4kz0sve8peEnqD7CNfkn1lP9lfDpAD5ctykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZTpFT5TSZKqfL/hdHmi3lP8x/+3fyB/989E1ys9wit8ptcrvcIXfKj+UuuUvulrvlXrlXZspMuU/uk/vlfnlAHpBZMkselAflIXlIHpaH5RF5RB6Vx+QZ+b08IX+QJ+UpeUqekWflWXnu4s8AFCqhpFIqUDEqh4pVOVUudZXKra5WedQ1KqKuVXHqOpVXXa/yqfyqgCqo4lUhVVhpZZRVpEJVRBVVUXUDXnzCqJKqlHKqtEpQN/0r+aqYulEVVyV+lX9pfkl/ML+WqqVqpVqp1qq1aqvaqnaqnWqv2qtElag6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKkklqT7qJdVX9VP91QA1UL2sBqlBarAarJJVshqqhqphapgaroarEWqEGqVGqdFqtBqjxqhxapxKUSlqopqoJqlJarKarKaqqSpVpaoZaoaaqWaq2Wq2mqPmqLlqrpqv5qs0laYWqoUqXaWrxWqxylBL1BK1TC1TK9QKtUqtUmvUGrVOrVMb1AaVoTarzWqr2qq2q+1qp9qpdqldarfarfaqvSpTZap9ap/ar/arA+qAylJZ6qA6qA6pQ+qwOqyOqCPqqDqqjqvj6oQ6oU6qk+q0Oq3OqrPqnDqnzqvzFy77AhGIQAUqiAligtggNsgV5ApyB7mDPEGeIBJEgrggLsgbXB/kC/IHBYKCQXxQKCgc6MAENhAXix4NbgiKBTcGxYMSQcmgVOCC0kFCzMXO4JagXHBrUD64LagQVAwqBZWD24MqwR1B1eDOoFpwV1A9qBHUDGoFdwe1g3uCOsG9Qd3gvqBecH9QP3ggaBA8GDQMHgoaBQ8HjYNHgibBo0HToFnQPGgRtAxuDsr+ZeN7fzL/466n7qWTdG/dR7+k++p+ur8eoAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erKeoqfqaTpVT9cz9Lt6pp6lZ+v39Bz9vp6r5+n5eoFO0x/ohXqRTtcf6sX6I52hl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q536J36Y71Lf6J36z16r/5UZ+rP9D79ud6vv9AH9Jc6S3+lD+qv9SH9jT6sv9VH9Hf6qD6mj+vv9Qn9gz6pT+nT+ow+q3/U5/RP+rz2Fy7uL7y9G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emr8lr8pl8poApYOJNvClsCpsLyJApYoqYqImaYqaYKW6Km5KmpHHGmQSTYMqYMqasKWvKmXKmvClvKpgKppKpZG43t5s7zB3mTnOnucvcZWqYGqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqapqa5aW5ampamlWllWpvWpq1pa9qZdqa9aW8STaLpYDqYjqaj6WQ6mc6ms+liupiupqvpbrqbHqaH6Wl6miSTZPqYPqav6Wv6m/5moBloBplBZrAZbJJNshlqhpphZpgZboabEWakGXXhQtW8ZcaYsWacGW9STIqZaCaaSWaSmWwmm6lmqkk1qWaGmWFmmplmtplt5pg5Zq6Za+ab+SbNpJmFZqFJN+lmsVlsMkyGWWqWmuVmuVlpVprVZrVZa9aa9bDebDQbzWaz2Ww1W812s93sNDvNLrPL7Da7zV6z12SaTLPP7DP7zX5zwBwwWSbLHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81Zk//i+6U3sTanzWWvsrnt1TaPvcb+z7iALWjjbSFb2Gqbz+b/VWystcVtCVvSlrLOlrYJ9qbfxBVsRVvJVra32yr2Dlv1N3Fte4+tY++1de19tpa9+1dxPXu/rW8fsQ0QAWwz28i2sI3tI7aJfdQ2tc1sc9vCtrNP2vb2KZton7Yd7DO/iRfaRXa1XWPX2nV2t91jT9sz9pD9xp61P9qetpcdaF+2g+wrdrB91SbbIb+JR9k37Wj7lh1jx9pxdvxv4ql2mk210+0M+66daWf9Jk6zH9g5Nt3OtfPsfLvg5/jCnNLth3ax/chm2ACW2mV2uV1hV9pV/3+uy+wGu9FusrvsJ3ar3Wa32x1256ULYbvH7rWf2kz7mT1ov7b77Rf2gD1ss+xXP8cXzu+w/dYesd/Zo/aYPW6/tyfsD+pS9oVz/97+ZM9bb4GQgCQpCiiGclAs5aRcdBXlpqspD11DEbqW4ug6ykvXUz7KTwWoIMVTISpMmgxZIgqpCBWlKN1Al6ZXkkqRo9KUQDdRGbqZytItVI5upfJ0G1WgilSJKtPtVIXuoKp0J1Wju6g61aCaVIvuptp0D9Whe6ku3Uf16H6qTw9QA3qQGtJD1Igepsb0CDWhR6kpNaPm1IJa0mPUih6n1tSG2tIT1I6epPb0FCXS09SBnqGO9DfqRM9SZ3qOutDz1JW6UXd6gXrQi9STelES9aY+9BL1pX7UnwbQQHqZBtErNJhepWQaQkPpNRpGr9NweoNG0EgaRW/SaHqLxtBYGkfjKYUm0ER6mybROzSZptBUmkapNJ1m0Ls0k2bRbHqP5tD7NJfm0XxaQGn0AS2kRZROH9Ji+ogyaAktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtBO+ph20Se0m/bQXvqUMukz2kef0376gg7Ql5RFX9FB+poO0Td0mL71veg7OkrH6Dh9TyfoBzpJp+g0naGz9COdo5/oPHmCEEMRylCFQRgT5ghjw5xhrvCqMHd4dZgnvCaMhNeGceF1Yd7w+jBfmD8sEBYM48NCYeFQhya0IYVhWCQsGkbDG8Ji4Y1h8bBEWDIsFbqwdJgQ3hSWCW8Oy4a3hOXCW8Py4W1hhbBi+Mh9lcPbwyrhHWHV8M6wWnhXWD2sEdYMa4V3h7XDe8I64b1h3fC+sGx4f1g/fCBsED4YNgwfChuFD4eNw0fCJuGjYdOwWdg8bBG2DB8LW4WPh63DNmHb8ImwXfhk2D58KkwMnw47hM/83H//oj/uTwp7h33Cl8KXQu/vlfOjC6Jp0Q+iC6OLounRD6OLox9FM6JLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohujm6Le18oBDp1w0ikXuBiXw8W6nC6Xu8rldle7PO4aF3HXujh3ncvrrnf5XH5XwBV08a6QK+y0M846cqEr4oq6qLvBFXM3uuKuhCvpSjnnSrsE18K1dC1dK/e4a+3auLbuCfeEe9I96Z5yT7mnXQf3jOvo/uY6uWddZ/ece84977q6bq67e8H1cBPy/PKaTHJ9XB/X1/V1/V1/N9ANdIPcIDfYDXbJLtkNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOpbgUN9FNdJPcJDfZTXZT3VSX6lLdDDfDzXQzXZVZvxxlrpvr5rv5Ls2luYXuwjVjulvsFrsMl+GWuqVuuVvuVrqVbrVb7da6tW69W+82uo1us9vstrqtbrvb7na6nW6X2+V2+2t+GdRlun1un9vv9rsD7kuX5b5yB93X7pD7xh1237oj7jt31B1zx9337oT7wZ10p9xpd8addT+6c+4nd955lxKZEJkYeTsyKfJOZHJkSmRqZFokNTI9MiPybmRmZFZkduS9yJzI+5G5kXmR+ZEFkbTIB5GFkUWR9MiHkcWRjyIZkSWRpZFlkeWRFRHvC20NfRFf1Ef9Db6Yv9EX9yV8SV/KO1/aJ/ibfBl/sy/rb/Hl/K2+vL/NV/AVfSX/qG/qm/nmvoVv6R/zrfzjvrVv49v6J3w7/6Rv75/yif5p38E/4zv6v/lO/lnf2T/nu/jnfVffzXf3L/ge/kXf0/fySb637+Nf8n19P9/fD/AD/ct+kH/FD/av+mQ/xA/1r/lh/nU/3L/hR/iRflTMm370pVtkGO9T/AQ/0b/tJ/l3/GQ/xU/103yqn+5n+Hf9TD/Lz/bv+Tn+fT/Xz/Pz/QKf5j/wC/0in+4/9Iv9Rz7DL7m0qOxX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u9/hd/qP/S7/id/t9/i9/lOf6T/z+/znfr//wh/wX/os/5U/6L/2h/w3/rD/1h/x3/mj/pg/7r/3J/wP/qQ/5U/7M/6s/9Gf8z/58/ydNcYYY4yxf8qEy03x655flvN7/06O+Lud+wDA1dsKZv19/4UryvX5fmn3E/HtIgDwdK8uD13aqldPSkq6uG+GhKDoPIBLnwRd8POy8cV4CbSFJyER2kCZ351/P9HtLP2D8aO3AuT6u5xYuBxfHv9zAEz6nfEfe2LUwvLh6bj/Zfx5AMWLXs7JCZfjJdD25/WVNlD2D+afv9U/mH/OL1IAWv9dTm64HF+efwI8Ds9A4q/2ZIwxxhhjjDHGftFPVOp06f7z0v/4/L3783h1OScHXI7/0f05Y4wxxhhjjDHGrrxnu3V/6rFL39x7LDGxTaefH/lnGlX/lZ3/9UYT+E+NzI3fbXgPcOkRBQB/ckCACw353zyLLf+VYyVffLX8z67lZ3wA3Ytd/NLjX3fQ2D9fi3+ncaV+IzHGGGOMMcb+Uy5f9P/6cXWlJsQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVD/40/J3alz5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi70v5fAAAA//8XnvpB")
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
mount$9p_unix(0x0, &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0)

3.311422215s ago: executing program 4 (id=25522):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
geteuid()
times(0x0)

3.292491055s ago: executing program 4 (id=25523):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0xff, 0x7ffc0001}]})

3.222855656s ago: executing program 4 (id=25524):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448de, &(0x7f00000007c0))

3.117376558s ago: executing program 5 (id=25526):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000300)="82f51ef54c168beb696c49a023f91124fa8b5793b47aedff32", 0x19}], 0x1}}], 0x1, 0x0)

3.097948908s ago: executing program 5 (id=25527):
r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
close(r0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r1 = timerfd_create(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

2.18043924s ago: executing program 5 (id=25533):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x14, 0x1, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24008900}, 0x8000)
shutdown(r0, 0x2)

2.164540871s ago: executing program 5 (id=25534):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d00000905050302"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2.001460343s ago: executing program 9 (id=25538):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010000000000000000007f0000010b"], 0xb8}}, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

1.987416133s ago: executing program 9 (id=25539):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x654a, 0x4)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x61)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

1.901253714s ago: executing program 9 (id=25540):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001fc0)=@newtaction={0x10c, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0xf8, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x20000000, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_simple={0x30, 0xc, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_bpf={0x74, 0x1c, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8}]}, {0x41, 0x6, "0b08d9800519a4b09ff2a9761ba63a246e3e2c8254b73540634489890d7d8c86cad49b0fb0bb45aa8084aadf7c11f8d217fd79ae84e5eb2e4dc72abdae"}, {0xc, 0x7, {0xbdd002544f1d7cd6, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x8011}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newtaction={0x2dc, 0x30, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [{0x2c8, 0x1, [@m_skbedit={0x1f0, 0xe, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x4, 0xa}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xd}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x1}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x1, 0x1, 0xffffffffeffffffb, 0x6, 0x101}}]}, {0x191, 0x6, "de616dd9ce3b892bb6fafca061bed3e644dcf9151f4527045657b89def02bb9cad6c62f8293cff1e7df3eb0803889f2fd92b151ed17ab9007c47463bf4e7afe47ab1d24292b0103cbbc15977a51c0ae02a16535a666c86a6321ae76cba859e771aa7d0ff9fa033e50e56e0f68419fd47894ab8f8d473fc2af5fc18fb9399fdbb44bce22ac4c64feea69875f61ef4f46591d0547ce0f025b0a5f6dc470fd9635a05e318fa41b23e07582b3128621edbf17703923cea8b079f042f9924f50ce06116fc38e34430e0a4b60e7144cccb31d0a0457e528dd782264fec2417bd1b18aa82a223185cee31b2989e534df535b22243ec2971118b283cebb23130d1622a675cabf8788d71473f98949841ab1c34d28257f4b10e6eec198365490620753627951432cf82875ec0fccc70181d74035e141d4bbdd59571d5c3fa68b6a9365539b7e734e38e7083fe43b3104f03a618c99dc38b7b166c71dcda72645a7ddd09b867d20ef1d0f2154c6c2af7bfc13509c92a055f4ba6134cf5124359fccca93ea9ef30597c542c2e259bbd96051f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_tunnel_key={0xd4, 0x1c, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x4}]}, {0x99, 0x6, "ebb7905fe91e9be4677d59a9642fd119d19ac5e190bf4b0f9f2859657921b9c6fce506e2b627b610552adbd25f19af61b6f9b1603735a6e3d97188050bf1e9e04f7b370bf4a6645e82f7d27fe7ecb451e477ceac7c3e03294761182420c71011ec9e6197a94d09c8348554283a8308b47f98b0290d314bd466fd232ac06f2714af49e9c6aab9f06632e3c3c186c30993075db90954"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0x2dc}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1.882407575s ago: executing program 9 (id=25541):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000c62)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x17c)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140))

1.816961416s ago: executing program 9 (id=25542):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
r1 = inotify_init()
r2 = inotify_add_watch(r1, &(0x7f0000000280)='.\x00', 0x25000001)
inotify_rm_watch(r1, r2)

1.722402907s ago: executing program 9 (id=25546):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001021d010902640002010000000904010001020d0000052406000105240000000d240f0100000800000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d00000905820200020000000905030194"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xb, 0x0, 0x1, 0x4, 0x7, 0x40, 0x2, 0xe, 0x0, 0x1000}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

1.249283403s ago: executing program 1 (id=25558):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x5c, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000300)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

1.008134736s ago: executing program 4 (id=25560):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000300)={0x20, 0x2, 0x9, {0x9, 0xa, "82003766401b31"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x8d2, 0x0, 0x0, 0x0)

1.007975786s ago: executing program 1 (id=25561):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)

986.901897ms ago: executing program 1 (id=25562):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000680)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x27}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='signal_generate\x00', r1}, 0x10)
timer_create(0x2, 0x0, &(0x7f0000000140))
timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0)

968.403797ms ago: executing program 1 (id=25563):
r0 = eventfd2(0x80000000, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))
write$eventfd(r0, &(0x7f0000000080)=0xffffffffffff252e, 0x8)
read$eventfd(r0, &(0x7f0000000180), 0x8)

833.554748ms ago: executing program 1 (id=25575):
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
unlinkat(r0, &(0x7f0000000280)='./file0\x00', 0x200)
mkdir(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2)

817.845948ms ago: executing program 1 (id=25566):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = io_uring_setup(0xad5, &(0x7f0000000040)={0x0, 0xfffffffc})
close(r1)
clock_nanosleep(0x2, 0x1, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)

92.156468ms ago: executing program 0 (id=25587):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r1}, &(0x7f0000000440), &(0x7f0000000480)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r1, &(0x7f0000000100)}, 0x20)

77.338639ms ago: executing program 0 (id=25588):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100d0000000fbdbdf252100000018000180140002007665746831"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x4008800)

61.999399ms ago: executing program 0 (id=25589):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000200000000000000001809"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
rt_tgsigqueueinfo(0x0, 0x0, 0x29, 0x0)

43.657629ms ago: executing program 0 (id=25590):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ff7fffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='sys_enter\x00', r1}, 0x10)
getpgrp(0xffffffffffffffff)

395.529µs ago: executing program 0 (id=25591):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000002c0), &(0x7f0000000300)=r1}, 0x20)
utime(0x0, 0x0)

