last executing test programs:

25.756635595s ago: executing program 1 (id=6675):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x68, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
syz_clone(0x24001100, 0x0, 0x0, 0x0, 0x0, 0x0)

25.618379529s ago: executing program 1 (id=6676):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$xdp(0x2c, 0x3, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r0, r4, 0x1, 0x0, @void}, 0x10)

25.520396228s ago: executing program 1 (id=6678):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$xdp(0x2c, 0x3, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r0, r6, 0x1, 0x0, @void}, 0x10)

24.639634478s ago: executing program 1 (id=6681):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0080003e0000000100000065ffffff941400005412e3e20a2d7bde93d0d9a4f8a3515b56f3551cf3960843adf0e32314f80e123f9457df98c84f208002b29a52bb9403206e53a368fd199ae13d63d617ce9e573c6e7c99c678028ddfb89ad63354ad5149fab2c134898d969238bdd68c4a1af52f67d002e249b72edb7900ce64fe0fd338d2887cb216c55316395ab05b246b7379c33e2cbacc261e207d162965df10992bdce68a45725ab7a6e455a9cde1513c1b31c77c80eaf114aced5593b4545d8c696d96a8be34c3efee5d143953f72ce41fb2dfce471b", @ANYRES32, @ANYBLOB="0e00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000000000000000000000500"/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10)
fspick(0xffffffffffffffff, 0x0, 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file2\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040)={[], [], 0x2c})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ptrace(0x10, 0x1)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x3, 0x0, 0x0, 0x2000, 0x40000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20000000, 0x0, 0x2, 0x0, 0x0, 0xfffffffc]}, 0x45c)
ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0)
readv(r1, &(0x7f0000000600)=[{&(0x7f0000000640)=""/89, 0x59}], 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect$uac1(0x3, 0xc1, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010002000000406b1d01014000010203010902af0003010410080904000000010100000a2401ff7f0b0201020904010000010200000904010101010200000924020100030402ffff00001a9102ef43ab637210240202b20008000be73241f58bb5f0090501094000090966072501c30809000904020000010200000904020101010200000c24020295070800042e0a920d240000040007000a4fac79a6072401090003000724014d04ff14090582090800be40000725018202250000000000002732dfff1ada9b1d66e355cac4410580d11c6a775cb4b2c60412e898c8e695606cc03b708c760a20"], &(0x7f0000000400)={0x0, 0x0, 0xcd, &(0x7f00000006c0)=ANY=[@ANYBLOB="050fcd00050b100108c00003041f0a002310021ef42a47771c430c62b3baeced9a74dc610cfc3555cf128060480b5265a536f91410040902edf65fa18b4ab7a290b0368ee4d79b0a100300000081de81007c100b160d62b71b9da6e58ec82455b8fd7083e778607c2ee20779aa4771c59b26f8451a284ad2e046acfa850e63679385658f0e2e824be3594d29ba2e6ac1c6bdef8b52efaa7064b0820a8b26318f4a97fe3c0917e253811e76747ca7280d81f1566ad3ffce2fa7acb62dd81c45e1e9d86ba588119e"], 0x2, [{0x1f, &(0x7f0000000040)=ANY=[@ANYBLOB="1f031e8bfe45813475634321dc9e08000000267f38660dbe2f770a14bfe4"]}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x480a}}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000001840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

19.755403707s ago: executing program 0 (id=6700):
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x0, 0x6}]})
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x40}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004000000007455de9060567ed5800c1680cd3dddeae7413273ed94222ebda1bb9d6bf585e8e923c6111604bdcacf895648767f83b2c9942da67c4001040000ee123259360aed7a7992094fa31f46a3f4c49132b04ef0762a96dccdd21ee797637fcea1b48e242c27c8e8d6baaef1b210a5e889a422b1a4e9ff381071aabb2147a4180edc4d515e846792a69fdf50cad597ae18b0e597b556288b6a5a813af68d5b2d6ffecf760e0cfefc71c48a1d", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r4}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x40, 0x4, 0x3, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x5)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r6, &(0x7f0000000180), 0x400008a, 0x1000000000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket(0x28, 0x1, 0x0)
getsockopt$nfc_llcp(r7, 0x28, 0x2, 0xfffffffffffffffe, 0x20000000)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

18.911528894s ago: executing program 0 (id=6703):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/timers\x00', 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="380000000301010100000000000000000a00000014001980080001000800000008000200f50280"], 0x38}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x1d, r7, &(0x7f0000000040)='asymmetric\x00', 0x0)

18.019306576s ago: executing program 0 (id=6706):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000009500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
quotactl$Q_GETINFO(0xffffffff80000502, &(0x7f0000000000)=@filename='./file0\x00', 0x0, &(0x7f0000000180))

18.009868477s ago: executing program 0 (id=6707):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x11d, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
getpid()
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000100)='./file1\x00', 0x101880a, &(0x7f0000000640)=ANY=[@ANYBLOB="6a71666d743d7666736f6c642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c6673796e635f6d6f64653d7374726963742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c616c6c6f635f6d6f64653d64656661756c742c657874656e745f63616368652c636f6d70726573735f63686b73756d2c00b2da307445fc488576738ba410ac1c9a87da19d1cc651efd805323f81a90a8406c6dd7f408149424deb0d904cf45e22dafdee453ba2138adbdcefdf526f7bbfad9092cbe1a715c8d3f32fa074e042433009d6c85349a23169e841ea2aed39364ab614997351b"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r5, 0x0, 0x0, 0x20000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1808000000000000000000020000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffe2b)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="00cf140000000000000000000000000000000000000058df82bcf87e197dab604adb34efc8aa1b21d36e23bb0fb6eb5dd130f005e3f86775210d387f4612bf4fe01c8179f613b155ccfed5ce195aed08b7e317f32d04f5091c610f102b9f1566a836c3f8130420bd2aaed15eaa4c07de77241804f461b031f0c05da68b6081a97cb738786a13f84e91b07ebd66d7c6d008e7b27e80a417227d082d9b09df86613e01bab42e74ed0129ad9f5714e93ffccb60dcbc0f3f6752d79afb7716be4226a0bff03e505dff6fe3eca3eea32df69980d39fc31977aaa7b8d639139e07fdb634f64372d25d2da6856debac20f674dbb83510528e05fbd5536113180168aca11429acdd87da6adefe5a470e7eb2a60dfcb1ecb16ce1e34e661cbdc0fac952bbe641d7cc94fd580ba48928fa7abcf7d58641671c07b0c77de6d82006", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

16.806370567s ago: executing program 0 (id=6710):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$xdp(0x2c, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r0, r5, 0x1, 0x0, @void}, 0x10)

15.559561422s ago: executing program 0 (id=6715):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000340)={[{@journal_checksum}, {@usrjquota_path={'usrjquota', 0x3d, './file2'}}, {@dioread_lock}, {@norecovery}, {@resgid}, {@lazytime}, {@noload}, {@lazytime}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_remove_blocks\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00', <r1=>0x0})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000407d1e9c310000000000010902240001000000000100000000000000000921000000"], 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="000000000500000000040000000000000000000002aec72f63b618451b246f3d91343e0f82b5c6d87f5f6c097175997a1ddcf5bf4c9fd83555f10e3be351a62cf937e598f3c724bc19d2dd6b88ec5331aae5cbd550ee6e671cb1efb47a50014f565689d5d6095bf2a7ed137954d492a5769ac03697bd3847117a5ce0c8caa81ac8d0d64c76a6a7d9c6afde27178fc25cb8cb2dfea415813d5bf66a5c6d53e3bf1785689ccc6893d657afc6db09c8eb0cbb6710994b44a55972d8a3c4", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r4, &(0x7f0000000000)=@file={0x1}, 0x6e)
connect$unix(r4, &(0x7f0000000080)=@file={0x1}, 0x6e) (fail_nth: 1)
ptrace(0x10, 0x1)

12.454306047s ago: executing program 1 (id=6719):
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYRES8=0x0], 0x1, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv4_getrule={0x1c}, 0x1c}}, 0x800)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000140)='.\x00', 0x40000022)
write$binfmt_elf32(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600f60f000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(r3)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000280)=0x60, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00'}, 0x10)

11.00370946s ago: executing program 1 (id=6728):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0080003e0000000100000065ffffff941400005412e3e20a2d7bde93d0d9a4f8a3515b56f3551cf3960843adf0e32314f80e123f9457df98c84f208002b29a52bb9403206e53a368fd199ae13d63d617ce9e573c6e7c99c678028ddfb89ad63354ad5149fab2c134898d969238bdd68c4a1af52f67d002e249b72edb7900ce64fe0fd338d2887cb216c55316395ab05b246b7379c33e2cbacc261e207d162965df10992bdce68a45725ab7a6e455a9cde1513c1b31c77c80eaf114aced5593b4545d8c696d96a8be34c3efee5d143953f72ce41fb2dfce471b", @ANYRES32, @ANYBLOB="0e00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000000000000000000000500"/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10)
fspick(0xffffffffffffffff, 0x0, 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file2\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040)={[], [], 0x2c})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ptrace(0x10, 0x1)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x3, 0x0, 0x0, 0x2000, 0x40000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20000000, 0x0, 0x2, 0x0, 0x0, 0xfffffffc]}, 0x45c)
ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0)
readv(r1, &(0x7f0000000600)=[{&(0x7f0000000640)=""/89, 0x59}], 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect$uac1(0x3, 0xc1, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010002000000406b1d01014000010203010902af0003010410080904000000010100000a2401ff7f0b0201020904010000010200000904010101010200000924020100030402ffff00001a9102ef43ab637210240202b20008000be73241f58bb5f0090501094000090966072501c30809000904020000010200000904020101010200000c24020295070800042e0a920d240000040007000a4fac79a6072401090003000724014d04ff14090582090800be40000725018202250000000000002732dfff1ada9b1d66e355cac4410580d11c6a775cb4b2c60412e898c8e695606cc03b708c760a20"], &(0x7f0000000400)={0x0, 0x0, 0xcd, &(0x7f00000006c0)=ANY=[@ANYBLOB="050fcd00050b100108c00003041f0a002310021ef42a47771c430c62b3baeced9a74dc610cfc3555cf128060480b5265a536f91410040902edf65fa18b4ab7a290b0368ee4d79b0a100300000081de81007c100b160d62b71b9da6e58ec82455b8fd7083e778607c2ee20779aa4771c59b26f8451a284ad2e046acfa850e63679385658f0e2e824be3594d29ba2e6ac1c6bdef8b52efaa7064b0820a8b26318f4a97fe3c0917e253811e76747ca7280d81f1566ad3ffce2fa7acb62dd81c45e1e9d86ba588119e"], 0x2, [{0x1f, &(0x7f0000000040)=ANY=[@ANYBLOB="1f031e8bfe45813475634321dc9e08000000267f38660dbe2f770a14bfe4"]}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x480a}}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000001840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

6.766188949s ago: executing program 2 (id=6744):
open(0x0, 0x24142, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000", @ANYBLOB, @ANYBLOB], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r5)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r6 = inotify_init1(0x0)
fcntl$setown(r6, 0x8, 0xffffffffffffffff)
fcntl$getownex(r6, 0x10, &(0x7f0000000140)={0x0, <r7=>0x0})
r8 = syz_open_procfs(r7, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r8, 0x40305839, &(0x7f0000000240))
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r9 = getpid()
sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x6)

6.708991044s ago: executing program 3 (id=6745):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x68, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r3}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
syz_clone(0x24001100, 0x0, 0x0, 0x0, 0x0, 0x0)

6.654934149s ago: executing program 3 (id=6746):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x2000c8, &(0x7f0000000100)=ANY=[@ANYBLOB='codepage=874,nodots,dots,tz=UTC,dots,nodots,codepage=862,dots,dots,check=strict,allow_utime=000000000000000000001,sys_immutable,nodots,nfs,quiet,dots,nodots,nodots,debug,usefree,tz=UTC,flush,nodots,\x00'], 0xfd, 0x1bf, &(0x7f0000000940)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000dc0)={&(0x7f0000000c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@const]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000000400)='./file0\x00', 0xa04000, &(0x7f0000000580)={[{@four_active_logs}, {@fastboot}, {@test_dummy_encryption}, {@noinline_dentry}]}, 0x1, 0x1059a, &(0x7f0000020c40)="$eJzs3M1rI2UcB/Bftu6r61pkX/TkgAgNmNC03aIgUnUXXbBL8eXgSdNkGrKbZEqTvrhnPemf4FUQ8ebf4MV/Y/EgeBK8rSiZmcpW96A226zbzwem32eePPPL84RcnkyZAI6t2eTXXypxIc5GxExEnI/I25XyyK0U8WxEPB8RJ+47KmX/nx2nIuJcRFwYFy9qVsqXln+7e++r5268+vk3d6uNn77+cnqrBqbtxYjobxbt3X6RWafIW2V/c6ebZ39pp8zihf7t8jwrcjddzyvsNvfHNfNc7BTjs83t4Tg3es3WODvdjbx/c1C84XCns18nv+BWcys/b6freXaHWZ6dO8W89sq8MxwVddplvU/y8jEa7WfRn+6lxXo2b+fZGozK/qJu1k73xrlTZvl20cp67Xwe6//5Y37kvdMdbO8lO+nWsJsNkqv1xsv1xnKtsZW101G6VGv228tLyVynNx5WG6XN/konyzq9tN7K+tVkrtNq1RqNZO5aut5tDpJGo75Yn69drZatl5K3bn6Q9NrJ3Djf6A62R93eMNnItpLiimqyUF98pZq80EjeW11L1t69fn117f2Prn148/XVG2+Wg/42rWRuYX5hodaYry00qtZ/GJXDXc5x5wsE8K/Z/wPTYP9v/x/2v8d+/bZvHIovEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAsfXjye/ezhuzxfmTZf9TZdczEXElIi5HxKWI+P0BZuLUgZoXI6JSth80/uRf5vB9JfIK42tOl8e5iFgpj3tPP+xPAQAAAB5f3/7w6WcRM+Nm/ue1aU+Io1T+aHNmUvXyn3yemFS1i3mxvQlVu7RfciIuR8TJ2Z8nVO1KRJw4//GEqv0jMwfizH1RKeLEUc4GAAA4Ggd3AhPbvQEAAPDI+WLaE2A68vu15f/il/eCTxdR3hA8e+AMAAAA+B+qTHsCAAAAwEOX7/89/w8AAAAeb8Xz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YuZfcNGI4DsB/oFPoS0UVj6uwqrpkwSF6hC57gPY22XGGSIhzkF2OEEHEjIMyhN2YAZHvkwbbI/jJRmJhmzEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACc00OxnN+t//1vmrPdNZNnNAAAAMApm2I5LyvDqv0l3f+Wbv2IiGlETCJiHBGn5u69+FjLHEVEJ9VPvb846sN9RJmw/0w/XZ8j4le6nr6f+1sAAACA27VezRYRvX21fPl5qPEOpEWbQa68csnnQ660URn2N1Pa+CUyi0lEFMPHTGnTiOh+/Z1arfz+erVi8KroVEW3jV4AAADtqs8Ess3eAAAAuDp/Lt0BLqPcr03/xU97wf2qSBuCn2otAAAA4HodP21/0Gm3HwAAAMAFlPP/N+f/pVUB5/8BAADAbajO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCcNsVyvl7NFk1ztrtm8owGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntmfdxQIgTAIg73r+06D9z+WNGhqalIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALz53V/+T0yNM8nca2PpeSRZOzW2To29c+PoD+Pr1wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzP3QmEQBCEwb7zP6fF/MOSBo1BhCpY+JhhHhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GIHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgr7c2+bMBDGcfi1kyhxm4yQ3uJjBhoqBCPwISFZ8gwMwEI0VLQWi8AKIOCgpTMFz9P8fzpdcQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+n09MZHRGSfj8wjH67+DpeDr8jXTTP4vma2Oe7rn1tOtrtRyt8Y/xcRUUTWwm8AANpX3jfFYlnNO2m7aXtp+2nLaV3NXvloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzuzcsWpTURgA4JOkiVYnRyuI4KCLjU2sRsjiUOguCLqFNpZiqpJmaEuXPoHo5Oor2E1fwRcQHLTg4NBBwUUQJclNeoJBUoR7Q/0++O/9c4dzz8kQ+O9/bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgWA73wtlBngshzM0c5V3vv+6ujDu/ffZhbhBf7ry5GI/ZHaIYQni43mpeT3Et025ze+dRo9VqtiUSiWSYZP3LBADASVNMolvXfyruL3ev5eoh/Ho1Wv9fifLwl/r/88vzFwbxc+tdJ75XXP8vpLbC6VfubDwtb27vXFvfaKw115qPq9XK4s3FG7dvVcq9ZyVlT0wAAAD4N6Uk4vo/X/+z/38mysOE9f+9pQf343sV1P9jHTX9sp4JAADA/+3cpe/fcmOu50qlsNXodNoL/ePwc6V/zGCqx3Yqibj+L9SznhUAAACQhsO93Ej/fzXKw4T9//nXuwfxmIUQwmzS/59fedJaTW85Uy2N14mzXiMAAADZmk0i7v8Xe/v/88MtD/kQwtXL/Tz5G8CJ6v+PL+6OvLQe7/+vprfEqZSv9b+P3rkWwkwt6xkBAABwkp1OolvsHxT3l9s/ni+V7P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf7NgxSgNBFAbgzW5WKzFgpVZeQLSzClgIYuMhREHwBCKIBxBbS+9g6R1SK9hYWKbwBvJmd1TSBCx2lXwfTN4jDJmXSZN/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgrun+d1/Fy6jpy/a954+rk6gvMzW8369vxop+0OXQ/9Bgr+8JAAAAWARVzvdFUbzVj4dRy3HK/3XeE5n/YaXpc56fzf25Pt29buT8f328dfl10Kg5Jz707PzidKezb/j3rc7dMUw3n569VOkHKY9u1qZ1us/B7WRysJTa5S6mBQB+YzvXtsn/h6Lu9jkYAAtj2K7iR/6vxv3OBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCFzwAAAP//OCtiEg==")
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000000340)={0x2020}, 0xcb0a)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r6)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r6)
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010000000000030000000f"], 0x1c}}, 0x0)
rmdir(&(0x7f0000002200)='./file0\x00')

