last executing test programs:

22m47.438756435s ago: executing program 0 (id=656):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010026ca7000fbdbdf2505000000280001800d0001007564703a73797a320000000014000280"], 0x3c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)

22m45.903386274s ago: executing program 0 (id=659):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x74}}, 0x0)
pipe(0x0)
r5 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000000c0)='fd', 0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000005c0)='fd', 0x0, r4)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x4}}}]}]}], {0x14}}, 0x88}}, 0x0)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r6, 0x1, 0x70bd25, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026ca7000fbdbdf2505000000280001800d0001007564703a73797a320000000014000280080003008a"], 0x3c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)
syz_open_procfs(0x0, 0x0)

22m42.714396127s ago: executing program 0 (id=662):
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0)
r0 = getpid()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x2, &(0x7f0000000380)=[{0x6, 0xd, 0xd, 0x20080000}, {0x4, 0x2, 0xf9, 0x2}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0xfffffffffffffffa, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000034c0)={0x2020}, 0xcac)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000000)=0x1)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)

22m41.126678568s ago: executing program 0 (id=665):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x1, 0x4, 0x8}, 0x48)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r3, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x9, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1fffffff}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x6, 0x0, 0x7, 0x8, 0x0, 0x0, 0x1fffffff}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=@acquire={0x128, 0x17, 0x1, 0x0, 0x0, {{@in=@rand_addr=0x64010100}, @in6=@private2, {@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56befe125658cb64}, {{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xee00}, {0xffff}, {}, 0x0, 0x0, 0x2}, 0x9}}, 0x128}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x18, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x87, 0x0, 0x0, 0x0, '\x00', @mcast2}}}}}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x29, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1021, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_MTU={0x8, 0x4, 0x8001}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)

22m38.150719154s ago: executing program 0 (id=668):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, 0xffffffffffffffff, 0x0)
syz_mount_image$udf(&(0x7f0000000000), &(0x7f00000094c0)='./file1\x00', 0x0, &(0x7f0000001940)=ANY=[], 0x1, 0xc25, &(0x7f0000002580)="$eJzs3V9oXNl9B/DfmStZY22aaLOJN2mz6UBKYpTa+F9sBZcgZxW1AccbIit0n6LRHzvDyiMjyY03bYPakhb6ErovpS9FNF1ayEPpQ7ePVZotJJRCCXlIHwqCJss+9EEPgdKWjcK9c0Ya2fJau15ZsvfzMePvnTu/OzrnntGdO6AzNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiM9+7tKp0+mgWwEAPExXJr506myKgYNuBwDw8Fz1+R8AAAAAAAAAAAAAAA67FEUcixSDr2ykqep+R/1yq33r9uTY+O6bHU2RohZFVV/e6qfPnD33qfMXRrr55tu/0z4cz01cvdR4duHGzcW5paW52cZkuzWzMDu352d40O3vNFztgMaNF27NXru21Dhz8uyOh28PvTbwxLGhixdOnB/p1k6OjY9P9NT09b/tn36Xe83wOBJFNCPFG0Ovp2ZE1OLB98V9Xjv77WjVieGqE5Nj41VH5lvN9nL5YKrlqlpEo2ej0e4+eghj8UBGI1bK5pcNHi67N3Gzudicnp9rfLG5uNxabi20U63T2rI/jajFSIpYjYj1XSb59kcRH40UL53aSNMRUXT3wyericH3b09tH/q4B2U7G/0Rq7VHYMwOsYEo4kqk+Nmrx2Om3Gf5Fh+P+EKZr0S8XOZnIlL5wjgX8VOTxR8bfVHEv0WKhbSRZqvjQfe4cvnLjc+3ry301HaPK4/8+8PDdMiPTfUoYro64m+kt3+yAwAAAAAAAAAAAAAAAMA77WgU8e1I8UfP/E41rziqeenvuzjynud/s3fO+NP3eZ6y9mRErNT2Nie3P08dTrXy3z50jD2pRxHfyPP//uCgGwMAAAAAAAAAAAAAAAAAAPCuVsTzkeIrJ46n1aiu/XskqmuKt9rXG1eb0/Odq8J2r/3bvWb65ubmZiN1cjTnVM6VnKs513Ku54xa3j7naM6pnCs5V3Ou5VzPGUXePudozqmcKzlXc67lXM8ZfXn7nKM5p3Ku5FzNuZZzPWcckmv3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8TmpRxM8jxbe+tpEiRcRoxFR0cm3goFsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJTqqYiTkWLt+Xp1f7UWcTUifr65udm9RcRGmQ/qoPsKAAAAAAAAAAAAAAAAAAAAh1Yq4mOR4qn/20iNiLg99NrAE8eGLl44cX6kiCJSWdJb/9zE1UuNZxdu3FycW1qam21MtlszC7Nze/1x9cut9q3bk2Pj+9KZ+zq6z+0/Wn924eaLi63rX13e9fHB+qXppeXF5szuD8fRqEVM9a4Zrho8OTZeNXq+1WxXm6baPRpYixjda2cAAAAAAAAAAAAAAAAAAAA4NAZTEZ+LFD/5z3OpO2+8rzPn/5c694qt2pd/b/u7AObvyK7e7w/Yy3Laa0OHq4n3jcmx8fGJntV9/XeXlm1KqYinI8UnXvpQNR8+xeCuc+PLuveWdTfO5bqhXynrVnZU1Ycnx8YbVxbaJy7Nzy/MNJeb0/NzjYmbzZn8xQEre+0GAAAAAAAAAAAAAAAAAAAA7GYwFfGjSPHff/vvqXvd+Tz/v69zr2f+/29UU+gr9bQzt1Rz+99bze3vLL/v4sjgR5+51/r9mP9ftimlIr4ZKc7+6EPV9fS78/+n7qgt6/4kUrz+zEdyXe1IWdfsdqfzjNda83Onytq/jBS/+ka3Nqra67n2qe3a02Xt0Ujx5xs7a7+aaz+wXXumrD0eKb73X7vXfnC79mxZ+5NI8Y9/0+jWDpa1v5trj23XnpxZmJ+9324tx/87keKvr/xW6vb5nuPf8/0PK3fklrvG/M2X36nxH+pZt5LH9Y/z+DfvM/7nI8V36h/JdZ19P50ff7L6f3v8PxEp/uNfd9Zey7Xv3649vdduHbRy/L8dKb77Fz/e6nMe//74+/+N7RHfOf6/3Lczt14lBzT+T/asG8rtmnnru+NdZ+nFr7/QnJ+fW7RgwYKFrYWDPjLxMJTv/38aKf7/WJG65zH5/f89nXvb53//843t9/+Ld+SWA3r/f3/Puov5rKW/L6K+fONm/9MR9aUXv36idaN5fe76XPvM6VOf/vT506dOn+8/0j25217a8757HJTj/4NI8cO/++HW55it87/K7uf/g3fklgMa/6d6+7TjvGbPu+JdqRz/v4oUT372x1ufN3eO/87z/+7n/+Mf25lbv38HNP4f6Fk3lNvVeov7AgAAAAAAAAAA4FEymIr4s0jx23/466k7h2gvf/83e0duOaC//zrWs272Ic1r2PNOBgA4RMrzvw9Gin/a/P7WXO6d53/xa93a3vO/ezkM1/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHXYoifj9SDL6ykdYGyvsd9cut9q3bk2Pju292NEWKWhRVfXmrnz5z9tynzl8Y6eabb/9O+3A8N3H1UuPZhRs3F+eWluZmG5Pt1szC7Nyen+FBt7/TcLUDGjdeuDV77dpS48zJszsevj302sATx4YuXjhxfqRTO9CYHBsfn+ip6et/2z/9Luke649EEd+PFG8MvZ6+OxBRiwffF/d57ey3o1UnhqtOTI6NVx2ZbzXby+WDqZarahGNno1Gu/soj9t+jsUDGY1YKZtfNni47N7EzeZic3p+rvHF5uJya7m10E61TmvL/jSiFiMpYjUi1gfufrr+KOKbkeKlUxvpnwciiu5++OSViS+dOnv/9tT2oY97ULaz0R+xWnsExuwQG4gi/iFS/OzV4/G9gYi+6Nzi4xFfKPOViJfL/ExEKl8Y5yJ+usvriEdTXxRxLlIspI306kB5POgeVy5/ufH59rWFntruceWRf394mA75sakeRfygOuJvpH/xew0AAAAAAAAAAAAAAABwiBSxGim+cuJ4quYHb80pbrWvN642p+c70/q6c/+6c6Y3Nzc3G6mTozmncq7kXM25lnM9Z9Ty9jlHc07lXMm5mnMt53rOKPL2OUdzTuVcybmacy3nes7oy9vnHM05lXMl52rOtZzrOeOQzN0DAAAAAAAAAAAAAAAAAAAeL7Uoqqu4f+trG2lzoHN96ano5JrrgT72fhEAAP//gMd2Mw==")
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0xc0086c43, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}]}, 0x68}}, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0)
sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000100), 0x0, 0x4004084, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$sock_int(r5, 0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)

22m35.49576612s ago: executing program 0 (id=672):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = creat(0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(r0)
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x2, 0x1, 0x1}, &(0x7f00000004c0), &(0x7f0000001540), &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x2000, 0x48)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

22m19.806182446s ago: executing program 32 (id=672):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = creat(0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(r0)
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x2, 0x1, 0x1}, &(0x7f00000004c0), &(0x7f0000001540), &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x2000, 0x48)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

11m50.745172662s ago: executing program 2 (id=1348):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0x7fff8000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)

11m48.712363017s ago: executing program 2 (id=1351):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=")
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
lseek(r1, 0x4, 0x1)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
request_key(&(0x7f00000000c0)='logon\x00', 0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESUME(0xffffffffffffffff, 0x4147, 0x0)

11m41.732141202s ago: executing program 2 (id=1361):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
close(r0)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r6 = syz_io_uring_setup(0x72ae, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0x36}, &(0x7f0000000500), &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000000))
syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x2, 0x1, 0x1}, &(0x7f00000004c0)=<r8=>0x0, 0x0, &(0x7f0000000000))
syz_io_uring_submit(r8, r7, 0x0, &(0x7f0000000000))
io_uring_enter(r6, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x2000, 0x48)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x800)
socket$nl_generic(0x10, 0x3, 0x10)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

11m39.292655711s ago: executing program 2 (id=1364):
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80, 0x400000)
fcntl$lock(r0, 0x7, &(0x7f00000003c0)={0x3, 0x1, 0x12, 0x2000000000800})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$tipc(0x1e, 0x5, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x8c0002)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_SETCONFIGURATION(r4, 0x80045505, &(0x7f0000000000)=0x1)
r5 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000540)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x8040)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@enum={0x3, 0x0, 0x0, 0xf, 0x4000000}, @struct]}}, &(0x7f0000002200)=""/4110, 0x32, 0x100e, 0x1}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT=r0, @ANYRES16=r4, @ANYBLOB="0000000000000000000000000000000000000036c2dd686e59", @ANYRES32, @ANYBLOB], 0x48)
setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f00000008c0)={'filter\x00', 0x104, 0x4, 0x3e8, 0x0, 0x110, 0x0, 0x300, 0x300, 0x3e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private=0xa010100, @broadcast, 0x4}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x5, 'syz1\x00', {0x2}}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x101, 0xfffa}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x4e21, 0x20000000, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x8}, 0x1c)
getsockopt$sock_buf(r7, 0x1, 0x19, &(0x7f0000002f80)=""/217, &(0x7f0000003080)=0xd9)