0s ago: executing program 0 (id=25592):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f00000002c0)=@attr_set_pmu={0x0, 0x1, 0x1, &(0x7f0000000280)=0x9})

kernel console output (not intermixed with test programs):

o 2048
[  770.762038][T20007] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  770.776968][T20007] EXT4-fs (loop7): re-mounted. Quota mode: none.
[  770.791909][T15644] EXT4-fs (loop7): unmounting filesystem.
[  770.792593][   T19] usb 5-1: Using ep0 maxpacket: 16
[  770.812639][   T19] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  770.825166][   T19] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  770.834946][   T19] usb 5-1: config 0 interface 0 has no altsetting 0
[  770.841719][   T19] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  770.853962][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.863107][   T19] usb 5-1: config 0 descriptor??
[  770.868727][  T535] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 85 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  771.077651][T20032] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  771.307534][T20062] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  771.324871][   T19] hid (null): unknown global tag 0xd
[  771.340056][   T19] hid (null): invalid report_size -1755079905
[  771.346554][   T19] hid (null): report_id 499631086 is invalid
[  771.352704][   T19] hid (null): unknown global tag 0xe
[  771.358260][   T19] hid (null): global environment stack overflow
[  771.554983][  T535] usb 5-1: USB disconnect, device number 33
[  772.207838][T20091] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  772.326628][T20107] tipc: Started in network mode
[  772.333116][T20107] tipc: Node identity 1, cluster identity 4711
[  772.339309][T20107] tipc: Node number set to 1
[  772.569250][ T3364] usb 10-1: new high-speed USB device number 64 using dummy_hcd
[  772.615633][T20101] loop4: detected capacity change from 0 to 131072
[  772.623779][T20101] F2FS-fs (loop4): invalid crc value
[  772.630801][T20101] F2FS-fs (loop4): Found nat_bits in checkpoint
[  772.645087][  T222] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  772.656711][T20101] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  772.764251][ T3364] usb 10-1: Using ep0 maxpacket: 32
[  772.830597][ T3364] usb 10-1: unable to get BOS descriptor or descriptor too short
[  772.838868][ T3364] usb 10-1: unable to read config index 0 descriptor/start: -71
[  772.841596][  T222] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  772.846573][ T3364] usb 10-1: can't read configurations, error -71
[  772.857428][  T222] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  772.873440][  T222] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  772.886304][  T222] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  772.895371][  T222] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.904404][  T222] usb 2-1: config 0 descriptor??
[  773.228653][  T305] usb 6-1: USB disconnect, device number 85
[  773.235963][  T305] usblp0: removed
[  773.345555][  T222] plantronics 0003:047F:FFFF.00EC: unknown main item tag 0xd
[  773.353472][  T222] plantronics 0003:047F:FFFF.00EC: unknown main item tag 0x0
[  773.361018][  T222] plantronics 0003:047F:FFFF.00EC: unknown main item tag 0x0
[  773.368430][  T222] plantronics 0003:047F:FFFF.00EC: unknown main item tag 0x0
[  773.375951][  T222] plantronics 0003:047F:FFFF.00EC: unknown main item tag 0x0
[  773.383385][  T222] plantronics 0003:047F:FFFF.00EC: unknown main item tag 0x0
[  773.393905][  T222] plantronics 0003:047F:FFFF.00EC: No inputs registered, leaving
[  773.413088][  T222] plantronics 0003:047F:FFFF.00EC: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  773.642971][  T305] usb 2-1: USB disconnect, device number 27
[  773.652193][T20129] loop7: detected capacity change from 0 to 131072
[  773.659906][T20129] F2FS-fs (loop7): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  773.668504][T20129] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  773.677449][T20129] F2FS-fs (loop7): invalid crc value
[  773.684535][T20129] F2FS-fs (loop7): Found nat_bits in checkpoint
[  773.714159][T20129] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0
[  773.721238][T20129] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  773.749044][T20129] F2FS-fs (loop7): sanity_check_inode: corrupted inode i_blocks i_ino=8 iblocks=0, run fsck to fix.
[  773.892513][T20141] loop7: detected capacity change from 0 to 512
[  773.903389][T20141] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  773.925602][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  773.937443][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  773.948912][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  773.960529][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  773.972324][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  773.984023][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  773.995550][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  774.007115][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  774.018659][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  774.030222][T15644] EXT4-fs warning (device loop7): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.'
[  774.059124][T18024] EXT4-fs (loop7): unmounting filesystem.
[  774.110287][   T10] tipc: Left network mode
[  774.210460][T20149] loop5: detected capacity change from 0 to 256
[  774.270704][T20157] 9pnet_fd: p9_fd_create_unix (20157): problem connecting socket: ./file0: -111
[  774.335523][T20153] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.342617][T20153] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.364712][T20153] device bridge_slave_0 entered promiscuous mode
[  774.375008][T20153] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.389635][T20153] bridge0: port 2(bridge_slave_1) entered disabled state
[  774.411386][T20153] device bridge_slave_1 entered promiscuous mode
[  774.551898][  T318] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  774.583509][T20153] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.590577][T20153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  774.597856][T20153] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.604879][T20153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  774.634674][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  774.642531][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.650295][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  774.668518][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  774.676921][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.683986][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  774.691910][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  774.700572][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.707628][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  774.736852][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  774.744894][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  774.759040][T20153] device veth0_vlan entered promiscuous mode
[  774.765378][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  774.773888][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  774.779502][  T318] usb 5-1: Using ep0 maxpacket: 32
[  774.786584][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  774.794433][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  774.810697][T20153] device veth1_macvtap entered promiscuous mode
[  774.825773][   T10] device bridge_slave_1 left promiscuous mode
[  774.831933][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  774.844221][T20167] loop5: detected capacity change from 0 to 131072
[  774.850979][   T10] device bridge_slave_0 left promiscuous mode
[  774.852495][T20167] F2FS-fs (loop5): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  774.857184][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.866089][T20167] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  774.881944][T20167] F2FS-fs (loop5): invalid crc value
[  774.887891][   T10] device veth1_macvtap left promiscuous mode
[  774.890854][T20167] F2FS-fs (loop5): Found nat_bits in checkpoint
[  774.893952][   T10] device veth0_vlan left promiscuous mode
[  774.930663][T20167] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  774.937805][T20167] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  774.945985][  T318] usb 5-1: unable to get BOS descriptor or descriptor too short
[  774.954342][  T318] usb 5-1: unable to read config index 0 descriptor/start: -71
[  774.961948][  T318] usb 5-1: can't read configurations, error -71
[  774.974149][T20167] F2FS-fs (loop5): sanity_check_inode: corrupted inode i_blocks i_ino=8 iblocks=0, run fsck to fix.
[  775.085722][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  775.102636][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  775.111590][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  775.156459][T20183] tipc: Started in network mode
[  775.161564][T20183] tipc: Node identity 1, cluster identity 4711
[  775.167833][T20183] tipc: Node number set to 1
[  775.351893][T20199] loop9: detected capacity change from 0 to 4096
[  775.370012][T20199] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  775.387201][   T10] tipc: Left network mode
[  775.388486][   T28] kauditd_printk_skb: 1141 callbacks suppressed
[  775.388500][   T28] audit: type=1400 audit(4366.846:129819): avc:  denied  { setattr } for  pid=20198 comm="syz.9.24169" name="file0" dev="loop9" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  775.436182][T17470] EXT4-fs (loop9): unmounting filesystem.
[  775.447417][   T28] audit: type=1400 audit(4366.883:129820): avc:  denied  { unmount } for  pid=17470 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  775.473009][   T28] audit: type=1400 audit(4366.892:129821): avc:  denied  { unmount } for  pid=7552 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  775.499845][   T28] audit: type=1400 audit(4366.920:129822): avc:  denied  { name_bind } for  pid=20207 comm="syz.1.24175" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  775.557105][   T28] audit: type=1400 audit(4366.948:129823): avc:  denied  { read write } for  pid=17470 comm="syz-executor" name="loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  775.605336][   T28] audit: type=1400 audit(4366.948:129824): avc:  denied  { read write open } for  pid=17470 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  775.656433][   T28] audit: type=1400 audit(4366.948:129826): avc:  denied  { ioctl } for  pid=17470 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=127 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  775.715694][   T28] audit: type=1400 audit(4366.948:129825): avc:  denied  { read write } for  pid=10573 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  775.772292][   T28] audit: type=1400 audit(4366.948:129827): avc:  denied  { open } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  775.793426][T20188] loop5: detected capacity change from 0 to 131072
[  775.815635][   T28] audit: type=1400 audit(4366.976:129828): avc:  denied  { bpf } for  pid=20210 comm="syz.1.24178" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  775.840890][T20188] F2FS-fs (loop5): Found nat_bits in checkpoint
[  775.855198][T20237] loop4: detected capacity change from 0 to 2048
[  775.878811][T20188] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  775.896311][T20237]  loop4: p1 < > p4
[  775.905337][T20237] loop4: p4 size 8388608 extends beyond EOD, truncated
[  776.134969][   T10] device bridge_slave_1 left promiscuous mode
[  776.144992][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  776.172626][   T10] device bridge_slave_0 left promiscuous mode
[  776.192776][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  776.216487][   T10] device veth1_macvtap left promiscuous mode
[  776.226674][   T10] device veth0_vlan left promiscuous mode
[  776.327411][T20214] loop9: detected capacity change from 0 to 131072
[  776.336287][T20214] F2FS-fs (loop9): invalid crc value
[  776.343394][T20214] F2FS-fs (loop9): Found nat_bits in checkpoint
[  776.366914][T20214] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  776.387957][T20256] netlink: 4 bytes leftover after parsing attributes in process `syz.1.24198'.
[  776.493765][T20280] netlink: 16 bytes leftover after parsing attributes in process `syz.1.24208'.
[  776.599552][  T318] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[  776.608164][T20289] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  776.617636][T20289] FAT-fs (loop3): unable to read boot sector
[  776.639778][T20291] overlayfs: missing 'lowerdir'
[  776.736237][T20307] loop4: detected capacity change from 0 to 512
[  776.772480][T20307] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  776.789680][T20307] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.24218: corrupted xattr block 32
[  776.803102][T20307] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  776.812705][T20307] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.24218: corrupted xattr block 32
[  776.824609][  T318] usb 6-1: Using ep0 maxpacket: 32
[  776.830805][T20307] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  776.840399][  T318] usb 6-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  776.853454][  T318] usb 6-1: config 0 interface 0 has no altsetting 0
[  776.862829][  T318] usb 6-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  776.872000][  T318] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.880214][T10573] EXT4-fs (loop4): unmounting filesystem.
[  776.886931][  T318] usb 6-1: config 0 descriptor??
[  776.914017][T20329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.24228'.
[  776.923021][T20329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.24228'.
[  776.932346][T20329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.24228'.
[  776.941857][T20329] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  776.957264][T20331] device gretap0 entered promiscuous mode
[  776.963646][T20331] device gretap0 left promiscuous mode
[  777.016534][T20339] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24233'.
[  777.328534][T20369] futex_wake_op: syz.4.24247 tries to shift op by 32; fix this program
[  777.342061][  T318] uclogic 0003:5543:0781.00ED: No inputs registered, leaving
[  777.353078][  T318] uclogic 0003:5543:0781.00ED: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.5-1/input0
[  777.383267][T20375] binder: 20374:20375 ioctl c0306201 200000000480 returned -14
[  777.458949][T20385] loop9: detected capacity change from 0 to 8192
[  777.510221][T20385]  loop9: p1 p2 p3 < > p4 < p5 p6 >
[  777.515483][T20385] loop9: partition table partially beyond EOD, truncated
[  777.522660][T20385] loop9: p1 start 67108864 is beyond EOD, truncated
[  777.528048][T20388] loop4: detected capacity change from 0 to 512
[  777.529308][T20385] loop9: p2 size 61546 extends beyond EOD, truncated
[  777.543071][T20385] loop9: p3 start 100859904 is beyond EOD, truncated
[  777.550090][T20385] loop9: p5 start 67108864 is beyond EOD, truncated
[  777.556777][T20385] loop9: p6 size 61546 extends beyond EOD, truncated
[  777.563716][  T318] usb 6-1: USB disconnect, device number 86
[  777.573544][T20388] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #16: comm syz.4.24256: corrupted inode contents
[  777.586554][T20388] EXT4-fs error (device loop4): ext4_dirty_inode:6091: inode #16: comm syz.4.24256: mark_inode_dirty error
[  777.598550][T20388] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #16: comm syz.4.24256: corrupted inode contents
[  777.610777][T20388] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.24256: mark_inode_dirty error
[  777.622390][T20388] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #16: comm syz.4.24256: corrupted inode contents
[  777.634520][T20388] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  777.643273][T20388] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #16: comm syz.4.24256: corrupted inode contents
[  777.655416][T20388] EXT4-fs error (device loop4): ext4_truncate:4313: inode #16: comm syz.4.24256: mark_inode_dirty error
[  777.661718][T20392] loop9: detected capacity change from 0 to 256
[  777.667012][T20388] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  777.675376][T20392] exFAT-fs (loop9): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  777.682134][T20388] EXT4-fs (loop4): 1 truncate cleaned up
[  777.699281][T20388] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  777.707185][   T10] EXT4-fs error (device loop4): ext4_release_dquot:6812: comm kworker/u4:1: Failed to release dquot type 1
[  777.710352][T20392] exFAT-fs (loop9): hint_cluster is invalid (17)
[  777.758521][T10573] EXT4-fs (loop4): unmounting filesystem.
[  777.869413][T20409] loop4: detected capacity change from 0 to 512
[  777.876549][T20409] EXT4-fs (loop4): Test dummy encryption mode enabled
[  777.883943][T20409] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  777.896036][T20409] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.24265: bad orphan inode 131083
[  777.907090][T20409] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  777.960666][T10573] EXT4-fs (loop4): unmounting filesystem.
[  777.980476][T20414] input: syz0 as /devices/virtual/input/input200
[  778.005255][T20417] loop4: detected capacity change from 0 to 512
[  778.013090][T20417] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  778.025951][T20417] EXT4-fs (loop4): 1 truncate cleaned up
[  778.031800][T20417] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  778.057081][T10573] EXT4-fs (loop4): unmounting filesystem.
[  778.126054][T20434] loop5: detected capacity change from 0 to 256
[  778.134352][T20434] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  778.145375][T20434] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  778.156632][T20434] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  778.237995][T20450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.24282'.
[  778.363591][T20469] loop5: detected capacity change from 0 to 1024
[  778.373097][T20469] EXT4-fs error (device loop5): ext4_map_blocks:744: inode #3: block 1: comm syz.5.24291: lblock 1 mapped to illegal pblock 1 (length 1)