5.34336605s ago: executing program 2 (id=6749):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="05000000010000000200000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x5, 0x4, 0x8, 0xa, 0xc00, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018010000202070250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xf002, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_control_io(r6, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0000900000005f7a312d9563"], 0x0, 0x0, 0x0, 0x0}, 0x0)

4.807319419s ago: executing program 3 (id=6750):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x68, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
syz_clone(0x24001100, 0x0, 0x0, 0x0, 0x0, 0x0)

4.300259145s ago: executing program 3 (id=6751):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000280), 0x1, 0x76a, &(0x7f0000001b00)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=")
pipe2$9p(&(0x7f0000000180)={<r0=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c00bc9d20f69ab5ecfe5709adc1c13df3fa"])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x400000000000000, 0x7)
ioctl$FS_IOC_GETFSMAP(r1, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000002"])
getresuid(&(0x7f0000000700), &(0x7f0000000740), &(0x7f00000007c0))

4.299830245s ago: executing program 4 (id=6752):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYRES8=0x0], 0x1, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv4_getrule={0x1c}, 0x1c}}, 0x800)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000140)='.\x00', 0x40000022)
write$binfmt_elf32(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600f60f000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(r3)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000280)=0x60, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00'}, 0x10)

3.692508521s ago: executing program 3 (id=6753):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002305e20000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[], 0x0)

2.985188956s ago: executing program 2 (id=6754):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0/file0\x00', 0x8)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000300), 0x12)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18c5ab03d57aa57ab0f3000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r4, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0xffffffffffffff5a, 0x40000, 0x0, 0x27)
recvmsg(r4, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000340)=0x7)
getpid()
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)

2.983937736s ago: executing program 4 (id=6755):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10)
quotactl$Q_GETINFO(0xffffffff80000502, &(0x7f0000000000)=@filename='./file0\x00', 0x0, &(0x7f0000000180))

2.175484061s ago: executing program 4 (id=6756):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="1b0004000000000000000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000200000000000570d04f7d30cdac7640801294c0bcee0cbd72f6d6e4985122f8a322b2bafafdbcadbc2a13d1571f84539cc75ff160d6801bca84e956410c8493d3f6b1225e35352a168f89af8ea38add04ae52ed0f13234d83a51a0e72b9f17c5f8b740cdd564545eb15ca8596fc89c9b22cbf908e20fee9c97b08a57eeec22877d5e9ce399abcfe9aa67068fa948d4dfbd9c6db7b274b5ff27d68ebc8630a1b66f06ddd58bdfff236693ce9bcc1d00", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fe0006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x20008000)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x50, 0xffffffffffffffff, 0x5738d000)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0xa8242, 0x0)
write$tcp_mem(r7, &(0x7f0000000240)={0x2, 0x2c, 0x0, 0x2c, 0x7, 0x2c}, 0x48)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x4, &(0x7f0000002780)=ANY=[@ANYRESHEX=r1], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x18000000000002a0, 0x22, 0x0, &(0x7f0000000300)="b9ff03076044238c5a00000088a84cb688a84d5e080089a105ce751d9d88f21f982d", 0x0, 0x6131, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket$netlink(0x10, 0x3, 0x9)
setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f00000017c0)=r8, 0x4)

1.257488475s ago: executing program 2 (id=6758):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)

1.256901485s ago: executing program 4 (id=6759):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7040000080000008500000095000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
quotactl$Q_GETINFO(0xffffffff80000502, &(0x7f0000000000)=@filename='./file0\x00', 0x0, &(0x7f0000000180))

1.224903057s ago: executing program 2 (id=6760):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0)
openat$binder_debug(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r1], 0x1, 0x2c3, &(0x7f00000007c0)="$eJzs3E1oE2kYwPGnH9uvpU1YloVd2N1nt5fdZRmanBfasLTLYqCijVQL4tRONGRMQiZEU6SJIPTiwUv9OKsgUiiIB0Es9eBJWqQ3D95668F6sog4kqafcZrakjZC/79D+zDP80zemXkzJG9CFv+5fiEedYyomZH6ljqp75GCLNeJX+plTUH+vDj18ufjJ08dCYXDvcdU+0IDgaCqdvw6PXR58veZzLcnHnU8aZZZ/+nFpeDC7A+zPy5+HDgfczTmaCKZUVOHk8mMOWxbOnLDiRuqR23LdCyNJRwrvSUftZOpVE7NxEh7WyptOY6aiZzGrZxmkppJ59Q8Z8YSahiGtrcJKpvM3g5tn408WHZdWcq8cN3mgriuW9zYcoDDQ42tXH/X3XT9r9V6SDhAm27qLSL2eDaSjZT+l/KhqMTEFku6xCcfpDhH3DtT7spUKf69FJwKz//1/Jmq+mXMzq/257ORhq39AfGJv9RTUor7/g/3BrRka/830ra5Pyg++d67P+jZ3yR/dHa1rvcb4pP5s5IUW+amf3u30D9+c61/LKD6b3+4rL9VRjZO0/23Nbo+AAAAAAAAAADshaHrPNfvjWLB1VFVbS/Ll/q9Ph8oX5/v8lyfb5SfGmt77AAAAAAAHBZObjRu2raVrhRM7FxTfCu/436qGkhh3x5i7RvQVdnh3StfXvxLX+Wazu6GuZ5XhdRBnucqBO8Hv4phlM2f1dWnnYobdvNM2VXwpir7qVsd3/Y1/w29fuiZOvN0Y0vTZ+dnOzP7e0cCAAAAsF82XvR3Sz76OJsf/Hui1mMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCw2cNPjs3d8kppMfjunleq1scIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQyacAAAD//9dZzPE=")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r5, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x1}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r6, &(0x7f0000000040)=0x1c8, 0x12)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

1.224527848s ago: executing program 4 (id=6761):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x68, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
syz_clone(0x24001100, 0x0, 0x0, 0x0, 0x0, 0x0)

4.02996ms ago: executing program 2 (id=6762):
r0 = add_key$user(0x0, 0x0, 0x0, 0xfffffffffffffeb3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x5)
fcntl$setown(r2, 0x8, r3)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_gettime(0x3, &(0x7f0000000140))
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x50, 0xffffffffffffffff, 0x5738d000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)={[{@subsystem='cpuset'}], [{@flag='nolazytime'}, {@appraise_type}]})
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
keyctl$set_timeout(0xf, r0, 0x6)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000180), 0x3ff9, 0x10500)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000380)={r6, 0x4, {0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0x17, 0x10, "78e9c869e045f2063f1b79c734d49800e3f0d4743f69398e086956c240c3d90687152922dc4250686d223ab000a5aaf81e81b800", "537bdb3db9e67aac029c5698c260c62edd3d28b64c99c2c0cba457fa19cf9ca67a0f073c31056a73de9ec984ed7a6fe1c6d9e0888b65551fdd06570ee379ceea", "c43a6965b3e39e24d0e9eaef63ac051d8d9b5c5f18c052b70a74cae1abc47b66", [0x8000000000000080, 0x10001]}})

3.81455ms ago: executing program 3 (id=6763):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/timers\x00', 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="380000000301010100000000000000000a00000014001980080001000800000008000200f50280"], 0x38}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 4 (id=6764):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="05000000010000000200000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x5, 0x4, 0x8, 0xa, 0xc00, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018010000202070250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xf002, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_control_io(r6, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0000900000005f7a312d9563"], 0x0, 0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):