11m38.021867062s ago: executing program 2 (id=1367):
socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r1, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(r1, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="0209000002"], 0x10}}, 0x0)

11m36.863133969s ago: executing program 2 (id=1370):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xfff9, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x58, 0x2c, 0xf3f, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xf}, {}, {0x7, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x28, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x45aa, 0x2, 0x6}, {0x1, 0x1, 0x0, "17"}}}]}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20041090}, 0x810)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$kcm(r2, &(0x7f0000000200)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x4}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000080)='-<', 0x2}], 0x1}, 0x4c00c)

11m21.439291766s ago: executing program 33 (id=1370):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xfff9, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x58, 0x2c, 0xf3f, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xf}, {}, {0x7, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x28, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x45aa, 0x2, 0x6}, {0x1, 0x1, 0x0, "17"}}}]}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20041090}, 0x810)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$kcm(r2, &(0x7f0000000200)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x4}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000080)='-<', 0x2}], 0x1}, 0x4c00c)

9.967268794s ago: executing program 4 (id=2583):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prctl$PR_SET_TSC(0x1a, 0x1)
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
connect$inet6(r3, 0x0, 0x0)
sendto$inet6(r3, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228ee1f5b48", 0xfffffffffffffe57, 0x8000, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002003, 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d0000000000000000", @ANYRESHEX=0x0], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
read(r4, &(0x7f0000000200)=""/189, 0xbd)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(0x0, r5)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, r6, 0x401, 0x70bd25, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
preadv(r7, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0)
setregid(0xffffffffffffffff, 0x0)
setgroups(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file3\x00', &(0x7f0000000480), 0x8000, &(0x7f0000001680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYBLOB="2c6163636573733d636c69656e742c6e6f78617474722c666f776e65723c542560e6534111c1a4464d00ef3b41573e2bcd31deeb81a47bf756135f071b14e02b93a171dd481d59f5e61048fad43ee3be7472afdb3013f548b18572e371a1a9ff28b484bacc5dc3c8a74628a995f35a48b63394e6069e3621fd7968c610a8eaa4ab3808d6292f1901c54cc8626a0a2ec893849e8b1f654c423e18b3c97551253e1da1fb4720cd8eb7ce62f8a79f566f863d36d881846ec9b9bbcc90bb7260e8f7e71a8adcdfe1216c1daa11c2c63e6882ea6171f986692b34a45c16c564b26a2cb577cee44ffb4a1edd8367c9b3367f5e4896b573b67de935ea0f5cf651c16558c7d7de2fd9ffc6f729ffe2128f6d933fcf64d0d1b4678fcb78bb78446350458895d42ca73d216750a0c014dae8b86142d9f64215015587a3cae80ae570ff558fddf5a91a8e0ed319d3b31185ea3eee4fe07d68bc6a10680ff34d2bf9fb25975d9ceecf7eb78108262f2b78f576aa266cb99e121d86addee85143f1c4a4e378e842bcb5accfcd626d2159852efd6ba0d6dbd7cbd9a4d961e7e364ff3435be810000", @ANYRESDEC, @ANYBLOB=',uid=', @ANYRESDEC=0x0, @ANYBLOB=',smackfsdef=\t(/^:$}},fsname=smaps\x00,smackfsfloor=\x00,appraise_type=imasig,obj_type=\x00'])