[  778.389003][T20469] EXT4-fs error (device loop5): ext4_acquire_dquot:6789: comm syz.5.24291: Failed to acquire dquot type 0
[  778.400958][T20469] EXT4-fs error (device loop5): ext4_free_blocks:6210: comm syz.5.24291: Freeing blocks not in datazone - block = 0, count = 4096
[  778.416617][T20473] loop4: detected capacity change from 0 to 256
[  778.424246][T20469] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.24291: Invalid inode bitmap blk 0 in block_group 0
[  778.433594][T20473] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  778.447907][T20473] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  778.447978][T20469] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem
[  778.456577][ T2275] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1)
[  778.479114][T20469] EXT4-fs (loop5): 1 orphan inode deleted
[  778.479172][ T2275] EXT4-fs error (device loop5): ext4_release_dquot:6812: comm kworker/u4:5: Failed to release dquot type 0
[  778.485076][T20469] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  778.498469][T20473] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  778.533765][T20469] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 1: comm syz.5.24291: lblock 1 mapped to illegal pblock 1 (length 1)
[  778.548189][T20469] EXT4-fs error (device loop5): ext4_acquire_dquot:6789: comm syz.5.24291: Failed to acquire dquot type 0
[  778.568767][T16186] EXT4-fs (loop5): unmounting filesystem.
[  778.574667][ T2275] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1)
[  778.588926][ T2275] EXT4-fs error (device loop5): ext4_release_dquot:6812: comm kworker/u4:5: Failed to release dquot type 0
[  779.080704][ T3364] usb 10-1: new high-speed USB device number 66 using dummy_hcd
[  779.318948][ T3364] usb 10-1: Using ep0 maxpacket: 32
[  779.325922][ T3364] usb 10-1: unable to get BOS descriptor or descriptor too short
[  779.341882][ T3364] usb 10-1: config 128 has an invalid interface number: 127 but max is 3
[  779.357568][ T3364] usb 10-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  779.368677][ T3364] usb 10-1: config 128 has 1 interface, different from the descriptor's value: 4
[  779.377988][ T3364] usb 10-1: config 128 has no interface number 0
[  779.384891][ T3364] usb 10-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  779.396402][ T3364] usb 10-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  779.416186][ T3364] usb 10-1: config 128 interface 127 has no altsetting 0
[  779.432867][ T3364] usb 10-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  779.451377][ T3364] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.459669][ T3364] usb 10-1: Product: syz
[  779.464662][ T3364] usb 10-1: Manufacturer: syz
[  779.469396][ T3364] usb 10-1: SerialNumber: syz
[  779.677131][T20551] loop5: detected capacity change from 0 to 40427
[  779.684783][T20551] F2FS-fs (loop5): fault_injection options not supported
[  779.691883][T20551] F2FS-fs (loop5): heap/no_heap options were deprecated
[  779.698920][T20551] F2FS-fs (loop5): Image doesn't support compression
[  779.706651][T20551] F2FS-fs (loop5): invalid crc value
[  779.710289][ T3364] usb 10-1: USB disconnect, device number 66
[  779.713510][T20551] F2FS-fs (loop5): Found nat_bits in checkpoint
[  779.746057][T20551] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  779.885144][T20551] syz.5.24325: attempt to access beyond end of device
[  779.885144][T20551] loop5: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[  779.905173][T20551] syz.5.24325: attempt to access beyond end of device
[  779.905173][T20551] loop5: rw=2049, sector=79872, nr_sectors = 2056 limit=40427
[  779.925405][T20551] syz.5.24325: attempt to access beyond end of device
[  779.925405][T20551] loop5: rw=2049, sector=81928, nr_sectors = 2056 limit=40427
[  779.945980][T20551] syz.5.24325: attempt to access beyond end of device
[  779.945980][T20551] loop5: rw=2049, sector=83984, nr_sectors = 2048 limit=40427
[  779.962426][T20577] loop4: detected capacity change from 0 to 256
[  779.968715][T20551] syz.5.24325: attempt to access beyond end of device
[  779.968715][T20551] loop5: rw=2049, sector=86032, nr_sectors = 3032 limit=40427
[  779.973295][T20577] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  779.993928][T20551] syz.5.24325: attempt to access beyond end of device
[  779.993928][T20551] loop5: rw=2049, sector=89064, nr_sectors = 4096 limit=40427
[  780.019531][T20551] syz.5.24325: attempt to access beyond end of device
[  780.019531][T20551] loop5: rw=2049, sector=93160, nr_sectors = 4088 limit=40427
[  780.048009][T20551] syz.5.24325: attempt to access beyond end of device
[  780.048009][T20551] loop5: rw=2049, sector=97248, nr_sectors = 4088 limit=40427
[  780.075965][T20551] syz.5.24325: attempt to access beyond end of device
[  780.075965][T20551] loop5: rw=2049, sector=101336, nr_sectors = 4072 limit=40427
[  780.101692][T20551] syz.5.24325: attempt to access beyond end of device
[  780.101692][T20551] loop5: rw=2049, sector=105408, nr_sectors = 4096 limit=40427
[  780.432197][T20618] loop4: detected capacity change from 0 to 512
[  780.440112][T20618] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  780.449437][T20618] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  780.459066][T20618] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  780.467217][T20618] System zones: 0-2, 18-18, 34-34
[  780.473066][T20618] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  780.488044][T20618] EXT4-fs (loop4): 1 truncate cleaned up
[  780.493739][T20618] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  780.513890][T10573] EXT4-fs (loop4): unmounting filesystem.
[  780.749411][T20648] syz.0.24368[20648] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  780.749473][T20648] syz.0.24368[20648] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  780.832141][   T28] kauditd_printk_skb: 1385 callbacks suppressed
[  780.832156][   T28] audit: type=1400 audit(4371.867:131201): avc:  denied  { read write } for  pid=10573 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  780.878474][   T28] audit: type=1400 audit(4371.904:131202): avc:  denied  { open } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  780.902397][   T28] audit: type=1400 audit(4371.904:131203): avc:  denied  { ioctl } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  780.902847][T20653] netlink: 32 bytes leftover after parsing attributes in process `syz.4.24370'.
[  780.954519][T20653] netlink: 32 bytes leftover after parsing attributes in process `syz.4.24370'.
[  780.965224][   T28] audit: type=1400 audit(4371.997:131204): avc:  denied  { read write } for  pid=20650 comm="syz.0.24369" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  780.973538][T20651] loop0: detected capacity change from 0 to 40427
[  780.989343][   T28] audit: type=1400 audit(4371.997:131205): avc:  denied  { open } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  781.000031][T20651] F2FS-fs (loop0): fault_injection options not supported
[  781.022952][   T28] audit: type=1400 audit(4371.997:131206): avc:  denied  { ioctl } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  781.051618][T20651] F2FS-fs (loop0): heap/no_heap options were deprecated
[  781.051643][   T28] audit: type=1400 audit(4371.997:131207): avc:  denied  { read write open } for  pid=20650 comm="syz.0.24369" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  781.058862][T20651] F2FS-fs (loop0): Image doesn't support compression
[  781.083279][   T28] audit: type=1400 audit(4372.024:131208): avc:  denied  { mounton } for  pid=20650 comm="syz.0.24369" path="/11/file0" dev="tmpfs" ino=76 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  781.112691][   T28] audit: type=1400 audit(4372.052:131209): avc:  denied  { mounton } for  pid=20654 comm="syz.4.24371" path="/917/file0" dev="tmpfs" ino=4792 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  781.129340][T20651] F2FS-fs (loop0): invalid crc value
[  781.135645][   T28] audit: type=1400 audit(4372.052:131210): avc:  denied  { mount } for  pid=20654 comm="syz.4.24371" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  781.150476][T20655] SELinux: security_context_str_to_sid (s) failed with errno=-22
[  781.164798][T20651] F2FS-fs (loop0): Found nat_bits in checkpoint
[  781.203662][T20651] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  781.241503][T20662] netlink: 74 bytes leftover after parsing attributes in process `syz.5.24373'.
[  781.373459][T20684] loop0: detected capacity change from 0 to 256
[  781.385455][T20684] FAT-fs (loop0): Directory bread(block 64) failed
[  781.392046][T20684] FAT-fs (loop0): Directory bread(block 65) failed
[  781.398585][T20684] FAT-fs (loop0): Directory bread(block 66) failed
[  781.405138][T20684] FAT-fs (loop0): Directory bread(block 67) failed
[  781.411852][T20684] FAT-fs (loop0): Directory bread(block 68) failed
[  781.418399][T20684] FAT-fs (loop0): Directory bread(block 69) failed
[  781.425006][T20684] FAT-fs (loop0): Directory bread(block 70) failed
[  781.431886][T20684] FAT-fs (loop0): Directory bread(block 71) failed
[  781.438579][T20684] FAT-fs (loop0): Directory bread(block 72) failed
[  781.445466][T20684] FAT-fs (loop0): Directory bread(block 73) failed
[  781.677676][T20726] device batadv_slave_1 entered promiscuous mode
[  781.787924][T20742] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20742 comm=syz.5.24408
[  781.963443][T20775] syz.9.24425[20775] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  781.963504][T20775] syz.9.24425[20775] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  782.085990][T20769] loop5: detected capacity change from 0 to 40427
[  782.115460][T20769] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  782.123883][T20769] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  782.142844][T20769] F2FS-fs (loop5): Found nat_bits in checkpoint
[  782.177641][T20769] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  782.185219][T20769] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  782.293939][T20803] loop9: detected capacity change from 0 to 512
[  782.310766][T20803] EXT4-fs (loop9): Test dummy encryption mode enabled
[  782.328474][T20803] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  782.351889][T20803] EXT4-fs error (device loop9): ext4_orphan_get:1426: comm syz.9.24435: bad orphan inode 131083
[  782.370663][T20803] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  782.411597][T17470] EXT4-fs (loop9): unmounting filesystem.
[  782.710559][T20829] loop4: detected capacity change from 0 to 1024
[  782.723050][T20829] EXT4-fs: Ignoring removed nobh option
[  782.728657][T20829] EXT4-fs: Ignoring removed bh option
[  782.739129][T20829] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  782.777184][T20829] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  782.801984][T10573] EXT4-fs (loop4): unmounting filesystem.
[  782.855472][T20831] loop5: detected capacity change from 0 to 40427
[  782.863444][T20831] F2FS-fs (loop5): Invalid segment count (1)
[  782.869442][T20831] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  782.877882][T20831] F2FS-fs (loop5): heap/no_heap options were deprecated
[  782.885718][T20831] F2FS-fs (loop5): invalid crc value
[  782.891830][T20831] F2FS-fs (loop5): Found nat_bits in checkpoint
[  782.927441][T20831] F2FS-fs (loop5): Try to recover 1th superblock, ret: -30
[  782.934698][T20831] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  782.970085][ T3364] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  783.041544][T20855] loop5: detected capacity change from 0 to 256
[  783.050741][T20855] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  783.165090][ T3364] usb 2-1: Using ep0 maxpacket: 16
[  783.174217][ T3364] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  783.194340][ T3364] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  783.209896][ T3364] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  783.226575][ T3364] usb 2-1: config 0 interface 0 has no altsetting 0
[  783.233284][ T3364] usb 2-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00
[  783.242450][ T3364] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.251827][ T3364] usb 2-1: config 0 descriptor??
[  783.269417][T20870] loop4: detected capacity change from 0 to 128
[  783.278628][T20870] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  783.295915][T10573] EXT4-fs (loop4): unmounting filesystem.
[  783.344414][T20864] loop5: detected capacity change from 0 to 40427
[  783.352766][T20864] F2FS-fs (loop5): fault_injection options not supported
[  783.360622][T20864] F2FS-fs (loop5): invalid crc value
[  783.367261][T20864] F2FS-fs (loop5): Found nat_bits in checkpoint
[  783.407469][T20864] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  783.702108][ T3364] hid-generic 0003:045E:05DA.00EE: unknown main item tag 0x0
[  783.712103][ T3364] hid-generic 0003:045E:05DA.00EE: unknown main item tag 0x0
[  783.719670][ T3364] hid-generic 0003:045E:05DA.00EE: unknown main item tag 0x0
[  783.728181][ T3364] hid-generic 0003:045E:05DA.00EE: ignoring exceeding usage max
[  783.738790][ T3364] hid-generic 0003:045E:05DA.00EE: unknown main item tag 0x0
[  783.746795][ T3364] hid-generic 0003:045E:05DA.00EE: unknown main item tag 0x0
[  783.754504][ T3364] hid-generic 0003:045E:05DA.00EE: unbalanced collection at end of report description
[  783.764260][ T3364] hid-generic: probe of 0003:045E:05DA.00EE failed with error -22
[  783.949031][ T3364] usb 2-1: USB disconnect, device number 28
[  784.100167][T20933] loop9: detected capacity change from 0 to 2048
[  784.130270][T20933]  loop9: p1 < > p4
[  784.134932][T20933] loop9: p4 size 8388608 extends beyond EOD, truncated
[  784.521460][T20943] loop4: detected capacity change from 0 to 131072
[  784.530909][T20943] F2FS-fs (loop4): Found nat_bits in checkpoint
[  784.558656][T20943] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  784.815647][T20974] loop5: detected capacity change from 0 to 256
[  784.823150][T20974] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  784.833966][T20974] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  784.845263][T20974] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  785.169433][   T24] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  785.366406][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  785.375104][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[  785.383978][   T24] usb 5-1: config 4 has an invalid interface number: 147 but max is 0
[  785.392536][   T24] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  785.402739][   T24] usb 5-1: config 4 has no interface number 0
[  785.411260][   T24] usb 5-1: string descriptor 0 read error: -22
[  785.417510][   T24] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  785.426609][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.437846][   T24] usb 5-1: Found UVC 0.00 device <unnamed> (04f2:b746)
[  785.444791][   T24] usb 5-1: No valid video chain found.
[  785.608527][T21014] input: syz0 as /devices/virtual/input/input201
[  785.656525][   T24] usb 5-1: USB disconnect, device number 36
[  785.855557][T21038] usb usb8: usbfs: process 21038 (syz.1.24533) did not claim interface 0 before use
[  785.993289][T21062] binder: 21060:21062 ioctl c018620b 200000000700 returned -14
[  786.017954][T21065] tipc: Started in network mode
[  786.022837][T21065] tipc: Node identity 1, cluster identity 4711
[  786.029032][T21065] tipc: Node number set to 1
[  786.174818][T21089] loop9: detected capacity change from 0 to 1024
[  786.182092][T21089] EXT4-fs: Ignoring removed nobh option
[  786.187717][T21089] EXT4-fs: Ignoring removed bh option
[  786.194604][T21089] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  786.229828][T21089] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  786.255315][   T28] kauditd_printk_skb: 1467 callbacks suppressed
[  786.255328][   T28] audit: type=1400 audit(4376.879:132678): avc:  denied  { write } for  pid=21088 comm="syz.9.24560" name="/" dev="loop9" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  786.284338][   T28] audit: type=1400 audit(4376.879:132679): avc:  denied  { read write } for  pid=10573 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  786.310469][   T28] audit: type=1400 audit(4376.879:132680): avc:  denied  { open } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  786.335094][T21089] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:3841: comm syz.9.24560: Allocating blocks 385-513 which overlap fs metadata
[  786.349226][   T28] audit: type=1400 audit(4376.879:132681): avc:  denied  { ioctl } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  786.375047][   T28] audit: type=1400 audit(4376.879:132682): avc:  denied  { bpf } for  pid=21100 comm="syz.0.24564" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  786.377045][T21089] EXT4-fs (loop9): pa ffff8881525bd7e0: logic 16, phys. 129, len 24
[  786.395513][   T28] audit: type=1400 audit(4376.879:132683): avc:  denied  { prog_load } for  pid=21100 comm="syz.0.24564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  786.395541][   T28] audit: type=1400 audit(4376.907:132684): avc:  denied  { add_name } for  pid=21088 comm="syz.9.24560" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  786.395567][   T28] audit: type=1400 audit(4376.907:132685): avc:  denied  { create } for  pid=21088 comm="syz.9.24560" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  786.395592][   T28] audit: type=1400 audit(4376.907:132686): avc:  denied  { bpf } for  pid=21100 comm="syz.0.24564" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  786.403542][T21089] EXT4-fs error (device loop9): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  786.495545][   T28] audit: type=1400 audit(4376.907:132687): avc:  denied  { prog_load } for  pid=21100 comm="syz.0.24564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  786.540103][T17470] EXT4-fs (loop9): unmounting filesystem.
[  786.587732][T21118] __nla_validate_parse: 1 callbacks suppressed
[  786.587747][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.9.24570'.
[  786.616210][T21124] tipc: New replicast peer: 255.255.255.255
[  786.632249][T21124] tipc: Enabled bearer <udp:syz2>, priority 10
[  786.658769][T21123] loop5: detected capacity change from 0 to 8192