[ 1561.351226][T27377] FAULT_INJECTION: forcing a failure.
[ 1561.351226][T27377] name failslab, interval 1, probability 0, space 0, times 0
[ 1561.370566][T27377] CPU: 0 PID: 27377 Comm: syz.3.6534 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1561.381767][T27377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1561.391750][T27377] Call Trace:
[ 1561.394871][T27377]  <TASK>
[ 1561.397648][T27377]  dump_stack_lvl+0x151/0x1c0
[ 1561.402163][T27377]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1561.407630][T27377]  ? release_sock+0x163/0x1b0
[ 1561.412142][T27377]  dump_stack+0x15/0x20
[ 1561.416132][T27377]  should_fail+0x3c6/0x510
[ 1561.420386][T27377]  __should_failslab+0xa4/0xe0
[ 1561.424990][T27377]  ? __alloc_skb+0xbe/0x550
[ 1561.429330][T27377]  should_failslab+0x9/0x20
[ 1561.433697][T27377]  slab_pre_alloc_hook+0x37/0xd0
[ 1561.438443][T27377]  ? __alloc_skb+0xbe/0x550
[ 1561.442780][T27377]  kmem_cache_alloc+0x44/0x200
[ 1561.447378][T27377]  __alloc_skb+0xbe/0x550
[ 1561.451544][T27377]  netlink_sendmsg+0x797/0xd20
[ 1561.456143][T27377]  ? netlink_getsockopt+0x560/0x560
[ 1561.461177][T27377]  ? security_socket_sendmsg+0x82/0xb0
[ 1561.466473][T27377]  ? netlink_getsockopt+0x560/0x560
[ 1561.471504][T27377]  ____sys_sendmsg+0x59e/0x8f0
[ 1561.476107][T27377]  ? __sys_sendmsg_sock+0x40/0x40
[ 1561.480966][T27377]  ? import_iovec+0xe5/0x120
[ 1561.485392][T27377]  ___sys_sendmsg+0x252/0x2e0
[ 1561.490003][T27377]  ? __sys_sendmsg+0x260/0x260
[ 1561.494614][T27377]  ? __fdget+0x1bc/0x240
[ 1561.498692][T27377]  __se_sys_sendmsg+0x19a/0x260
[ 1561.503370][T27377]  ? __x64_sys_sendmsg+0x90/0x90
[ 1561.508160][T27377]  ? ksys_write+0x260/0x2c0
[ 1561.512483][T27377]  ? debug_smp_processor_id+0x17/0x20
[ 1561.517705][T27377]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1561.523679][T27377]  __x64_sys_sendmsg+0x7b/0x90
[ 1561.528284][T27377]  x64_sys_call+0x16a/0x9a0
[ 1561.532966][T27377]  do_syscall_64+0x3b/0xb0
[ 1561.537218][T27377]  ? clear_bhb_loop+0x35/0x90
[ 1561.541731][T27377]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1561.547462][T27377] RIP: 0033:0x7f2012af7ff9
[ 1561.551717][T27377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1561.571242][T27377] RSP: 002b:00007f2011771038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1561.579758][T27377] RAX: ffffffffffffffda RBX: 00007f2012caff80 RCX: 00007f2012af7ff9
[ 1561.587558][T27377] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[ 1561.595457][T27377] RBP: 00007f2011771090 R08: 0000000000000000 R09: 0000000000000000
[ 1561.603702][T27377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1561.611602][T27377] R13: 0000000000000000 R14: 00007f2012caff80 R15: 00007ffed4532ec8
[ 1561.619420][T27377]  </TASK>
[ 1561.631838][   T30] audit: type=1326 audit(1728181588.017:13414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27378 comm="syz.0.6533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bcca85ff9 code=0x7ffc0000
[ 1561.659532][   T30] audit: type=1326 audit(1728181588.017:13415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27378 comm="syz.0.6533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f9bcca85ff9 code=0x7ffc0000
[ 1561.980252][T27389] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6532'.
[ 1561.989038][T27389] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6532'.
[ 1562.144413][T26883] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1562.155433][   T30] audit: type=1326 audit(1728181588.017:13416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27378 comm="syz.0.6533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bcca85ff9 code=0x7ffc0000
[ 1562.179304][   T30] audit: type=1400 audit(1728181588.537:13417): avc:  denied  { compute_member } for  pid=27373 comm="syz.4.6532" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[ 1562.295560][   T31] INFO: task syz.3.5923:25099 blocked for more than 122 seconds.
[ 1562.629902][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1562.638761][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1562.647365][   T31] task:syz.3.5923      state:D stack:23568 pid:25099 ppid: 24590 flags:0x00004204
[ 1562.656640][   T31] Call Trace:
[ 1562.659775][   T31]  <TASK>
[ 1562.662546][   T31]  __schedule+0xccc/0x1590
[ 1562.666767][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1562.672507][   T31]  ? __kasan_check_write+0x14/0x20
[ 1562.677699][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1562.682683][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1562.688031][   T31]  schedule+0x11f/0x1e0
[ 1562.692034][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1562.697317][   T31]  down_read+0xcd6/0x1900
[ 1562.701496][   T31]  ? __down_common+0x550/0x550
[ 1562.706088][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1562.711296][   T31]  ? __kasan_check_write+0x14/0x20
[ 1562.716154][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1562.720768][   T31]  ? __put_super+0x54/0x2e0
[ 1562.725096][   T31]  iterate_supers+0xb3/0x1f0
[ 1562.729517][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1562.733813][   T31]  ksys_sync+0xb9/0x1c0
[ 1562.737764][   T31]  ? sync_filesystem+0x250/0x250
[ 1562.742556][   T31]  __do_sys_sync+0xe/0x20
[ 1562.746723][   T31]  x64_sys_call+0x488/0x9a0
[ 1562.751051][   T31]  do_syscall_64+0x3b/0xb0
[ 1562.755296][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1562.759809][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1562.765922][   T31] RIP: 0033:0x7fb263650ff9
[ 1562.770171][   T31] RSP: 002b:00007fb2622ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1562.778565][   T31] RAX: ffffffffffffffda RBX: 00007fb263808f80 RCX: 00007fb263650ff9
[ 1562.786389][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1562.794197][   T31] RBP: 00007fb2636c3296 R08: 0000000000000000 R09: 0000000000000000
[ 1562.802010][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1562.809808][   T31] R13: 0000000000000000 R14: 00007fb263808f80 R15: 00007fff4307d388
[ 1562.817639][   T31]  </TASK>
[ 1562.823383][   T31] INFO: task syz.4.5925:25105 blocked for more than 123 seconds.
[ 1562.831748][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1562.840683][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1562.851142][T26883] usb 2-1: Using ep0 maxpacket: 8
[ 1562.863322][   T31] task:syz.4.5925      state:D stack:24656 pid:25105 ppid: 24362 flags:0x00004004
[ 1562.872767][   T31] Call Trace:
[ 1562.875948][   T31]  <TASK>
[ 1562.878735][   T31]  __schedule+0xccc/0x1590
[ 1562.883464][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1562.889260][   T31]  ? __kasan_check_write+0x14/0x20
[ 1562.899344][  T499] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1562.906930][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1562.912217][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1562.918087][T27382] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1562.936185][T27382] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1562.970905][   T31]  schedule+0x11f/0x1e0
[ 1562.974960][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1562.980451][   T31]  down_read+0xcd6/0x1900
[ 1562.984625][   T31]  ? __down_common+0x550/0x550
[ 1562.989178][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1562.990305][T26883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1562.994326][   T31]  ? __kasan_check_write+0x14/0x20
[ 1563.009956][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1563.014540][   T31]  ? __put_super+0x54/0x2e0
[ 1563.018858][   T31]  iterate_supers+0xb3/0x1f0
[ 1563.020216][T26883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1563.023359][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1563.037291][   T31]  ksys_sync+0xb9/0x1c0
[ 1563.058807][   T31]  ? sync_filesystem+0x250/0x250
[ 1563.079208][   T31]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 1563.110891][   T31]  __do_sys_sync+0xe/0x20
[ 1563.131363][   T31]  x64_sys_call+0x488/0x9a0
[ 1563.152254][   T31]  do_syscall_64+0x3b/0xb0
[ 1563.175486][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1563.200086][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1563.226527][T26883] usb 2-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[ 1563.230255][   T31] RIP: 0033:0x7f03b79d7ff9
[ 1563.235624][T26883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1563.249850][   T31] RSP: 002b:00007f03b6651038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1563.261698][T26883] usb 2-1: config 0 descriptor??
[ 1563.266881][   T31] RAX: ffffffffffffffda RBX: 00007f03b7b8ff80 RCX: 00007f03b79d7ff9
[ 1563.275936][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1563.284601][   T31] RBP: 00007f03b7a4a296 R08: 0000000000000000 R09: 0000000000000000
[ 1563.290292][  T499] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1563.292867][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1563.311086][  T499] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1563.320893][   T31] R13: 0000000000000000 R14: 00007f03b7b8ff80 R15: 00007ffd9d13daf8
[ 1563.328701][   T31]  </TASK>
[ 1563.330970][  T499] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[ 1563.340482][   T31] NMI backtrace for cpu 0
[ 1563.344578][   T31] CPU: 0 PID: 31 Comm: khungtaskd Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1563.351268][  T499] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1563.355508][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1563.355527][   T31] Call Trace:
[ 1563.355534][   T31]  <TASK>
[ 1563.355544][   T31]  dump_stack_lvl+0x151/0x1c0
[ 1563.383633][   T31]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1563.389097][   T31]  dump_stack+0x15/0x20
[ 1563.393107][   T31]  nmi_cpu_backtrace+0x2f7/0x300
[ 1563.397863][   T31]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1563.403849][   T31]  ? sched_show_task+0x3d8/0x620
[ 1563.408709][   T31]  ? __rcu_read_unlock+0xd0/0xd0
[ 1563.413486][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1563.419388][   T31]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[ 1563.425203][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1563.431103][   T31]  arch_trigger_cpumask_backtrace+0x10/0x20
[ 1563.436834][   T31]  watchdog+0xdd7/0xf50
[ 1563.440821][   T31]  ? __kasan_check_write+0x14/0x20
[ 1563.445861][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1563.450718][   T31]  ? __kasan_check_read+0x11/0x20
[ 1563.455579][   T31]  ? __kthread_parkme+0xb2/0x200
[ 1563.460798][   T31]  kthread+0x421/0x510
[ 1563.464698][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1563.469551][   T31]  ? kthread_blkcg+0xd0/0xd0
[ 1563.473978][   T31]  ret_from_fork+0x1f/0x30
[ 1563.478322][   T31]  </TASK>
[ 1563.481366][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1563.485808][  T499] usb 4-1: config 0 descriptor??
[ 1563.486552][    C1] NMI backtrace for cpu 1
[ 1563.486564][    C1] CPU: 1 PID: 499 Comm: kworker/1:6 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1563.486581][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1563.486595][    C1] Workqueue: usb_hub_wq hub_event
[ 1563.486619][    C1] RIP: 0010:io_serial_in+0x8/0x10
[ 1563.486638][    C1] Code: e9 6c ff ff ff 89 f9 80 e1 07 fe c1 38 c1 7c a0 e8 5d 88 7e 00 eb 99 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 8d 14 37 ec <0f> b6 c0 5d c3 0f 1f 00 55 48 89 e5 89 d0 8d 14 37 ee 5d c3 0f 1f
[ 1563.486651][    C1] RSP: 0018:ffffc90000c26bb8 EFLAGS: 00000046
[ 1563.486663][    C1] RAX: 0000000000000000 RBX: 00000000ffff0015 RCX: 0000000000100000
[ 1563.486674][    C1] RDX: 00000000000003fd RSI: 0000000000000005 RDI: 00000000000003f8
[ 1563.486684][    C1] RBP: ffffc90000c26bb8 R08: ffffffff81575ca7 R09: fffffbfff0e5321e
[ 1563.486695][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 1563.486707][    C1] R13: ffffffff874f8982 R14: 0000000000000033 R15: 0000000000000031
[ 1563.486717][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1563.486731][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1563.486742][    C1] CR2: 000000110c25f4f1 CR3: 00000001371cf000 CR4: 00000000003506a0
[ 1563.486756][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1563.486765][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1563.486775][    C1] Call Trace:
[ 1563.486780][    C1]  <NMI>
[ 1563.486787][    C1]  ? show_regs+0x58/0x60
[ 1563.486803][    C1]  ? nmi_cpu_backtrace+0x29f/0x300
[ 1563.486824][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1563.486843][    C1]  ? io_serial_in+0x8/0x10
[ 1563.486856][    C1]  ? io_serial_in+0x8/0x10
[ 1563.486868][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1563.486886][    C1]  ? nmi_handle+0xa8/0x280
[ 1563.486902][    C1]  ? io_serial_in+0x8/0x10
[ 1563.486915][    C1]  ? default_do_nmi+0x69/0x160
[ 1563.486931][    C1]  ? exc_nmi+0xad/0x100
[ 1563.486944][    C1]  ? end_repeat_nmi+0x16/0x31
[ 1563.486961][    C1]  ? console_unlock+0xab7/0x10e0
[ 1563.486979][    C1]  ? io_serial_in+0x8/0x10
[ 1563.486992][    C1]  ? io_serial_in+0x8/0x10
[ 1563.487005][    C1]  ? io_serial_in+0x8/0x10
[ 1563.487018][    C1]  </NMI>
[ 1563.487023][    C1]  <TASK>
[ 1563.487028][    C1]  early_serial_write+0xf7/0x170
[ 1563.487043][    C1]  console_unlock+0xb3d/0x10e0
[ 1563.487061][    C1]  ? vprintk_emit+0x340/0x340
[ 1563.487075][    C1]  ? __kasan_check_write+0x14/0x20
[ 1563.487092][    C1]  ? _raw_spin_lock_irqsave+0xf9/0x210
[ 1563.487111][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1563.487131][    C1]  ? __kasan_check_write+0x14/0x20
[ 1563.487147][    C1]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1563.487165][    C1]  ? snprintf+0xd6/0x120
[ 1563.487179][    C1]  ? __stack_depot_save+0x34/0x470
[ 1563.487193][    C1]  vprintk_emit+0x132/0x340
[ 1563.487208][    C1]  ? vprintk_store+0x1620/0x1620
[ 1563.487223][    C1]  ? __kasan_check_read+0x11/0x20
[ 1563.487239][    C1]  ? read_word_at_a_time+0x12/0x20
[ 1563.487253][    C1]  ? strscpy+0x9c/0x260
[ 1563.487267][    C1]  dev_vprintk_emit+0x2ad/0x330
[ 1563.487285][    C1]  ? _dev_info+0x170/0x170
[ 1563.487304][    C1]  dev_printk_emit+0xd9/0x120
[ 1563.487321][    C1]  ? selinux_path_notify+0x6d0/0x6d0
[ 1563.487339][    C1]  ? dev_vprintk_emit+0x330/0x330
[ 1563.487356][    C1]  ? __kasan_check_write+0x14/0x20
[ 1563.487372][    C1]  ? _raw_spin_lock+0xa4/0x1b0
[ 1563.487389][    C1]  __dev_printk+0x17d/0x1b0
[ 1563.487404][    C1]  _dev_warn+0x11e/0x170
[ 1563.487420][    C1]  ? rwsem_write_trylock+0x153/0x340
[ 1563.487436][    C1]  ? usb_set_configuration+0x2ed/0x1e80
[ 1563.487451][    C1]  ? _dev_err+0x170/0x170
[ 1563.487466][    C1]  ? rwsem_write_trylock+0x153/0x340
[ 1563.487482][    C1]  ? kernfs_new_node+0x230/0x230
[ 1563.487501][    C1]  ? kernfs_activate+0x359/0x370
[ 1563.487518][    C1]  usb_set_configuration+0x1c7c/0x1e80
[ 1563.487533][    C1]  ? kernfs_add_one+0x524/0x650
[ 1563.487550][    C1]  ? usb_choose_configuration+0x6b3/0x810
[ 1563.487567][    C1]  usb_generic_driver_probe+0x8b/0x150
[ 1563.487582][    C1]  usb_probe_device+0x144/0x260
[ 1563.487600][    C1]  ? usb_register_device_driver+0x240/0x240
[ 1563.487616][    C1]  really_probe+0x28d/0x970
[ 1563.487631][    C1]  ? __kasan_check_write+0x14/0x20
[ 1563.487648][    C1]  __driver_probe_device+0x1a0/0x310
[ 1563.487665][    C1]  driver_probe_device+0x54/0x3d0
[ 1563.487680][    C1]  ? __device_attach_driver+0x2af/0x470
[ 1563.487696][    C1]  __device_attach_driver+0x2c5/0x470
[ 1563.487713][    C1]  ? deferred_probe_work_func+0x240/0x240
[ 1563.487729][    C1]  bus_for_each_drv+0x183/0x200
[ 1563.487743][    C1]  ? kasan_quarantine_put+0x34/0x1a0
[ 1563.487760][    C1]  ? subsys_find_device_by_id+0x310/0x310
[ 1563.487776][    C1]  ? __pm_runtime_resume+0x11e/0x170
[ 1563.487792][    C1]  __device_attach+0x312/0x510
[ 1563.487807][    C1]  ? kobject_uevent_env+0x33c/0x700
[ 1563.487825][    C1]  ? device_attach+0x20/0x20
[ 1563.487840][    C1]  ? kobject_uevent_env+0x33c/0x700
[ 1563.487858][    C1]  device_initial_probe+0x1a/0x20
[ 1563.487873][    C1]  bus_probe_device+0xbe/0x1e0
[ 1563.487888][    C1]  device_add+0xb60/0xf10
[ 1563.487906][    C1]  usb_new_device+0x1038/0x1c00
[ 1563.487926][    C1]  ? usb_disconnect+0x890/0x890
[ 1563.487941][    C1]  ? __mutex_lock_slowpath+0x10/0x10
[ 1563.487956][    C1]  ? hub_event+0x2b30/0x4770
[ 1563.487971][    C1]  ? hub_event+0x2c4c/0x4770
[ 1563.487988][    C1]  hub_event+0x2def/0x4770
[ 1563.488013][    C1]  ? led_work+0x590/0x590
[ 1563.488029][    C1]  ? _raw_spin_unlock+0x4d/0x70
[ 1563.488045][    C1]  ? finish_task_switch+0x167/0x7b0
[ 1563.488064][    C1]  ? __kasan_check_read+0x11/0x20
[ 1563.488080][    C1]  ? read_word_at_a_time+0x12/0x20
[ 1563.488094][    C1]  ? strscpy+0x9c/0x260
[ 1563.488108][    C1]  process_one_work+0x6bb/0xc10
[ 1563.488125][    C1]  worker_thread+0xad5/0x12a0
[ 1563.488138][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1563.488159][    C1]  kthread+0x421/0x510
[ 1563.488174][    C1]  ? worker_clr_flags+0x180/0x180
[ 1563.488188][    C1]  ? kthread_blkcg+0xd0/0xd0
[ 1563.488204][    C1]  ret_from_fork+0x1f/0x30
[ 1563.488222][    C1]  </TASK>
[ 1563.680239][T26883] usbhid 2-1:0.0: can't add hid device: -71
[ 1564.281014][T26883] usbhid: probe of 2-1:0.0 failed with error -71
[ 1564.289721][T26883] usb 2-1: USB disconnect, device number 73
[ 1565.759626][T27420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6543'.
[ 1565.771554][T27418] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6542'.
[ 1565.958953][T27425] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6544'.
[ 1566.680421][  T499] usbhid 4-1:0.0: can't add hid device: -71
[ 1566.709384][  T499] usbhid: probe of 4-1:0.0 failed with error -71
[ 1566.886698][T27434] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc
[ 1566.902409][  T499] usb 4-1: USB disconnect, device number 82
[ 1566.941741][T27438] FAULT_INJECTION: forcing a failure.
[ 1566.941741][T27438] name failslab, interval 1, probability 0, space 0, times 0
[ 1567.010280][T27438] CPU: 0 PID: 27438 Comm: syz.1.6549 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1567.021509][T27438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1567.031388][T27438] Call Trace:
[ 1567.034506][T27438]  <TASK>
[ 1567.037297][T27438]  dump_stack_lvl+0x151/0x1c0
[ 1567.041802][T27438]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1567.047274][T27438]  dump_stack+0x15/0x20
[ 1567.051265][T27438]  should_fail+0x3c6/0x510
[ 1567.055518][T27438]  __should_failslab+0xa4/0xe0
[ 1567.060223][T27438]  should_failslab+0x9/0x20
[ 1567.064559][T27438]  slab_pre_alloc_hook+0x37/0xd0
[ 1567.069336][T27438]  kmem_cache_alloc_trace+0x48/0x210
[ 1567.074475][T27438]  ? __se_sys_mount+0x156/0x3b0
[ 1567.079142][T27438]  __se_sys_mount+0x156/0x3b0
[ 1567.083655][T27438]  ? __x64_sys_mount+0xd0/0xd0
[ 1567.088254][T27438]  ? debug_smp_processor_id+0x17/0x20
[ 1567.093463][T27438]  __x64_sys_mount+0xbf/0xd0
[ 1567.097907][T27438]  x64_sys_call+0x49d/0x9a0
[ 1567.102227][T27438]  do_syscall_64+0x3b/0xb0
[ 1567.106478][T27438]  ? clear_bhb_loop+0x35/0x90
[ 1567.110994][T27438]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1567.116721][T27438] RIP: 0033:0x7fe307cadff9
[ 1567.120975][T27438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1567.140814][T27438] RSP: 002b:00007fe306927038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1567.149054][T27438] RAX: ffffffffffffffda RBX: 00007fe307e65f80 RCX: 00007fe307cadff9
[ 1567.156866][T27438] RDX: 0000000020000b80 RSI: 0000000020000040 RDI: 0000000000000000
[ 1567.164765][T27438] RBP: 00007fe306927090 R08: 0000000020000580 R09: 0000000000000000
[ 1567.172576][T27438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1567.180389][T27438] R13: 0000000000000000 R14: 00007fe307e65f80 R15: 00007ffcaff8e718
[ 1567.188219][T27438]  </TASK>
[ 1568.109848][T27443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6546'.