9.901730847s ago: executing program 1 (id=2584):
syz_mount_image$exfat(&(0x7f0000006c00), &(0x7f0000001b40)='./file0\x00', 0x2080089e, &(0x7f0000001b80)=ANY=[], 0x1, 0x1503, &(0x7f0000000580)="$eJzs3Au4T9XWMPAx5pyLbSf928lls8Yci3/amCRJLgm5JEmSJLklJCRJQmKTWxKSkHuSe0guO3Zyv99yT5Ij7SQJyS3M79Hp/Zz3dN7T936n7/M+Z4/f88zHHNZ/jP9Ye+xnr7X+z7P3952HVmtQvXI9ZoZ/Cf71n1QASACAAQBwAwAEAFAqqVTSlePZNKb+a28i/lyPzrjWHYhrSeafucn8MzeZf+Ym88/cZP6Zm8w/c5P5Z24yfyEys20z894oK/Mu+fw/M5Pr/7+RjGLjvt5Q7OYu/40UmX/mJvP/N5f1nx+W+WduMv/MTeafucn8//1V+ifHZP6Zm8xfiMzsWn/+LOvarmv9/SeEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQInM4568yAPAf+2vdlxBCCCGEEEIIIf48Puu17kAIIYQQQgghhBD/7yEo0GAggCyQFRIgGyTCdZAdrocccAPE4EZIgpsgJ9wMuSA35IG8kAz5ID+EQGCBIYICUBDicAsUglshBQpDESgKDopBcbgNSsDtUBLugFJwJ5SGu6AMlIVyUB7uhgpwD1SESlAZ7oUqUBWqQXW4D2rA/VATHoBa8CDUhoegDjwMdeERqAePQn14DBrA49AQnoBG0BiaQFNo9n+V/zJ0h1egB/SEVOgFveFV6AN9oR/0hwHwGgyE12EQvAGDYQgMhTdhGLwFw+FtGAEjYRS8A6NhDIyFcTAeJsBEeBcmwXswGd6HKTAVpsF0mAEzYRZ8ALNhDsyFD2EefATzYQEshEWQBh/DYlgC6fAJLIVPYRkshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG3wG22EH7IRdsBv2wF74HPbBF7AfvoQD8NV/M//s3+V3QUBAhQoNGsyCWTABEzAREzE7ZsccmANjGMMkTMKcmBNzYS7Mg3kwGZMxP+ZHQkJGxgJYAOMYx0JYCFMwBYtgEXTosDgWxxJ4O5bEklgKS2FpLI1lsCyWxfJYHitgBayIFbEyVsYqWAWrYTW8D+/D+7Em1sRaWAtrY22sg3WwLtbFelgP62N9bIANsCE2xEbYCJtgE2yGzbA5NscW2AJbYStsja2xDbbBdtgO22N77IAdsCN2xE7YCTtjZ+yCXbErvowv4yv4CvbEKqoX9sbe2Af7YD/sj/3xNRyIr+Pr+AYOxiE4FN/EN/EtHI5ncASOxFE4CiuoMTgWxyGrCTgRJ+IknISTcTJOwak4FafjDJyJs3AWzsY5OAc/xHn4EX6EC3ABLsI0TMPFuATTMR2X4llchstxBa7EVbgaV+FaXIdrcQNuxA24GTfjVtyKn+FnuAN34C7chXtwD36On+MX+AUOxgN4AA/iQTyEh/AwHsYMzMAjeASP4lE8hsfwOB7HE3gST+FJPI2n8QyexXN4Di/gBbyILyZ/W39P4fWDQV1hlFFZVBaVoBJUokpU2VV2lUPlUDEVU0kqSeVUOVUulUvlUXlUskpW+VV+RYoUq0gVUAUSAEAVUoVUikpRRVQR5ZRTxVVxVUKVUCVVSVVK3alKq7tUGVVWtXTlVXlVQbVyFVUlVVlVVlVUVVVNVVfVVQ1VQ9VUNVUtVUvVVrVVHfWwqqt6YT98VF2ZTAM1BBuqodhINVZNVFP1Fj6pmqvh2EK1VK3U02okjsA2qrlrp55V7dVY7KCeV+PwBdVJTcDO6iXVRXVV3dTLqrtq4XqonmoK9lK91XTso/qqfqq/mo1V1ZWJVVNvqMFqiBqq3lSL8C01XL2tRqiRapR6R41WY9RYNU6NVxPURPWumqTeU5PV+2qKmqqmqelqhpqpZqkP1Gw1R81VH6p56iM1Xy1QC9UilaY+VovVEpWuPlFL1adqmVquVqiVapVardaotWqdWq82qI1qk9qstqitapv6TG1XO9ROtUvtVnvUXvW52qe+UPvVl+qA+kodVH9Rh9TX6rD6RmWob9UR9Z06qr5Xx9QP6rj6UZ1QJ9Up9ZM6rX5WZ9RZdU6dVxfUL+qiuqQuK69Ao1Zaa6MDnUVn1Qk6m07U1+ns+nqdQ9+gY/pGnaRv0jn1zTqXzq3z6Lw6WefT+XWoSVvNOtIFdEEd17foQvpWnaIL6yK6qHa6mC6ub9Ml9O26pL5Dl9J36tL6Ll1Gl9XldHl9t66g79EVdSVdWd+rq+iqupquru/TNfT9uqZ+QNfSD+ra+iFdRz+s6+pHdD39qK6vH9MN9OO6oX5CN9KNdRPdVDfTT+rm+indQrfUrfTTurV+RrfRbXU7/axur5/THfTzuqN+QXfSL+rO+iXdRXfV3fQlfVl73UP31Km6l+6tX9V9dDr00/31AP2aHqhf14P0G3qwHqKH6jf1MP2WHq7f1iP0SD1Kv6NH6zF6rB6nx+sJeqJ+V0/S7+nJ+n09RU/V0/R0PUPP1P1+qzT37/J7/XbV/dv89/5B/qBf332r3qY/09v1Dr1T79K79R69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WGTpDH9FH9FF9VB/Tx/RxfVyf0Cf1ef2TPq1/1mf0WX1Wn9cX9AV98bevARg0ymhjTGCymKwmwWQzieY6k91cb3KYG0zM3GiSzE0mp7nZ5DK5TR6T1ySbfCa/CQ0Za9hEpoApaOLmFlPI3GpSTGFTxBQ1zhQzxc1t/3L+H/XXzDQzzU1z08K0MK1MK9PatDZtTBvTzrQz7U1708F0MB1NR9PJdDKdTWfTxXQx3Uw30910Nz1MD5NqUk1v86rpY/qafqa/GWBeMwPNQDPIDDKDzWAz1Aw1w8wwM9wMNyPMCDPKjDKjzWgz1ow14814M9FMNJPMJDPZTDZTzBQzzUwzM8wMM8vMMrPNbDPXzDXzzDwz38w3C81Ck2bSzGKz2KSbdLPULDXLzHKz3Kw0K81qs9qsNWvNerPebDQbzWaz2Swz28w2s91sNzvNTrPb7DZ7zV6zz+wz+81+c8AcMAfNQXPIHDKHzWGTYTLMEXPEHDVHzTFzrNdxc9ycMCfMKXPKnDanzRlzxpwz58wFc8FcNBfNZXP5ym1foAIVmMAEWYIsQUKQECQGiUH2IHuQI8gRxIJYkBQkBTmDm4NcQe4gT5A3SA7yBfmDMKDABhxEQYGgYBAPbgkKBbcGKUHhoEhQNHBBsaB4cFtQIrg9KBncEZQK7gxKB3cFZYKyQbmgfHB3UCG4J6gYVAoqB/cGVYKqQbWgenBfUCO4P6gZPBDUCh4MagcPBXWCh4O6wSNBveDRoH7wWNAgeDxoGDwRNAoaB02CpkGzP7W+92dyP+V6hD3D1LBX2Dt8NewT9g37hf3DAeFr4cDw9XBQ+EY4OBwSDg3fDIeFb4XDw7fDEeHIcFT4Tjg6HKMBIBwfTggnhu+Gk8L3wsnh++GUcGo4LZwezghnhrPCD8LZ4ZxwbvhhOC/8KJwfLggXhovCtPDjcHG4JEwPPwmXhp+Gy8Ll4YpwZbgqXH3+RoBwXbg+3BBuDDeFm8Mt4dZwW/hZuD3cEe4Md4W7wz3h3vDzcF/4Rbg//DI8EH4VHgz/Eh4Kvw4Ph9+EGeG34ZHwu/Bo+H14LPwhPB7+GJ4IT4anwp/C0+HP4ZnwbHguPB9eCH8JL4aXwsuhv3Jzf+XyToYMZaEslEAJlEiJlJ2yUw7KQTGKURIlUU7KSbkoF+WhPJRMyZSf8tMVTEwFqADFKU6FqBClUAoVoSLkyFFxKk4lqASVpJJUikpRaSpNZagMlaNydDfdTffQPVSJKtG9dC9VpapUnapTDapBNakm1aJaVJtqUx2qQ3WpLtWjelSf6lMDakANqSE1okbUhJpQM2pGzak5taAW1IpaUWtqTW2oDbWjdtSe2lMH6kAdqSN1ok7UmTpTF+pC3agbdafu1IN6UCqlUm/qTX2oD/WjfjSABtBAGkiDaBANpsE0lIbSMBpGw2k4jaCRNIreodE0hsbSOBpPE2giTaRJNIkm02SaQlNoGk2jGTSDZtEsmk2zaS7NpXk0j+bTfFpICymN0mgxLaZ0SqeltJSW0TJaQStoFa2iNbSG1tE62kAbaBNtoi20hbbRNtpO22kn7aTdtJv20l7aR/toP+2nA3SADtJBOkSH6DAdpgzKoCN0hI7SUTpGx+g4HacTdIJO0Sk6TafpDJ2hc3SOLtAvdJEu0WXylGAVJNrrbHZ7vc1hb7AJNpv92ziPzWuTbT6b34Y2l839n2Ky1qbYwraILWqdLWaL29t+F5exZW05W97ebSvYe2zF38U17P22pn3A1rIP2ur2vt/irL/Gte1Dto593Na1T9h6trGtb5vaBvZx29A+YRvZxraJbWpb22dsG9vWtrPP2vb2ud/Fi+0Su86utxvsRrvPfmHP2fP2qP3eXrC/2B62px1gX7MD7et2kH3DDrZDfhePsu/Y0XaMHWvH2fF2wu/iaXa6nWFn2ln2AzvbzvldnGY/tvNsup1vF9iFdtGv8ZWe0u0ndqn91C6zy+0Ku9KusqvtGrv2f/e60m62W+xWu9d+brfbHXan3WV32z2/xlfOY7/90h6wX9kj9jt7yH5tD9tjNsN++2t85fyO2R/scfujPWFP2lP2J3va/mzP2LO/nv+Vc//JXrKXrbfAyIo1Gw44C2flBM7GiXwdZ+frOQffwDG+kZP4Js7JN3Muzs15OC8ncz7OzyETW2aOuAAX5DjfwoX4Vk7hwlyEi7LjYlycb+MSfDuX5Du4FN/JpfkuLsNluRyX57u5At/DFbkSV+Z7uQpX5Wpcne/jGnw/1+QHuBY/yLX5Ia7DD3NdfoTr8aNcnx/jBvw4N+QnuBE35ibclJvxk9ycn+IW3JJb8dPcmp/hNtyW2/Gz3J6f4w78PHfkF7gTv8id+SXuwl25G7/M3fkV7sE9OZV7cW9+lftwX+7H/XkAv8YD+XUexG/wYB7CQ/lNHsZv8XB+m0fwSB7F7/BoHsNjeRyP5wk8kd/ls2lt81y515vCU3kaT+cZPJNn8Qc8m+fwXP6Q5/FHPJ8X8EJexGn8MS/mJZzOn/BS/pSX8XJewSt5Fa/mNbyW1/F63sAbeRNv5i28lbfxZ7ydd/BO3sW7eQ/v5c95H3/B+/lLPsBf8UH+Cx/ir/kwf8MZ/C0f4e/4KH/Px/gHPs4/8gk+yaf4Jz7NP/MZPsvn+Dxf4F/4Il/iy+wZIoxUpCMTBVGWKGuUEGWLEqProuzR9VGO6IYoFt0YJUU3RTmjm6NcUe4oT5Q3So7yRfmjMKLIRhxFUYGoYBSPbokKRbdGKVHhqEhUNHJRsah4dFtUIro9KhndEZWK7oxKR3dFZaKy0eMPlo/ujipE90QVo0pR5ejeqEpUNaoWVY/ui2pE90c1oweiWtGDUcnooahO9HBUN3okqhc9GtWPHosaRI9HDaMnokZR46hJ1DRqFj0ZNY+eilpELaNW0dNR6+iZqE3UNmoXPRu1j577w+OpUa+od/Rq9Grk/QN6YXxRPC3+cXxxfEk8Pf5JfGn80/iy+PL4ivjK+Kr46via+Nr4uvj6+Ib4xvim+Ob4lvjWuPfVs4JDp5x2xgUui8vqElw2l+iuc9nd9S6Hu8HF3I0uyd3kcrqbXS6X2+VxeV2yy+fyu9CRs45d5Aq4gi7ubnGF3K0uxRV2RVxR51wxV9w1dc1cM9fcPeVauJaulXvaPe2ecc+4tq6te9a1d8+5Du5519G94Dq5F92L7iXXxXV13dzLrrt7xfVwPV2qS3W9XW/Xx/Vx/Vw/N8ANcAPdQDfIDXKD3WA31A11w9wwN9wNdyPcCDfKjXKj3Wg31o114914N9FNdJPcJDfZTXZT3BQ3zU1zM9wMN8vNcrPdbDfXzXXzUua5+W6+W+gWujSX5ha7xS7dpbulbqlb5pa5FW6FW+VWuTVujVvn1rkNboPb5Da5LW6L2+a2ue1uu9vpdrrdbrfb6/a6fW6f2+/2uwPugDvoDrpD7pA77L5xGe5bd8R95466790x94M77n50J9xJd8r95E67n90Zd9adc+fdBfeLu+guucvOu4mxd2OTYu/FJsfej02JTY1Ni02PzYjNjM2KfRCbHZsTmxv7MDYv9lFsfmxBbGFsUSwt9nFscWxJLD32SWxp7NPYstjy2IrYytiq2OqY9/m2R76AL+jj/hZfyN/qU3xhX8QX9c4X88X9bb6Ev92X9Hf4Uv5OX9rf5cv4sr6cf8I38o19E9/UN/NP+ub+Kd/Ct/St/NO+tX/Gt/FtfTv/rG/vn/Md/PO+o3/Bd/Iv+s7+Jd/Fd/Xd/Mu+u3/F9/A9farv5Xv7V30f39f38/39AP+aH+hf94P8G36wH+KH+jf9MP+WH+7f9iP8SD/Kv+NH+zF+rB/nx/sJfqJ/10/y7/nJ/n0/xU/10/x0P8PP9LP8B362n+Pn+g/9PP+Rn+8X+IV+kU/zH/vFfolP95/4pf5Tv8wv9yv8Sr/Kr/Zr/Fq/zq/3G/xGv8lv9lv8Vr/Nf+a3+x1+p9/ld/s9fq//3O/zX/j9/kt/wH/lD/q/+EP+a3/Yf+Mz/Lf+iP/OH/Xf+2P+B3/c/+hP+JP+lP/Jn/Y/+zP+rD/nz/sL/hd/0V/yl+V31oQQQggh/o/oPzje6x/8n/ptXdEbAK7fkTfj72tuyvXXfV+V3DoGAM/27Pzof6wqVVJTU3977TINQcEFABC7mp8FrsbLoRU8A+2gJZT4h/31VV0v8B/Uj98JkHi18q8S4e/r3/5f1H/y6VGLS0fnkv5J/QUAKQWv5mSDq/HV+iX/i/q5m/9B/9m+ngjQ4m9yssPV+Gr94vAUPAft/tMrhRBCCCGEEEKIv+qrynX8o+fnK8/nyeZqTla4Gv/R87kQQgghhBBCCCGuvRe6dmv7ZLt2LTvK5l/YVPyf0YZsZPOnba71TyYhhBBCCCHEn+3qTf+17kQIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhMi8/n/8ObFrfY5CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHEtfa/AgAA//9OvTcs")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000600)=0x8)

7.218594424s ago: executing program 4 (id=2587):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000180)=""/40}, 0x20)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000004500)={0x14, 0x0, &(0x7f0000004400)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000312000000120350"], 0x0, 0x0}, 0x0)

7.03835121s ago: executing program 1 (id=2588):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @dev={0xfe, 0x80, '\x00', 0x40}, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000180)=[{0x18, 0x29, 0x37, "a06c00b2"}], 0x18}}], 0x1, 0x4000000)