[  786.671231][T21130] bridge0: port 1(bridge_slave_0) entered disabled state
[  786.754399][T21123]  loop5: p2 p3 p4[EZD]
[  786.759867][T21123] loop5: p3 start 458783 is beyond EOD, truncated
[  786.780279][T21123] loop5: p4 size 65536 extends beyond EOD, truncated
[  786.930372][T21161] input: syz1 as /devices/virtual/input/input202
[  786.940441][T21160] xt_bpf: check failed: parse error
[  787.347250][   T24] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  787.455456][  T222] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[  787.542136][   T24] usb 2-1: Using ep0 maxpacket: 16
[  787.548537][   T24] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  787.557061][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  787.567174][   T24] usb 2-1: config 0 has no interface number 0
[  787.586573][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  787.595664][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.603708][   T24] usb 2-1: Product: syz
[  787.607950][   T24] usb 2-1: Manufacturer: syz
[  787.612587][   T24] usb 2-1: SerialNumber: syz
[  787.618740][   T24] usb 2-1: config 0 descriptor??
[  787.662755][  T222] usb 6-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[  787.671850][  T222] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  787.681292][  T222] usb 6-1: config 0 descriptor??
[  787.687336][  T222] usb 6-1: selecting invalid altsetting 1
[  787.694478][  T222] snd-usb-audio: probe of 6-1:0.0 failed with error -22
[  787.842199][T21234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.24622'.
[  787.843540][  T222] usb 2-1: USB disconnect, device number 29
[  787.857329][T21234] bridge0: port 2(bridge_slave_1) entered disabled state
[  787.864461][T21234] bridge0: port 1(bridge_slave_0) entered disabled state
[  787.905621][  T317] usb 6-1: USB disconnect, device number 87
[  787.935070][T21247] device batadv_slave_1 entered promiscuous mode
[  787.941764][T21246] device batadv_slave_1 left promiscuous mode
[  787.962689][T21249] loop9: detected capacity change from 0 to 256
[  788.134535][T21245] loop4: detected capacity change from 0 to 40427
[  788.152082][T21245] F2FS-fs (loop4): fault_injection options not supported
[  788.161057][T21258] block device autoloading is deprecated and will be removed.
[  788.163319][T21253] loop0: detected capacity change from 0 to 40427
[  788.168614][T21258] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  788.175916][T21245] F2FS-fs (loop4): heap/no_heap options were deprecated
[  788.192046][T21245] F2FS-fs (loop4): Image doesn't support compression
[  788.202357][T21245] F2FS-fs (loop4): invalid crc value
[  788.209553][T21253] F2FS-fs (loop0): Found nat_bits in checkpoint
[  788.217598][T21245] F2FS-fs (loop4): Found nat_bits in checkpoint
[  788.255065][T21253] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  788.267715][T21253] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  788.282906][T21253] F2FS-fs (loop0): Found FS corruption, run fsck to fix.
[  788.287658][T21245] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  788.339689][T10573] bio_check_eod: 3 callbacks suppressed
[  788.339703][T10573] syz-executor: attempt to access beyond end of device
[  788.339703][T10573] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  788.447431][T21277] loop0: detected capacity change from 0 to 1024
[  788.462088][T21277] EXT4-fs: Ignoring removed nobh option
[  788.468572][T21277] EXT4-fs: Ignoring removed bh option
[  788.469285][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  788.477212][T21277] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  788.494256][T21283] loop5: detected capacity change from 0 to 512
[  788.513269][T21277] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  788.519670][T21291] loop4: detected capacity change from 0 to 512
[  788.522750][T21283] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  788.558788][T16186] EXT4-fs (loop5): unmounting filesystem.
[  788.559495][T20153] EXT4-fs (loop0): unmounting filesystem.
[  788.567914][T21291] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  788.598766][T21291] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.24643: corrupted inode contents
[  788.615154][T21291] EXT4-fs error (device loop4): ext4_dirty_inode:6091: inode #2: comm syz.4.24643: mark_inode_dirty error
[  788.636571][T21291] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.24643: corrupted inode contents
[  788.657872][T21291] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.24643: mark_inode_dirty error
[  788.698016][T10573] EXT4-fs (loop4): unmounting filesystem.
[  788.760754][T21324] loop4: detected capacity change from 0 to 1024
[  788.764200][T21326] loop5: detected capacity change from 0 to 1024
[  788.774664][T21326] EXT4-fs: Ignoring removed nobh option
[  788.780409][T21326] EXT4-fs: Ignoring removed bh option
[  788.786108][T21326] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  788.799120][T21324] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  788.800224][T21326] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  788.825403][T10573] EXT4-fs (loop4): unmounting filesystem.
[  788.855779][T16186] EXT4-fs (loop5): unmounting filesystem.
[  789.059226][T21350] input: syz1 as /devices/virtual/input/input203
[  789.086899][T21356] loop5: detected capacity change from 0 to 1024
[  789.113696][T21356] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  789.137573][T16186] EXT4-fs (loop5): unmounting filesystem.
[  789.172871][T21366] random: crng reseeded on system resumption
[  789.212844][T21354] loop9: detected capacity change from 0 to 40427
[  789.221206][T21354] F2FS-fs (loop9): invalid crc value
[  789.227634][T21354] F2FS-fs (loop9): Found nat_bits in checkpoint
[  789.264062][T21354] F2FS-fs (loop9): Start checkpoint disabled!
[  789.271238][T21354] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  789.289050][T21354] syz.9.24667: attempt to access beyond end of device
[  789.289050][T21354] loop9: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  789.329678][T21354] F2FS-fs (loop9): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  789.354506][ T2275] kworker/u4:5: attempt to access beyond end of device
[  789.354506][ T2275] loop9: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  789.427376][  T317] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  789.552436][T21388] netlink: 16 bytes leftover after parsing attributes in process `syz.5.24682'.
[  789.565439][T21388] netlink: 16 bytes leftover after parsing attributes in process `syz.5.24682'.
[  789.590315][T21393] netlink: 'syz.9.24685': attribute type 12 has an invalid length.
[  789.598261][T21393] netlink: 'syz.9.24685': attribute type 29 has an invalid length.
[  789.606200][T21393] netlink: 148 bytes leftover after parsing attributes in process `syz.9.24685'.
[  789.622309][  T317] usb 5-1: Using ep0 maxpacket: 8
[  789.629266][  T317] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  789.703671][  T317] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  789.719903][  T317] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.728044][  T317] usb 5-1: Product: syz
[  789.732508][  T317] usb 5-1: Manufacturer: syz
[  789.737105][  T317] usb 5-1: SerialNumber: syz
[  789.740797][T21401] loop9: detected capacity change from 0 to 1024
[  789.748736][  T317] usb 5-1: config 0 descriptor??
[  789.749249][T21401] EXT4-fs: Ignoring removed nobh option
[  789.759279][T21401] EXT4-fs: Ignoring removed bh option
[  789.774537][T21401] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  789.819671][T21401] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  789.875356][T17470] EXT4-fs (loop9): unmounting filesystem.
[  789.915350][T21402] loop5: detected capacity change from 0 to 40427
[  789.925352][T21402] F2FS-fs (loop5): fault_injection options not supported
[  789.933345][T21402] F2FS-fs (loop5): invalid crc value
[  789.939031][T21420] loop0: detected capacity change from 0 to 1024
[  789.941280][T21402] F2FS-fs (loop5): Found nat_bits in checkpoint
[  789.946414][T21420] EXT4-fs: Ignoring removed nobh option
[  789.960490][T21420] EXT4-fs: Ignoring removed bh option
[  789.972085][T21420] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  789.989457][  T317] usb 5-1: USB disconnect, device number 37
[  789.998308][T21402] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  790.016933][T21420] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  790.037988][T21420] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz.0.24695: Allocating blocks 385-513 which overlap fs metadata
[  790.047002][T21402] syz.5.24697: attempt to access beyond end of device
[  790.047002][T21402] loop5: rw=0, sector=49152, nr_sectors = 8 limit=40427
[  790.054157][T21420] EXT4-fs (loop0): pa ffff8881525bd348: logic 16, phys. 129, len 24
[  790.073574][T21420] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  790.084654][T16186] syz-executor: attempt to access beyond end of device
[  790.084654][T16186] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  790.105871][T20153] EXT4-fs (loop0): unmounting filesystem.
[  790.360726][T21465] bridge0: port 1(bridge_slave_0) entered disabled state
[  790.449683][T21458] loop0: detected capacity change from 0 to 40427
[  790.458284][T21458] F2FS-fs (loop0): fault_injection options not supported
[  790.465410][T21458] F2FS-fs (loop0): Image doesn't support compression
[  790.472824][T21458] F2FS-fs (loop0): invalid crc value
[  790.479334][T21458] F2FS-fs (loop0): Found nat_bits in checkpoint
[  790.514341][T21458] F2FS-fs (loop0): Start checkpoint disabled!
[  790.521376][T21458] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  790.564512][T21458] F2FS-fs (loop0): access invalid blkaddr:4043309056
[  790.574947][T21458] CPU: 1 PID: 21458 Comm: syz.0.24711 Tainted: G        W          6.1.134-syzkaller-00039-g3c6d0251e1fb #0
[  790.586426][T21458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  790.596598][T21458] Call Trace:
[  790.599880][T21458]  <TASK>
[  790.602817][T21458]  __dump_stack+0x21/0x24
[  790.607168][T21458]  dump_stack_lvl+0xee/0x150
[  790.611778][T21458]  ? __cfi_dump_stack_lvl+0x8/0x8
[  790.616826][T21458]  ? __cfi_f2fs_get_dnode_of_data+0x10/0x10
[  790.622730][T21458]  dump_stack+0x15/0x24
[  790.626904][T21458]  __f2fs_is_valid_blkaddr+0xda6/0x1460
[  790.632472][T21458]  f2fs_is_valid_blkaddr+0x23/0x30
[  790.637584][T21458]  f2fs_map_blocks+0xc93/0x3a60
[  790.640746][T14743] Bluetooth: hci0: command 0x1003 tx timeout
[  790.642444][T21458]  ? __cfi_f2fs_map_blocks+0x10/0x10
[  790.648465][T26090] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  790.653681][T21458]  ? xas_start+0x317/0x3e0
[  790.653704][T21458]  ? xas_load+0x39e/0x3b0
[  790.668464][T21458]  ? xa_load+0xad/0xd0
[  790.672552][T21458]  f2fs_mpage_readpages+0xa3a/0x1b70
[  790.677853][T21458]  ? dquot_release_reservation_block+0xa0/0xa0
[  790.683996][T21458]  ? cgroup_rstat_updated+0xf5/0x370
[  790.689306][T21458]  ? xas_nomem+0x6b/0x1f0
[  790.693645][T21458]  f2fs_readahead+0xfc/0x240
[  790.698257][T21458]  ? __cfi_f2fs_readahead+0x10/0x10
[  790.703474][T21458]  read_pages+0x1b0/0xdd0
[  790.707816][T21458]  ? __cfi___filemap_add_folio+0x10/0x10
[  790.713438][T21458]  ? page_cache_ra_unbounded+0x720/0x720
[  790.719054][T21458]  ? folio_add_lru+0x260/0x390
[  790.723804][T21458]  ? filemap_add_folio+0x105/0x150
[  790.728986][T21458]  page_cache_ra_unbounded+0x5d1/0x720
[  790.734434][T21458]  ? __cfi_page_cache_ra_unbounded+0x10/0x10
[  790.740398][T21458]  ? __switch_to+0x51f/0xe30
[  790.744976][T21458]  page_cache_ra_order+0x36a/0xb70
[  790.750080][T21458]  ? finish_task_switch+0x16b/0x7b0
[  790.755266][T21458]  ? __switch_to_asm+0x3a/0x60
[  790.760018][T21458]  ? __schedule+0xb8f/0x14e0
[  790.764595][T21458]  ? __cfi_page_cache_ra_order+0x10/0x10
[  790.770215][T21458]  ondemand_readahead+0x817/0xdb0
[  790.775230][T21458]  ? __kasan_check_read+0x11/0x20
[  790.780252][T21458]  ? page_cache_sync_ra+0x490/0x490
[  790.785435][T21458]  page_cache_sync_ra+0x41b/0x490
[  790.790449][T21458]  f2fs_readdir+0x444/0x940
[  790.794957][T21458]  ? __cfi_f2fs_readdir+0x10/0x10
[  790.799971][T21458]  ? down_read_killable+0xb6/0x100
[  790.805062][T21458]  ? __cfi_down_read_killable+0x10/0x10
[  790.810589][T21458]  ? fsnotify_perm+0x269/0x5b0
[  790.815335][T21458]  ? security_file_permission+0x94/0xb0
[  790.820898][T21458]  iterate_dir+0x271/0x610
[  790.825306][T21458]  ? __cfi_f2fs_readdir+0x10/0x10
[  790.830316][T21458]  __se_sys_getdents+0xe5/0x240
[  790.835161][T21458]  ? __x64_sys_getdents+0x90/0x90
[  790.840183][T21458]  ? xfd_validate_state+0x70/0x150
[  790.845288][T21458]  ? __cfi_filldir+0x10/0x10
[  790.849858][T21458]  ? fpregs_restore_userregs+0x128/0x260
[  790.855473][T21458]  __x64_sys_getdents+0x7b/0x90
[  790.860312][T21458]  x64_sys_call+0x212/0x9a0
[  790.864800][T21458]  do_syscall_64+0x4c/0xa0
[  790.869202][T21458]  ? clear_bhb_loop+0x15/0x70
[  790.873861][T21458]  ? clear_bhb_loop+0x15/0x70
[  790.878519][T21458]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  790.884428][T21458] RIP: 0033:0x7f3861b8e969
[  790.888837][T21458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  790.908426][T21458] RSP: 002b:00007f3862972038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  790.916825][T21458] RAX: ffffffffffffffda RBX: 00007f3861db5fa0 RCX: 00007f3861b8e969
[  790.924778][T21458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  790.932730][T21458] RBP: 00007f3861c10ab1 R08: 0000000000000000 R09: 0000000000000000
[  790.940680][T21458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  790.948651][T21458] R13: 0000000000000000 R14: 00007f3861db5fa0 R15: 00007ffd2a435118
[  790.956705][T21458]  </TASK>
[  790.960970][T21497] F2FS-fs (loop0): Should run fsck to repair first.
[  790.968502][T21458] syz.0.24711: attempt to access beyond end of device
[  790.968502][T21458] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  790.982639][T21458] syz.0.24711: attempt to access beyond end of device
[  790.982639][T21458] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  791.024345][T21499] xt_bpf: check failed: parse error
[  791.060595][T14333] kworker/u4:6: attempt to access beyond end of device
[  791.060595][T14333] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  791.139916][T21510] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21510 comm=syz.1.24735
[  791.155976][T21514] loop9: detected capacity change from 0 to 512
[  791.191866][T21514] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  791.216536][T21514] EXT4-fs error (device loop9): ext4_do_update_inode:5226: inode #2: comm syz.9.24736: corrupted inode contents
[  791.240117][T21514] EXT4-fs error (device loop9): ext4_dirty_inode:6091: inode #2: comm syz.9.24736: mark_inode_dirty error
[  791.252425][T21514] EXT4-fs error (device loop9): ext4_do_update_inode:5226: inode #2: comm syz.9.24736: corrupted inode contents
[  791.264528][T21514] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #2: comm syz.9.24736: mark_inode_dirty error
[  791.300475][T21527] netlink: 16 bytes leftover after parsing attributes in process `syz.4.24751'.
[  791.324480][T17470] EXT4-fs (loop9): unmounting filesystem.
[  791.377810][T21537] tmpfs: Unknown parameter 'n'
[  791.410131][  T317] ip6_tnl_xmit_ctl: 4 callbacks suppressed
[  791.410145][  T317] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  791.518559][  T305] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  791.579302][T21558] loop0: detected capacity change from 0 to 512
[  791.583364][  T305] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  791.607066][  T535] kernel write not supported for file bpf-prog (pid: 535 comm: kworker/1:6)
[  791.637610][  T305] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  791.660761][T21558] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  791.683780][   T28] kauditd_printk_skb: 1515 callbacks suppressed
[  791.683792][   T28] audit: type=1400 audit(4381.882:134203): avc:  denied  { read write } for  pid=10573 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  791.693542][T21558] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #2: comm syz.0.24755: corrupted inode contents
[  791.714204][  T305] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  791.737124][T21553] loop9: detected capacity change from 0 to 40427
[  791.744423][   T28] audit: type=1400 audit(4381.882:134204): avc:  denied  { bpf } for  pid=21569 comm="syz.1.24760" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  791.764930][   T28] audit: type=1400 audit(4381.882:134205): avc:  denied  { map_create } for  pid=21569 comm="syz.1.24760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  791.767905][T21553] F2FS-fs (loop9): fault_injection options not supported
[  791.784460][  T305] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  791.801490][T21558] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #2: comm syz.0.24755: mark_inode_dirty error
[  791.812860][  T317] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[  791.820566][   T28] audit: type=1400 audit(4381.882:134206): avc:  denied  { perfmon } for  pid=21569 comm="syz.1.24760" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  791.823838][T21553] F2FS-fs (loop9): heap/no_heap options were deprecated
[  791.848449][T21558] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #2: comm syz.0.24755: corrupted inode contents
[  791.860531][T21553] F2FS-fs (loop9): Image doesn't support compression
[  791.867335][T21558] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.24755: mark_inode_dirty error
[  791.879268][   T28] audit: type=1400 audit(4381.882:134207): avc:  denied  { map_read map_write } for  pid=21569 comm="syz.1.24760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  791.901168][   T28] audit: type=1400 audit(4381.882:134208): avc:  denied  { prog_load } for  pid=21569 comm="syz.1.24760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  791.919934][T21553] F2FS-fs (loop9): invalid crc value
[  791.920139][   T28] audit: type=1400 audit(4381.882:134209): avc:  denied  { prog_run } for  pid=21569 comm="syz.1.24760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  791.944033][  T305] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  791.959871][T20153] EXT4-fs (loop0): unmounting filesystem.