[ 1568.214366][   T30] audit: type=1326 audit(1728181594.607:13418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1568.320181][   T30] audit: type=1326 audit(1728181594.607:13419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1568.363497][   T30] audit: type=1326 audit(1728181594.607:13420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1568.391660][   T30] audit: type=1326 audit(1728181594.607:13421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1568.420893][   T30] audit: type=1326 audit(1728181594.607:13422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1568.472885][   T30] audit: type=1326 audit(1728181594.607:13423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1569.030018][   T30] audit: type=1326 audit(1728181594.607:13424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1569.061138][   T30] audit: type=1326 audit(1728181594.607:13425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1569.101330][   T30] audit: type=1326 audit(1728181594.607:13426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27451 comm="syz.1.6551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1569.493787][T27478] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6557'.
[ 1570.090290][T27468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6556'.
[ 1570.218556][  T484] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[ 1570.232198][ T8804] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1570.660313][  T484] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1570.671194][ T8804] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1570.684233][ T8804] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1570.694077][  T484] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1570.703896][ T8804] usb 5-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[ 1570.712924][  T484] usb 2-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d
[ 1570.720239][T26514] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[ 1570.722118][ T8804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1570.737187][  T484] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1570.789548][ T8804] usb 5-1: config 0 descriptor??
[ 1570.800262][T27481] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1571.021883][T26564] usb 2-1: USB disconnect, device number 74
[ 1571.290273][T26514] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1571.301443][T26514] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1571.311831][T26514] usb 4-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d
[ 1571.321052][T26514] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1571.350290][T27494] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1571.359697][ T8804] usbhid 5-1:0.0: can't add hid device: -71
[ 1571.365618][ T8804] usbhid: probe of 5-1:0.0 failed with error -71
[ 1571.373437][ T8804] usb 5-1: USB disconnect, device number 76
[ 1571.675155][  T321] usb 4-1: USB disconnect, device number 83
[ 1571.839552][T27522] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6571'.
[ 1572.368779][  T321] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1573.220235][  T321] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1573.231040][  T321] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1573.240992][  T321] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1573.250081][  T321] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1573.258732][  T321] usb 5-1: config 0 descriptor??
[ 1573.477681][ T8804] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1573.720201][ T8804] usb 2-1: Using ep0 maxpacket: 8
[ 1573.790216][  T321] usbhid 5-1:0.0: can't add hid device: -71
[ 1573.796143][  T321] usbhid: probe of 5-1:0.0 failed with error -71
[ 1573.806534][  T321] usb 5-1: USB disconnect, device number 77
[ 1573.810641][T17297] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1573.840292][ T8804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1573.851154][ T8804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1573.861544][ T8804] usb 2-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[ 1573.870773][ T8804] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1573.883981][ T8804] usb 2-1: config 0 descriptor??
[ 1574.431539][  T321] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1574.456454][T27559] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6583'.
[ 1574.465273][T27559] netlink: 52 bytes leftover after parsing attributes in process `syz.4.6583'.
[ 1574.474038][T27559] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6583'.
[ 1574.505359][ T8804] hid-picolcd 0003:04D8:F002.0068: item fetching failed at offset 5/7
[ 1574.513687][ T8804] hid-picolcd 0003:04D8:F002.0068: device report parse failed
[ 1574.521638][ T8804] hid-picolcd: probe of 0003:04D8:F002.0068 failed with error -22
[ 1574.530255][T17297] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1574.541192][T17297] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1574.550876][T17297] usb 3-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d
[ 1574.559697][T17297] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1574.580393][T27546] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1574.715433][T24460] usb 2-1: USB disconnect, device number 75
[ 1574.814804][T17297] usb 3-1: USB disconnect, device number 77
[ 1574.870288][  T321] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1574.881319][  T321] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1574.910192][  T321] usb 4-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d
[ 1574.919140][  T321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1574.950296][T27556] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1575.172049][T26883] usb 4-1: USB disconnect, device number 84
[ 1575.200181][T24460] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 1575.492316][T27568] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1575.500409][T27568] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1575.620513][T24460] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1575.649985][T27582] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6587'.
[ 1575.672140][T24460] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1575.682757][T24460] usb 1-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[ 1575.692079][T24460] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1575.812881][T24460] usb 1-1: config 0 descriptor??
[ 1576.970398][T24460] usbhid 1-1:0.0: can't add hid device: -71
[ 1576.976629][T24460] usbhid: probe of 1-1:0.0 failed with error -71
[ 1576.991773][T24460] usb 1-1: USB disconnect, device number 58
[ 1577.170431][    C0] eth0: bad gso: type: 1, size: 1408
[ 1577.556904][T26883] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1577.801777][   T30] audit: type=1326 audit(1728181604.197:13427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27608 comm="syz.1.6596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1577.834644][   T30] audit: type=1326 audit(1728181604.227:13428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27608 comm="syz.1.6596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1577.878582][   T30] audit: type=1326 audit(1728181604.227:13429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27608 comm="syz.1.6596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1577.983314][   T30] audit: type=1326 audit(1728181604.227:13430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27608 comm="syz.1.6596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1578.036920][   T30] audit: type=1326 audit(1728181604.227:13431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27608 comm="syz.1.6596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1578.088499][   T30] audit: type=1326 audit(1728181604.357:13432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27609 comm="syz.2.6597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec07f2eff9 code=0x7ffc0000
[ 1578.112835][   T30] audit: type=1326 audit(1728181604.357:13433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27609 comm="syz.2.6597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec07f2eff9 code=0x7ffc0000
[ 1578.136790][   T30] audit: type=1326 audit(1728181604.357:13434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27609 comm="syz.2.6597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fec07f2eff9 code=0x7ffc0000
[ 1578.160791][   T30] audit: type=1326 audit(1728181604.357:13435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27609 comm="syz.2.6597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec07f2eff9 code=0x7ffc0000
[ 1578.184438][T27606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6595'.
[ 1578.192940][   T30] audit: type=1326 audit(1728181604.357:13436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27609 comm="syz.2.6597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec07f2eff9 code=0x7ffc0000
[ 1578.410205][T27630] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6602'.
[ 1579.127411][T26883] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1579.138461][T26883] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1579.148184][T26883] usb 4-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d
[ 1579.157389][T26883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1579.200863][T27642] FAULT_INJECTION: forcing a failure.
[ 1579.200863][T27642] name failslab, interval 1, probability 0, space 0, times 0
[ 1579.220306][T27599] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1579.227407][T27642] CPU: 0 PID: 27642 Comm: syz.0.6607 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1579.238604][T27642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1579.248502][T27642] Call Trace:
[ 1579.251620][T27642]  <TASK>
[ 1579.254400][T27642]  dump_stack_lvl+0x151/0x1c0
[ 1579.259008][T27642]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1579.264469][T27642]  dump_stack+0x15/0x20
[ 1579.268458][T27642]  should_fail+0x3c6/0x510
[ 1579.272746][T27642]  __should_failslab+0xa4/0xe0
[ 1579.277315][T27642]  should_failslab+0x9/0x20
[ 1579.281652][T27642]  slab_pre_alloc_hook+0x37/0xd0
[ 1579.286426][T27642]  ? audit_log_start+0x456/0xa80
[ 1579.291199][T27642]  __kmalloc_track_caller+0x6c/0x260
[ 1579.296321][T27642]  ? audit_log_start+0x456/0xa80
[ 1579.301096][T27642]  ? audit_log_start+0x456/0xa80
[ 1579.305874][T27642]  __alloc_skb+0x10c/0x550
[ 1579.310206][T27642]  audit_log_start+0x456/0xa80
[ 1579.314811][T27642]  ? audit_serial+0x30/0x30
[ 1579.319152][T27642]  ? __kasan_check_write+0x14/0x20
[ 1579.324094][T27642]  ? migrate_enable+0x1c1/0x2a0
[ 1579.328783][T27642]  audit_seccomp+0x61/0x1e0
[ 1579.333120][T27642]  ? migrate_disable+0xd9/0x190
[ 1579.337806][T27642]  __seccomp_filter+0xc08/0x1c60
[ 1579.342581][T27642]  ? file_end_write+0x1c0/0x1c0
[ 1579.347279][T27642]  ? __kasan_check_write+0x14/0x20
[ 1579.352221][T27642]  ? __secure_computing+0x300/0x300
[ 1579.357251][T27642]  ? __mutex_lock_slowpath+0x10/0x10
[ 1579.362372][T27642]  ? __kasan_check_write+0x14/0x20
[ 1579.367316][T27642]  ? fput_many+0x160/0x1b0
[ 1579.371662][T27642]  ? __ia32_sys_read+0x90/0x90
[ 1579.376264][T27642]  __secure_computing+0xf0/0x300
[ 1579.381032][T27642]  syscall_enter_from_user_mode+0xd5/0x1b0
[ 1579.386681][T27642]  do_syscall_64+0x1e/0xb0
[ 1579.390935][T27642]  ? clear_bhb_loop+0x35/0x90
[ 1579.395445][T27642]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1579.401169][T27642] RIP: 0033:0x7f9bcca85ff9
[ 1579.405432][T27642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1579.424950][T27642] RSP: 002b:00007f9bcb6ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000077
[ 1579.433195][T27642] RAX: ffffffffffffffda RBX: 00007f9bccc3df80 RCX: 00007f9bcca85ff9
[ 1579.441001][T27642] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000
[ 1579.448813][T27642] RBP: 00007f9bcb6ff090 R08: 0000000000000000 R09: 0000000000000000
[ 1579.456625][T27642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1579.464440][T27642] R13: 0000000000000000 R14: 00007f9bccc3df80 R15: 00007ffd9b2d11b8
[ 1579.472252][T27642]  </TASK>
[ 1579.538253][T27652] xt_hashlimit: size too large, truncated to 1048576
[ 1579.550344][T17297] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[ 1579.787803][T24460] usb 4-1: USB disconnect, device number 85
[ 1579.830274][T18807] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[ 1580.110220][ T8804] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 1580.190327][T17297] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1580.201279][T17297] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1580.210845][T17297] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1580.223830][T17297] usb 2-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[ 1580.230458][T18807] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1580.245443][T18807] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1580.256451][T18807] usb 1-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[ 1580.266777][T18807] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1580.350209][ T8804] usb 5-1: Using ep0 maxpacket: 8
[ 1580.366097][T18807] usb 1-1: config 0 descriptor??
[ 1580.421747][T17297] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1580.432654][T17297] usb 2-1: config 0 descriptor??
[ 1580.510204][ T8804] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1580.606922][ T8804] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1580.615693][ T8804] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1580.625914][ T8804] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1580.634957][ T8804] usb 5-1: config 1 has no interface number 1
[ 1580.641061][ T8804] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1580.653646][ T8804] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 236, setting to 64
[ 1580.941965][T18807] usbhid 1-1:0.0: can't add hid device: -71
[ 1580.947786][T18807] usbhid: probe of 1-1:0.0 failed with error -71
[ 1580.958337][T18807] usb 1-1: USB disconnect, device number 59
[ 1580.964261][ T8804] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1580.994939][ T8804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1581.005966][ T8804] usb 5-1: Product: syz
[ 1581.009969][ T8804] usb 5-1: Manufacturer: syz
[ 1581.014466][ T8804] usb 5-1: SerialNumber: syz
[ 1581.240213][T17297] usbhid 2-1:0.0: can't add hid device: -71
[ 1581.246044][T17297] usbhid: probe of 2-1:0.0 failed with error -71
[ 1581.253397][T17297] usb 2-1: USB disconnect, device number 76
[ 1581.486877][T27679] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6617'.
[ 1581.764489][ T8804] usb 5-1: USB disconnect, device number 78
[ 1581.775430][T26958] udevd[26958]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1581.785290][T27682] overlayfs: missing 'lowerdir'
[ 1581.799761][T27682] input: syz0 as /devices/virtual/input/input99
[ 1582.120231][T17297] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 1582.209550][T27696] cgroup: Unknown subsys name 'appraise_type'
[ 1582.287443][T27696] binder: 27693:27696 ioctl 4018620d 0 returned -22
[ 1582.711630][T17297] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1582.715124][T24460] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1582.750198][T17297] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1582.800581][T17297] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1582.960509][T17297] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1582.960731][T24460] usb 5-1: Using ep0 maxpacket: 16
[ 1582.969388][T17297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1582.969414][T17297] usb 1-1: Product: syz
[ 1582.969426][T17297] usb 1-1: Manufacturer: 䠊
[ 1582.969438][T17297] usb 1-1: SerialNumber: syz
[ 1583.054384][T27705] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1583.062316][T27705] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1583.095569][   T30] kauditd_printk_skb: 42 callbacks suppressed
[ 1583.101910][   T30] audit: type=1326 audit(1728181609.487:13477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.125886][   T30] audit: type=1326 audit(1728181609.487:13478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.178686][   T30] audit: type=1326 audit(1728181609.497:13479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.242503][   T30] audit: type=1326 audit(1728181609.497:13480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.247388][T26964] udevd[26964]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[ 1583.266470][T24460] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1583.288746][   T30] audit: type=1326 audit(1728181609.497:13481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.317766][T24460] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1583.344123][   T30] audit: type=1326 audit(1728181609.497:13482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.459009][T24460] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1583.495835][   T30] audit: type=1326 audit(1728181609.497:13483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.496631][T24460] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00
[ 1583.760032][T27726] input: syz1 as /devices/virtual/input/input100
[ 1583.796115][   T30] audit: type=1326 audit(1728181609.497:13484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.822567][   T30] audit: type=1326 audit(1728181609.497:13485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.928662][T24460] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1583.941246][   T30] audit: type=1326 audit(1728181609.497:13486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27709 comm="syz.1.6626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe307cadff9 code=0x7ffc0000
[ 1583.968833][T24460] usb 5-1: config 0 descriptor??
[ 1584.085458][   T31] INFO: task syz.3.5923:25099 blocked for more than 144 seconds.
[ 1584.093615][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1584.102568][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1584.111623][   T31] task:syz.3.5923      state:D stack:23568 pid:25099 ppid: 24590 flags:0x00004204
[ 1584.121386][   T31] Call Trace:
[ 1584.124789][   T31]  <TASK>
[ 1584.127850][   T31]  __schedule+0xccc/0x1590
[ 1584.132727][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1584.452861][T27722] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6630'.
[ 1584.666478][   T31]  ? __kasan_check_write+0x14/0x20
[ 1584.671471][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1584.676396][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1584.681895][   T31]  schedule+0x11f/0x1e0
[ 1584.685877][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1584.691184][   T31]  down_read+0xcd6/0x1900
[ 1584.695338][   T31]  ? __down_common+0x550/0x550
[ 1584.700064][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1584.705387][   T31]  ? __kasan_check_write+0x14/0x20
[ 1584.710587][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1584.715394][   T31]  ? __put_super+0x54/0x2e0
[ 1584.719976][   T31]  iterate_supers+0xb3/0x1f0
[ 1584.724487][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1584.728696][   T31]  ksys_sync+0xb9/0x1c0
[ 1584.732731][   T31]  ? sync_filesystem+0x250/0x250
[ 1584.737437][   T31]  __do_sys_sync+0xe/0x20
[ 1584.741622][   T31]  x64_sys_call+0x488/0x9a0
[ 1584.745941][   T31]  do_syscall_64+0x3b/0xb0
[ 1584.750205][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1584.754710][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1584.760464][   T31] RIP: 0033:0x7fb263650ff9
[ 1584.764689][   T31] RSP: 002b:00007fb2622ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1584.772947][   T31] RAX: ffffffffffffffda RBX: 00007fb263808f80 RCX: 00007fb263650ff9
[ 1584.780766][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1584.788558][   T31] RBP: 00007fb2636c3296 R08: 0000000000000000 R09: 0000000000000000
[ 1584.796381][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1584.804288][   T31] R13: 0000000000000000 R14: 00007fb263808f80 R15: 00007fff4307d388
[ 1584.812097][   T31]  </TASK>
[ 1584.816597][   T31] INFO: task syz.4.5925:25105 blocked for more than 145 seconds.
[ 1584.830224][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1584.838951][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1584.848372][   T31] task:syz.4.5925      state:D stack:24656 pid:25105 ppid: 24362 flags:0x00004004