5.931576296s ago: executing program 1 (id=2591):
syz_mount_image$f2fs(&(0x7f0000000200), &(0x7f00000001c0)='./bus\x00', 0x810, &(0x7f0000000000)=ANY=[], 0xfd, 0x1067a, &(0x7f0000010ac0)="$eJzs3E1vVFUYAOB3KKWAiMTwYeLCmxiTNnEaphQi0SgqREmAED8WbtRp5zIZ6PTWdiiVjS40ceHfYGfcuPAXuPF/mBjjRhN3mpp77ym2VZCPoXw9T3L7nnPm3HPPmbTpvPe2J4DH1r7sj98bsTd2RWwfiYg9EWU5GumonKjDMxHxXERsW3c0Uvv1hh0RsTsi9paDR4ykPuVL337y/V/LV898de3lXz48fu23xv1bNbDVXttUfyEi+gt1+Uq/jkW3jhdTe3u5V8X+9HKK9Qv9S6le1PFKPlONcKW91q9dxSPdun+xcHmpjBfm2rNl7PYuVO0L8/UFl5a7a+NUJ1xsL1b1Tj5Txd5SUcXu1XpeKyleXRrU43TSeJ9Ww8dgsBbr9nwlr9ezcKmKs/OD1F5EnN5RXmilrC+nmC4Xs8Vcp5rHzG2+2Q+RM735yyvZcr641Cvms6OTrZcmW8earcWikw/y6Wa73zk2nY1358puzUHe7p/oFkV3Lp+cLfoT2Xh3drbZamXjJ/OZXns+a7Umj0webh6dSKUXs7fOvZ/NdbLxMr7Rm7886M0tZReKxaw+YyKbmjxyfCJ7vpW9e/Z8dv6dU6fOnn/vo5MfnHv97Ok3U6e1aY1V3xODfDobnzo8NdVsHW5OtSbudv3l78iHY/3XpzXE9cNd8UkS4Laty/9D/g9sFfl/yv/L+XXylbEN+f9oepfk/2v5b//Zuv9W578x3Px3152u/xHK/0dv+wy4EZ8kAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeWz+Nfvd2VdhX159I7U+mpqcj4lBEdjAiDkTsiIjVzUaq5n/sj4hGKv+r8+rq6uimOfzQqAcuzxlLx+6IOJGOP5+61+8CAAAAPLq++fGLLyNGymL15dX7PSG2Urpps3NY41W3fLbf4MXN93z+1/5qsJW7nlXtwNqQQ3GwXNC+X4c02qGI2Lbn45v0eGVIV6p9nn7cr4ed60KjDtuGekUAAOCBsDETuFH2BgAAwMPv6/s9AYbulp62Ntb1TM+Cx+qQHgju2lADAAAAHgyrn22s3/TPeBv3eDIAAADA8Nzp/+pW+f8t7v8Xaf+//9zPb/3+fz/b/w8AAAAeKPX+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwNzv3k6s0EMcB/Ae1PvwXieHPEbwCK8OSBYfwCC49gN7GHUcwJoRz4M4jGDAM4wJsDLFT8JHPJ+mb6fT12x+wmg4UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjS93q1+LL59Lltzu7rvpUyrwYAAABosq1Xi9QZHvdf5PFXeehNREwjYhIR44homrtX8fQkcxQRvdxv+v/6rIZvESnhcM5D3p5HxDxvP193/S4AAADA/dqsZ8uI6tBNf97duiBaefuXY/M/h/JNm0Gpy6dbPk9KpY1S2MdCaePfkUVMIqIe/iiUNo2I/sv3hdIuUuXm5LNPO71j079mNQAAwHVUJ02x2RsAAAD/nQ+3LoDrOF/oTeu1+bv4eS34IR/apR/kP2s+DwAAAHg8ercuAAAAAOhcmv97/h8AAADct+Pz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjStl4tNuvZsm3Obn+5QcPYP12037ZqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfrE/LykMw0AQBTv/6E4iJ8vhTYMNXnjtjatA8JhBCAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLXc1pP7Fo/GL8mz08ar45nk3VXj01Xj23Vj9MJM/ocv7I1zPgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+3N3AiEQBGGw7/zPaTH/sKRBYxChChY+ZpiHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DN+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwv7c2yYMhHEcfn1JlLhNRkhvJTADDRWCEfiQkCx5BgZgIRoqWotFYAWQ4FzTmYLnaf6/4op7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtPl4Yu3iCgidZkijTc/p/eI+Ii0bdvR5y2L3fnYfN1ztj9Mcn7H9LeMiDKKPs4BAOhd1W2O1bpe/uX9zzvIO8xbzZt68cxPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFf27aYlvioMAPgzr3/NRbVxUZugQDc1jb2NMNvACKKNi5aDTiKNJaOBigT2DYK+QPtaue0zuAxcFBQtAnNhEkGbYmbu6FVHs8J7B+f3gzP3uec4555HQXjmnAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4V04PYmYYFyLiufJl3HN8tr8y6npyfjR7cn4Uz5wfzX7wbXkzPWdvikpEfLjeab+aYS7j5rNr91u7ex+1Op129wGDJxk+K7OgGhHXhr77eZDnmKwwh+DR5V66+Ve+LZjKe83TETFiKEr/bcKs/zMBAPDYVZLWq+t/rBwu9foKzYi/vrpa/8+l4vjn+r/f/vj683fSz0rX//XMMhwbPzx9y0Bte2OztrW79/L6Rmutvdb+uL64+PobjbfeXKjX+p+V1Cb9ExMAAAD+r2rS0vV/sXlz//+pYVwZXO9T/3/67vvP9/qmkveW7lP/Vx8s1bF1uemX90oAAAAm27Mv/P5bYUR/oVqNndb2drc+eL24X9hpLUd3IYel3uXX/uvy1c4nSSum+krNbBcGAAAA5OP0oDATEYfD+9XkOvL8//zl+9L7/99/WX4vPWcpIqaT/f9XVj7prGaSyfjL4vvJeecIAABAvqaTlj7/X+mf/y9f/EwxIuZfHMTD3uOz/f65/rvO/8+99M0v6Welz/+/ll2KOSnePdoY/D7610ZEuZHZwgAAAJhAU0nr1f8/VWKp++cXb1ebk/gtfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL/ZsWOUhqEwDuAvTRNxEAXBxcUTiG5OBQfBe4iC4BG8gnfwCuI9MoqOzpJBHFzlJe9pKAURSgP294OP/1fSNl8z9XsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH/Tnv70ZQihSP0k5fP77UXMl7mM3j6avVhh8DkWK07GngAAAIB1UKaKXqvH85iTWQhtHar8nrjz32/1fd7n5/f+nHn3j7VfPn1+32inv0/80qvrm8ujlf3C8W3+cn27j3rBpYc+pt2T785eynwIs9tW3fMs7prmrO7ajSUPDgAszWHO1OT/QzGPxxwMgP/sYPhimioM9v9yNspcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACv1FQAA//8bH1//")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x109342, 0x0)
write$FUSE_IOCTL(r1, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x9, 0x0, 0x8001, 0x2}}, 0x20)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0)

3.671711s ago: executing program 3 (id=2600):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x2)
tkill(r0, 0x7)
wait4(r0, 0x0, 0x0, 0x0)

3.529259035s ago: executing program 5 (id=2601):
syz_emit_ethernet(0xcd, &(0x7f0000000200)={@empty, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfd}, @val={@val={0x88a8, 0x4, 0x0, 0x4}, {0x806}}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x3, 0x9, 0xb7, 0x67, 0x0, 0x76, 0x4, 0x0, @broadcast, @multicast2}, "e2b542fb004407e2557cc1a21f51ac80ed538d438f54c3d024e8333e3db62af5091cf7ccefe3b123971d1e55ab54d5162f989c7f25bbf8cb9989310189d22feebaa80000c1a3fe084f1ce49615c63d640c434be5cdb28e08835a777477209b2010f0bdda5ecb8db7745d8ec33c4b4b441a0f8a2dbc1dc6a411dbd90b906f8ef40a3a3251298aae5e7c1b084c14796d364da69fc3317f559e81a7f107000000c2bad517"}}}}, 0x0)

3.444472138s ago: executing program 3 (id=2602):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x20, 0x1)
syz_emit_ethernet(0x0, 0x0, 0x0)
umount2(&(0x7f0000000340)='./file0\x00', 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_GET_CPUID2(r2, 0xc008ae91, &(0x7f0000000340))

3.307576722s ago: executing program 5 (id=2603):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={0x64, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x10, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @empty}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008004}, 0x4)

3.06160498s ago: executing program 5 (id=2604):
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000140)={0x18, 0x2, {0xffff, @loopback}}, 0x1e)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x6a700, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
close(0x3)
setresuid(0x0, 0xee00, 0x0)
capset(0x0, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x7, 0x7})
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$XFS_IOC_COMMIT_RANGE(r1, 0x40585883, 0x0)

2.959377014s ago: executing program 3 (id=2605):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x149a82, 0x0)
ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000200)=r2)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)
ioctl$TUNSETLINK(r4, 0x400454cd, 0x205)

2.835655128s ago: executing program 4 (id=2606):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a0000000000", @ANYBLOB], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

2.818209468s ago: executing program 5 (id=2607):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet(0xa, 0x1, 0x0)
accept$inet(r3, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x138, 0x98, 0x138, 0x11, 0x0, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x3}}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x9, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)

2.518499218s ago: executing program 4 (id=2608):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0xb5d6)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback, 0xffffffff}, 0x1c)

2.438205571s ago: executing program 3 (id=2609):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
fcntl$setpipe(r0, 0x407, 0x9)
pipe2$9p(&(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x40, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
read$FUSE(r0, &(0x7f0000003140)={0x2020}, 0x2020)
fcntl$setpipe(r2, 0x407, 0x2)

2.355755743s ago: executing program 1 (id=2610):
syz_mount_image$ext4(&(0x7f00000008c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x800080, &(0x7f0000000640), 0x1, 0x46b, &(0x7f0000001680)="$eJzs28tvG8UfAPDvbuL0/Ut+pTz6AAIFEfFImrZADxwAgcShSEhwgGOUpFWp26AmSG1VQYtQOSGExB1x5F/gBBeEOCFxhTuqVKFe2nIyWu9u47i2m6R2XOrPR9pkZnd2Z77eHXt2xw5gYI1nf5KI7RHxR0SM5tmVBcbzfzeuXZi9ee3CbBK12rt/J/Vy169dmC2LlvttKzITaUT6eRJ7W9S7eO78yZlqdf5MkZ9aOvXR1OK58y+cODVzfP74/OmD6ZHDh6Zffungi12JM2vT9T2fLOzb/dYHX7999Mts3UgZf1McXTLeaePTtVqXq+uvHQ3pZLiPDWFNhiIiO12Vev8fjaFYPnmj8eZnfW0c0FO1Wq22rf3mizXgPra14Z0gk3f5bIxfaVgL3H/KD/rs/rdcmgcBr/Zm6HFPuPpafgOUxX2jWPItw5EWZSpN97fdNB4R71/859tsid48hwAAWOHHbPzzfKvxXxoPNZT7XzE3NBYR/4+InRHxQETsiogHI+plH46IR9ZYf/Mkye3jn/TKugJbpWz890oxt7Vy/FeO/mJsqMjtqMdfSY6dqM4fKF6TiahsyvLTHer46Y3fv2q3rXH8ly1Z/eVYsGjHleFNK/eZm1mauZuYG129FLFnuFX8ya2ZgCQidkfEnnXWceLZ7/e123bn+DvowjxT7buIZ/LzfzGa4i8lLecnj5Tzk1Obozp/YKq8Km7362+X32lX/13F3wXZ+d/a8vq/Ff9Y0jhfu7j2Oi7/+UXbe5pVXv9jjftk1/9I8l49PVKsOzuztHRmOmIkOZo3unH9weV9y3xZPot/Yn/r/r8zll+JvRGRXcSPRsRjEfF40fYnIuLJiNjfIf5fXn/qw/XH31tZ/HNrOv/LiZFoXtM6MXTy5x9WVDp2W/w3O5//w/XURLFmNe9/q2nX+q5mAAAA+O9JI2J7JOnkrXSaTk7m35ffFZFWFxaXnju28PHpufw3AmNRScsnXaMNz0Oni9v6PH8pIvKvFpTbDxXPjb8Z2lLPT84uVOf6HTwMuG1t+n/mr6F+tw7oOb/XgsGl/8Pg0v9hcLXu/1s2vB3AxmvR/3V+GBCtPv8/7UM7gI3X1P9N+8EA8fwPBpf+D4NL/4eBtLgl7vwj+Y6J8kjr3L1TYvhsfujuH3kDElG5J5qRJzZ3/8iR3gNxSfQs0cc3JQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC76NwAA//9G8NFr")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = open$dir(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000fd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e9440ecefeeff9ac332718fea1f10359082e3a1130c0f9107ad913e8631dae7e4c5dc3666d841830ab80a15c"], 0x68)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, 0x0)
getdents64(r0, 0x0, 0x0)