[  791.962430][   T28] audit: type=1400 audit(4381.928:134210): avc:  denied  { read write open } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  791.991776][T21553] F2FS-fs (loop9): Found nat_bits in checkpoint
[  792.015786][   T28] audit: type=1400 audit(4381.928:134211): avc:  denied  { ioctl } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  792.017936][  T317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  792.046970][   T28] audit: type=1400 audit(4381.937:134212): avc:  denied  { read write } for  pid=21550 comm="syz.9.24753" name="loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  792.072518][  T317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  792.090885][  T317] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  792.104349][T21553] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  792.132660][  T317] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  792.143360][  T317] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  792.163730][  T317] usb 6-1: config 0 descriptor??
[  792.179230][   T19] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  792.233482][   T19] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  792.261114][T21553] syz.9.24753: attempt to access beyond end of device
[  792.261114][T21553] loop9: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[  792.280900][T21553] syz.9.24753: attempt to access beyond end of device
[  792.280900][T21553] loop9: rw=2049, sector=79872, nr_sectors = 2264 limit=40427
[  792.320121][   T19] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  792.608748][  T317] plantronics 0003:047F:FFFF.00EF: unknown main item tag 0xd
[  792.623067][  T317] plantronics 0003:047F:FFFF.00EF: unknown main item tag 0x0
[  792.638529][  T317] plantronics 0003:047F:FFFF.00EF: unknown main item tag 0x0
[  792.647186][  T317] plantronics 0003:047F:FFFF.00EF: unknown main item tag 0x0
[  792.654723][  T317] plantronics 0003:047F:FFFF.00EF: unknown main item tag 0x0
[  792.662665][  T317] plantronics 0003:047F:FFFF.00EF: unknown main item tag 0x0
[  792.671256][  T317] plantronics 0003:047F:FFFF.00EF: No inputs registered, leaving
[  792.695690][  T317] plantronics 0003:047F:FFFF.00EF: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  792.912234][T21629] netlink: 'syz.1.24787': attribute type 4 has an invalid length.
[  792.961059][  T317] usb 6-1: USB disconnect, device number 88
[  793.017728][T21639] veth1_to_batadv: vlans aren't supported yet for dev_uc|mc_add()
[  793.055388][T21621] loop0: detected capacity change from 0 to 40427
[  793.078823][T21621] F2FS-fs (loop0): fault_injection options not supported
[  793.084156][T21648] loop4: detected capacity change from 0 to 1024
[  793.088417][T21621] F2FS-fs (loop0): heap/no_heap options were deprecated
[  793.099192][T21621] F2FS-fs (loop0): Image doesn't support compression
[  793.107132][T21648] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  793.111130][T21621] F2FS-fs (loop0): invalid crc value
[  793.115849][T21648] EXT4-fs (loop4): Test dummy encryption mode enabled
[  793.130093][T21648] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  793.142704][T21621] F2FS-fs (loop0): Found nat_bits in checkpoint
[  793.175567][T10573] EXT4-fs (loop4): unmounting filesystem.
[  793.194013][T21621] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  793.545547][T21664] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  793.565278][T21664] SELinux: failed to load policy
[  793.754893][T21700] futex_wake_op: syz.5.24818 tries to shift op by -1; fix this program
[  793.932768][T21719] loop9: detected capacity change from 0 to 512
[  793.947262][T21719] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  793.967434][T17470] EXT4-fs (loop9): unmounting filesystem.
[  794.289601][T21752] input: syz1 as /devices/virtual/input/input204
[  794.331787][T21760] netlink: 'syz.4.24844': attribute type 13 has an invalid length.
[  794.348459][T21760] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  794.358863][T21760] device gretap1 entered promiscuous mode
[  794.396581][T21765] loop9: detected capacity change from 0 to 512
[  794.444579][T21765] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  794.492381][T17470] EXT4-fs (loop9): unmounting filesystem.
[  794.643533][T21790] loop5: detected capacity change from 0 to 40427
[  794.653368][T21790] F2FS-fs (loop5): Fix alignment : done, start(4096) end(16896) block(12288)
[  794.663033][T21790] F2FS-fs (loop5): invalid crc value
[  794.669927][T21790] F2FS-fs (loop5): Found nat_bits in checkpoint
[  794.708591][T21790] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  794.733148][T16186] bio_check_eod: 26 callbacks suppressed
[  794.733164][T16186] syz-executor: attempt to access beyond end of device
[  794.733164][T16186] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  794.844581][   T19] usb 10-1: new high-speed USB device number 67 using dummy_hcd
[  794.941624][T21823] netlink: 16 bytes leftover after parsing attributes in process `syz.5.24870'.
[  795.052996][   T19] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  795.067479][   T19] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  795.079601][   T19] usb 10-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  795.091162][   T19] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.106216][   T19] usb 10-1: config 0 descriptor??
[  795.121162][T21841] loop5: detected capacity change from 0 to 256
[  795.139854][T21841] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d)
[  795.152574][T21841] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  795.209324][T21843] loop5: detected capacity change from 0 to 2048
[  795.267757][T21843]  loop5: p1 < > p3
[  795.272835][T21843] loop5: p3 size 134217728 extends beyond EOD, truncated
[  795.554810][   T19] logitech-djreceiver 0003:046D:C534.00F0: collection stack underflow
[  795.563157][   T19] logitech-djreceiver 0003:046D:C534.00F0: item 0 4 0 12 parsing failed
[  795.571734][   T19] logitech-djreceiver 0003:046D:C534.00F0: logi_dj_probe: parse failed
[  795.580067][   T19] logitech-djreceiver: probe of 0003:046D:C534.00F0 failed with error -22
[  795.788866][   T19] usb 10-1: USB disconnect, device number 67
[  796.003074][T21852] netlink: 16 bytes leftover after parsing attributes in process `syz.1.24882'.
[  796.057287][T21851] netlink: 12 bytes leftover after parsing attributes in process `syz.4.24892'.
[  796.254820][T21871] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[  796.415435][   T19] usb 6-1: new full-speed USB device number 89 using dummy_hcd
[  796.469630][ T3364] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  796.549171][T21893] loop9: detected capacity change from 0 to 40427
[  796.556890][T21893] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  796.564618][T21893] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  796.573551][T21893] F2FS-fs (loop9): invalid crc value
[  796.580973][T21893] F2FS-fs (loop9): Found nat_bits in checkpoint
[  796.609899][T21893] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  796.617023][T21893] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  796.626147][   T19] usb 6-1: unable to get BOS descriptor or descriptor too short
[  796.642917][   T19] usb 6-1: not running at top speed; connect to a high speed hub
[  796.651709][   T19] usb 6-1: config 4 has an invalid interface number: 147 but max is 0
[  796.652305][T21893] syz.9.24903: attempt to access beyond end of device
[  796.652305][T21893] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  796.659924][   T19] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  796.659945][   T19] usb 6-1: config 4 has no interface number 0
[  796.662214][   T19] usb 6-1: string descriptor 0 read error: -22
[  796.696357][ T3364] usb 5-1: Using ep0 maxpacket: 16
[  796.697334][T17470] syz-executor: attempt to access beyond end of device
[  796.697334][T17470] loop9: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  796.701713][   T19] usb 6-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  796.724978][   T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.733529][ T3364] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  796.745059][   T19] usb 6-1: Found UVC 0.00 device <unnamed> (04f2:b746)
[  796.752074][   T19] usb 6-1: No valid video chain found.
[  796.759267][ T3364] usb 5-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc
[  796.768381][ T3364] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.776390][ T3364] usb 5-1: Product: syz
[  796.780539][ T3364] usb 5-1: Manufacturer: syz
[  796.789869][ T3364] usb 5-1: SerialNumber: syz
[  796.795939][ T3364] usb 5-1: config 0 descriptor??
[  796.804323][ T3364] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  796.865332][T21901] SELinux: failed to load policy
[  796.909804][T21901] loop0: detected capacity change from 0 to 10865
[  796.916494][  T535] ip6_tnl_xmit_ctl: 11 callbacks suppressed
[  796.916508][  T535] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  796.932167][T21901] F2FS-fs (loop0): invalid crc value
[  796.938997][T21901] syz.0.24906: attempt to access beyond end of device
[  796.938997][T21901] loop0: rw=12288, sector=12288, nr_sectors = 8 limit=10865
[  796.953042][T21901] syz.0.24906: attempt to access beyond end of device
[  796.953042][T21901] loop0: rw=12288, sector=12288, nr_sectors = 8 limit=10865
[  796.967688][T21901] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-5)
[  796.990993][ T3364] usb 6-1: USB disconnect, device number 89
[  797.011775][  T535] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  797.026867][  T535] usb 5-1: USB disconnect, device number 38
[  797.072116][T21918] futex_wake_op: syz.9.24912 tries to shift op by -1; fix this program
[  797.087485][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  797.112838][   T28] kauditd_printk_skb: 1049 callbacks suppressed
[  797.112851][   T28] audit: type=1400 audit(4386.894:135262): avc:  denied  { read write } for  pid=17470 comm="syz-executor" name="loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  797.143286][   T28] audit: type=1400 audit(4386.894:135263): avc:  denied  { open } for  pid=17470 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  797.168162][   T28] audit: type=1400 audit(4386.894:135264): avc:  denied  { ioctl } for  pid=17470 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=127 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  797.193707][   T28] audit: type=1400 audit(4386.903:135265): avc:  denied  { bpf } for  pid=21924 comm="syz.9.24915" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  797.195528][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  797.221092][   T28] audit: type=1400 audit(4386.903:135266): avc:  denied  { map_create } for  pid=21924 comm="syz.9.24915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  797.241661][   T28] audit: type=1400 audit(4386.903:135267): avc:  denied  { map_read map_write } for  pid=21924 comm="syz.9.24915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  797.263931][   T28] audit: type=1400 audit(4386.903:135268): avc:  denied  { prog_load } for  pid=21924 comm="syz.9.24915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  797.271356][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  797.282893][   T28] audit: type=1400 audit(4386.903:135269): avc:  denied  { perfmon } for  pid=21924 comm="syz.9.24915" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  797.311055][   T28] audit: type=1400 audit(4386.903:135270): avc:  denied  { prog_run } for  pid=21924 comm="syz.9.24915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  797.330906][   T28] audit: type=1400 audit(4386.949:135271): avc:  denied  { read write } for  pid=17470 comm="syz-executor" name="loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  797.638057][T21950] loop9: detected capacity change from 0 to 40427
[  797.646014][T21950] F2FS-fs (loop9): Invalid Fs Meta Ino: node(0) meta(0) root(83886083)
[  797.654313][T21950] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock
[  797.663424][T21950] F2FS-fs (loop9): fault_injection options not supported
[  797.670504][T21950] F2FS-fs (loop9): heap/no_heap options were deprecated
[  797.677477][T21950] F2FS-fs (loop9): Image doesn't support compression
[  797.685084][T21950] F2FS-fs (loop9): invalid crc value
[  797.705292][T21950] F2FS-fs (loop9): Found nat_bits in checkpoint
[  797.740659][T21950] F2FS-fs (loop9): Try to recover 2th superblock, ret: 0
[  797.747700][T21950] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  797.785736][T21962] loop4: detected capacity change from 0 to 2048
[  797.813254][T21965] IPv6: sit1: Disabled Multicast RS
[  797.819084][T21962] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  797.846692][T10573] EXT4-fs (loop4): unmounting filesystem.
[  797.876583][T21970] netlink: 'syz.9.24935': attribute type 1 has an invalid length.
[  797.883566][T21974] loop5: detected capacity change from 0 to 128
[  797.896781][T21974] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  797.929925][    T8] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  798.034549][T21980] loop9: detected capacity change from 0 to 40427
[  798.042766][T21980] F2FS-fs (loop9): invalid crc value
[  798.049637][T21980] F2FS-fs (loop9): Found nat_bits in checkpoint
[  798.079350][T21980] F2FS-fs (loop9): Start checkpoint disabled!
[  798.086149][T21980] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  798.128235][    T8] kworker/u4:0: attempt to access beyond end of device
[  798.128235][    T8] loop9: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  798.235536][   T24] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[  798.387188][  T535] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  798.430510][   T24] usb 6-1: Using ep0 maxpacket: 32
[  798.437057][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  798.445461][   T24] usb 6-1: config 128 has an invalid interface number: 127 but max is 3
[  798.453796][   T24] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  798.464031][   T24] usb 6-1: config 128 has 1 interface, different from the descriptor's value: 4
[  798.473030][   T24] usb 6-1: config 128 has no interface number 0
[  798.479458][   T24] usb 6-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  798.490651][   T24] usb 6-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  798.500714][   T24] usb 6-1: config 128 interface 127 has no altsetting 0
[  798.506431][   T19] usb 10-1: new high-speed USB device number 68 using dummy_hcd
[  798.509320][   T24] usb 6-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  798.524362][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.532371][   T24] usb 6-1: Product: syz
[  798.536783][   T24] usb 6-1: Manufacturer: syz
[  798.541371][   T24] usb 6-1: SerialNumber: syz
[  798.603882][  T535] usb 5-1: Using ep0 maxpacket: 16
[  798.610082][  T535] usb 5-1: config 0 has an invalid interface number: 126 but max is 0
[  798.618262][  T535] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  798.628332][  T535] usb 5-1: config 0 has no interface number 0
[  798.634396][  T535] usb 5-1: config 0 interface 126 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  798.647444][  T535] usb 5-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  798.656457][  T535] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.664930][  T535] usb 5-1: config 0 descriptor??
[  798.673160][  T535] snd-usb-audio: probe of 5-1:0.126 failed with error -2
[  798.702595][   T19] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 40, changing to 9
[  798.713704][   T19] usb 10-1: config 1 interface 1 altsetting 1 has an invalid endpoint with address 0xDD, skipping
[  798.725841][   T19] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  798.735018][   T19] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.743142][   T19] usb 10-1: Product: syz
[  798.747420][   T19] usb 10-1: Manufacturer: syz
[  798.752090][   T19] usb 10-1: SerialNumber: syz
[  798.772136][   T24] usb 6-1: USB disconnect, device number 90
[  798.889703][ T3364] usb 5-1: USB disconnect, device number 39
[  799.344243][T21996] loop5: detected capacity change from 0 to 2048
[  799.435616][T21998] xt_hashlimit: size too large, truncated to 1048576
[  799.481607][T26090] Bluetooth: hci0: command 0x1003 tx timeout
[  799.488121][T29435] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  799.725778][T22027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.24961'.
[  799.779448][T22032] loop5: detected capacity change from 0 to 1024
[  799.786484][T22032] EXT4-fs: Ignoring removed orlov option
[  799.787246][T22033] tmpfs: Unknown parameter 'rootcon’'
[  799.792166][T22032] EXT4-fs: Ignoring removed nomblk_io_submit option
[  799.808524][T22032] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  799.828806][T16186] EXT4-fs (loop5): unmounting filesystem.
[  799.844215][   T19] cdc_ncm 10-1:1.0: bind() failure
[  799.850397][   T19] cdc_ncm: probe of 10-1:1.1 failed with error -71
[  799.857400][   T19] cdc_mbim: probe of 10-1:1.1 failed with error -71
[  799.871530][  T317] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  799.880216][   T19] usb 10-1: USB disconnect, device number 68
[  800.077352][  T317] usb 5-1: Using ep0 maxpacket: 16
[  800.083768][  T317] usb 5-1: config 1 has an invalid descriptor of length 233, skipping remainder of the config
[  800.105131][  T317] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  800.126786][  T317] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  800.142772][  T317] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  800.154610][  T317] usb 5-1: Product: syz
[  800.158963][  T317] usb 5-1: Manufacturer: syz
[  800.163608][  T317] usb 5-1: SerialNumber: syz
[  800.550929][T22111] loop0: detected capacity change from 0 to 40427
[  800.558886][T22111] F2FS-fs (loop0): invalid crc value
[  800.565581][T22111] F2FS-fs (loop0): Found nat_bits in checkpoint
[  800.595702][T22111] F2FS-fs (loop0): Start checkpoint disabled!
[  800.602837][T22111] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  800.616992][  T317] usb 5-1: 0:2 : does not exist
[  800.665492][T14333] kworker/u4:6: attempt to access beyond end of device
[  800.665492][T14333] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  800.743177][T22121] SELinux: failed to load policy