[ 1584.871057][   T31] Call Trace:
[ 1584.874195][   T31]  <TASK>
[ 1584.877055][   T31]  __schedule+0xccc/0x1590
[ 1584.891388][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1584.900262][   T31]  ? __kasan_check_write+0x14/0x20
[ 1584.910647][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1584.922537][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1584.935001][   T31]  schedule+0x11f/0x1e0
[ 1584.943549][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1584.950685][   T31]  down_read+0xcd6/0x1900
[ 1584.954913][   T31]  ? __down_common+0x550/0x550
[ 1584.959471][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1584.964688][   T31]  ? __kasan_check_write+0x14/0x20
[ 1584.969734][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1584.974661][   T31]  ? __put_super+0x54/0x2e0
[ 1584.979010][   T31]  iterate_supers+0xb3/0x1f0
[ 1584.983446][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1584.987672][   T31]  ksys_sync+0xb9/0x1c0
[ 1584.991828][   T31]  ? sync_filesystem+0x250/0x250
[ 1584.996623][   T31]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 1585.002237][   T31]  __do_sys_sync+0xe/0x20
[ 1585.006909][   T31]  x64_sys_call+0x488/0x9a0
[ 1585.011341][T24460] usbhid 5-1:0.0: can't add hid device: -71
[ 1585.017010][T24460] usbhid: probe of 5-1:0.0 failed with error -71
[ 1585.023966][   T31]  do_syscall_64+0x3b/0xb0
[ 1585.028935][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1585.110372][T24460] usb 5-1: USB disconnect, device number 79
[ 1585.116246][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1585.125095][   T31] RIP: 0033:0x7f03b79d7ff9
[ 1585.290224][   T31] RSP: 002b:00007f03b6651038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1585.299614][   T31] RAX: ffffffffffffffda RBX: 00007f03b7b8ff80 RCX: 00007f03b79d7ff9
[ 1585.323680][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1585.331926][   T31] RBP: 00007f03b7a4a296 R08: 0000000000000000 R09: 0000000000000000
[ 1585.339737][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1585.347599][   T31] R13: 0000000000000000 R14: 00007f03b7b8ff80 R15: 00007ffd9d13daf8
[ 1585.355456][   T31]  </TASK>
[ 1585.358593][   T31] NMI backtrace for cpu 0
[ 1585.362732][   T31] CPU: 0 PID: 31 Comm: khungtaskd Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1585.373672][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1585.383561][   T31] Call Trace:
[ 1585.386683][   T31]  <TASK>
[ 1585.389464][   T31]  dump_stack_lvl+0x151/0x1c0
[ 1585.394072][   T31]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1585.399531][   T31]  dump_stack+0x15/0x20
[ 1585.403520][   T31]  nmi_cpu_backtrace+0x2f7/0x300
[ 1585.408297][   T31]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1585.414284][   T31]  ? sysvec_call_function_single+0x52/0xb0
[ 1585.419925][   T31]  ? asm_sysvec_call_function_single+0x1b/0x20
[ 1585.425915][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1585.431825][   T31]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[ 1585.437640][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1585.443711][   T31]  arch_trigger_cpumask_backtrace+0x10/0x20
[ 1585.449436][   T31]  watchdog+0xdd7/0xf50
[ 1585.453442][   T31]  ? __kasan_check_write+0x14/0x20
[ 1585.458380][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1585.463235][   T31]  ? __kasan_check_read+0x11/0x20
[ 1585.468098][   T31]  ? __kthread_parkme+0xb2/0x200
[ 1585.472871][   T31]  kthread+0x421/0x510
[ 1585.476774][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1585.481634][   T31]  ? kthread_blkcg+0xd0/0xd0
[ 1585.486062][   T31]  ret_from_fork+0x1f/0x30
[ 1585.490316][   T31]  </TASK>
[ 1585.493349][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1585.498381][    C1] NMI backtrace for cpu 1
[ 1585.498395][    C1] CPU: 1 PID: 27735 Comm: syz.2.6634 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1585.498413][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1585.498422][    C1] RIP: 0010:native_apic_msr_write+0x39/0x50
[ 1585.498446][    C1] Code: 74 05 83 ff 30 75 12 5d c3 81 ff d0 00 00 00 74 f6 81 ff e0 00 00 00 74 ee c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 eb d9 89 f6 31 d2 e8 5a 01 52 01 5d c3 0f 1f 84 00 00 00 00
[ 1585.498460][    C1] RSP: 0018:ffffc90000a67a18 EFLAGS: 00000046
[ 1585.498475][    C1] RAX: 000000000000f3ae RBX: ffffffff862619d8 RCX: 0000000000000838
[ 1585.498486][    C1] RDX: 0000000000000000 RSI: 000000000000f3ae RDI: 0000000000000838
[ 1585.498497][    C1] RBP: ffffc90000a67a18 R08: ffffffff8163cd9b R09: ffffffff8163cc8d
[ 1585.498508][    C1] R10: 0000000000000002 R11: ffff888112393b40 R12: 0000000000000020
[ 1585.498519][    C1] R13: dffffc0000000000 R14: 000000000000f3ae R15: dffffc0000000000
[ 1585.498530][    C1] FS:  0000555557390500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1585.498544][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1585.498556][    C1] CR2: 0000001b2d60fff8 CR3: 000000010ef70000 CR4: 00000000003506a0
[ 1585.498570][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1585.498580][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1585.498590][    C1] Call Trace:
[ 1585.498595][    C1]  <NMI>
[ 1585.498602][    C1]  ? show_regs+0x58/0x60
[ 1585.498619][    C1]  ? nmi_cpu_backtrace+0x29f/0x300
[ 1585.498639][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1585.498659][    C1]  ? native_apic_msr_write+0x39/0x50
[ 1585.498675][    C1]  ? native_apic_msr_write+0x39/0x50
[ 1585.498699][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1585.498715][    C1]  ? nmi_handle+0xa8/0x280
[ 1585.498731][    C1]  ? native_apic_msr_write+0x39/0x50
[ 1585.498748][    C1]  ? default_do_nmi+0x69/0x160
[ 1585.498764][    C1]  ? exc_nmi+0xad/0x100
[ 1585.498777][    C1]  ? end_repeat_nmi+0x16/0x31
[ 1585.498794][    C1]  ? clockevents_program_event+0x7d/0x300
[ 1585.498810][    C1]  ? clockevents_program_event+0x18b/0x300
[ 1585.498826][    C1]  ? native_apic_msr_write+0x39/0x50
[ 1585.498843][    C1]  ? native_apic_msr_write+0x39/0x50
[ 1585.498861][    C1]  ? native_apic_msr_write+0x39/0x50
[ 1585.498878][    C1]  </NMI>
[ 1585.498883][    C1]  <TASK>
[ 1585.498888][    C1]  lapic_next_event+0x5f/0x70
[ 1585.498903][    C1]  clockevents_program_event+0x1c1/0x300
[ 1585.498920][    C1]  tick_program_event+0x9f/0x120
[ 1585.498937][    C1]  hrtimer_reprogram+0x389/0x430
[ 1585.498953][    C1]  hrtimer_start_range_ns+0xa18/0xb80
[ 1585.498971][    C1]  do_nanosleep+0x12d/0x6a0
[ 1585.498990][    C1]  ? usleep_range_state+0x160/0x160
[ 1585.499007][    C1]  ? hrtimer_init_sleeper+0x3b/0x1a0
[ 1585.499021][    C1]  ? hrtimer_nanosleep+0x115/0x3f0
[ 1585.499037][    C1]  hrtimer_nanosleep+0x1c5/0x3f0
[ 1585.499052][    C1]  ? nanosleep_copyout+0x120/0x120
[ 1585.499068][    C1]  ? __remove_hrtimer+0x4d0/0x4d0
[ 1585.499084][    C1]  ? get_timespec64+0x197/0x270
[ 1585.499101][    C1]  ? clockevents_program_event+0x22f/0x300
[ 1585.499118][    C1]  ? timespec64_add_safe+0x220/0x220
[ 1585.499135][    C1]  common_nsleep+0x91/0xb0
[ 1585.499149][    C1]  __se_sys_clock_nanosleep+0x323/0x3b0
[ 1585.499164][    C1]  ? __x64_sys_clock_nanosleep+0xb0/0xb0
[ 1585.499179][    C1]  ? __kasan_check_write+0x14/0x20
[ 1585.499197][    C1]  ? switch_fpu_return+0x15f/0x2e0
[ 1585.499214][    C1]  __x64_sys_clock_nanosleep+0x9b/0xb0
[ 1585.499229][    C1]  x64_sys_call+0x609/0x9a0
[ 1585.499244][    C1]  do_syscall_64+0x3b/0xb0
[ 1585.499258][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1585.499272][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1585.499287][    C1] RIP: 0033:0x7fec07f610e5
[ 1585.499301][    C1] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 c6 57 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 1f 58 ff ff 48 8b 04 24 48 83 c4 28 f7 d8
[ 1585.499314][    C1] RSP: 002b:00007ffd2899a250 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[ 1585.499330][    C1] RAX: ffffffffffffffda RBX: 00007fec080e6f80 RCX: 00007fec07f610e5
[ 1585.499341][    C1] RDX: 00007ffd2899a290 RSI: 0000000000000000 RDI: 0000000000000000
[ 1585.499351][    C1] RBP: 00007fec080e8a80 R08: 0000000000000000 R09: 00007ffd2899e0b0
[ 1585.499362][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000018322d
[ 1585.499375][    C1] R13: 00007ffd2899a3c0 R14: 0000000000000032 R15: ffffffffffffffff
[ 1585.499390][    C1]  </TASK>
[ 1586.039278][T27749] incfs: Options parsing error. -22
[ 1586.044562][T27749] incfs: mount failed -22
[ 1586.270226][    T6] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 1587.010278][T17297] usb 1-1: 0:2 : does not exist
[ 1587.028500][T17297] usb 1-1: USB disconnect, device number 60
[ 1588.032239][T27772] fuse: Bad value for 'user_id'
[ 1588.130301][   T30] kauditd_printk_skb: 52 callbacks suppressed
[ 1588.130316][   T30] audit: type=1400 audit(1728181614.357:13539): avc:  denied  { read } for  pid=27767 comm="syz.3.6644" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1588.189150][   T30] audit: type=1400 audit(1728181614.367:13540): avc:  denied  { open } for  pid=27767 comm="syz.3.6644" path="/114/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1588.214014][    T6] usb 5-1: Using ep0 maxpacket: 32
[ 1588.219951][   T30] audit: type=1400 audit(1728181614.387:13541): avc:  denied  { ioctl } for  pid=27767 comm="syz.3.6644" path="/114/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1588.246875][   T30] audit: type=1400 audit(1728181614.417:13542): avc:  denied  { mounton } for  pid=27767 comm="syz.3.6644" path="/114/file0" dev="incremental-fs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1588.278812][T27778] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1588.285961][T27778] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1588.297667][T27778] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1588.304601][T27778] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1588.311786][T27778] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1588.318732][T27778] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1588.326666][T27778] device bridge0 entered promiscuous mode
[ 1588.380319][    T6] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[ 1588.390875][    T6] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[ 1588.410230][    T6] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[ 1588.646518][    T6] usb 5-1: New USB device found, idVendor=056a, idProduct=0011, bcdDevice= 5.00
[ 1588.672817][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1588.684850][    T6] usb 5-1: config 0 descriptor??
[ 1589.394583][   T26] usb 5-1: USB disconnect, device number 80
[ 1589.432916][   T30] audit: type=1326 audit(1728181615.827:13543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27791 comm="syz.4.6650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef6244ff9 code=0x7ffc0000
[ 1589.456963][   T30] audit: type=1326 audit(1728181615.827:13544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27791 comm="syz.4.6650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4ef6244ff9 code=0x7ffc0000
[ 1589.514942][   T30] audit: type=1326 audit(1728181615.827:13545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27791 comm="syz.4.6650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef6244ff9 code=0x7ffc0000
[ 1589.544778][    C0] eth0: bad gso: type: 1, size: 1408
[ 1589.551693][   T30] audit: type=1326 audit(1728181615.827:13546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27791 comm="syz.4.6650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f4ef6244ff9 code=0x7ffc0000
[ 1589.576584][   T30] audit: type=1326 audit(1728181615.827:13547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27791 comm="syz.4.6650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef6244ff9 code=0x7ffc0000
[ 1589.601803][   T30] audit: type=1326 audit(1728181615.827:13548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27791 comm="syz.4.6650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4ef6244ff9 code=0x7ffc0000
[ 1590.400173][    T6] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 1590.791660][T27814] xt_TCPMSS: Only works on TCP SYN packets
[ 1590.900158][    T6] usb 2-1: Using ep0 maxpacket: 32
[ 1591.050259][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1591.061391][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1591.072784][    T6] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1591.082016][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1591.091066][    T6] usb 2-1: config 0 descriptor??
[ 1591.120282][T27807] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1591.140910][    T6] hub 2-1:0.0: USB hub found
[ 1591.642283][    T6] hub 2-1:0.0: 2 ports detected
[ 1591.648240][T27827] veth0_to_bond: mtu less than device minimum
[ 1592.229600][T27835] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1592.236580][T27835] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1592.244257][T27835] device bridge_slave_0 entered promiscuous mode
[ 1592.251630][T27835] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1592.258525][T27835] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1592.271062][T27835] device bridge_slave_1 entered promiscuous mode
[ 1593.128362][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1593.136389][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1593.154404][   T30] kauditd_printk_skb: 35 callbacks suppressed
[ 1593.154421][   T30] audit: type=1400 audit(1728181619.547:13584): avc:  denied  { create } for  pid=27851 comm="syz.4.6668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1593.154681][T27852] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6668'.
[ 1593.241677][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1593.260068][   T30] audit: type=1400 audit(1728181619.547:13585): avc:  denied  { write } for  pid=27851 comm="syz.4.6668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1593.260755][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1593.291823][T27855] FAULT_INJECTION: forcing a failure.
[ 1593.291823][T27855] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1593.314768][T27855] CPU: 0 PID: 27855 Comm: syz.4.6670 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1593.325979][T27855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1593.335880][T27855] Call Trace:
[ 1593.338999][T27855]  <TASK>
[ 1593.341774][T27855]  dump_stack_lvl+0x151/0x1c0
[ 1593.346287][T27855]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1593.351757][T27855]  ? 0xffffffffa002a000
[ 1593.355749][T27855]  ? is_bpf_text_address+0x172/0x190
[ 1593.360868][T27855]  ? stack_trace_save+0x1c0/0x1c0
[ 1593.365729][T27855]  dump_stack+0x15/0x20
[ 1593.369729][T27855]  should_fail+0x3c6/0x510
[ 1593.373981][T27855]  should_fail_alloc_page+0x5a/0x80
[ 1593.379009][T27855]  prepare_alloc_pages+0x15c/0x700
[ 1593.383959][T27855]  ? __alloc_pages_bulk+0xe40/0xe40
[ 1593.388990][T27855]  ? pcpu_chunk_refresh_hint+0x802/0x930
[ 1593.394892][T27855]  __alloc_pages+0x18c/0x8f0
[ 1593.399320][T27855]  ? prep_new_page+0x110/0x110
[ 1593.403918][T27855]  ? pcpu_chunk_relocate+0x20a/0x430
[ 1593.409039][T27855]  pcpu_populate_chunk+0x18c/0xe30
[ 1593.413992][T27855]  pcpu_alloc+0x984/0x13e0
[ 1593.418242][T27855]  __alloc_percpu_gfp+0x27/0x30
[ 1593.422928][T27855]  bpf_map_alloc_percpu+0xe6/0x160
[ 1593.427892][T27855]  array_map_alloc+0x3a5/0x6d0
[ 1593.432656][T27855]  map_create+0x411/0x2050
[ 1593.436904][T27855]  __sys_bpf+0x296/0x760
[ 1593.440983][T27855]  ? fput_many+0x160/0x1b0
[ 1593.445240][T27855]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1593.450444][T27855]  ? debug_smp_processor_id+0x17/0x20
[ 1593.455648][T27855]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1593.461553][T27855]  __x64_sys_bpf+0x7c/0x90
[ 1593.465807][T27855]  x64_sys_call+0x87f/0x9a0
[ 1593.470141][T27855]  do_syscall_64+0x3b/0xb0
[ 1593.474396][T27855]  ? clear_bhb_loop+0x35/0x90
[ 1593.478919][T27855]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1593.484634][T27855] RIP: 0033:0x7f4ef6244ff9
[ 1593.488891][T27855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1593.508332][T27855] RSP: 002b:00007f4ef4ebe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1593.516731][T27855] RAX: ffffffffffffffda RBX: 00007f4ef63fcf80 RCX: 00007f4ef6244ff9
[ 1593.524645][T27855] RDX: 0000000000000048 RSI: 0000000020000140 RDI: 2000000000000000
[ 1593.532978][T27855] RBP: 00007f4ef4ebe090 R08: 0000000000000000 R09: 0000000000000000
[ 1593.540796][T27855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1593.548599][T27855] R13: 0000000000000000 R14: 00007f4ef63fcf80 R15: 00007ffff745f228
[ 1593.556418][T27855]  </TASK>
[ 1593.561604][  T435] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1593.568465][  T435] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1593.577054][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1593.678143][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1593.686729][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1593.695620][  T435] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1593.702502][  T435] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1594.407376][T27864] FAULT_INJECTION: forcing a failure.
[ 1594.407376][T27864] name failslab, interval 1, probability 0, space 0, times 0
[ 1594.419928][T27864] CPU: 0 PID: 27864 Comm: syz.4.6671 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1594.431113][T27864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1594.441008][T27864] Call Trace:
[ 1594.444130][T27864]  <TASK>
[ 1594.446905][T27864]  dump_stack_lvl+0x151/0x1c0
[ 1594.451422][T27864]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1594.456896][T27864]  dump_stack+0x15/0x20
[ 1594.460882][T27864]  should_fail+0x3c6/0x510
[ 1594.465134][T27864]  __should_failslab+0xa4/0xe0
[ 1594.469737][T27864]  should_failslab+0x9/0x20
[ 1594.474074][T27864]  slab_pre_alloc_hook+0x37/0xd0
[ 1594.478850][T27864]  kmem_cache_alloc_trace+0x48/0x210
[ 1594.483966][T27864]  ? __get_vm_area_node+0x117/0x360
[ 1594.489001][T27864]  ? __kasan_slab_free+0x11/0x20
[ 1594.493784][T27864]  __get_vm_area_node+0x117/0x360
[ 1594.498636][T27864]  __vmalloc_node_range+0xe2/0x8d0
[ 1594.503583][T27864]  ? bpf_prog_alloc_no_stats+0x3b/0x2f0
[ 1594.508962][T27864]  ? selinux_capset+0xf0/0xf0
[ 1594.513477][T27864]  ? kstrtouint_from_user+0x20a/0x2a0
[ 1594.518686][T27864]  ? kstrtol_from_user+0x310/0x310
[ 1594.523633][T27864]  ? bpf_prog_alloc_no_stats+0x3b/0x2f0
[ 1594.529013][T27864]  __vmalloc+0x7a/0x90
[ 1594.533183][T27864]  ? bpf_prog_alloc_no_stats+0x3b/0x2f0
[ 1594.538561][T27864]  bpf_prog_alloc_no_stats+0x3b/0x2f0
[ 1594.543772][T27864]  ? bpf_prog_alloc+0x15/0x1e0
[ 1594.548369][T27864]  bpf_prog_alloc+0x1f/0x1e0
[ 1594.552795][T27864]  bpf_prog_load+0x800/0x1b50
[ 1594.557311][T27864]  ? map_freeze+0x370/0x370
[ 1594.561651][T27864]  ? selinux_bpf+0xcb/0x100
[ 1594.565989][T27864]  ? security_bpf+0x82/0xb0
[ 1594.570329][T27864]  __sys_bpf+0x4bc/0x760
[ 1594.574580][T27864]  ? fput_many+0x160/0x1b0
[ 1594.578833][T27864]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1594.584044][T27864]  ? debug_smp_processor_id+0x17/0x20
[ 1594.589251][T27864]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1594.595157][T27864]  __x64_sys_bpf+0x7c/0x90
[ 1594.599405][T27864]  x64_sys_call+0x87f/0x9a0
[ 1594.603740][T27864]  do_syscall_64+0x3b/0xb0
[ 1594.607995][T27864]  ? clear_bhb_loop+0x35/0x90
[ 1594.612512][T27864]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1594.618237][T27864] RIP: 0033:0x7f4ef6244ff9
[ 1594.622489][T27864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1594.641931][T27864] RSP: 002b:00007f4ef4e7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1594.650265][T27864] RAX: ffffffffffffffda RBX: 00007f4ef63fd130 RCX: 00007f4ef6244ff9
[ 1594.658073][T27864] RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005
[ 1594.666169][T27864] RBP: 00007f4ef4e7c090 R08: 0000000000000000 R09: 0000000000000000
[ 1594.673976][T27864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1594.681788][T27864] R13: 0000000000000000 R14: 00007f4ef63fd130 R15: 00007ffff745f228
[ 1594.689609][T27864]  </TASK>