1.410795584s ago: executing program 5 (id=2611):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r1, 0x6, 0xd, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x3ff8)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x10e6, &(0x7f0000000b40)={0x0, 0xbdee, 0x8, 0x400002, 0x1ef}, &(0x7f0000000040), &(0x7f0000000280), &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8)
madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x3394c2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$phonet_pipe(0x23, 0x5, 0x2)
r4 = socket$unix(0x1, 0x2, 0x0)
getsockopt$MRT6(0xffffffffffffffff, 0x29, 0xd0, &(0x7f0000000440), 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000140)={'wlan1\x00'})

1.397460065s ago: executing program 4 (id=2612):
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000a00)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@resgid}, {@barrier}, {@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x400}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff2, 0x4012011, r1, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
fdatasync(r1)
futex(&(0x7f0000000000), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x3)

1.163735342s ago: executing program 1 (id=2613):
syz_emit_ethernet(0xae, &(0x7f0000000240)=ANY=[@ANYBLOB="05c38c886b"], 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x9, 0x1, 0x2, 0x9, 0x42}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%-010d \x00'}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r1, &(0x7f0000000240), 0x0}, 0x20)
r2 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, 0x0)

1.020603407s ago: executing program 1 (id=2614):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000040)=0x80000000, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

354.241869ms ago: executing program 3 (id=2615):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000ac0)={0x2, 0x0, [{0x1, 0x8001, 0x1, 0x1e89, 0x9, 0x800009}, {0xa, 0xfbff, 0x2, 0x0, 0xc8, 0x400101, 0xe}]})

147.873356ms ago: executing program 5 (id=2616):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x1022002, 0x0)
r1 = dup(r0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
poll(&(0x7f0000000100)=[{r1, 0x4}], 0x1, 0xd07)

3.31415ms ago: executing program 3 (id=2617):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a0000000000", @ANYBLOB], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 4 (id=2625):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f1821a4e4cbec8438c571a70e7ca7b0451a6cc55c", 0x98})
ptrace$setregset(0x4205, r0, 0x2, &(0x7f00000001c0)={&(0x7f0000000140)="c9052204", 0x4})

kernel console output (not intermixed with test programs):