[  800.785187][T22121] loop9: detected capacity change from 0 to 10865
[  800.793584][T22121] F2FS-fs (loop9): invalid crc value
[  800.800620][T22121] syz.9.25002: attempt to access beyond end of device
[  800.800620][T22121] loop9: rw=12288, sector=12288, nr_sectors = 8 limit=10865
[  800.814664][T22121] syz.9.25002: attempt to access beyond end of device
[  800.814664][T22121] loop9: rw=12288, sector=12288, nr_sectors = 8 limit=10865
[  800.828707][T22121] F2FS-fs (loop9): Failed to initialize F2FS segment manager (-5)
[  800.907779][T22127] loop0: detected capacity change from 0 to 40427
[  800.915469][T22127] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  800.923239][T22127] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  800.929386][T22132] loop9: detected capacity change from 0 to 512
[  800.932541][T22127] F2FS-fs (loop0): invalid crc_offset: 33558524
[  800.946518][T22127] F2FS-fs (loop0): Found nat_bits in checkpoint
[  800.967410][T22132] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  800.979638][T22127] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  800.980571][T22132] syz.9.25007[22132] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  800.986671][T22127] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  801.005979][T22132] syz.9.25007[22132] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  801.010028][T22132] EXT4-fs error (device loop9): ext4_validate_block_bitmap:429: comm syz.9.25007: bg 0: block 18: invalid block bitmap
[  801.030746][   T24] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  801.045617][T17470] EXT4-fs (loop9): unmounting filesystem.
[  801.057811][  T317] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  801.075777][  T317] usb 5-1: USB disconnect, device number 40
[  801.097065][T22142] netlink: 24 bytes leftover after parsing attributes in process `syz.9.25010'.
[  801.209777][T22157] netlink: 8 bytes leftover after parsing attributes in process `syz.9.25015'.
[  801.211111][T22156] device veth0 entered promiscuous mode
[  801.224351][T22156] device macsec1 entered promiscuous mode
[  801.224402][T22157] netlink: 24 bytes leftover after parsing attributes in process `syz.9.25015'.
[  801.244112][T22156] device veth0 left promiscuous mode
[  801.249950][   T24] usb 2-1: Using ep0 maxpacket: 16
[  801.256653][   T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  801.265478][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  801.275653][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  801.289644][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  801.298707][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.306711][   T24] usb 2-1: Product: syz
[  801.317622][   T24] usb 2-1: Manufacturer: syz
[  801.322233][   T24] usb 2-1: SerialNumber: syz
[  801.365947][T22170] loop5: detected capacity change from 0 to 1024
[  801.372899][T22170] EXT4-fs: dax option not supported
[  801.435962][T22175] netlink: 'syz.5.25023': attribute type 1 has an invalid length.
[  801.504510][T22187] loop5: detected capacity change from 0 to 1024
[  801.531080][T22187] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  801.550540][T16186] EXT4-fs (loop5): unmounting filesystem.
[  801.570066][T22193] loop5: detected capacity change from 0 to 1024
[  801.577287][T22193] EXT4-fs: Ignoring removed orlov option
[  801.582987][T22193] EXT4-fs: Ignoring removed nomblk_io_submit option
[  801.606494][T22193] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  801.628291][T16186] EXT4-fs (loop5): unmounting filesystem.
[  801.738114][T22217] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  801.748507][T22217] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  801.757452][T22217] device bridge_slave_0 left promiscuous mode
[  801.763655][T22217] bridge0: port 1(bridge_slave_0) entered disabled state
[  801.771763][T22217] device bridge_slave_1 left promiscuous mode
[  801.779453][   T24] usb 2-1: 0:2 : does not exist
[  801.784473][T22217] bridge0: port 2(bridge_slave_1) entered disabled state
[  801.952913][T22221] loop5: detected capacity change from 0 to 40427
[  801.961166][T22221] F2FS-fs (loop5): invalid crc value
[  801.968405][T22221] F2FS-fs (loop5): Found nat_bits in checkpoint
[  802.007016][T22221] F2FS-fs (loop5): Start checkpoint disabled!
[  802.014173][T22221] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  802.039062][T22231] loop4: detected capacity change from 0 to 512
[  802.045692][T22231] EXT4-fs: Ignoring removed orlov option
[  802.054248][T22231] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.25047: casefold flag without casefold feature
[  802.067622][T22231] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.25047: couldn't read orphan inode 15 (err -117)
[  802.079930][T22231] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  802.085877][    T8] kworker/u4:0: attempt to access beyond end of device
[  802.085877][    T8] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  802.123202][T10573] EXT4-fs (loop4): unmounting filesystem.
[  802.434523][   T24] usb 2-1: USB disconnect, device number 30
[  802.542304][   T28] kauditd_printk_skb: 1167 callbacks suppressed
[  802.542321][   T28] audit: type=1400 audit(4391.906:136439): avc:  denied  { read } for  pid=22262 comm="syz.5.25061" dev="nsfs" ino=4026532632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  802.569590][   T28] audit: type=1400 audit(4391.915:136440): avc:  denied  { open } for  pid=22262 comm="syz.5.25061" path="net:[4026532632]" dev="nsfs" ino=4026532632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  802.592737][   T19] usb 5-1: new low-speed USB device number 41 using dummy_hcd
[  802.600335][   T28] audit: type=1400 audit(4391.915:136441): avc:  denied  { create } for  pid=22262 comm="syz.5.25061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  802.620173][   T28] audit: type=1400 audit(4391.915:136442): avc:  denied  { read write } for  pid=22262 comm="syz.5.25061" name="uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  802.643728][   T28] audit: type=1400 audit(4391.915:136443): avc:  denied  { open } for  pid=22262 comm="syz.5.25061" path="/dev/uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  802.667142][   T28] audit: type=1400 audit(4391.915:136444): avc:  denied  { read write } for  pid=22262 comm="syz.5.25061" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  802.690638][   T28] audit: type=1400 audit(4391.915:136445): avc:  denied  { open } for  pid=22262 comm="syz.5.25061" path="/dev/raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  802.713895][   T28] audit: type=1400 audit(4391.915:136446): avc:  denied  { ioctl } for  pid=22262 comm="syz.5.25061" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  802.797768][   T19] usb 5-1: config 0 has no interfaces?
[  802.805226][   T19] usb 5-1: string descriptor 0 read error: -22
[  802.811470][   T19] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  802.820544][   T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.829569][   T19] usb 5-1: config 0 descriptor??
[  802.834905][   T28] audit: type=1400 audit(4392.173:136447): avc:  denied  { ioctl } for  pid=22245 comm="syz.4.25053" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  802.859643][ T3364] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[  802.996203][   T28] audit: type=1400 audit(4392.321:136448): avc:  denied  { bpf } for  pid=22264 comm="syz.1.25062" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  803.068885][ T3364] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  803.079026][ T3364] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  803.083049][   T24] usb 5-1: USB disconnect, device number 41
[  803.096343][ T3364] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  803.108001][ T3364] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  803.116058][ T3364] usb 6-1: SerialNumber: syz
[  803.342875][ T3364] usb 6-1: 0:2 : does not exist
[  803.350118][ T3364] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  803.361200][ T3364] usb 6-1: USB disconnect, device number 91
[  803.565959][  T318] usb 10-1: new full-speed USB device number 69 using dummy_hcd
[  803.681674][T22296] loop4: detected capacity change from 0 to 1024
[  803.697475][T22296] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  803.719156][T10573] EXT4-fs (loop4): unmounting filesystem.
[  803.772968][  T318] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  803.784052][  T318] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  803.794947][  T318] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  803.807282][  T318] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  803.824067][  T318] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  803.833273][  T318] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.841426][  T318] usb 10-1: Product: syz
[  803.845679][  T318] usb 10-1: Manufacturer: syz
[  803.850551][  T318] usb 10-1: SerialNumber: syz
[  804.889082][T22282] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22
[  804.897153][  T318] cdc_mbim 10-1:1.0: skipping garbage
[  805.116152][T22282] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22
[  805.124113][T22282] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22
[  805.465085][T22361] tipc: Started in network mode
[  805.469977][T22361] tipc: Node identity 7, cluster identity 4711
[  805.476200][T22361] tipc: Node number set to 7
[  805.656966][  T535] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  805.789751][T22282] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22
[  805.796914][T22282] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22
[  805.804244][  T318] cdc_mbim 10-1:1.0: setting tx_max = 184
[  805.811847][  T318] cdc_mbim 10-1:1.0: cdc-wdm0: USB WDM device
[  805.825139][  T318] cdc_mbim 10-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.9-1, CDC MBIM, 86:0d:d5:47:01:2a
[  805.862833][  T535] usb 5-1: Using ep0 maxpacket: 32
[  805.869599][  T535] usb 5-1: config 1 has an invalid interface number: 242 but max is 0
[  805.882509][  T535] usb 5-1: config 1 has no interface number 0
[  805.901430][  T535] usb 5-1: config 1 interface 242 has no altsetting 0
[  805.917021][  T535] usb 5-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df
[  805.944941][  T535] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  805.953931][  T535] usb 5-1: Product: syz
[  805.961184][  T535] usb 5-1: Manufacturer: syz
[  805.971149][  T535] usb 5-1: SerialNumber: syz
[  806.023321][ T3364] usb 10-1: USB disconnect, device number 69
[  806.030531][ T3364] cdc_mbim 10-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.9-1, CDC MBIM
[  806.596733][T22412] input: syz1 as /devices/virtual/input/input206
[  806.853057][  T535] aqc111 5-1:1.242 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  806.871631][  T535] aqc111: probe of 5-1:1.242 failed with error -71
[  806.886184][  T535] usb 5-1: USB disconnect, device number 42
[  807.002899][T22420] loop9: detected capacity change from 0 to 1024
[  807.010213][T22420] EXT4-fs: Ignoring removed orlov option
[  807.016216][T22420] EXT4-fs: Ignoring removed nomblk_io_submit option
[  807.041689][T22420] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  807.083147][T17470] EXT4-fs (loop9): unmounting filesystem.
[  807.302731][T22440] 9p: Unknown uid 00000000004294967295
[  807.336651][T22444] netem: incorrect gi model size
[  807.341685][T22444] netem: change failed
[  807.367224][T22450] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  807.381241][T22450] device bridge_slave_0 left promiscuous mode
[  807.387445][T22450] bridge0: port 1(bridge_slave_0) entered disabled state
[  807.395767][T22450] device bridge_slave_1 left promiscuous mode
[  807.402907][T22450] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.554893][T22475] input: syz1 as /devices/virtual/input/input207
[  807.627335][T22458] loop4: detected capacity change from 0 to 40427
[  807.635092][T22458] F2FS-fs (loop4): fault_injection options not supported
[  807.642622][T22458] F2FS-fs (loop4): heap/no_heap options were deprecated
[  807.649923][T22458] F2FS-fs (loop4): Image doesn't support compression
[  807.658833][T22458] F2FS-fs (loop4): invalid crc value
[  807.666633][T22458] F2FS-fs (loop4): Found nat_bits in checkpoint
[  807.691705][T22458] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  807.782410][T22497] netlink: 'syz.5.25164': attribute type 6 has an invalid length.
[  807.834689][  T535] usb 10-1: new full-speed USB device number 70 using dummy_hcd
[  807.881060][T22458] syz.4.25146: attempt to access beyond end of device
[  807.881060][T22458] loop4: rw=2049, sector=77824, nr_sectors = 2072 limit=40427
[  807.902362][T22458] syz.4.25146: attempt to access beyond end of device
[  807.902362][T22458] loop4: rw=2049, sector=79896, nr_sectors = 2120 limit=40427
[  807.924213][T22458] syz.4.25146: attempt to access beyond end of device
[  807.924213][T22458] loop4: rw=2049, sector=82016, nr_sectors = 2392 limit=40427
[  807.950248][T22458] syz.4.25146: attempt to access beyond end of device
[  807.950248][T22458] loop4: rw=2049, sector=84408, nr_sectors = 2072 limit=40427
[  807.972866][T22458] syz.4.25146: attempt to access beyond end of device
[  807.972866][T22458] loop4: rw=2049, sector=86480, nr_sectors = 2176 limit=40427
[  807.974747][   T28] kauditd_printk_skb: 9368 callbacks suppressed
[  807.974761][   T28] audit: type=1400 audit(4396.918:145817): avc:  denied  { create } for  pid=22519 comm="syz.1.25174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  808.018321][T22458] syz.4.25146: attempt to access beyond end of device
[  808.018321][T22458] loop4: rw=2049, sector=88656, nr_sectors = 2160 limit=40427
[  808.021388][   T28] audit: type=1400 audit(4396.955:145818): avc:  denied  { setopt } for  pid=22519 comm="syz.1.25174" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  808.057936][   T28] audit: type=1400 audit(4396.992:145819): avc:  denied  { bpf } for  pid=22522 comm="syz.1.25175" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  808.058843][T22458] syz.4.25146: attempt to access beyond end of device
[  808.058843][T22458] loop4: rw=2049, sector=90816, nr_sectors = 2080 limit=40427
[  808.079605][   T28] audit: type=1400 audit(4396.992:145820): avc:  denied  { map_create } for  pid=22522 comm="syz.1.25175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  808.099389][T22458] syz.4.25146: attempt to access beyond end of device
[  808.099389][T22458] loop4: rw=2049, sector=92896, nr_sectors = 2080 limit=40427
[  808.111773][   T28] audit: type=1400 audit(4396.992:145821): avc:  denied  { ioctl } for  pid=22472 comm="syz.9.25153" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  808.151029][   T28] audit: type=1400 audit(4396.992:145822): avc:  denied  { map_read map_write } for  pid=22522 comm="syz.1.25175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  808.161530][T22458] syz.4.25146: attempt to access beyond end of device
[  808.161530][T22458] loop4: rw=2049, sector=94976, nr_sectors = 2072 limit=40427
[  808.170779][  T535] usb 10-1: config 0 has an invalid interface number: 41 but max is 0
[  808.193052][   T28] audit: type=1400 audit(4397.038:145823): avc:  denied  { bpf } for  pid=22522 comm="syz.1.25175" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  808.202101][T22458] syz.4.25146: attempt to access beyond end of device
[  808.202101][T22458] loop4: rw=2049, sector=97048, nr_sectors = 2048 limit=40427
[  808.234328][  T535] usb 10-1: config 0 has no interface number 0
[  808.240626][   T28] audit: type=1400 audit(4397.038:145824): avc:  denied  { prog_load } for  pid=22522 comm="syz.1.25175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  808.259532][  T535] usb 10-1: config 0 interface 41 has no altsetting 0
[  808.266925][   T28] audit: type=1400 audit(4397.065:145825): avc:  denied  { perfmon } for  pid=22522 comm="syz.1.25175" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  808.287727][   T28] audit: type=1400 audit(4397.065:145826): avc:  denied  { prog_run } for  pid=22522 comm="syz.1.25175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  808.310582][T22525] overlayfs: failed to resolve './file0': -2
[  808.312083][  T535] usb 10-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  808.336697][  T535] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.344917][  T535] usb 10-1: Product: syz
[  808.349200][  T535] usb 10-1: Manufacturer: syz
[  808.353878][  T535] usb 10-1: SerialNumber: syz
[  808.362869][  T535] usb 10-1: config 0 descriptor??
[  808.402423][T22533] input: syz1 as /devices/virtual/input/input208
[  808.560200][T22553] loop4: detected capacity change from 0 to 256
[  808.842227][  T318] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  809.038251][  T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  809.049181][  T318] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  809.058203][  T318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  809.067128][  T318] usb 2-1: config 0 descriptor??
[  809.072312][T22551] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  809.280960][T22568] loop4: detected capacity change from 0 to 128
[  809.289713][T22568] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  809.313619][T10573] EXT4-fs (loop4): unmounting filesystem.
[  809.377211][T22576] netem: incorrect gi model size
[  809.382201][T22576] netem: change failed
[  809.430345][T22582] loop5: detected capacity change from 0 to 256
[  809.465205][  T535] CoreChips: probe of 10-1:0.41 failed with error -71
[  809.467230][T22587] loop5: detected capacity change from 0 to 512
[  809.480131][  T535] usb 10-1: USB disconnect, device number 70
[  809.488594][T22587] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  809.505344][T22587] EXT4-fs error (device loop5): ext4_quota_enable:6976: comm syz.5.25206: Bad quota inum: 29696, type: 1
[  809.517040][T22587] EXT4-fs warning (device loop5): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  809.532871][T22587] EXT4-fs (loop5): mount failed
[  809.535107][  T318] hid-generic 0003:04F3:0755.00F1: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[  809.576565][T22594] loop4: detected capacity change from 0 to 8192