[ 1594.692737][T27864] syz.4.6671: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz4,mems_allowed=0
[ 1594.708827][T27864] CPU: 0 PID: 27864 Comm: syz.4.6671 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1594.720060][T27864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1594.729952][T27864] Call Trace:
[ 1594.733082][T27864]  <TASK>
[ 1594.735851][T27864]  dump_stack_lvl+0x151/0x1c0
[ 1594.740369][T27864]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1594.745920][T27864]  ? pr_cont_kernfs_name+0xf0/0x100
[ 1594.750955][T27864]  dump_stack+0x15/0x20
[ 1594.754947][T27864]  warn_alloc+0x21a/0x390
[ 1594.759115][T27864]  ? zone_watermark_ok_safe+0x270/0x270
[ 1594.764501][T27864]  ? __vmalloc_node_range+0x2ab/0x8d0
[ 1594.769707][T27864]  __vmalloc_node_range+0x2c1/0x8d0
[ 1594.774738][T27864]  ? selinux_capset+0xf0/0xf0
[ 1594.779252][T27864]  ? kstrtouint_from_user+0x20a/0x2a0
[ 1594.784461][T27864]  ? kstrtol_from_user+0x310/0x310
[ 1594.789406][T27864]  ? bpf_prog_alloc_no_stats+0x3b/0x2f0
[ 1594.794783][T27864]  __vmalloc+0x7a/0x90
[ 1594.798692][T27864]  ? bpf_prog_alloc_no_stats+0x3b/0x2f0
[ 1594.804071][T27864]  bpf_prog_alloc_no_stats+0x3b/0x2f0
[ 1594.809281][T27864]  ? bpf_prog_alloc+0x15/0x1e0
[ 1594.813882][T27864]  bpf_prog_alloc+0x1f/0x1e0
[ 1594.818309][T27864]  bpf_prog_load+0x800/0x1b50
[ 1594.822822][T27864]  ? map_freeze+0x370/0x370
[ 1594.827167][T27864]  ? selinux_bpf+0xcb/0x100
[ 1594.831499][T27864]  ? security_bpf+0x82/0xb0
[ 1594.835839][T27864]  __sys_bpf+0x4bc/0x760
[ 1594.839918][T27864]  ? fput_many+0x160/0x1b0
[ 1594.844174][T27864]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1594.849494][T27864]  ? debug_smp_processor_id+0x17/0x20
[ 1594.854689][T27864]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1594.860589][T27864]  __x64_sys_bpf+0x7c/0x90
[ 1594.864845][T27864]  x64_sys_call+0x87f/0x9a0
[ 1594.869181][T27864]  do_syscall_64+0x3b/0xb0
[ 1594.873434][T27864]  ? clear_bhb_loop+0x35/0x90
[ 1594.877946][T27864]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1594.883679][T27864] RIP: 0033:0x7f4ef6244ff9
[ 1594.887929][T27864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1594.907368][T27864] RSP: 002b:00007f4ef4e7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1594.915615][T27864] RAX: ffffffffffffffda RBX: 00007f4ef63fd130 RCX: 00007f4ef6244ff9
[ 1594.923428][T27864] RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005
[ 1594.931239][T27864] RBP: 00007f4ef4e7c090 R08: 0000000000000000 R09: 0000000000000000
[ 1594.939070][T27864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1594.946877][T27864] R13: 0000000000000000 R14: 00007f4ef63fd130 R15: 00007ffff745f228
[ 1594.954680][T27864]  </TASK>
[ 1594.957831][T27864] Mem-Info:
[ 1594.960799][T27864] active_anon:127 inactive_anon:23513 isolated_anon:0
[ 1594.960799][T27864]  active_file:16989 inactive_file:4382 isolated_file:0
[ 1594.960799][T27864]  unevictable:0 dirty:241 writeback:0
[ 1594.960799][T27864]  slab_reclaimable:9816 slab_unreclaimable:71854
[ 1594.960799][T27864]  mapped:63261 shmem:8788 pagetables:724 bounce:0
[ 1594.960799][T27864]  kernel_misc_reclaimable:0
[ 1594.960799][T27864]  free:1493662 free_pcp:17176 free_cma:0
[ 1595.002140][T27864] Node 0 active_anon:508kB inactive_anon:94052kB active_file:67956kB inactive_file:17528kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:253044kB dirty:964kB writeback:0kB shmem:35152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:6848kB pagetables:2896kB all_unreclaimable? no
[ 1595.032746][T27864] DMA32 free:2974676kB min:62568kB low:78208kB high:93848kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2978968kB mlocked:0kB bounce:0kB free_pcp:4292kB local_pcp:56kB free_cma:0kB
[ 1595.059851][T27864] lowmem_reserve[]: 0 3941 3941
[ 1595.064554][T27864] Normal free:2999972kB min:84884kB low:106104kB high:127324kB reserved_highatomic:0KB active_anon:7008kB inactive_anon:87652kB active_file:67956kB inactive_file:17528kB unevictable:0kB writepending:960kB present:5242880kB managed:4035584kB mlocked:0kB bounce:0kB free_pcp:64404kB local_pcp:45972kB free_cma:0kB
[ 1595.093690][T27864] lowmem_reserve[]: 0 0 0
[ 1595.098259][T27864] DMA32: 3*4kB (M) 1*8kB (M) 2*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (UM) 3*2048kB (UM) 723*4096kB (M) = 2974676kB
[ 1595.113795][T27864] Normal: 49*4kB (ME) 48*8kB (ME) 512*16kB (UM) 1423*32kB (UME) 678*64kB (UM) 226*128kB (UME) 102*256kB (UME) 19*512kB (UME) 3*1024kB (M) 4*2048kB (UME) 690*4096kB (UM) = 2999972kB
[ 1595.131973][T27864] 27626 total pagecache pages
[ 1595.136456][T27864] 1451 pages in swap cache
[ 1595.140725][T27864] Swap cache stats: add 12935, delete 11484, find 619/619
[ 1595.147825][T27864] Free swap  = 118568kB
[ 1595.152237][T27864] Total swap = 124996kB
[ 1595.154976][T27867] overlayfs: missing 'lowerdir'
[ 1595.156513][T27864] 2097051 pages RAM
[ 1595.161266][   T30] audit: type=1400 audit(1728181621.557:13586): avc:  denied  { mounton } for  pid=27866 comm="syz.3.6673" path="/121/bus" dev="tmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1595.164632][T27864] 0 pages HighMem/MovableOnly
[ 1595.164641][T27864] 343413 pages reserved
[ 1595.164647][T27864] 0 pages cma reserved
[ 1595.202640][   T30] audit: type=1400 audit(1728181621.587:13587): avc:  denied  { mount } for  pid=27865 comm="syz.2.6672" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1595.225526][   T30] audit: type=1400 audit(1728181621.587:13588): avc:  denied  { mounton } for  pid=27865 comm="syz.2.6672" path="/99/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[ 1595.251789][   T30] audit: type=1400 audit(1728181621.587:13589): avc:  denied  { read } for  pid=27865 comm="syz.2.6672" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1595.274964][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1595.282056][T27867] input: syz0 as /devices/virtual/input/input102
[ 1595.287163][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1595.293985][   T30] audit: type=1400 audit(1728181621.587:13590): avc:  denied  { open } for  pid=27865 comm="syz.2.6672" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1595.320476][   T30] audit: type=1400 audit(1728181621.587:13591): avc:  denied  { ioctl } for  pid=27865 comm="syz.2.6672" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1595.323848][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1595.346849][   T30] audit: type=1400 audit(1728181621.677:13592): avc:  denied  { read write } for  pid=27866 comm="syz.3.6673" name="uinput" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1595.378191][   T30] audit: type=1400 audit(1728181621.677:13593): avc:  denied  { open } for  pid=27866 comm="syz.3.6673" path="/dev/uinput" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1595.395195][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1595.426761][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1595.435628][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1595.450980][T27835] device veth0_vlan entered promiscuous mode
[ 1595.457256][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1595.466583][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1595.548847][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1595.557038][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1595.564789][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1595.573401][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1595.587231][T27835] device veth1_macvtap entered promiscuous mode
[ 1595.603115][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1595.611213][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1595.619564][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1595.647120][T27885] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6674'.
[ 1595.657242][    T6] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1595.676710][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1595.761443][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1595.823119][T26280] device bridge_slave_1 left promiscuous mode
[ 1595.832385][T26280] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1595.858759][T26280] device bridge_slave_0 left promiscuous mode
[ 1595.889558][T26280] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1595.921218][T26280] device veth1_macvtap left promiscuous mode
[ 1596.325217][T26908] udevd[26908]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[ 1596.335491][T26280] device veth0_vlan left promiscuous mode
[ 1596.341285][    T6] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1596.400973][T27896] overlayfs: missing 'lowerdir'
[ 1596.430840][    T6] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1596.458198][T27896] input: syz0 as /devices/virtual/input/input103
[ 1596.472752][    T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1596.680636][    T6] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1596.706641][T26514] usb 2-1: reset high-speed USB device number 77 using dummy_hcd
[ 1596.721426][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1596.740491][    T6] usb 4-1: Product: syz
[ 1596.746165][    T6] usb 4-1: Manufacturer: syz
[ 1596.751508][    T6] usb 4-1: SerialNumber: syz
[ 1597.133345][T27907] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6683'.
[ 1597.157755][T26514] usb 2-1: device reset changed ep0 maxpacket size!
[ 1597.168221][  T484] usb 2-1: USB disconnect, device number 77
[ 1597.271437][T27909] FAULT_INJECTION: forcing a failure.
[ 1597.271437][T27909] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1597.284398][T27909] CPU: 1 PID: 27909 Comm: syz.0.6685 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1597.295508][T27909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1597.305402][T27909] Call Trace:
[ 1597.308526][T27909]  <TASK>
[ 1597.311303][T27909]  dump_stack_lvl+0x151/0x1c0
[ 1597.315816][T27909]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1597.321288][T27909]  ? avc_has_perm+0x16f/0x260
[ 1597.325797][T27909]  dump_stack+0x15/0x20
[ 1597.329793][T27909]  should_fail+0x3c6/0x510
[ 1597.334043][T27909]  should_fail_usercopy+0x1a/0x20
[ 1597.338907][T27909]  _copy_to_user+0x20/0x90
[ 1597.343161][T27909]  simple_read_from_buffer+0xc7/0x150
[ 1597.348365][T27909]  proc_fail_nth_read+0x1a3/0x210
[ 1597.353226][T27909]  ? proc_fault_inject_write+0x390/0x390
[ 1597.358698][T27909]  ? fsnotify_perm+0x269/0x5b0
[ 1597.363296][T27909]  ? security_file_permission+0x86/0xb0
[ 1597.368690][T27909]  ? proc_fault_inject_write+0x390/0x390
[ 1597.374143][T27909]  vfs_read+0x27d/0xd40
[ 1597.378135][T27909]  ? kernel_read+0x1f0/0x1f0
[ 1597.382560][T27909]  ? __kasan_check_write+0x14/0x20
[ 1597.387505][T27909]  ? mutex_lock+0xb6/0x1e0
[ 1597.391758][T27909]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1597.398187][T27909]  ? __fdget_pos+0x2e7/0x3a0
[ 1597.402606][T27909]  ? ksys_read+0x77/0x2c0
[ 1597.406776][T27909]  ksys_read+0x199/0x2c0
[ 1597.410855][T27909]  ? vfs_write+0x1110/0x1110
[ 1597.415279][T27909]  ? debug_smp_processor_id+0x17/0x20
[ 1597.420490][T27909]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1597.426417][T27909]  __x64_sys_read+0x7b/0x90
[ 1597.430733][T27909]  x64_sys_call+0x28/0x9a0
[ 1597.434982][T27909]  do_syscall_64+0x3b/0xb0
[ 1597.439237][T27909]  ? clear_bhb_loop+0x35/0x90
[ 1597.443748][T27909]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1597.449477][T27909] RIP: 0033:0x7fbc5127ba3c
[ 1597.453731][T27909] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 1597.473181][T27909] RSP: 002b:00007fbc4feb4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1597.481417][T27909] RAX: ffffffffffffffda RBX: 00007fbc51435130 RCX: 00007fbc5127ba3c
[ 1597.489325][T27909] RDX: 000000000000000f RSI: 00007fbc4feb40a0 RDI: 000000000000000a
[ 1597.497307][T27909] RBP: 00007fbc4feb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1597.505300][T27909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1597.513110][T27909] R13: 0000000000000000 R14: 00007fbc51435130 R15: 00007ffc2855ec68
[ 1597.520940][T27909]  </TASK>
[ 1597.545107][T27891] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1597.552132][T27891] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1597.567992][T27891] device bridge_slave_0 entered promiscuous mode
[ 1597.575621][T27891] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1597.582791][T27891] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1597.587576][  T484] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[ 1597.652211][T27891] device bridge_slave_1 entered promiscuous mode
[ 1598.066044][T27891] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1598.072986][T27891] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1598.080120][T27891] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1598.086957][T27891] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1598.112460][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1598.119986][  T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1598.127682][  T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1598.138418][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1598.146781][  T435] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1598.153650][  T435] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1598.179969][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1598.188770][  T435] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1598.195733][  T435] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1598.257595][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1598.267826][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1598.290490][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1598.299727][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1598.351830][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1598.362620][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1598.380456][  T484] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1598.389158][  T484] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1598.470908][  T484] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1598.474892][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1598.495520][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1598.518048][T27891] device veth0_vlan entered promiscuous mode
[ 1598.524780][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1598.533036][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1598.578619][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1598.587972][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1598.608911][T27891] device veth1_macvtap entered promiscuous mode
[ 1598.645787][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1598.654785][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1598.662830][   T30] kauditd_printk_skb: 32 callbacks suppressed
[ 1598.663147][   T30] audit: type=1400 audit(1728181625.047:13626): avc:  denied  { write } for  pid=27932 comm="syz.4.6692" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1598.692320][  T484] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1598.693363][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1598.718536][  T484] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1598.726786][  T484] usb 2-1: Product: syz
[ 1598.730870][  T484] usb 2-1: Manufacturer: 䠊
[ 1598.735300][  T484] usb 2-1: SerialNumber: syz
[ 1598.748421][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1598.759720][  T435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1599.545972][   T30] audit: type=1400 audit(1728181625.927:13627): avc:  denied  { create } for  pid=27936 comm="syz.4.6693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1599.588726][   T30] audit: type=1400 audit(1728181625.927:13628): avc:  denied  { write } for  pid=27936 comm="syz.4.6693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1599.622712][T26964] udevd[26964]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[ 1599.634441][T26280] device bridge_slave_1 left promiscuous mode
[ 1599.666389][   T30] audit: type=1400 audit(1728181625.927:13629): avc:  denied  { create } for  pid=27936 comm="syz.4.6693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1599.704655][   T30] audit: type=1400 audit(1728181625.927:13630): avc:  denied  { getopt } for  pid=27936 comm="syz.4.6693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1599.724667][T26280] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1599.751447][T26280] device bridge_slave_0 left promiscuous mode
[ 1599.789386][T26280] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1599.815997][   T30] audit: type=1400 audit(1728181625.927:13631): avc:  denied  { create } for  pid=27936 comm="syz.4.6693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1599.842286][T26280] device veth1_macvtap left promiscuous mode
[ 1599.863668][T26280] device veth0_vlan left promiscuous mode
[ 1600.153384][   T30] audit: type=1400 audit(1728181626.547:13632): avc:  denied  { read write } for  pid=27835 comm="syz-executor" name="loop0" dev="devtmpfs" ino=3506 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1600.261591][   T30] audit: type=1400 audit(1728181626.547:13633): avc:  denied  { open } for  pid=27835 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=3506 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1600.594816][   T30] audit: type=1400 audit(1728181626.547:13634): avc:  denied  { ioctl } for  pid=27835 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=3506 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1600.700271][   T30] audit: type=1400 audit(1728181626.837:13635): avc:  denied  { mounton } for  pid=27952 comm="syz.0.6696" path="/proc/28/task" dev="proc" ino=160236 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1600.760268][    T6] usb 4-1: 0:2 : does not exist
[ 1600.777942][    T6] usb 4-1: USB disconnect, device number 86
[ 1601.019974][T26958] udevd[26958]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1601.107492][T27962] loop0: detected capacity change from 0 to 256
[ 1601.190668][T27962] exfat: Bad value for 'umask'
[ 1601.371984][T27970] incfs: Can't find or create .index dir in ./file0
[ 1601.378515][T27970] incfs: mount failed -14
[ 1601.728437][T27976] FAULT_INJECTION: forcing a failure.
[ 1601.728437][T27976] name failslab, interval 1, probability 0, space 0, times 0
[ 1601.741017][T27976] CPU: 1 PID: 27976 Comm: syz.4.6702 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1601.752237][T27976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1601.762131][T27976] Call Trace:
[ 1601.765257][T27976]  <TASK>
[ 1601.768036][T27976]  dump_stack_lvl+0x151/0x1c0
[ 1601.772550][T27976]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1601.778019][T27976]  dump_stack+0x15/0x20
[ 1601.782009][T27976]  should_fail+0x3c6/0x510
[ 1601.786261][T27976]  __should_failslab+0xa4/0xe0
[ 1601.790860][T27976]  ? prepare_creds+0x2f/0x6a0
[ 1601.795378][T27976]  should_failslab+0x9/0x20
[ 1601.799805][T27976]  slab_pre_alloc_hook+0x37/0xd0
[ 1601.804573][T27976]  ? prepare_creds+0x2f/0x6a0
[ 1601.809087][T27976]  kmem_cache_alloc+0x44/0x200
[ 1601.813689][T27976]  prepare_creds+0x2f/0x6a0
[ 1601.818027][T27976]  lookup_user_key+0x422/0x15c0
[ 1601.822722][T27976]  ? lookup_user_key_possessed+0x40/0x40
[ 1601.828184][T27976]  ? search_process_keyrings_rcu+0x280/0x280
[ 1601.834015][T27976]  ? irqentry_exit_cond_resched+0x2a/0x30
[ 1601.839553][T27976]  ? irqentry_exit+0x30/0x40
[ 1601.843981][T27976]  ? sysvec_reschedule_ipi+0x7d/0x150
[ 1601.849190][T27976]  keyctl_session_to_parent+0x27/0x6f0
[ 1601.854484][T27976]  ? __sanitizer_cov_trace_switch+0x60/0xe0
[ 1601.860208][T27976]  __se_sys_keyctl+0x144/0xcb0
[ 1601.864821][T27976]  ? __x64_sys_keyctl+0xd0/0xd0
[ 1601.869497][T27976]  ? _raw_spin_unlock+0x4d/0x70
[ 1601.874180][T27976]  ? finish_task_switch+0x167/0x7b0
[ 1601.879220][T27976]  ? requeue_task_rt+0x410/0x410
[ 1601.884075][T27976]  ? __schedule+0xcd4/0x1590
[ 1601.888506][T27976]  ? release_firmware_map_entry+0x190/0x190
[ 1601.894234][T27976]  ? ksys_write+0x260/0x2c0
[ 1601.898575][T27976]  ? __kasan_check_write+0x14/0x20