ic 0003:28BD:0094.0004: failed retrieving pen parameters: -71
[ 1789.389984][ T5827] uclogic 0003:28BD:0094.0004: pen probing failed: -71
[ 1789.401630][ T5827] uclogic 0003:28BD:0094.0004: failed probing parameters: -71
[ 1789.419415][ T5827] uclogic: probe of 0003:28BD:0094.0004 failed with error -71
[ 1789.447683][ T5827] usb 2-1: USB disconnect, device number 8
[ 1789.798430][T16539] loop4: detected capacity change from 0 to 16
[ 1789.825863][T16539] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1789.863549][T16539] syz.4.2190: attempt to access beyond end of device
[ 1789.863549][T16539] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1789.894783][T16539] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -32 in[46, 4050] out[4096]
[ 1789.897672][T16537] loop5: detected capacity change from 0 to 32768
[ 1789.914449][   T27] audit: type=1800 audit(1774885602.066:247): pid=16539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2190" name="file2" dev="loop4" ino=89 res=0 errno=0
[ 1789.962671][T16546] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -32 in[46, 4050] out[4096]
[ 1789.965873][T16537] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1789.998610][   T27] audit: type=1800 audit(1774885602.146:248): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2190" name="file2" dev="loop4" ino=89 res=0 errno=0
[ 1791.470176][T16556] overlayfs: missing 'lowerdir'
[ 1791.497742][T16537] XFS (loop5): Ending clean mount
[ 1791.975527][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1792.956528][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1793.175953][T12910] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1794.021893][T16578] overlayfs: missing 'lowerdir'
[ 1794.169261][T16580] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2195'.
[ 1796.351590][T12706] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 1796.391622][T12444] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 1796.455795][T16596] loop5: detected capacity change from 0 to 32768
[ 1796.541686][T12706] usb 4-1: Using ep0 maxpacket: 32
[ 1796.547072][   T27] audit: type=1800 audit(1774885608.686:249): pid=16596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2202" name="file1" dev="loop5" ino=4 res=0 errno=0
[ 1796.581578][T12444] usb 2-1: Using ep0 maxpacket: 32
[ 1796.597637][T16596] ERROR: (device loop5): dbAllocBits: leaf page corrupt
[ 1796.597637][T16596] 
[ 1796.610855][T12706] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1796.623360][T12444] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1796.629764][T12706] usb 4-1: config 0 has no interface number 0
[ 1796.642560][T16596] ERROR: (device loop5): remounting filesystem as read-only
[ 1796.645117][T12706] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1796.656014][T12444] usb 2-1: config 0 has no interface number 0
[ 1796.662845][T12706] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1796.677379][T12706] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1796.685483][T16596] syz.5.2202: attempt to access beyond end of device
[ 1796.685483][T16596] loop5: rw=34817, sector=4680704, nr_sectors = 968 limit=32768
[ 1796.689483][T12706] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1796.712200][T12444] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1796.722442][T12706] usb 4-1: config 0 descriptor??
[ 1796.741767][T12444] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1796.751144][  T112] blkno = 8ed80, nblocks = 79
[ 1796.757138][  T112] ERROR: (device loop5): dbFree: block to be freed is outside the map
[ 1796.757138][  T112] 
[ 1796.761590][T12444] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1796.802615][T12444] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1796.824206][T12444] usb 2-1: config 0 descriptor??
[ 1796.877897][T16596] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2202'.
[ 1796.929499][T16609] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2202'.
[ 1797.360012][T12706] usbhid 4-1:0.1: can't add hid device: -71
[ 1797.374130][T12706] usbhid: probe of 4-1:0.1 failed with error -71
[ 1797.389933][T12706] usb 4-1: USB disconnect, device number 6
[ 1797.454836][T12444] usbhid 2-1:0.1: can't add hid device: -71
[ 1797.470035][T12444] usbhid: probe of 2-1:0.1 failed with error -71
[ 1797.495782][T12444] usb 2-1: USB disconnect, device number 9
[ 1797.879530][T16620] loop5: detected capacity change from 0 to 16
[ 1797.907616][T16620] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1798.750678][T16620] 9pnet_fd: Insufficient options for proto=fd
[ 1799.725368][T16619] syz.5.2208: attempt to access beyond end of device
[ 1799.725368][T16619] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1799.781568][   T27] audit: type=1800 audit(1774885611.926:250): pid=16619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2208" name="file2" dev="loop5" ino=89 res=0 errno=0
[ 1800.148004][T16624] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2209'.
[ 1800.905739][T16630] loop1: detected capacity change from 0 to 2048
[ 1800.920746][T16630] UDF-fs: bad mount option "T�AS–VÂL`ýúàôÍøÈødZ(šyù¹¶tð2]�êʨ9“$£ˆ] 3»yì^RqŽ°_œýiø4‘" or missing value
[ 1802.599236][T16649] overlayfs: missing 'lowerdir'
[ 1802.800757][T12706] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 1802.961694][T12706] usb 2-1: device descriptor read/64, error -71
[ 1803.062859][T16656] sit0: entered promiscuous mode
[ 1803.085687][T16656] netlink: 'syz.5.2216': attribute type 1 has an invalid length.
[ 1803.121625][T16656] netlink: 1 bytes leftover after parsing attributes in process `syz.5.2216'.
[ 1803.241960][T12706] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1803.423398][T12706] usb 2-1: device descriptor read/64, error -71
[ 1803.474413][T16662] FAULT_INJECTION: forcing a failure.
[ 1803.474413][T16662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1803.508113][T16662] CPU: 0 PID: 16662 Comm: syz.5.2218 Not tainted syzkaller #0
[ 1803.515781][T16662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1803.525872][T16662] Call Trace:
[ 1803.529184][T16662]  <TASK>
[ 1803.532141][T16662]  dump_stack_lvl+0x18c/0x250
[ 1803.536871][T16662]  ? show_regs_print_info+0x20/0x20
[ 1803.542208][T16662]  ? load_image+0x400/0x400
[ 1803.546756][T16662]  ? __might_fault+0xaa/0x120
[ 1803.551552][T16662]  ? __lock_acquire+0x7d40/0x7d40
[ 1803.556622][T16662]  should_fail_ex+0x39d/0x4d0
[ 1803.561353][T16662]  _copy_from_user+0x2f/0xe0
[ 1803.566097][T16662]  ___sys_sendmsg+0x1c7/0x360
[ 1803.570808][T16662]  ? get_pid_task+0x20/0x1e0
[ 1803.575422][T16662]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1803.580212][T16662]  ? __lock_acquire+0x7d40/0x7d40
[ 1803.585271][T16662]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1803.590217][T16662]  ? __x64_sys_sendmsg+0x80/0x80
[ 1803.595174][T16662]  ? lockdep_hardirqs_on+0x98/0x150
[ 1803.600392][T16662]  do_syscall_64+0x55/0xa0
[ 1803.604826][T16662]  ? clear_bhb_loop+0x40/0x90
[ 1803.609532][T16662]  ? clear_bhb_loop+0x40/0x90
[ 1803.614226][T16662]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1803.620127][T16662] RIP: 0033:0x7f514719c819
[ 1803.624550][T16662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1803.644685][T16662] RSP: 002b:00007f5148086028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1803.653114][T16662] RAX: ffffffffffffffda RBX: 00007f5147415fa0 RCX: 00007f514719c819
[ 1803.661095][T16662] RDX: 0000000004040140 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1803.669281][T16662] RBP: 00007f5148086090 R08: 0000000000000000 R09: 0000000000000000
[ 1803.677267][T16662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1803.685250][T16662] R13: 00007f5147416038 R14: 00007f5147415fa0 R15: 00007ffe6c4c9cc8
[ 1803.693242][T16662]  </TASK>
[ 1803.712708][T12706] usb usb2-port1: attempt power cycle
[ 1804.066424][T16669] syz.3.2221: attempt to access beyond end of device
[ 1804.066424][T16669] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1804.081333][T16669] efs: cannot read volume header
[ 1804.142250][T12444] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1804.164562][T16669] loop3: detected capacity change from 0 to 4096
[ 1804.178661][T16669] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 1804.218799][T16669] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[ 1804.244650][T16669] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing.
[ 1804.262435][T16669] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[ 1804.278797][T16669] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[ 1804.334908][T12444] usb 6-1: Using ep0 maxpacket: 32
[ 1804.351442][T12444] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1804.368803][T12444] usb 6-1: config 0 has no interface number 0
[ 1804.385077][T12444] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1804.387328][T16669] ntfs: volume version 3.1.
[ 1804.396837][T12444] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1804.411227][T12444] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1804.421388][T12444] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1804.453134][T12444] usb 6-1: config 0 descriptor??
[ 1804.505019][T16669] ntfs: (device loop3): map_mft_record_page(): Mft record 0x44 is corrupt.  Run chkdsk.
[ 1804.520397][T16669] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[ 1804.531790][T16669] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x44 as bad.  Run chkdsk.
[ 1804.657973][T16673] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2222'.
[ 1804.855319][T15419] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1805.131686][T15419] usb 4-1: Using ep0 maxpacket: 8
[ 1805.170553][T15419] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1805.186618][T15419] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1805.196939][T15419] usb 4-1: can't read configurations, error -61
[ 1805.334903][T12444] usbhid 6-1:0.1: can't add hid device: -71
[ 1805.352521][T12444] usbhid: probe of 6-1:0.1 failed with error -71
[ 1805.362858][T15419] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[ 1805.383643][T12444] usb 6-1: USB disconnect, device number 13
[ 1806.557364][T15419] usb 4-1: Using ep0 maxpacket: 8
[ 1806.585528][T15419] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1806.600845][T15419] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1806.621715][T15419] usb 4-1: can't read configurations, error -61
[ 1806.628481][T15419] usb usb4-port1: attempt power cycle
[ 1806.914955][T16687] FAULT_INJECTION: forcing a failure.
[ 1806.914955][T16687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1806.991640][T16687] CPU: 0 PID: 16687 Comm: syz.5.2228 Not tainted syzkaller #0
[ 1806.999190][T16687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1807.009382][T16687] Call Trace:
[ 1807.012703][T16687]  <TASK>
[ 1807.015669][T16687]  dump_stack_lvl+0x18c/0x250
[ 1807.020404][T16687]  ? show_regs_print_info+0x20/0x20
[ 1807.025650][T16687]  ? load_image+0x400/0x400
[ 1807.030194][T16687]  ? __might_fault+0xaa/0x120
[ 1807.035078][T16687]  ? __lock_acquire+0x7d40/0x7d40
[ 1807.040142][T16687]  should_fail_ex+0x39d/0x4d0
[ 1807.044959][T16687]  _copy_from_user+0x2f/0xe0
[ 1807.049594][T16687]  do_sock_getsockopt+0x188/0x450
[ 1807.054848][T16687]  ? __ia32_sys_setsockopt+0x200/0x200
[ 1807.061062][T16687]  ? lockdep_hardirqs_on+0x90/0x150
[ 1807.066393][T16687]  __x64_sys_getsockopt+0x1d6/0x280
[ 1807.071631][T16687]  ? lockdep_hardirqs_on+0x90/0x150
[ 1807.076873][T16687]  ? lockdep_hardirqs_on+0x90/0x150
[ 1807.082217][T16687]  do_syscall_64+0x55/0xa0
[ 1807.086682][T16687]  ? clear_bhb_loop+0x40/0x90
[ 1807.091396][T16687]  ? clear_bhb_loop+0x40/0x90
[ 1807.096113][T16687]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1807.102091][T16687] RIP: 0033:0x7f514719c819
[ 1807.106538][T16687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1807.126275][T16687] RSP: 002b:00007f5148086028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1807.135007][T16687] RAX: ffffffffffffffda RBX: 00007f5147415fa0 RCX: 00007f514719c819
[ 1807.143098][T16687] RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000003
[ 1807.151101][T16687] RBP: 00007f5148086090 R08: 0000200000003080 R09: 0000000000000000
[ 1807.159086][T16687] R10: 0000200000002f80 R11: 0000000000000246 R12: 0000000000000001
[ 1807.167154][T16687] R13: 00007f5147416038 R14: 00007f5147415fa0 R15: 00007ffe6c4c9cc8
[ 1807.175761][T16687]  </TASK>
[ 1807.181712][T15419] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[ 1807.276537][T15419] usb 4-1: device descriptor read/8, error -71
[ 1807.468703][T16681] loop4: detected capacity change from 0 to 32768
[ 1807.516031][T16696] overlayfs: missing 'lowerdir'
[ 1807.544913][T16681] ERROR: (device loop4): dbAllocNext: Corrupt dmap page
[ 1807.544913][T16681] 
[ 1807.592109][T16681] ialloc: diAlloc returned -5!
[ 1809.606612][T16715] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2233'.
[ 1810.252673][T12292] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 1810.439986][T16725] FAULT_INJECTION: forcing a failure.
[ 1810.439986][T16725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1810.453986][T16725] CPU: 1 PID: 16725 Comm: syz.1.2238 Not tainted syzkaller #0
[ 1810.461494][T16725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1810.471670][T16725] Call Trace:
[ 1810.474966][T16725]  <TASK>
[ 1810.477914][T16725]  dump_stack_lvl+0x18c/0x250
[ 1810.482618][T16725]  ? show_regs_print_info+0x20/0x20
[ 1810.488096][T16725]  ? load_image+0x400/0x400
[ 1810.492635][T16725]  ? __might_fault+0xaa/0x120
[ 1810.497324][T16725]  ? __lock_acquire+0x7d40/0x7d40
[ 1810.502395][T16725]  should_fail_ex+0x39d/0x4d0
[ 1810.507097][T16725]  _copy_from_user+0x2f/0xe0
[ 1810.511795][T16725]  ___sys_sendmsg+0x1c7/0x360
[ 1810.516481][T16725]  ? get_pid_task+0x20/0x1e0
[ 1810.521103][T16725]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1810.525892][T16725]  ? __lock_acquire+0x7d40/0x7d40
[ 1810.530960][T16725]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1810.535822][T16725]  ? __x64_sys_sendmsg+0x80/0x80