[  809.584581][T22594] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  809.676990][T22607] netem: incorrect gi model size
[  809.682076][T22607] netem: change failed
[  809.760433][  T305] usb 2-1: USB disconnect, device number 31
[  810.075747][T22637] hub 4-0:1.0: USB hub found
[  810.080555][T22637] hub 4-0:1.0: 1 port detected
[  810.360459][T22670] loop5: detected capacity change from 0 to 512
[  810.367063][T22670] EXT4-fs: Ignoring removed mblk_io_submit option
[  810.379796][T22670] EXT4-fs: Ignoring removed mblk_io_submit option
[  810.388341][T22670] EXT4-fs (loop5): Test dummy encryption mode enabled
[  810.395337][T22670] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  810.414091][T22670] EXT4-fs (loop5): 1 truncate cleaned up
[  810.419799][T22670] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  810.438475][T16186] EXT4-fs (loop5): unmounting filesystem.
[  810.634588][T22705] input: syz1 as /devices/virtual/input/input209
[  810.673542][T22712] netlink: 27 bytes leftover after parsing attributes in process `syz.4.25260'.
[  810.847209][T22737] loop4: detected capacity change from 0 to 2048
[  810.893489][T22737] GPT:first_usable_lbas don't match.
[  810.898862][T22737] GPT:34 != 290
[  810.909011][T22737] GPT: Use GNU Parted to correct GPT errors.
[  810.919010][T22737]  loop4: p1 p2 p3
[  811.377474][  T318] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  811.583287][  T318] usb 2-1: Using ep0 maxpacket: 16
[  811.592424][  T318] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  811.601546][  T318] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  811.609652][  T318] usb 2-1: Product: syz
[  811.613805][  T318] usb 2-1: Manufacturer: syz
[  811.618417][  T318] usb 2-1: SerialNumber: syz
[  811.624159][  T318] r8152-cfgselector 2-1: config 0 descriptor??
[  811.849824][  T318] r8152-cfgselector 2-1: Unknown version 0x0000
[  811.856507][  T318] r8152-cfgselector 2-1: Unknown version 0x0000
[  811.863237][  T318] r8152-cfgselector 2-1: USB disconnect, device number 32
[  812.345865][T22831] loop9: detected capacity change from 0 to 512
[  812.353301][T22831] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  812.364956][T22831] EXT4-fs error (device loop9): ext4_quota_enable:6976: comm syz.9.25315: Bad quota inum: 29696, type: 1
[  812.376389][T22831] EXT4-fs warning (device loop9): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  812.391894][T22831] EXT4-fs (loop9): mount failed
[  812.548195][T22857] loop9: detected capacity change from 0 to 512
[  812.561468][T22857] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  812.580084][ T3364] usb 6-1: new full-speed USB device number 92 using dummy_hcd
[  812.589772][T17470] EXT4-fs (loop9): unmounting filesystem.
[  812.606514][T22869] netem: change failed
[  812.705997][T22875] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  812.787252][ T3364] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  812.798305][ T3364] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  812.814190][ T3364] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  812.824695][ T3364] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  812.834706][ T3364] usb 6-1: config 0 descriptor??
[  813.075533][T22906] input: syz1 as /devices/virtual/input/input210
[  813.273484][   T19] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  813.283521][ T3364] savu 0003:1E7D:2D5A.00F2: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  813.305934][  T535] usb 10-1: new high-speed USB device number 71 using dummy_hcd
[  813.392638][  T305] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  813.454300][   T28] kauditd_printk_skb: 1180 callbacks suppressed
[  813.454314][   T28] audit: type=1400 audit(4401.976:147007): avc:  denied  { read write } for  pid=20153 comm="syz-executor" name="loop0" dev="devtmpfs" ino=5989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  813.484086][   T28] audit: type=1400 audit(4401.976:147008): avc:  denied  { read write open } for  pid=20153 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=5989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  813.510442][   T28] audit: type=1400 audit(4401.976:147009): avc:  denied  { ioctl } for  pid=20153 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=5989 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  813.511839][  T535] usb 10-1: Using ep0 maxpacket: 8
[  813.535245][   T28] audit: type=1400 audit(4401.985:147010): avc:  denied  { bpf } for  pid=22909 comm="syz.0.25349" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  813.551559][  T535] usb 10-1: unable to get BOS descriptor or descriptor too short
[  813.560700][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  813.579428][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  813.589193][   T28] audit: type=1400 audit(4401.985:147011): avc:  denied  { map_create } for  pid=22909 comm="syz.0.25349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  813.589372][  T318] usb 6-1: USB disconnect, device number 92
[  813.608200][   T19] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  813.627160][  T535] usb 10-1: config 8 interface 0 altsetting 7 endpoint 0x3 has invalid wMaxPacketSize 0
[  813.627168][   T28] audit: type=1400 audit(4401.985:147012): avc:  denied  { map_read map_write } for  pid=22909 comm="syz.0.25349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  813.627195][   T28] audit: type=1400 audit(4401.985:147013): avc:  denied  { prog_load } for  pid=22909 comm="syz.0.25349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  813.641806][  T535] usb 10-1: config 8 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 0
[  813.657075][   T19] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  813.690881][T22912] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[  813.694555][   T28] audit: type=1400 audit(4401.985:147014): avc:  denied  { perfmon } for  pid=22909 comm="syz.0.25349" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  813.724138][  T535] usb 10-1: config 8 interface 0 has no altsetting 0
[  813.730946][  T305] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  813.732029][  T535] usb 10-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[  813.741973][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.759214][  T305] usb 2-1: config 27 interface 0 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[  813.767743][  T535] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.770322][  T305] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  813.787240][  T305] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.787754][  T535] usb 10-1: Product: syz
[  813.795469][   T19] usb 5-1: config 0 descriptor??
[  813.803732][  T535] usb 10-1: Manufacturer: syz
[  813.804543][   T28] audit: type=1400 audit(4401.985:147015): avc:  denied  { prog_run } for  pid=22909 comm="syz.0.25349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  813.810003][  T535] usb 10-1: SerialNumber: syz
[  813.829137][   T28] audit: type=1400 audit(4402.003:147016): avc:  denied  { ioctl } for  pid=22899 comm="syz.4.25344" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  813.860013][  T305] usb 2-1: invalid MIDI out EP 0
[  813.873879][  T305] snd-usb-audio: probe of 2-1:27.0 failed with error -22
[  814.082910][  T535] usb 10-1: selecting invalid altsetting 0
[  814.089908][  T305] usb 2-1: USB disconnect, device number 33
[  814.091607][  T535] snd-usb-audio: probe of 10-1:8.0 failed with error -12
[  814.105657][  T535] usb 10-1: USB disconnect, device number 71
[  814.268768][   T19] plantronics 0003:047F:FFFF.00F3: No inputs registered, leaving
[  814.278225][   T19] plantronics 0003:047F:FFFF.00F3: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  814.432677][  T317] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[  814.563271][  T535] usb 5-1: USB disconnect, device number 43
[  814.639547][  T317] usb 6-1: config index 0 descriptor too short (expected 3133, got 61)
[  814.651828][  T317] usb 6-1: config 0 has an invalid interface number: 156 but max is 1
[  814.660825][  T317] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  814.683710][  T317] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  814.692699][  T317] usb 6-1: config 0 has no interface number 0
[  814.699084][  T317] usb 6-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  814.710183][  T317] usb 6-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  814.721720][  T317] usb 6-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  814.732069][  T317] usb 6-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  814.749332][T22936] tmpfs: Unknown parameter '[3'
[  814.750714][  T317] usb 6-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  814.764229][  T317] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.775953][  T317] usb 6-1: config 0 descriptor??
[  814.782145][  T317] usb 6-1: MIDIStreaming interface descriptor not found
[  814.785492][T22940] device pim6reg1 entered promiscuous mode
[  814.813958][T22942] netlink: 28 bytes leftover after parsing attributes in process `syz.9.25364'.
[  814.862502][T22948] overlayfs: conflicting lowerdir path
[  814.872274][T22948] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  815.002732][  T305] usb 6-1: USB disconnect, device number 93
[  815.208891][T22997] loop9: detected capacity change from 0 to 4096
[  815.218624][T22997] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  815.231302][T22997] fs-verity (loop9, inode 16): fs-verity keyring is empty, rejecting signed file!
[  815.246690][T17470] EXT4-fs (loop9): unmounting filesystem.
[  815.324787][T23010] netlink: 88 bytes leftover after parsing attributes in process `syz.9.25395'.
[  815.333911][T23010] netlink: 48 bytes leftover after parsing attributes in process `syz.9.25395'.
[  815.505274][  T318] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  815.634794][T23026] can0: slcan on ttyS3.
[  815.689632][T23026] can0 (unregistered): slcan off ttyS3.
[  815.701545][  T318] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  815.718258][  T318] usb 5-1: config 1 has no interface number 0
[  815.718285][  T318] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  815.718313][  T318] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  815.718359][  T318] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  815.756782][  T318] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  815.776145][  T318] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=29
[  815.784227][  T318] usb 5-1: Product: syz
[  815.797785][  T318] usb 5-1: Manufacturer: syz
[  815.802481][  T318] usb 5-1: SerialNumber: syz
[  816.052573][T23032] loop5: detected capacity change from 0 to 40427
[  816.054013][T23032] F2FS-fs (loop5): Invalid SB checksum offset: 0
[  816.065779][T23032] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  816.074708][T23032] F2FS-fs (loop5): invalid crc value
[  816.093367][T23032] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  816.126680][T23032] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  816.126704][T23032] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  816.170130][T23032] bio_check_eod: 7 callbacks suppressed
[  816.170146][T23032] syz.5.25405: attempt to access beyond end of device
[  816.170146][T23032] loop5: rw=0, sector=77824, nr_sectors = 8 limit=40427
[  816.190691][T16186] syz-executor: attempt to access beyond end of device
[  816.190691][T16186] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  816.292679][T23045] xt_hashlimit: size too large, truncated to 1048576
[  816.624024][T23063] tipc: Started in network mode
[  816.629006][T23063] tipc: Node identity -:, cluster identity 4711
[  816.635358][T23063] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  816.696962][  T318] cdc_ncm 5-1:1.1: bind() failure
[  816.927062][  T305] usb 5-1: USB disconnect, device number 44
[  816.968252][  T535] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[  817.173751][  T535] usb 6-1: Using ep0 maxpacket: 16
[  817.180166][  T535] usb 6-1: config 0 has an invalid interface number: 126 but max is 0
[  817.188537][  T535] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  817.198618][  T535] usb 6-1: config 0 has no interface number 0
[  817.204691][  T535] usb 6-1: config 0 interface 126 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  817.217837][  T535] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  817.226858][  T535] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.236119][  T535] usb 6-1: config 0 descriptor??
[  817.244704][  T535] snd-usb-audio: probe of 6-1:0.126 failed with error -2
[  817.471790][  T535] usb 6-1: USB disconnect, device number 94
[  817.852599][T23115] loop4: detected capacity change from 0 to 512
[  817.869123][T23115] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  817.889286][T10573] EXT4-fs (loop4): unmounting filesystem.
[  818.124101][T23143] loop5: detected capacity change from 0 to 256
[  818.240118][T23163] loop4: detected capacity change from 0 to 128
[  818.331746][ T2275] tipc: Subscription rejected, illegal request
[  818.415103][T23190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25472'.
[  818.718775][T23231] netlink: 'syz.9.25492': attribute type 2 has an invalid length.
[  818.788116][  T305] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  818.799631][T23240] netem: change failed
[  818.918310][   T28] kauditd_printk_skb: 1114 callbacks suppressed
[  818.918325][   T28] audit: type=1400 audit(4407.015:148131): avc:  denied  { read write } for  pid=10573 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  818.953974][   T28] audit: type=1400 audit(4407.015:148132): avc:  denied  { open } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  818.977982][   T28] audit: type=1400 audit(4407.025:148133): avc:  denied  { ioctl } for  pid=10573 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  819.003394][   T28] audit: type=1400 audit(4407.025:148134): avc:  denied  { bpf } for  pid=23252 comm="syz.4.25502" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  819.023942][   T28] audit: type=1400 audit(4407.025:148135): avc:  denied  { map_create } for  pid=23252 comm="syz.4.25502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  819.043034][   T28] audit: type=1400 audit(4407.025:148136): avc:  denied  { perfmon } for  pid=23252 comm="syz.4.25502" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  819.063811][   T28] audit: type=1400 audit(4407.025:148137): avc:  denied  { map_read map_write } for  pid=23252 comm="syz.4.25502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  819.083566][   T28] audit: type=1400 audit(4407.025:148138): avc:  denied  { prog_load } for  pid=23252 comm="syz.4.25502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  819.102566][   T28] audit: type=1400 audit(4407.025:148139): avc:  denied  { prog_run } for  pid=23252 comm="syz.4.25502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  819.121477][   T28] audit: type=1400 audit(4407.061:148140): avc:  denied  { relabelfrom } for  pid=23252 comm="syz.4.25502" name="" dev="pipefs" ino=223280 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  819.149055][   T24] usb 10-1: new high-speed USB device number 72 using dummy_hcd
[  819.363592][   T24] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  819.373857][   T24] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  819.383599][   T24] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  819.392863][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  819.401037][   T24] usb 10-1: SerialNumber: syz
[  819.432594][T23273] loop5: detected capacity change from 0 to 512
[  819.463115][T23273] EXT4-fs (loop5): 1 orphan inode deleted
[  819.468855][T23273] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  819.481586][T14333] EXT4-fs error (device loop5): ext4_release_dquot:6812: comm kworker/u4:6: Failed to release dquot type 1
[  819.501703][T16186] EXT4-fs (loop5): unmounting filesystem.
[  819.627723][   T24] usb 10-1: 0:2 : does not exist
[  819.634571][   T24] usb 10-1: USB disconnect, device number 72
[  820.223369][T23298] loop4: detected capacity change from 0 to 256
[  820.231359][T23298] exfat: Deprecated parameter 'utf8'
[  820.239392][T23298] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  820.313742][ T2275] Bluetooth: hci0: Frame reassembly failed (-84)
[  820.342595][T23294] loop9: detected capacity change from 0 to 40427
[  820.351208][T23294] F2FS-fs (loop9): invalid crc value
[  820.357881][T23294] F2FS-fs (loop9): Found nat_bits in checkpoint
[  820.388444][T23294] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  820.402845][T23294] syz.9.25519: attempt to access beyond end of device
[  820.402845][T23294] loop9: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  820.423376][T17470] syz-executor: attempt to access beyond end of device
[  820.423376][T17470] loop9: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  820.699875][T23323] loop9: detected capacity change from 0 to 256
[  820.707127][T23323] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  820.718179][T23323] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[  820.729488][T23323] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  820.750689][T23323] exFAT-fs (loop9): hint_cluster is invalid (17)
[  820.759195][T23323] exFAT-fs (loop9): error, invalid access to FAT (entry 0xffffffff)
[  820.767232][T23323] exFAT-fs (loop9): Filesystem has been set read-only
[  820.774032][T23323] exFAT-fs (loop9): error, invalid access to FAT (entry 0xffffffff)
[  821.698275][T23346] loop9: detected capacity change from 0 to 512
[  821.704727][  T318] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[  821.715610][T23346] EXT4-fs (loop9): 1 orphan inode deleted
[  821.721381][T23346] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  821.735140][ T2275] EXT4-fs error (device loop9): ext4_release_dquot:6812: comm kworker/u4:5: Failed to release dquot type 1
[  821.754847][  T305] usb 2-1: unable to get BOS descriptor or descriptor too short
[  821.764658][T17470] EXT4-fs (loop9): unmounting filesystem.
[  821.770497][  T305] usb 2-1: no configurations
[  821.775161][  T305] usb 2-1: can't read configurations, error -22