[ 1601.903530][T27976]  ? switch_fpu_return+0x15f/0x2e0
[ 1601.908469][T27976]  __x64_sys_keyctl+0xbf/0xd0
[ 1601.912981][T27976]  x64_sys_call+0x68e/0x9a0
[ 1601.917319][T27976]  do_syscall_64+0x3b/0xb0
[ 1601.921572][T27976]  ? clear_bhb_loop+0x35/0x90
[ 1601.926087][T27976]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1601.931819][T27976] RIP: 0033:0x7f4ef6244ff9
[ 1601.936070][T27976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1601.955771][T27976] RSP: 002b:00007f4ef4e7c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1601.964029][T27976] RAX: ffffffffffffffda RBX: 00007f4ef63fd130 RCX: 00007f4ef6244ff9
[ 1601.971824][T27976] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000012
[ 1601.979638][T27976] RBP: 00007f4ef4e7c090 R08: 0000000000000000 R09: 0000000000000000
[ 1601.987448][T27976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1601.995258][T27976] R13: 0000000000000000 R14: 00007f4ef63fd130 R15: 00007ffff745f228
[ 1602.003080][T27976]  </TASK>
[ 1602.338871][T27982] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6703'.
[ 1603.031875][T27989] incfs: Options parsing error. -22
[ 1603.037067][T27989] incfs: mount failed -22
[ 1603.140591][  T484] usb 2-1: 0:2 : does not exist
[ 1603.152908][  T484] usb 2-1: USB disconnect, device number 78
[ 1603.404157][T26958] udevd[26958]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1603.420492][T27992] loop0: detected capacity change from 0 to 40427
[ 1603.449318][T27992] F2FS-fs (loop0): invalid crc value
[ 1603.463095][T27992] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1603.501589][T27992] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 1603.981739][T27993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6705'.
[ 1604.000367][   T30] kauditd_printk_skb: 45 callbacks suppressed
[ 1604.000428][   T30] audit: type=1400 audit(1728181630.357:13681): avc:  denied  { write } for  pid=27991 comm="syz.0.6707" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1604.091187][   T30] audit: type=1400 audit(1728181630.357:13682): avc:  denied  { add_name } for  pid=27991 comm="syz.0.6707" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1604.116668][   T30] audit: type=1400 audit(1728181630.357:13683): avc:  denied  { create } for  pid=27991 comm="syz.0.6707" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 1604.138482][   T30] audit: type=1400 audit(1728181630.357:13684): avc:  denied  { read append open } for  pid=27991 comm="syz.0.6707" path="/13/file1/cgroup.controllers" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 1604.166795][   T30] audit: type=1400 audit(1728181630.357:13685): avc:  denied  { write } for  pid=27991 comm="syz.0.6707" name="cgroup.controllers" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 1604.191377][   T30] audit: type=1400 audit(1728181630.517:13686): avc:  denied  { unmount } for  pid=26649 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 1604.220864][   T30] audit: type=1400 audit(1728181630.607:13687): avc:  denied  { append } for  pid=28002 comm="syz.2.6709" name="001" dev="devtmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1604.245007][T27835] attempt to access beyond end of device
[ 1604.245007][T27835] loop0: rw=2049, want=45104, limit=40427
[ 1604.477568][   T30] audit: type=1400 audit(1728181630.857:13688): avc:  denied  { read write } for  pid=28007 comm="syz.2.6711" name="fuse" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1604.630222][   T30] audit: type=1400 audit(1728181630.857:13689): avc:  denied  { open } for  pid=28007 comm="syz.2.6711" path="/dev/fuse" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1605.549434][T28030] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1605.556731][T28030] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1605.564371][T28030] device bridge_slave_0 entered promiscuous mode
[ 1605.571892][T28030] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1605.578798][T28030] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1605.586594][T28030] device bridge_slave_1 entered promiscuous mode
[ 1605.664398][T28030] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1605.671314][T28030] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1605.678444][T28030] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1605.685319][T28030] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1605.715287][T28038] netlink: 'syz.4.6716': attribute type 4 has an invalid length.
[ 1605.740210][T28038] netlink: 'syz.4.6716': attribute type 4 has an invalid length.
[ 1605.810376][   T31] INFO: task syz.3.5923:25099 blocked for more than 166 seconds.
[ 1605.831142][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1605.840558][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1605.849221][   T31] task:syz.3.5923      state:D stack:23568 pid:25099 ppid: 24590 flags:0x00004204
[ 1605.858323][   T31] Call Trace:
[ 1605.859539][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1605.861438][   T31]  <TASK>
[ 1605.871312][   T31]  __schedule+0xccc/0x1590
[ 1605.875636][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1605.881327][   T31]  ? __kasan_check_write+0x14/0x20
[ 1605.886264][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1605.891225][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1605.896605][   T31]  schedule+0x11f/0x1e0
[ 1605.900668][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1605.905865][   T31]  down_read+0xcd6/0x1900
[ 1605.910048][   T31]  ? __down_common+0x550/0x550
[ 1605.914696][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1605.919778][   T31]  ? __kasan_check_write+0x14/0x20
[ 1605.924727][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1605.929311][   T31]  ? __put_super+0x54/0x2e0
[ 1605.933679][   T31]  iterate_supers+0xb3/0x1f0
[ 1605.938078][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1605.942354][   T31]  ksys_sync+0xb9/0x1c0
[ 1605.946335][   T31]  ? sync_filesystem+0x250/0x250
[ 1605.951294][   T31]  __do_sys_sync+0xe/0x20
[ 1605.955464][   T31]  x64_sys_call+0x488/0x9a0
[ 1605.959781][   T31]  do_syscall_64+0x3b/0xb0
[ 1605.964089][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1605.968650][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1605.974438][   T31] RIP: 0033:0x7fb263650ff9
[ 1605.978676][   T31] RSP: 002b:00007fb2622ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1605.987017][   T31] RAX: ffffffffffffffda RBX: 00007fb263808f80 RCX: 00007fb263650ff9
[ 1605.994820][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1606.002628][   T31] RBP: 00007fb2636c3296 R08: 0000000000000000 R09: 0000000000000000
[ 1606.010523][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1606.018360][   T31] R13: 0000000000000000 R14: 00007fb263808f80 R15: 00007fff4307d388
[ 1606.026173][   T31]  </TASK>
[ 1606.029088][   T31] INFO: task syz.4.5925:25105 blocked for more than 166 seconds.
[ 1606.029127][T25936] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 1606.036735][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1606.044866][T26280] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1606.052711][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1606.068067][   T31] task:syz.4.5925      state:D stack:24656 pid:25105 ppid: 24362 flags:0x00004004
[ 1606.077308][   T31] Call Trace:
[ 1606.080468][   T31]  <TASK>
[ 1606.083186][   T31]  __schedule+0xccc/0x1590
[ 1606.087458][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1606.093178][   T31]  ? __kasan_check_write+0x14/0x20
[ 1606.098112][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1606.103101][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1606.108441][   T31]  schedule+0x11f/0x1e0
[ 1606.112457][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1606.117731][   T31]  down_read+0xcd6/0x1900
[ 1606.121920][   T31]  ? __down_common+0x550/0x550
[ 1606.126496][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1606.131640][   T31]  ? __kasan_check_write+0x14/0x20
[ 1606.136567][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1606.141190][   T31]  ? __put_super+0x54/0x2e0
[ 1606.145504][   T31]  iterate_supers+0xb3/0x1f0
[ 1606.149929][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1606.154199][   T31]  ksys_sync+0xb9/0x1c0
[ 1606.158174][   T31]  ? sync_filesystem+0x250/0x250
[ 1606.162969][   T31]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 1606.168653][   T31]  __do_sys_sync+0xe/0x20
[ 1606.172842][   T31]  x64_sys_call+0x488/0x9a0
[ 1606.177162][   T31]  do_syscall_64+0x3b/0xb0
[ 1606.181412][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1606.185922][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1606.191685][   T31] RIP: 0033:0x7f03b79d7ff9
[ 1606.195893][   T31] RSP: 002b:00007f03b6651038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1606.204243][   T31] RAX: ffffffffffffffda RBX: 00007f03b7b8ff80 RCX: 00007f03b79d7ff9
[ 1606.212095][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1606.219849][   T31] RBP: 00007f03b7a4a296 R08: 0000000000000000 R09: 0000000000000000
[ 1606.227680][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1606.235486][   T31] R13: 0000000000000000 R14: 00007f03b7b8ff80 R15: 00007ffd9d13daf8
[ 1606.243306][   T31]  </TASK>
[ 1606.249334][   T31] NMI backtrace for cpu 1
[ 1606.253486][   T31] CPU: 1 PID: 31 Comm: khungtaskd Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1606.264512][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1606.274405][   T31] Call Trace:
[ 1606.277525][   T31]  <TASK>
[ 1606.280302][   T31]  dump_stack_lvl+0x151/0x1c0
[ 1606.284825][   T31]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1606.290290][   T31]  dump_stack+0x15/0x20
[ 1606.294283][   T31]  nmi_cpu_backtrace+0x2f7/0x300
[ 1606.299059][   T31]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1606.305041][   T31]  ? sched_show_task+0x3d8/0x620
[ 1606.309813][   T31]  ? __rcu_read_unlock+0xd0/0xd0
[ 1606.314589][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1606.320574][   T31]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[ 1606.326389][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1606.332291][   T31]  arch_trigger_cpumask_backtrace+0x10/0x20
[ 1606.338106][   T31]  watchdog+0xdd7/0xf50
[ 1606.342099][   T31]  ? __kasan_check_write+0x14/0x20
[ 1606.347049][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1606.351906][   T31]  ? __kasan_check_read+0x11/0x20
[ 1606.356766][   T31]  ? __kthread_parkme+0xb2/0x200
[ 1606.361600][   T31]  kthread+0x421/0x510
[ 1606.365453][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1606.370308][   T31]  ? kthread_blkcg+0xd0/0xd0
[ 1606.374762][   T31]  ret_from_fork+0x1f/0x30
[ 1606.378993][   T31]  </TASK>
[ 1606.382125][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1606.387237][    C0] NMI backtrace for cpu 0
[ 1606.387250][    C0] CPU: 0 PID: 28043 Comm: syz.2.6718 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1606.387270][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1606.387284][    C0] RIP: 0010:__stack_depot_save+0x167/0x470
[ 1606.387306][    C0] Code: de eb 03 44 89 ff 48 8b 05 ae e9 ce 04 44 89 f1 81 e1 ff 0f 00 00 48 89 45 b0 48 89 4d b8 4c 8b 24 c8 4c 89 cb 41 89 df eb 04 <4d> 8b 24 24 4d 85 e4 74 2d 45 39 74 24 08 75 f0 41 39 5c 24 0c 75
[ 1606.387320][    C0] RSP: 0018:ffffc90000c76f88 EFLAGS: 00000a87
[ 1606.387335][    C0] RAX: ffff88823fe40000 RBX: 0000000000000013 RCX: 00000000000009ff
[ 1606.387346][    C0] RDX: ffffc90000c77080 RSI: 0000000000000001 RDI: 0000000000000800
[ 1606.387357][    C0] RBP: ffffc90000c76fe0 R08: 0000000000000002 R09: 0000000000000013
[ 1606.387368][    C0] R10: ffffc90000c76f50 R11: dffffc0000000001 R12: ffff888119b50120
[ 1606.387380][    C0] R13: ffffc90000c76ff0 R14: 00000000daeb69ff R15: 0000000000000013
[ 1606.387391][    C0] FS:  00007f2e430c66c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1606.387405][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1606.387417][    C0] CR2: 0000001b3311dff8 CR3: 000000013e176000 CR4: 00000000003506b0
[ 1606.387431][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1606.387440][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1606.387450][    C0] Call Trace:
[ 1606.387455][    C0]  <NMI>
[ 1606.387460][    C0]  ? show_regs+0x58/0x60
[ 1606.387477][    C0]  ? nmi_cpu_backtrace+0x29f/0x300
[ 1606.387497][    C0]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1606.387516][    C0]  ? __stack_depot_save+0x167/0x470
[ 1606.387529][    C0]  ? __stack_depot_save+0x167/0x470
[ 1606.387543][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1606.387562][    C0]  ? nmi_handle+0xa8/0x280
[ 1606.387578][    C0]  ? __stack_depot_save+0x167/0x470
[ 1606.387592][    C0]  ? default_do_nmi+0x69/0x160
[ 1606.387608][    C0]  ? exc_nmi+0xad/0x100
[ 1606.387621][    C0]  ? end_repeat_nmi+0x16/0x31
[ 1606.387639][    C0]  ? __stack_depot_save+0x167/0x470
[ 1606.387653][    C0]  ? __stack_depot_save+0x167/0x470
[ 1606.387668][    C0]  ? __stack_depot_save+0x167/0x470
[ 1606.387682][    C0]  </NMI>
[ 1606.387687][    C0]  <TASK>
[ 1606.387692][    C0]  ? kmem_cache_free+0x116/0x2e0
[ 1606.387710][    C0]  ? kmem_cache_free+0x116/0x2e0
[ 1606.387726][    C0]  kasan_set_track+0x5d/0x70
[ 1606.387740][    C0]  ? kasan_set_track+0x4b/0x70
[ 1606.387753][    C0]  ? kasan_set_free_info+0x23/0x40
[ 1606.387768][    C0]  ? ____kasan_slab_free+0x126/0x160
[ 1606.387782][    C0]  ? __kasan_slab_free+0x11/0x20
[ 1606.387796][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[ 1606.387810][    C0]  ? kmem_cache_free+0x116/0x2e0
[ 1606.387825][    C0]  ? __purge_vmap_area_lazy+0x4e4/0x1690
[ 1606.387842][    C0]  ? _vm_unmap_aliases+0x339/0x3b0
[ 1606.387856][    C0]  ? vm_unmap_aliases+0x19/0x20
[ 1606.387870][    C0]  ? change_page_attr_set_clr+0x308/0x1050
[ 1606.387887][    C0]  ? set_memory_ro+0xa1/0xe0
[ 1606.387900][    C0]  ? bpf_int_jit_compile+0xbf42/0xc6d0
[ 1606.387918][    C0]  ? bpf_prog_select_runtime+0x724/0xa10
[ 1606.387936][    C0]  ? bpf_prog_load+0x1315/0x1b50
[ 1606.387951][    C0]  ? __sys_bpf+0x4bc/0x760
[ 1606.387965][    C0]  ? __x64_sys_bpf+0x7c/0x90
[ 1606.387978][    C0]  ? x64_sys_call+0x87f/0x9a0
[ 1606.387994][    C0]  ? do_syscall_64+0x3b/0xb0
[ 1606.388006][    C0]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1606.388029][    C0]  kasan_set_free_info+0x23/0x40
[ 1606.388044][    C0]  ____kasan_slab_free+0x126/0x160
[ 1606.388060][    C0]  __kasan_slab_free+0x11/0x20
[ 1606.388074][    C0]  slab_free_freelist_hook+0xbd/0x190
[ 1606.388088][    C0]  ? __purge_vmap_area_lazy+0x4e4/0x1690
[ 1606.388104][    C0]  kmem_cache_free+0x116/0x2e0
[ 1606.388122][    C0]  __purge_vmap_area_lazy+0x4e4/0x1690
[ 1606.388141][    C0]  ? purge_fragmented_blocks_allcpus+0x920/0x920
[ 1606.388157][    C0]  ? __alloc_pages+0x8f0/0x8f0
[ 1606.388175][    C0]  _vm_unmap_aliases+0x339/0x3b0
[ 1606.388190][    C0]  vm_unmap_aliases+0x19/0x20
[ 1606.388205][    C0]  change_page_attr_set_clr+0x308/0x1050
[ 1606.388222][    C0]  ? debug_smp_processor_id+0x17/0x20
[ 1606.388237][    C0]  ? get_random_u32+0x368/0x660
[ 1606.388254][    C0]  ? __set_memory_prot+0x100/0x100
[ 1606.388268][    C0]  ? get_random_u64+0x5c0/0x5c0
[ 1606.388289][    C0]  ? __kmalloc+0x13a/0x270
[ 1606.388304][    C0]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 1606.388319][    C0]  ? is_vmalloc_or_module_addr+0xd/0x50
[ 1606.388335][    C0]  ? __kasan_unpoison_vmalloc+0x6a/0x90
[ 1606.388352][    C0]  ? emit_insn_suffix+0x18f/0x350
[ 1606.388369][    C0]  ? __kasan_check_write+0x14/0x20
[ 1606.388384][    C0]  ? _raw_spin_lock+0xa4/0x1b0
[ 1606.388401][    C0]  set_memory_ro+0xa1/0xe0
[ 1606.388415][    C0]  ? set_memory_nx+0x130/0x130
[ 1606.388430][    C0]  ? bpf_int_jit_compile+0x611c/0xc6d0
[ 1606.388446][    C0]  ? _raw_spin_unlock+0x4d/0x70
[ 1606.388464][    C0]  bpf_int_jit_compile+0xbf42/0xc6d0
[ 1606.388487][    C0]  ? emit_bpf_dispatcher+0xd90/0xd90
[ 1606.388512][    C0]  bpf_prog_select_runtime+0x724/0xa10
[ 1606.388529][    C0]  ? memset+0x35/0x40
[ 1606.388543][    C0]  ? bpf_obj_name_cpy+0x196/0x1e0
[ 1606.388559][    C0]  bpf_prog_load+0x1315/0x1b50
[ 1606.388576][    C0]  ? map_freeze+0x370/0x370
[ 1606.388594][    C0]  ? selinux_bpf+0xcb/0x100
[ 1606.388610][    C0]  ? security_bpf+0x82/0xb0
[ 1606.388626][    C0]  __sys_bpf+0x4bc/0x760
[ 1606.388640][    C0]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1606.388659][    C0]  ? __kasan_check_write+0x14/0x20
[ 1606.388674][    C0]  ? switch_fpu_return+0x15f/0x2e0
[ 1606.388691][    C0]  __x64_sys_bpf+0x7c/0x90
[ 1606.388706][    C0]  x64_sys_call+0x87f/0x9a0
[ 1606.388719][    C0]  do_syscall_64+0x3b/0xb0
[ 1606.388732][    C0]  ? clear_bhb_loop+0x35/0x90
[ 1606.388745][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1606.388759][    C0] RIP: 0033:0x7f2e4444cff9
[ 1606.388773][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1606.388786][    C0] RSP: 002b:00007f2e430c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1606.388801][    C0] RAX: ffffffffffffffda RBX: 00007f2e44604f80 RCX: 00007f2e4444cff9
[ 1606.388812][    C0] RDX: 0000000000000080 RSI: 0000000020000200 RDI: 0000000000000005
[ 1606.388822][    C0] RBP: 00007f2e444bf296 R08: 0000000000000000 R09: 0000000000000000
[ 1606.388832][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1606.388842][    C0] R13: 0000000000000000 R14: 00007f2e44604f80 R15: 00007ffed7035bb8
[ 1606.388856][    C0]  </TASK>
[ 1606.390240][T26280] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1606.548742][   T30] audit: type=1400 audit(1728181632.947:13690): avc:  denied  { unlink } for  pid=28042 comm="syz.2.6718" name="#11f" dev="tmpfs" ino=59 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1607.100429][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1607.108860][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1607.117598][T26280] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1607.124597][T26280] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1607.132876][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1607.157591][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1607.166014][T26280] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1607.172924][T26280] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1607.199609][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1607.207786][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1607.220273][T25936] usb 1-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[ 1607.451184][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1607.459698][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1607.491001][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1607.499867][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1607.527023][T28030] device veth0_vlan entered promiscuous mode
[ 1607.533978][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1607.542443][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1607.552020][T28046] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1607.558938][T28046] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1607.566715][T28046] device bridge_slave_0 entered promiscuous mode
[ 1607.578899][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1607.587359][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1607.600024][T28046] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1607.607618][T28046] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1607.615830][T28046] device bridge_slave_1 entered promiscuous mode
[ 1607.624974][T28030] device veth1_macvtap entered promiscuous mode
[ 1607.634083][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1607.642663][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1607.651458][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1607.678994][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1607.687857][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1607.697120][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1607.705711][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1607.870863][T25936] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1607.879759][T25936] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[ 1607.888680][T25936] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1607.900622][T25936] usb 1-1: config 0 descriptor??