[ 1810.540780][T16725]  ? lockdep_hardirqs_on+0x98/0x150
[ 1810.545993][T16725]  do_syscall_64+0x55/0xa0
[ 1810.550427][T16725]  ? clear_bhb_loop+0x40/0x90
[ 1810.555115][T16725]  ? clear_bhb_loop+0x40/0x90
[ 1810.559806][T16725]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1810.565711][T16725] RIP: 0033:0x7f8e7999c819
[ 1810.570151][T16725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1810.590041][T16725] RSP: 002b:00007f8e7a888028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1810.598470][T16725] RAX: ffffffffffffffda RBX: 00007f8e79c15fa0 RCX: 00007f8e7999c819
[ 1810.606455][T16725] RDX: 0000000004040140 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1810.614434][T16725] RBP: 00007f8e7a888090 R08: 0000000000000000 R09: 0000000000000000
[ 1810.622428][T16725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1810.630410][T16725] R13: 00007f8e79c16038 R14: 00007f8e79c15fa0 R15: 00007ffd49553f08
[ 1810.638524][T16725]  </TASK>
[ 1810.641659][T12292] usb 5-1: Using ep0 maxpacket: 32
[ 1810.649773][T12292] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1810.657971][T12292] usb 5-1: config 0 has no interface number 0
[ 1810.665308][T12292] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1810.677561][T12292] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1810.688369][T12292] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1810.697857][T12292] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1810.708704][T12292] usb 5-1: config 0 descriptor??
[ 1810.893408][T16729] loop1: detected capacity change from 0 to 512
[ 1810.909749][T16729] EXT4-fs: Ignoring removed nobh option
[ 1810.985508][T16729] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.2240: iget: bad i_size value: 38620345925642
[ 1811.027968][T16727] loop5: detected capacity change from 0 to 4096
[ 1811.060157][T16729] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.2240: couldn't read orphan inode 15 (err -117)
[ 1811.110791][T16729] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1811.330566][T12292] uclogic 0003:28BD:0094.0005: failed retrieving string descriptor #100: -71
[ 1811.613952][T16737] FAULT_INJECTION: forcing a failure.
[ 1811.613952][T16737] name failslab, interval 1, probability 0, space 0, times 0
[ 1811.626755][T16737] CPU: 0 PID: 16737 Comm: syz.1.2240 Not tainted syzkaller #0
[ 1811.634259][T16737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1811.644434][T16737] Call Trace:
[ 1811.647739][T16737]  <TASK>
[ 1811.650703][T16737]  dump_stack_lvl+0x18c/0x250
[ 1811.655527][T16737]  ? show_regs_print_info+0x20/0x20
[ 1811.660760][T16737]  ? load_image+0x400/0x400
[ 1811.665401][T16737]  ? __might_sleep+0xe0/0xe0
[ 1811.670028][T16737]  ? __lock_acquire+0x7d40/0x7d40
[ 1811.675267][T16737]  should_fail_ex+0x39d/0x4d0
[ 1811.679984][T16737]  should_failslab+0x9/0x20
[ 1811.684530][T16737]  slab_pre_alloc_hook+0x59/0x310
[ 1811.689680][T16737]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1811.695349][T16737]  kmem_cache_alloc+0x5a/0x2d0
[ 1811.700236][T16737]  ? getname_flags+0xbb/0x500
[ 1811.704955][T16737]  getname_flags+0xbb/0x500
[ 1811.709498][T16737]  __x64_sys_mknod+0x7b/0xa0
[ 1811.714125][T16737]  do_syscall_64+0x55/0xa0
[ 1811.718575][T16737]  ? clear_bhb_loop+0x40/0x90
[ 1811.723280][T16737]  ? clear_bhb_loop+0x40/0x90
[ 1811.727986][T16737]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1811.734208][T16737] RIP: 0033:0x7f8e7999c819
[ 1811.738726][T16737] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1811.758388][T16737] RSP: 002b:00007f8e7a846028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 1811.766845][T16737] RAX: ffffffffffffffda RBX: 00007f8e79c16180 RCX: 00007f8e7999c819
[ 1811.774852][T16737] RDX: 0000000000000702 RSI: 0000000000000001 RDI: 0000200000000480
[ 1811.782851][T16737] RBP: 00007f8e7a846090 R08: 0000000000000000 R09: 0000000000000000
[ 1811.790940][T16737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1811.798937][T16737] R13: 00007f8e79c16218 R14: 00007f8e79c16180 R15: 00007ffd49553f08
[ 1811.806963][T16737]  </TASK>
[ 1812.542633][T16731] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[ 1812.556263][T12292] uclogic 0003:28BD:0094.0005: failed retrieving pen parameters: -71
[ 1812.674799][T12292] uclogic 0003:28BD:0094.0005: pen probing failed: -71
[ 1812.692623][T12292] uclogic 0003:28BD:0094.0005: failed probing parameters: -71
[ 1812.700412][T12292] uclogic: probe of 0003:28BD:0094.0005 failed with error -71
[ 1812.737081][T12292] usb 5-1: USB disconnect, device number 5
[ 1812.833047][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1813.239119][T16748] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2244'.
[ 1815.306090][T16761] FAULT_INJECTION: forcing a failure.
[ 1815.306090][T16761] name failslab, interval 1, probability 0, space 0, times 0
[ 1815.452435][T16761] CPU: 0 PID: 16761 Comm: syz.4.2248 Not tainted syzkaller #0
[ 1815.459979][T16761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1815.470168][T16761] Call Trace:
[ 1815.473483][T16761]  <TASK>
[ 1815.476441][T16761]  dump_stack_lvl+0x18c/0x250
[ 1815.481170][T16761]  ? show_regs_print_info+0x20/0x20
[ 1815.486494][T16761]  ? load_image+0x400/0x400
[ 1815.491048][T16761]  ? __might_sleep+0xe0/0xe0
[ 1815.495685][T16761]  ? __lock_acquire+0x7d40/0x7d40
[ 1815.500758][T16761]  should_fail_ex+0x39d/0x4d0
[ 1815.505494][T16761]  should_failslab+0x9/0x20
[ 1815.510037][T16761]  slab_pre_alloc_hook+0x59/0x310
[ 1815.515196][T16761]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1815.521034][T16761]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1815.526787][T16761]  __kmem_cache_alloc_node+0x53/0x250
[ 1815.532209][T16761]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1815.537958][T16761]  __kmalloc+0xa4/0x230
[ 1815.542165][T16761]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1815.547760][T16761]  tomoyo_path_number_perm+0x248/0x620
[ 1815.553360][T16761]  ? tomoyo_path_number_perm+0x217/0x620
[ 1815.559116][T16761]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1815.564620][T16761]  ? ksys_write+0x1c4/0x260
[ 1815.569205][T16761]  ? __fget_files+0x28/0x4b0
[ 1815.574013][T16761]  ? __fget_files+0x28/0x4b0
[ 1815.578693][T16761]  security_file_ioctl+0x70/0xa0
[ 1815.583679][T16761]  __se_sys_ioctl+0x48/0x170
[ 1815.588381][T16761]  do_syscall_64+0x55/0xa0
[ 1815.592840][T16761]  ? clear_bhb_loop+0x40/0x90
[ 1815.597555][T16761]  ? clear_bhb_loop+0x40/0x90
[ 1815.602431][T16761]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1815.608387][T16761] RIP: 0033:0x7f1805d9c819
[ 1815.612836][T16761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1815.632486][T16761] RSP: 002b:00007f1806ba2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1815.641045][T16761] RAX: ffffffffffffffda RBX: 00007f1806016090 RCX: 00007f1805d9c819
[ 1815.649339][T16761] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000007
[ 1815.657363][T16761] RBP: 00007f1806ba2090 R08: 0000000000000000 R09: 0000000000000000
[ 1815.665380][T16761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1815.673492][T16761] R13: 00007f1806016128 R14: 00007f1806016090 R15: 00007ffd77aa1578
[ 1815.681519][T16761]  </TASK>
[ 1816.086803][T16761] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1816.401665][T16766] syz.5.2252 uses obsolete (PF_INET,SOCK_PACKET)
[ 1819.252976][T15419] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[ 1819.485755][T15419] usb 4-1: config 0 has an invalid interface number: 171 but max is 0
[ 1819.515402][T15419] usb 4-1: config 0 has no interface number 0
[ 1819.543342][T15419] usb 4-1: config 0 interface 171 has no altsetting 0
[ 1819.592425][T15419] usb 4-1: New USB device found, idVendor=13d3, idProduct=3219, bcdDevice=7a.67
[ 1819.618413][T15419] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1819.638829][T15419] usb 4-1: Product: syz
[ 1819.657650][T15419] usb 4-1: Manufacturer: syz
[ 1819.663756][T16794] loop5: detected capacity change from 0 to 512
[ 1819.681083][T15419] usb 4-1: SerialNumber: syz
[ 1819.750352][T16794] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[ 1819.804403][T15419] usb 4-1: config 0 descriptor??
[ 1819.876146][T16794] EXT4-fs (loop5): 1 truncate cleaned up
[ 1819.951443][T16794] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1820.009384][T16799] loop4: detected capacity change from 0 to 512
[ 1820.036956][T15419] dvb_usb_m920x: probe of 4-1:0.171 failed with error -71
[ 1820.076131][T16799] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1820.078425][T15419] usb 4-1: USB disconnect, device number 11
[ 1820.126969][T16799] EXT4-fs (loop4): 1 truncate cleaned up
[ 1820.163047][T16799] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1820.198995][T16801] loop1: detected capacity change from 0 to 512
[ 1820.273810][T16801] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1820.315901][T16801] EXT4-fs (loop1): 1 truncate cleaned up
[ 1820.343573][T16801] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1820.844044][T16809] netlink: 'syz.1.2260': attribute type 12 has an invalid length.
[ 1820.898554][T16811] FAULT_INJECTION: forcing a failure.
[ 1820.898554][T16811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1821.121577][T16811] CPU: 1 PID: 16811 Comm: syz.4.2259 Not tainted syzkaller #0
[ 1821.129129][T16811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1821.140784][T16811] Call Trace:
[ 1821.144108][T16811]  <TASK>
[ 1821.147166][T16811]  dump_stack_lvl+0x18c/0x250
[ 1821.151908][T16811]  ? show_regs_print_info+0x20/0x20
[ 1821.157162][T16811]  ? load_image+0x400/0x400
[ 1821.161712][T16811]  ? __lock_acquire+0x7d40/0x7d40
[ 1821.166852][T16811]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1821.172492][T16811]  should_fail_ex+0x39d/0x4d0
[ 1821.177203][T16811]  strncpy_from_user+0x36/0x2d0
[ 1821.182243][T16811]  __se_sys_request_key+0xb9/0x350
[ 1821.187475][T16811]  ? __x64_sys_request_key+0xb0/0xb0
[ 1821.192767][T16811]  ? lockdep_hardirqs_on+0x98/0x150
[ 1821.198085][T16811]  do_syscall_64+0x55/0xa0
[ 1821.202679][T16811]  ? clear_bhb_loop+0x40/0x90
[ 1821.207373][T16811]  ? clear_bhb_loop+0x40/0x90
[ 1821.212075][T16811]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1821.217988][T16811] RIP: 0033:0x7f1805d9c819
[ 1821.222493][T16811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1821.242123][T16811] RSP: 002b:00007f1806b81028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[ 1821.250632][T16811] RAX: ffffffffffffffda RBX: 00007f1806016180 RCX: 00007f1805d9c819
[ 1821.258689][T16811] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 00002000000000c0
[ 1821.266665][T16811] RBP: 00007f1806b81090 R08: 0000000000000000 R09: 0000000000000000
[ 1821.274631][T16811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1821.282690][T16811] R13: 00007f1806016218 R14: 00007f1806016180 R15: 00007ffd77aa1578
[ 1821.290766][T16811]  </TASK>
[ 1821.422745][T16813] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2261'.
[ 1822.118282][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1823.170339][T16824] loop1: detected capacity change from 0 to 512
[ 1823.180716][T16825] loop3: detected capacity change from 0 to 512
[ 1823.228364][T16825] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1823.277856][T16824] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1823.307903][T16825] ext4 filesystem being mounted at /612/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1823.322258][T16824] ext4 filesystem being mounted at /592/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1823.347871][T12910] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1823.828680][T16831] FAULT_INJECTION: forcing a failure.
[ 1823.828680][T16831] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1823.842891][T16831] CPU: 0 PID: 16831 Comm: syz.3.2265 Not tainted syzkaller #0
[ 1823.850385][T16831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1823.860907][T16831] Call Trace:
[ 1823.864228][T16831]  <TASK>
[ 1823.867286][T16831]  dump_stack_lvl+0x18c/0x250
[ 1823.872036][T16831]  ? show_regs_print_info+0x20/0x20
[ 1823.877277][T16831]  ? load_image+0x400/0x400
[ 1823.881992][T16831]  ? __might_fault+0xaa/0x120
[ 1823.886799][T16831]  ? __lock_acquire+0x7d40/0x7d40
[ 1823.891860][T16831]  should_fail_ex+0x39d/0x4d0
[ 1823.896675][T16831]  _copy_from_user+0x2f/0xe0
[ 1823.901385][T16831]  do_handle_open+0xd3/0x5a0
[ 1823.906094][T16831]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1823.912313][T16831]  ? __ia32_compat_sys_open_by_handle_at+0x80/0x80
[ 1823.918941][T16831]  ? lockdep_hardirqs_on+0x98/0x150
[ 1823.924178][T16831]  do_syscall_64+0x55/0xa0
[ 1823.928720][T16831]  ? clear_bhb_loop+0x40/0x90
[ 1823.933434][T16831]  ? clear_bhb_loop+0x40/0x90
[ 1823.938234][T16831]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1823.944181][T16831] RIP: 0033:0x7f250f79c819
[ 1823.948643][T16831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1823.968470][T16831] RSP: 002b:00007f25105c3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 1823.976926][T16831] RAX: ffffffffffffffda RBX: 00007f250fa16180 RCX: 00007f250f79c819
[ 1823.984926][T16831] RDX: 0000000000000001 RSI: 0000200000000180 RDI: ffffffffffffffff
[ 1823.992927][T16831] RBP: 00007f25105c3090 R08: 0000000000000000 R09: 0000000000000000
[ 1824.001269][T16831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1824.009443][T16831] R13: 00007f250fa16218 R14: 00007f250fa16180 R15: 00007ffdaa789398
[ 1824.017457][T16831]  </TASK>
[ 1825.125635][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1825.157559][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1825.165317][T16836] loop5: detected capacity change from 0 to 512
[ 1825.176997][T11142] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1825.306789][T16836] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1825.350790][T16836] ext4 filesystem being mounted at /201/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1825.814195][T16849] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1826.902281][T16797] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[ 1827.184857][T12910] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1827.216218][T16845] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2270'.