[  821.830341][T23355] syz.9.25542[23355] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  821.830385][T23355] syz.9.25542[23355] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  821.898518][  T318] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  821.920365][  T318] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  821.931238][  T318] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  821.942050][  T318] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  821.956524][  T318] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  821.965594][  T318] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.973609][  T318] usb 6-1: Product: syz
[  821.977788][  T318] usb 6-1: Manufacturer: syz
[  821.982387][  T318] usb 6-1: SerialNumber: syz
[  822.098262][T23367] binder: 23366:23367 ioctl c0306201 2000000003c0 returned -22
[  822.168771][   T24] usb 10-1: new high-speed USB device number 73 using dummy_hcd
[  822.375307][   T24] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2
[  822.384277][   T24] usb 10-1: config 1 has no interface number 0
[  822.390463][   T24] usb 10-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  822.401441][   T24] usb 10-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  822.410554][   T24] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  822.422842][   T24] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  822.432036][   T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=29
[  822.440361][   T24] usb 10-1: Product: syz
[  822.444641][   T24] usb 10-1: Manufacturer: syz
[  822.449347][   T24] usb 10-1: SerialNumber: syz
[  822.536696][T29435] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  822.536804][T14743] Bluetooth: hci0: command 0x1003 tx timeout
[  822.550146][T23304] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  822.861729][   T19] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  823.056737][   T19] usb 5-1: Using ep0 maxpacket: 16
[  823.063187][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  823.074176][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  823.083928][   T19] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  823.093340][  T318] cdc_ncm 6-1:1.0: bind() failure
[  823.093428][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.100093][  T318] cdc_ncm: probe of 6-1:1.1 failed with error -71
[  823.114539][  T318] cdc_mbim: probe of 6-1:1.1 failed with error -71
[  823.115177][   T19] usb 5-1: config 0 descriptor??
[  823.123235][  T318] usb 6-1: USB disconnect, device number 95
[  823.332459][   T24] cdc_ncm 10-1:1.1: bind() failure
[  823.558201][  T222] usb 10-1: USB disconnect, device number 73
[  823.575245][   T19] hid-multitouch 0003:1FD2:6007.00F4: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  823.620144][  T222] ==================================================================
[  823.628197][  T222] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480
[  823.635206][  T222] Write of size 8 at addr ffff888128acca00 by task kworker/1:2/222
[  823.643076][  T222] 
[  823.645388][  T222] CPU: 1 PID: 222 Comm: kworker/1:2 Tainted: G        W          6.1.134-syzkaller-00039-g3c6d0251e1fb #0
[  823.656651][  T222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  823.666694][  T222] Workqueue: usb_hub_wq hub_event
[  823.671730][  T222] Call Trace:
[  823.675000][  T222]  <TASK>
[  823.677918][  T222]  __dump_stack+0x21/0x24
[  823.682246][  T222]  dump_stack_lvl+0xee/0x150
[  823.686833][  T222]  ? __cfi_dump_stack_lvl+0x8/0x8
[  823.691855][  T222]  ? enqueue_timer+0xae/0x480
[  823.696527][  T222]  print_address_description+0x71/0x210
[  823.702069][  T222]  print_report+0x4a/0x60
[  823.706395][  T222]  kasan_report+0x122/0x150
[  823.710884][  T222]  ? enqueue_timer+0xae/0x480
[  823.715553][  T222]  __asan_report_store8_noabort+0x17/0x20
[  823.721270][  T222]  enqueue_timer+0xae/0x480
[  823.725793][  T222]  __mod_timer+0x79f/0xb30
[  823.730193][  T222]  ? ttwu_do_activate+0x174/0x280
[  823.735207][  T222]  schedule_timeout+0x127/0x2e0
[  823.740047][  T222]  ? __cfi_schedule_timeout+0x10/0x10
[  823.745407][  T222]  ? __cfi_process_timeout+0x10/0x10
[  823.750680][  T222]  ? __cfi__raw_spin_lock+0x10/0x10
[  823.755871][  T222]  ? _raw_spin_lock+0x8e/0xe0
[  823.760537][  T222]  wait_for_common+0x354/0x620
[  823.765291][  T222]  ? usb_hcd_giveback_urb+0x351/0x410
[  823.770662][  T222]  ? wait_for_completion+0x20/0x20
[  823.775765][  T222]  ? usb_submit_urb+0x122d/0x1900
[  823.780778][  T222]  wait_for_completion_timeout+0xe/0x10
[  823.786313][  T222]  usb_start_wait_urb+0x166/0x2f0
[  823.791356][  T222]  ? usb_alloc_urb+0x44/0x140
[  823.796027][  T222]  ? usb_api_blocking_completion+0xb0/0xb0
[  823.801823][  T222]  ? kasan_save_alloc_info+0x25/0x30
[  823.807105][  T222]  ? usb_alloc_urb+0x44/0x140
[  823.811770][  T222]  ? __kasan_check_write+0x14/0x20
[  823.816879][  T222]  usb_control_msg+0x241/0x3f0
[  823.821635][  T222]  hub_ext_port_status+0x100/0x6b0
[  823.826747][  T222]  hub_port_debounce+0x1c7/0x250
[  823.831682][  T222]  hub_event+0x1c5e/0x4680
[  823.836099][  T222]  ? sched_clock+0x9/0x10
[  823.840433][  T222]  ? __cfi___switch_to+0x10/0x10
[  823.845382][  T222]  ? _raw_spin_unlock+0x4c/0x70
[  823.850226][  T222]  ? __cfi_hub_event+0x10/0x10
[  823.854983][  T222]  ? __schedule+0xb8f/0x14e0
[  823.859566][  T222]  ? __kasan_check_read+0x11/0x20
[  823.864583][  T222]  ? read_word_at_a_time+0x12/0x20
[  823.869684][  T222]  ? strscpy+0x9b/0x290
[  823.873832][  T222]  process_one_work+0x71f/0xc40
[  823.878675][  T222]  worker_thread+0xa29/0x11f0
[  823.883338][  T222]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  823.888801][  T222]  kthread+0x281/0x320
[  823.892863][  T222]  ? __cfi_worker_thread+0x10/0x10
[  823.897963][  T222]  ? __cfi_kthread+0x10/0x10
[  823.902545][  T222]  ret_from_fork+0x1f/0x30
[  823.906958][  T222]  </TASK>
[  823.909971][  T222] 
[  823.912285][  T222] Allocated by task 23304:
[  823.916690][  T222]  kasan_set_track+0x4b/0x70
[  823.921275][  T222]  kasan_save_alloc_info+0x25/0x30
[  823.926399][  T222]  __kasan_kmalloc+0x95/0xb0
[  823.930983][  T222]  __kmalloc+0xb1/0x1e0
[  823.935161][  T222]  hci_alloc_dev_priv+0x27/0x1bd0
[  823.940280][  T222]  hci_uart_tty_ioctl+0x3c8/0xa00
[  823.945293][  T222]  tty_ioctl+0x8ef/0xc60
[  823.949520][  T222]  __se_sys_ioctl+0x12f/0x1b0
[  823.954193][  T222]  __x64_sys_ioctl+0x7b/0x90
[  823.958778][  T222]  x64_sys_call+0x58b/0x9a0
[  823.963272][  T222]  do_syscall_64+0x4c/0xa0
[  823.967681][  T222]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  823.973571][  T222] 
[  823.975884][  T222] Freed by task 23304:
[  823.979938][  T222]  kasan_set_track+0x4b/0x70
[  823.984521][  T222]  kasan_save_free_info+0x31/0x50
[  823.989537][  T222]  ____kasan_slab_free+0x132/0x180
[  823.994632][  T222]  __kasan_slab_free+0x11/0x20
[  823.999381][  T222]  slab_free_freelist_hook+0xc2/0x190
[  824.004745][  T222]  __kmem_cache_free+0xb7/0x1b0
[  824.009583][  T222]  kfree+0x6f/0xf0
[  824.013295][  T222]  hci_release_dev+0x13ad/0x1500
[  824.018219][  T222]  bt_host_release+0x82/0x90
[  824.022794][  T222]  device_release+0xa4/0x1d0
[  824.027376][  T222]  kobject_put+0x19d/0x280
[  824.031797][  T222]  put_device+0x1f/0x30
[  824.035961][  T222]  hci_dev_cmd+0x265/0x720
[  824.040371][  T222]  hci_sock_ioctl+0x41e/0x7f0
[  824.045032][  T222]  sock_do_ioctl+0x101/0x310
[  824.049607][  T222]  sock_ioctl+0x4d8/0x6e0
[  824.053919][  T222]  __se_sys_ioctl+0x12f/0x1b0
[  824.058586][  T222]  __x64_sys_ioctl+0x7b/0x90
[  824.063169][  T222]  x64_sys_call+0x58b/0x9a0
[  824.067658][  T222]  do_syscall_64+0x4c/0xa0
[  824.072068][  T222]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  824.077961][  T222] 
[  824.080266][  T222] Last potentially related work creation:
[  824.085958][  T222]  kasan_save_stack+0x3a/0x60
[  824.090620][  T222]  __kasan_record_aux_stack+0xb6/0xc0
[  824.095981][  T222]  kasan_record_aux_stack_noalloc+0xb/0x10
[  824.101869][  T222]  insert_work+0x51/0x300
[  824.106203][  T222]  __queue_work+0x9b1/0xd30
[  824.110694][  T222]  queue_work_on+0xd2/0x140
[  824.115186][  T222]  __hci_cmd_sync_sk+0xa3e/0xcf0
[  824.120114][  T222]  hci_cmd_sync_status+0x53/0x120
[  824.125130][  T222]  hci_dev_cmd+0x628/0x720
[  824.129534][  T222]  hci_sock_ioctl+0x41e/0x7f0
[  824.134196][  T222]  sock_do_ioctl+0x101/0x310
[  824.138773][  T222]  sock_ioctl+0x4d8/0x6e0
[  824.143088][  T222]  __se_sys_ioctl+0x12f/0x1b0
[  824.147756][  T222]  __x64_sys_ioctl+0x7b/0x90
[  824.152342][  T222]  x64_sys_call+0x58b/0x9a0
[  824.156844][  T222]  do_syscall_64+0x4c/0xa0
[  824.161251][  T222]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  824.167136][  T222] 
[  824.169443][  T222] Second to last potentially related work creation:
[  824.176004][  T222]  kasan_save_stack+0x3a/0x60
[  824.180670][  T222]  __kasan_record_aux_stack+0xb6/0xc0
[  824.186032][  T222]  kasan_record_aux_stack_noalloc+0xb/0x10
[  824.191827][  T222]  insert_work+0x51/0x300
[  824.196156][  T222]  __queue_work+0x9b1/0xd30
[  824.200648][  T222]  queue_work_on+0xd2/0x140
[  824.205139][  T222]  hci_cmd_timeout+0x191/0x200
[  824.209887][  T222]  process_one_work+0x71f/0xc40
[  824.214744][  T222]  worker_thread+0xa29/0x11f0
[  824.219429][  T222]  kthread+0x281/0x320
[  824.223487][  T222]  ret_from_fork+0x1f/0x30
[  824.227889][  T222] 
[  824.230199][  T222] The buggy address belongs to the object at ffff888128acc000
[  824.230199][  T222]  which belongs to the cache kmalloc-8k of size 8192
[  824.244233][  T222] The buggy address is located 2560 bytes inside of
[  824.244233][  T222]  8192-byte region [ffff888128acc000, ffff888128ace000)
[  824.257669][  T222] 
[  824.259981][  T222] The buggy address belongs to the physical page:
[  824.266382][  T222] page:ffffea0004a2b200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x128ac8
[  824.276610][  T222] head:ffffea0004a2b200 order:3 compound_mapcount:0 compound_pincount:0
[  824.284921][  T222] flags: 0x4000000000010200(slab|head|zone=1)
[  824.290990][  T222] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043500
[  824.299556][  T222] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  824.308119][  T222] page dumped because: kasan: bad access detected
[  824.314523][  T222] page_owner tracks the page as allocated
[  824.320226][  T222] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 22333, tgid 22329 (syz.5.25090), ts 806625197569, free_ts 783556682740
[  824.343323][  T222]  post_alloc_hook+0x1f5/0x210
[  824.348082][  T222]  prep_new_page+0x1c/0x110
[  824.352577][  T222]  get_page_from_freelist+0x2c6e/0x2ce0
[  824.358113][  T222]  __alloc_pages+0x19e/0x3a0
[  824.362696][  T222]  alloc_slab_page+0x6e/0xf0
[  824.367279][  T222]  new_slab+0x98/0x3d0
[  824.371347][  T222]  ___slab_alloc+0x6f6/0xb50
[  824.375941][  T222]  __slab_alloc+0x5e/0xa0
[  824.380266][  T222]  __kmem_cache_alloc_node+0x203/0x2c0
[  824.385728][  T222]  kmalloc_trace+0x29/0xb0
[  824.390138][  T222]  audit_log_d_path+0xc6/0x240
[  824.394896][  T222]  audit_log_d_path_exe+0x42/0x70
[  824.399914][  T222]  audit_log_task+0x205/0x2e0
[  824.404584][  T222]  audit_seccomp+0x7f/0x160
[  824.409081][  T222]  __seccomp_filter+0xacd/0x19d0
[  824.414005][  T222]  __secure_computing+0xea/0x290
[  824.418943][  T222] page last free stack trace:
[  824.423601][  T222]  free_unref_page_prepare+0x742/0x750
[  824.429058][  T222]  free_unref_page+0x8f/0x530
[  824.433725][  T222]  __free_pages+0x67/0x100
[  824.438132][  T222]  __vunmap+0x9af/0xb70
[  824.442291][  T222]  vfree+0x61/0x90
[  824.446009][  T222]  packet_set_ring+0x1931/0x2470
[  824.450942][  T222]  packet_release+0x737/0xcb0
[  824.455603][  T222]  sock_close+0xf1/0x290
[  824.459830][  T222]  __fput+0x1fc/0x8f0
[  824.463795][  T222]  ____fput+0x15/0x20
[  824.467761][  T222]  task_work_run+0x1db/0x240
[  824.472340][  T222]  exit_to_user_mode_loop+0x9b/0xb0
[  824.477633][  T222]  exit_to_user_mode_prepare+0x5a/0xa0
[  824.483080][  T222]  syscall_exit_to_user_mode+0x1a/0x30
[  824.488530][  T222]  do_syscall_64+0x58/0xa0
[  824.492933][  T222]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  824.498816][  T222] 
[  824.501124][  T222] Memory state around the buggy address:
[  824.506731][  T222]  ffff888128acc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  824.514773][  T222]  ffff888128acc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  824.522825][  T222] >ffff888128acca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  824.530863][  T222]                    ^
[  824.534909][  T222]  ffff888128acca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  824.542952][  T222]  ffff888128accb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  824.550993][  T222] ==================================================================
[  824.559032][  T222] Disabling lock debugging due to kernel taint
[  824.580592][   T28] kauditd_printk_skb: 554 callbacks suppressed
[  824.580607][   T28] audit: type=1400 audit(4412.249:148693): avc:  denied  { read write } for  pid=16186 comm="syz-executor" name="loop5" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  824.589760][   T19] usb 5-1: USB disconnect, device number 45
[  824.617342][   T28] audit: type=1400 audit(4412.249:148694): avc:  denied  { open } for  pid=16186 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  824.641998][   T28] audit: type=1400 audit(4412.249:148695): avc:  denied  { ioctl } for  pid=16186 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=123 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  824.790273][    C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  824.801984][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  824.810400][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B   W          6.1.134-syzkaller-00039-g3c6d0251e1fb #0
[  824.821325][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  824.831363][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  824.836650][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 28 d0 28 00 4c 89 ff e8 30 8d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 7c 21 6d 00 49 8b 7d 00 e8 13 89
[  824.856236][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  824.862289][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003ad100
[  824.870251][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  824.878199][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[  824.886149][    C1] R10: ffffed1025159939 R11: 1ffff11025159939 R12: dffffc0000000000
[  824.894099][    C1] R13: 0000000000000000 R14: ffff888128acc9c8 R15: 0000000000000008
[  824.902054][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  824.910968][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  824.917547][    C1] CR2: 00007f3861d82338 CR3: 00000001264bf000 CR4: 00000000003506a0
[  824.925502][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  824.933505][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  824.941460][    C1] Call Trace:
[  824.944732][    C1]  <IRQ>
[  824.947583][    C1]  delayed_work_timer_fn+0x61/0x80
[  824.952700][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  824.958499][    C1]  call_timer_fn+0x46/0x2a0
[  824.962984][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  824.968773][    C1]  __run_timers+0x667/0x9a0
[  824.973259][    C1]  ? calc_index+0x200/0x200
[  824.977765][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  824.982952][    C1]  run_timer_softirq+0x6a/0xf0
[  824.987696][    C1]  handle_softirqs+0x1d7/0x600
[  824.992458][    C1]  ? irqtime_account_irq+0xc4/0x240
[  824.997684][    C1]  __irq_exit_rcu+0x52/0xf0
[  825.002180][    C1]  irq_exit_rcu+0x9/0x10
[  825.006437][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  825.012072][    C1]  </IRQ>
[  825.015002][    C1]  <TASK>
[  825.017916][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  825.023875][    C1] RIP: 0010:default_idle+0xf/0x20
[  825.028884][    C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 83 ba 56 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[  825.048505][    C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[  825.054590][    C1] RAX: ffff8881f7100000 RBX: ffff8881003ad100 RCX: d34bc29678597f00
[  825.062549][    C1] RDX: 0000000000000001 RSI: ffffffff85a9f840 RDI: ffffffff85a9f800
[  825.070506][    C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee268ff
[  825.078458][    C1] R10: 0000000000000000 R11: ffffffff84ef7b70 R12: 0000000000000000
[  825.086407][    C1] R13: 0000000000000000 R14: ffff8881003ad100 R15: dffffc0000000000
[  825.094360][    C1]  ? __cfi_default_idle+0x10/0x10
[  825.099369][    C1]  arch_cpu_idle+0x1c/0x20
[  825.103769][    C1]  default_idle_call+0x71/0x1d0
[  825.108600][    C1]  do_idle+0x1a7/0x520
[  825.112649][    C1]  ? idle_inject_timer_fn+0x60/0x60
[  825.117830][    C1]  ? schedule_idle+0x5b/0x90
[  825.122423][    C1]  cpu_startup_entry+0x43/0x60
[  825.127176][    C1]  start_secondary+0x119/0x120
[  825.131920][    C1]  secondary_startup_64_no_verify+0xce/0xdb
[  825.137800][    C1]  </TASK>
[  825.140804][    C1] Modules linked in:
[  825.144680][    C1] ---[ end trace 0000000000000000 ]---
[  825.150111][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  825.155380][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 28 d0 28 00 4c 89 ff e8 30 8d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 7c 21 6d 00 49 8b 7d 00 e8 13 89
[  825.174969][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  825.181016][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003ad100
[  825.188969][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  825.196919][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[  825.204871][    C1] R10: ffffed1025159939 R11: 1ffff11025159939 R12: dffffc0000000000
[  825.212821][    C1] R13: 0000000000000000 R14: ffff888128acc9c8 R15: 0000000000000008
[  825.220772][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  825.229684][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  825.236252][    C1] CR2: 00007f3861d82338 CR3: 00000001264bf000 CR4: 00000000003506a0
[  825.244213][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  825.252171][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  825.260133][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  825.267621][    C1] Kernel Offset: disabled
[  825.271934][    C1] Rebooting in 86400 seconds..