[ 1607.913961][T28046] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1607.920901][T28046] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1607.927963][T28046] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1607.934756][T28046] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1608.010086][T28046] device veth0_vlan entered promiscuous mode
[ 1608.045109][T28046] device veth1_macvtap entered promiscuous mode
[ 1608.068136][T28051] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6720'.
[ 1608.077654][  T435] device bridge_slave_1 left promiscuous mode
[ 1608.084043][  T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1608.092736][  T435] device bridge_slave_0 left promiscuous mode
[ 1608.099002][  T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1608.107011][  T435] device veth1_macvtap left promiscuous mode
[ 1608.112967][  T435] device veth0_vlan left promiscuous mode
[ 1608.161007][T28029] UDC core: couldn't find an available UDC or it's busy: -16
[ 1608.168244][T28029] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1608.176771][T28029] FAULT_INJECTION: forcing a failure.
[ 1608.176771][T28029] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1608.189740][T28029] CPU: 1 PID: 28029 Comm: syz.0.6715 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1608.200928][T28029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1608.210824][T28029] Call Trace:
[ 1608.213945][T28029]  <TASK>
[ 1608.216737][T28029]  dump_stack_lvl+0x151/0x1c0
[ 1608.221236][T28029]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1608.226717][T28029]  dump_stack+0x15/0x20
[ 1608.230700][T28029]  should_fail+0x3c6/0x510
[ 1608.234964][T28029]  should_fail_usercopy+0x1a/0x20
[ 1608.239820][T28029]  _copy_from_user+0x20/0xd0
[ 1608.244250][T28029]  __sys_connect+0x137/0x410
[ 1608.248664][T28029]  ? fput_many+0x160/0x1b0
[ 1608.252917][T28029]  ? __sys_connect_file+0x170/0x170
[ 1608.257953][T28029]  ? debug_smp_processor_id+0x17/0x20
[ 1608.263159][T28029]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1608.269061][T28029]  __x64_sys_connect+0x7a/0x90
[ 1608.273662][T28029]  x64_sys_call+0x14e/0x9a0
[ 1608.278022][T28029]  do_syscall_64+0x3b/0xb0
[ 1608.282255][T28029]  ? clear_bhb_loop+0x35/0x90
[ 1608.286771][T28029]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1608.292493][T28029] RIP: 0033:0x7fbc5127cff9
[ 1608.296746][T28029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1608.316188][T28029] RSP: 002b:00007fbc4fef6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1608.324535][T28029] RAX: ffffffffffffffda RBX: 00007fbc51434f80 RCX: 00007fbc5127cff9
[ 1608.332345][T28029] RDX: 000000000000006e RSI: 0000000020000080 RDI: 0000000000000006
[ 1608.340159][T28029] RBP: 00007fbc4fef6090 R08: 0000000000000000 R09: 0000000000000000
[ 1608.348010][T28029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1608.355777][T28029] R13: 0000000000000000 R14: 00007fbc51434f80 R15: 00007ffc2855ec68
[ 1608.363593][T28029]  </TASK>
[ 1608.370640][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1608.378353][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1608.387024][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1608.397173][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1608.405198][T25936] usb 1-1: USB disconnect, device number 61
[ 1608.416095][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1608.424224][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1608.432767][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1608.441605][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1608.449106][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1608.457169][T26280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1608.490693][ T1852] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1608.499060][ T1852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1608.514331][ T1852] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1608.522849][ T1852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1608.638687][T28067] device bridge_slave_0 left promiscuous mode
[ 1608.645258][T28067] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1608.776704][T28067] syz.4.6723 (28067) used greatest stack depth: 18928 bytes left
[ 1609.484399][T28079] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6726'.
[ 1609.504836][   T30] kauditd_printk_skb: 10 callbacks suppressed
[ 1609.524231][   T30] audit: type=1400 audit(1728181635.827:13701): avc:  denied  { watch } for  pid=28069 comm="syz.1.6719" path="/0" dev="tmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1609.552667][T28083] cgroup: Unknown subsys name 'appraise_type'
[ 1609.666237][   T30] audit: type=1400 audit(1728181635.827:13702): avc:  denied  { execute } for  pid=28069 comm="syz.1.6719" name="file0" dev="tmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1609.759043][   T30] audit: type=1400 audit(1728181635.827:13703): avc:  denied  { execute_no_trans } for  pid=28069 comm="syz.1.6719" path="/0/file0" dev="tmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1609.826435][   T30] audit: type=1400 audit(1728181635.837:13704): avc:  denied  { setopt } for  pid=28069 comm="syz.1.6719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1609.855705][T28090] overlayfs: missing 'lowerdir'
[ 1609.862359][   T30] audit: type=1400 audit(1728181635.937:13705): avc:  denied  { read } for  pid=28073 comm="syz.4.6725" name="binder0" dev="binder" ino=43 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1609.887747][   T30] audit: type=1400 audit(1728181635.937:13706): avc:  denied  { open } for  pid=28073 comm="syz.4.6725" path="/dev/binderfs/binder0" dev="binder" ino=43 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1609.888079][T28089] input: syz0 as /devices/virtual/input/input104
[ 1610.028113][    C0] eth0: bad gso: type: 1, size: 1408
[ 1610.388407][T28098] cgroup: Unknown subsys name 'appraise_type'
[ 1610.450895][  T435] device bridge_slave_1 left promiscuous mode
[ 1610.456940][  T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1610.466503][  T435] device bridge_slave_0 left promiscuous mode
[ 1610.473191][  T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1610.487242][  T435] device veth1_macvtap left promiscuous mode
[ 1610.493698][  T435] device veth0_vlan left promiscuous mode
[ 1610.510221][T25936] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[ 1610.664897][   T30] audit: type=1326 audit(1728181637.057:13707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28101 comm="syz.2.6731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e4444cff9 code=0x7ffc0000
[ 1610.720602][   T30] audit: type=1326 audit(1728181637.057:13708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28101 comm="syz.2.6731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e4444cff9 code=0x7ffc0000
[ 1610.753079][   T30] audit: type=1326 audit(1728181637.057:13709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28101 comm="syz.2.6731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2e4444cff9 code=0x7ffc0000
[ 1610.780191][   T30] audit: type=1326 audit(1728181637.057:13710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28101 comm="syz.2.6731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e4444cff9 code=0x7ffc0000
[ 1611.080528][T25936] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1611.089199][T25936] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1611.099079][T25936] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1611.120169][T26883] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1611.340272][T25936] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1611.349346][T25936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1611.357322][T25936] usb 2-1: Product: syz
[ 1611.361461][T25936] usb 2-1: Manufacturer: 䠊
[ 1611.365910][T25936] usb 2-1: SerialNumber: syz
[ 1611.390195][T26883] usb 4-1: device descriptor read/64, error -71
[ 1611.748678][T26964] udevd[26964]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[ 1611.950154][T26883] usb 4-1: device descriptor read/64, error -71
[ 1612.238364][T26883] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1612.467283][T26964] udevd[26964]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[ 1612.680953][T28132] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 1612.910136][T26883] usb 4-1: device descriptor read/64, error -71
[ 1613.126010][T28137] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 1613.430201][T26883] usb 4-1: device descriptor read/64, error -71
[ 1613.550223][T26883] usb usb4-port1: attempt power cycle
[ 1613.887622][T28146] cgroup: Unknown subsys name 'appraise_type'
[ 1615.954252][T25936] usb 2-1: 0:2 : does not exist
[ 1615.961000][T28160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6746'.
[ 1615.972473][T25936] usb 2-1: USB disconnect, device number 79
[ 1615.981692][T26958] udevd[26958]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1616.130170][T10531] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1616.320769][  T435] device bridge_slave_1 left promiscuous mode
[ 1616.326981][  T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1616.334522][  T435] device bridge_slave_0 left promiscuous mode
[ 1616.340651][  T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1616.348723][  T435] device veth1_macvtap left promiscuous mode
[ 1616.354642][  T435] device veth0_vlan left promiscuous mode
[ 1616.390245][T10531] usb 3-1: Using ep0 maxpacket: 8
[ 1616.510807][T10531] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1616.521762][T10531] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1616.551645][T10531] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[ 1616.560558][T10531] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1616.569011][T10531] usb 3-1: config 0 descriptor??
[ 1616.792747][   T30] kauditd_printk_skb: 10 callbacks suppressed
[ 1616.792763][   T30] audit: type=1326 audit(1728181643.187:13721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1616.822310][   T30] audit: type=1326 audit(1728181643.187:13722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1616.877747][   T30] audit: type=1326 audit(1728181643.187:13723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1616.940070][   T30] audit: type=1326 audit(1728181643.187:13724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1616.965223][   T30] audit: type=1326 audit(1728181643.187:13725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1616.989795][   T30] audit: type=1326 audit(1728181643.187:13726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1617.013426][   T30] audit: type=1326 audit(1728181643.187:13727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1617.036874][   T30] audit: type=1326 audit(1728181643.187:13728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1617.060559][   T30] audit: type=1326 audit(1728181643.197:13729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1617.071383][T10531] hid-picolcd 0003:04D8:F002.0069: item fetching failed at offset 5/7
[ 1617.084187][   T30] audit: type=1326 audit(1728181643.197:13730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28179 comm="syz.3.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35c805cff9 code=0x7ffc0000
[ 1617.093853][T10531] hid-picolcd 0003:04D8:F002.0069: device report parse failed
[ 1617.122587][T10531] hid-picolcd: probe of 0003:04D8:F002.0069 failed with error -22
[ 1617.302656][T25935] usb 3-1: USB disconnect, device number 78
[ 1617.610185][T26883] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[ 1617.880241][T26883] usb 4-1: device descriptor read/64, error -71
[ 1618.280162][T26883] usb 4-1: device descriptor read/64, error -71
[ 1618.550394][T26883] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1618.820156][T26883] usb 4-1: device descriptor read/64, error -71
[ 1618.981715][T28200] binder: 28198:28200 ioctl 4018620d 0 returned -22
[ 1619.210164][T26883] usb 4-1: device descriptor read/64, error -71
[ 1619.330266][T26883] usb usb4-port1: attempt power cycle
[ 1619.740201][T26883] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[ 1619.910271][T26883] usb 4-1: device descriptor read/8, error -71
[ 1620.200253][T26883] usb 4-1: device descriptor read/8, error -71
[ 1620.280812][  T435] device bridge_slave_1 left promiscuous mode
[ 1620.286864][  T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1620.294342][  T435] device bridge_slave_0 left promiscuous mode
[ 1620.300581][  T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1620.308288][  T435] device veth1_macvtap left promiscuous mode
[ 1620.314387][  T435] device veth0_vlan left promiscuous mode
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: repeatedly failed to execute the program
proc=0 req=6747 state=1 status=67 (errno 9: Bad file descriptor)
[ 1621.149605][T28242] cgroup: Unknown subsys name 'appraise_type'
[ 1621.218460][T28248] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6763'.
[ 1621.360189][T15361] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1622.520946][  T435] device bridge_slave_1 left promiscuous mode
[ 1622.526933][  T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1622.534459][  T435] device bridge_slave_0 left promiscuous mode
[ 1622.540512][  T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1622.548263][  T435] device veth1_macvtap left promiscuous mode
[ 1622.554124][  T435] device veth0_vlan left promiscuous mode
[ 1624.041266][  T435] device bridge_slave_1 left promiscuous mode
[ 1624.047310][  T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1624.054745][  T435] device bridge_slave_0 left promiscuous mode
[ 1624.060891][  T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1624.068608][  T435] device veth1_macvtap left promiscuous mode
[ 1624.074472][  T435] device veth0_vlan left promiscuous mode
[ 1626.920615][   T31] INFO: task syz.3.5923:25099 blocked for more than 187 seconds.
[ 1626.928185][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1626.937172][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1626.945713][   T31] task:syz.3.5923      state:D stack:23568 pid:25099 ppid: 24590 flags:0x00004204
[ 1626.954694][   T31] Call Trace:
[ 1626.957796][   T31]  <TASK>
[ 1626.960638][   T31]  __schedule+0xccc/0x1590
[ 1626.964830][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1626.970646][   T31]  ? __kasan_check_write+0x14/0x20
[ 1626.975503][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1626.980520][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1626.985837][   T31]  schedule+0x11f/0x1e0
[ 1626.989821][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1626.995153][   T31]  down_read+0xcd6/0x1900
[ 1626.999285][   T31]  ? __down_common+0x550/0x550
[ 1627.003949][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1627.009007][   T31]  ? __kasan_check_write+0x14/0x20
[ 1627.013982][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1627.018555][   T31]  ? __put_super+0x54/0x2e0
[ 1627.022958][   T31]  iterate_supers+0xb3/0x1f0
[ 1627.027320][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1627.031603][   T31]  ksys_sync+0xb9/0x1c0
[ 1627.035570][   T31]  ? sync_filesystem+0x250/0x250
[ 1627.040411][   T31]  __do_sys_sync+0xe/0x20
[ 1627.044505][   T31]  x64_sys_call+0x488/0x9a0
[ 1627.048843][   T31]  do_syscall_64+0x3b/0xb0
[ 1627.053136][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1627.057609][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1627.063431][   T31] RIP: 0033:0x7fb263650ff9
[ 1627.067592][   T31] RSP: 002b:00007fb2622ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1627.075875][   T31] RAX: ffffffffffffffda RBX: 00007fb263808f80 RCX: 00007fb263650ff9
[ 1627.083906][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1627.091897][   T31] RBP: 00007fb2636c3296 R08: 0000000000000000 R09: 0000000000000000
[ 1627.099820][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1627.107658][   T31] R13: 0000000000000000 R14: 00007fb263808f80 R15: 00007fff4307d388
[ 1627.115460][   T31]  </TASK>
[ 1627.118311][   T31] INFO: task syz.4.5925:25105 blocked for more than 187 seconds.
[ 1627.125879][   T31]       Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1627.134559][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1627.143364][   T31] task:syz.4.5925      state:D stack:24656 pid:25105 ppid: 24362 flags:0x00004004
[ 1627.152386][   T31] Call Trace:
[ 1627.155477][   T31]  <TASK>
[ 1627.158277][   T31]  __schedule+0xccc/0x1590
[ 1627.162573][   T31]  ? release_firmware_map_entry+0x190/0x190
[ 1627.168239][   T31]  ? __kasan_check_write+0x14/0x20
[ 1627.173217][   T31]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1627.178132][   T31]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1627.183629][   T31]  schedule+0x11f/0x1e0
[ 1627.187594][   T31]  schedule_preempt_disabled+0x13/0x20
[ 1627.192937][   T31]  down_read+0xcd6/0x1900
[ 1627.197068][   T31]  ? __down_common+0x550/0x550
[ 1627.201680][   T31]  ? mod_delayed_work_on+0x13c/0x190
[ 1627.206774][   T31]  ? __kasan_check_write+0x14/0x20
[ 1627.211754][   T31]  ? _raw_spin_lock+0xa4/0x1b0
[ 1627.216323][   T31]  ? __put_super+0x54/0x2e0
[ 1627.220698][   T31]  iterate_supers+0xb3/0x1f0
[ 1627.225090][   T31]  ? ksys_sync+0x1c0/0x1c0
[ 1627.229338][   T31]  ksys_sync+0xb9/0x1c0
[ 1627.233447][   T31]  ? sync_filesystem+0x250/0x250
[ 1627.238196][   T31]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 1627.243696][   T31]  __do_sys_sync+0xe/0x20
[ 1627.247829][   T31]  x64_sys_call+0x488/0x9a0
[ 1627.252191][   T31]  do_syscall_64+0x3b/0xb0
[ 1627.256427][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1627.261049][   T31]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1627.266872][   T31] RIP: 0033:0x7f03b79d7ff9
[ 1627.271159][   T31] RSP: 002b:00007f03b6651038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1627.279675][   T31] RAX: ffffffffffffffda RBX: 00007f03b7b8ff80 RCX: 00007f03b79d7ff9
[ 1627.287474][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1627.295274][   T31] RBP: 00007f03b7a4a296 R08: 0000000000000000 R09: 0000000000000000
[ 1627.303083][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1627.310930][   T31] R13: 0000000000000000 R14: 00007f03b7b8ff80 R15: 00007ffd9d13daf8
[ 1627.318691][   T31]  </TASK>
[ 1627.321616][   T31] NMI backtrace for cpu 0
[ 1627.325719][   T31] CPU: 0 PID: 31 Comm: khungtaskd Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 1627.336665][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1627.346548][   T31] Call Trace:
[ 1627.349674][   T31]  <TASK>
[ 1627.352447][   T31]  dump_stack_lvl+0x151/0x1c0
[ 1627.356970][   T31]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1627.362432][   T31]  dump_stack+0x15/0x20
[ 1627.366420][   T31]  nmi_cpu_backtrace+0x2f7/0x300
[ 1627.371195][   T31]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1627.377184][   T31]  ? sched_show_task+0x3d8/0x620
[ 1627.381958][   T31]  ? __wake_up_klogd+0xd5/0x110
[ 1627.386643][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1627.392545][   T31]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[ 1627.398363][   T31]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1627.404270][   T31]  arch_trigger_cpumask_backtrace+0x10/0x20
[ 1627.409992][   T31]  watchdog+0xdd7/0xf50
[ 1627.413984][   T31]  ? __kasan_check_write+0x14/0x20
[ 1627.418931][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1627.423789][   T31]  ? __kasan_check_read+0x11/0x20
[ 1627.428654][   T31]  ? __kthread_parkme+0xb2/0x200
[ 1627.433429][   T31]  kthread+0x421/0x510
[ 1627.437333][   T31]  ? hungtask_pm_notify+0x50/0x50
[ 1627.442193][   T31]  ? kthread_blkcg+0xd0/0xd0
[ 1627.446619][   T31]  ret_from_fork+0x1f/0x30
[ 1627.450873][   T31]  </TASK>
[ 1627.453858][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1627.458803][    C1] NMI backtrace for cpu 1 skipped: idling at acpi_idle_enter+0x416/0x760