[ 1827.690866][    T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1827.884233][    T9] usb 6-1: Using ep0 maxpacket: 32
[ 1827.904270][    T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1827.921608][    T9] usb 6-1: config 0 has no interface number 0
[ 1827.936680][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1827.959959][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1827.982802][    T9] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1827.999644][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1828.019015][    T9] usb 6-1: config 0 descriptor??
[ 1828.415135][T16868] loop4: detected capacity change from 0 to 32768
[ 1828.460117][T16868] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.2275 (16868)
[ 1828.555191][T16868] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1828.583988][T16877] FAULT_INJECTION: forcing a failure.
[ 1828.583988][T16877] name failslab, interval 1, probability 0, space 0, times 0
[ 1828.601822][T16868] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1828.610833][T16868] BTRFS info (device loop4): using free space tree
[ 1828.631746][T16877] CPU: 1 PID: 16877 Comm: syz.3.2279 Not tainted syzkaller #0
[ 1828.639284][T16877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1828.649380][T16877] Call Trace:
[ 1828.652784][T16877]  <TASK>
[ 1828.655754][T16877]  dump_stack_lvl+0x18c/0x250
[ 1828.657477][    T9] uclogic 0003:28BD:0094.0006: failed retrieving string descriptor #100: -71
[ 1828.660496][T16877]  ? show_regs_print_info+0x20/0x20
[ 1828.674753][T16877]  ? load_image+0x400/0x400
[ 1828.679486][T16877]  ? __might_sleep+0xe0/0xe0
[ 1828.684131][T16877]  ? __lock_acquire+0x7d40/0x7d40
[ 1828.689271][T16877]  should_fail_ex+0x39d/0x4d0
[ 1828.691225][    T9] uclogic 0003:28BD:0094.0006: failed retrieving pen parameters: -71
[ 1828.693996][T16877]  should_failslab+0x9/0x20
[ 1828.694029][T16877]  slab_pre_alloc_hook+0x59/0x310
[ 1828.694058][T16877]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1828.694082][T16877]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1828.694102][T16877]  __kmem_cache_alloc_node+0x53/0x250
[ 1828.694135][T16877]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1828.694155][T16877]  __kmalloc+0xa4/0x230
[ 1828.694194][T16877]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1828.694231][T16877]  tomoyo_path_number_perm+0x248/0x620
[ 1828.694261][T16877]  ? tomoyo_path_number_perm+0x217/0x620
[ 1828.694290][T16877]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1828.721822][    T9] uclogic 0003:28BD:0094.0006: pen probing failed: -71
[ 1828.723344][T16877]  ? ksys_write+0x1c4/0x260
[ 1828.723413][T16877]  ? __fget_files+0x28/0x4b0
[ 1828.729253][    T9] uclogic 0003:28BD:0094.0006: failed probing parameters: -71
[ 1828.734946][T16877]  ? __fget_files+0x28/0x4b0
[ 1828.734992][T16877]  security_file_ioctl+0x70/0xa0
[ 1828.735027][T16877]  __se_sys_ioctl+0x48/0x170
[ 1828.751417][    T9] uclogic: probe of 0003:28BD:0094.0006 failed with error -71
[ 1828.756165][T16877]  do_syscall_64+0x55/0xa0
[ 1828.756207][T16877]  ? clear_bhb_loop+0x40/0x90
[ 1828.756230][T16877]  ? clear_bhb_loop+0x40/0x90
[ 1828.756256][T16877]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1828.756279][T16877] RIP: 0033:0x7f250f79c819
[ 1828.756300][T16877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1828.756318][T16877] RSP: 002b:00007f2510605028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1828.756344][T16877] RAX: ffffffffffffffda RBX: 00007f250fa15fa0 RCX: 00007f250f79c819
[ 1828.810689][    T9] usb 6-1: USB disconnect, device number 14
[ 1828.811913][T16877] RDX: 00002000000007c0 RSI: 000000000000890b RDI: 0000000000000004
[ 1828.811934][T16877] RBP: 00007f2510605090 R08: 0000000000000000 R09: 0000000000000000
[ 1828.811947][T16877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1828.811960][T16877] R13: 00007f250fa16038 R14: 00007f250fa15fa0 R15: 00007ffdaa789398
[ 1828.811992][T16877]  </TASK>
[ 1828.890401][T16877] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1828.978457][T16884] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1829.169169][T16868] BTRFS info (device loop4): enabling ssd optimizations
[ 1829.181916][T16868] BTRFS info (device loop4): auto enabling async discard
[ 1829.317355][T11142] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1829.382158][   T42] usb 4-1: new low-speed USB device number 12 using dummy_hcd
[ 1829.477382][T16904] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2283'.
[ 1829.592784][   T42] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1829.613529][   T42] usb 4-1: config 179 has no interface number 0
[ 1829.621075][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[ 1829.633599][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1829.644200][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 1829.657823][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8
[ 1829.669577][   T42] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1829.684482][   T42] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1829.695013][   T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1829.758648][T16894] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1829.795549][   T42] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1829.823618][   T42] xpad: probe of 4-1:179.65 failed with error -5
[ 1830.530988][T16909] FAULT_INJECTION: forcing a failure.
[ 1830.530988][T16909] name failslab, interval 1, probability 0, space 0, times 0
[ 1830.568106][T16909] CPU: 1 PID: 16909 Comm: syz.5.2286 Not tainted syzkaller #0
[ 1830.575653][T16909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1830.585753][T16909] Call Trace:
[ 1830.589077][T16909]  <TASK>
[ 1830.592048][T16909]  dump_stack_lvl+0x18c/0x250
[ 1830.596787][T16909]  ? show_regs_print_info+0x20/0x20
[ 1830.602049][T16909]  ? load_image+0x400/0x400
[ 1830.606779][T16909]  ? __might_sleep+0xe0/0xe0
[ 1830.611426][T16909]  ? __lock_acquire+0x7d40/0x7d40
[ 1830.616502][T16909]  should_fail_ex+0x39d/0x4d0
[ 1830.621303][T16909]  should_failslab+0x9/0x20
[ 1830.625997][T16909]  slab_pre_alloc_hook+0x59/0x310
[ 1830.631173][T16909]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1830.637037][T16909]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1830.642799][T16909]  __kmem_cache_alloc_node+0x53/0x250
[ 1830.648234][T16909]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1830.654004][T16909]  __kmalloc+0xa4/0x230
[ 1830.658737][T16909]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1830.664444][T16909]  tomoyo_path_number_perm+0x248/0x620
[ 1830.669959][T16909]  ? tomoyo_path_number_perm+0x217/0x620
[ 1830.675734][T16909]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1830.681338][T16909]  ? ksys_write+0x1c4/0x260
[ 1830.686022][T16909]  ? __fget_files+0x28/0x4b0
[ 1830.690749][T16909]  ? __fget_files+0x28/0x4b0
[ 1830.695401][T16909]  security_file_ioctl+0x70/0xa0
[ 1830.700401][T16909]  __se_sys_ioctl+0x48/0x170
[ 1830.705055][T16909]  do_syscall_64+0x55/0xa0
[ 1830.709546][T16909]  ? clear_bhb_loop+0x40/0x90
[ 1830.714283][T16909]  ? clear_bhb_loop+0x40/0x90
[ 1830.719115][T16909]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1830.725150][T16909] RIP: 0033:0x7f514719c819
[ 1830.729705][T16909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1830.749638][T16909] RSP: 002b:00007f5148086028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1830.758212][T16909] RAX: ffffffffffffffda RBX: 00007f5147415fa0 RCX: 00007f514719c819
[ 1830.766243][T16909] RDX: 00002000000007c0 RSI: 000000000000890b RDI: 0000000000000004
[ 1830.774253][T16909] RBP: 00007f5148086090 R08: 0000000000000000 R09: 0000000000000000
[ 1830.782272][T16909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1830.790373][T16909] R13: 00007f5147416038 R14: 00007f5147415fa0 R15: 00007ffe6c4c9cc8
[ 1830.798410][T16909]  </TASK>
[ 1830.818635][T16909] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1831.051384][T16919] loop5: detected capacity change from 0 to 2048
[ 1831.053342][T16918] loop1: detected capacity change from 0 to 2048
[ 1831.077657][T16918] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1831.100439][T16919] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1832.272326][ T5827] usb 4-1: USB disconnect, device number 12
[ 1832.756228][T16931] loop5: detected capacity change from 0 to 4096
[ 1832.769297][T16931] ntfs3: Unknown parameter 'sparocharset'
[ 1832.974921][T16937] loop3: detected capacity change from 0 to 2048
[ 1832.992029][T16937] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[ 1833.021653][ T5827] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1833.031730][T16937] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[ 1833.067325][T16937] UDF-fs: Scanning with blocksize 512 failed
[ 1833.122801][T16937] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[ 1833.130520][T16937] UDF-fs: Scanning with blocksize 1024 failed
[ 1833.179815][T16937] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[ 1833.191393][T16937] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[ 1833.207141][T16937] UDF-fs: Scanning with blocksize 2048 failed
[ 1833.207253][ T5827] usb 2-1: Using ep0 maxpacket: 32
[ 1833.215322][T16937] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[ 1833.243202][T16937] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[ 1833.254045][T16937] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[ 1833.254377][ T5827] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1833.263272][T16937] UDF-fs: Scanning with blocksize 4096 failed
[ 1833.273246][T16941] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2296'.
[ 1833.277486][T16937] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[ 1833.454565][ T5827] usb 2-1: config 0 has no interface number 0
[ 1833.505989][ T5827] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1833.778737][ T5827] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1833.845088][ T5827] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1833.877611][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1833.905686][ T5827] usb 2-1: config 0 descriptor??
[ 1834.568075][ T5827] uclogic 0003:28BD:0094.0007: failed retrieving string descriptor #100: -71
[ 1834.631580][ T5827] uclogic 0003:28BD:0094.0007: failed retrieving pen parameters: -71
[ 1834.645657][ T5827] uclogic 0003:28BD:0094.0007: pen probing failed: -71
[ 1834.654889][ T5827] uclogic 0003:28BD:0094.0007: failed probing parameters: -71
[ 1834.666978][ T5827] uclogic: probe of 0003:28BD:0094.0007 failed with error -71
[ 1834.694522][ T5827] usb 2-1: USB disconnect, device number 13
[ 1834.862054][T12706] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1834.878795][T16955] FAULT_INJECTION: forcing a failure.
[ 1834.878795][T16955] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1834.883799][T16953] overlayfs: missing 'lowerdir'
[ 1834.905534][T16955] CPU: 1 PID: 16955 Comm: syz.3.2301 Not tainted syzkaller #0
[ 1834.913069][T16955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1834.923166][T16955] Call Trace:
[ 1834.926481][T16955]  <TASK>
[ 1834.929527][T16955]  dump_stack_lvl+0x18c/0x250
[ 1834.934261][T16955]  ? show_regs_print_info+0x20/0x20
[ 1834.939506][T16955]  ? load_image+0x400/0x400
[ 1834.944061][T16955]  ? __might_fault+0xaa/0x120
[ 1834.948780][T16955]  ? __lock_acquire+0x7d40/0x7d40
[ 1834.953935][T16955]  should_fail_ex+0x39d/0x4d0
[ 1834.958665][T16955]  _copy_from_user+0x2f/0xe0
[ 1834.963298][T16955]  ___sys_sendmsg+0x1c7/0x360
[ 1834.968036][T16955]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1834.972923][T16955]  __sys_sendmmsg+0x2ca/0x510
[ 1834.977743][T16955]  ? __ia32_sys_sendmsg+0x90/0x90
[ 1834.982816][T16955]  ? mutex_unlock+0x10/0x10
[ 1834.987345][T16955]  ? __fget_files+0x43d/0x4b0
[ 1834.992052][T16955]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1834.998427][T16955]  ? lock_chain_count+0x20/0x20
[ 1835.003303][T16955]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1835.008200][T16955]  do_syscall_64+0x55/0xa0
[ 1835.012739][T16955]  ? clear_bhb_loop+0x40/0x90
[ 1835.017446][T16955]  ? clear_bhb_loop+0x40/0x90
[ 1835.022346][T16955]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1835.028533][T16955] RIP: 0033:0x7f250f79c819
[ 1835.032976][T16955] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1835.052858][T16955] RSP: 002b:00007f2510605028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1835.061558][T16955] RAX: ffffffffffffffda RBX: 00007f250fa15fa0 RCX: 00007f250f79c819
[ 1835.069729][T16955] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000003
[ 1835.077711][T16955] RBP: 00007f2510605090 R08: 0000000000000000 R09: 0000000000000000
[ 1835.085693][T16955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1835.093765][T16955] R13: 00007f250fa16038 R14: 00007f250fa15fa0 R15: 00007ffdaa789398
[ 1835.101858][T16955]  </TASK>
[ 1835.141637][T12706] usb 5-1: Using ep0 maxpacket: 8
[ 1835.169596][T12706] usb 5-1: config 6 has an invalid interface number: 2 but max is 0
[ 1835.191407][T12706] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[ 1835.231877][T12706] usb 5-1: config 6 has no interface number 0
[ 1835.238072][T12706] usb 5-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1835.293465][T12706] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1835.311940][T12706] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1835.319994][T12706] usb 5-1: Product: syz
[ 1835.355273][T12706] usb 5-1: Manufacturer: syz
[ 1835.359958][T12706] usb 5-1: SerialNumber: syz
[ 1835.402401][T12706] hso 5-1:6.2: Failed to find INT IN ep
[ 1835.608157][T12706] usb 5-1: USB disconnect, device number 6
[ 1835.910351][T16966] binder: 16963:16966 unknown command 0
[ 1835.916252][T16966] binder: 16963:16966 ioctl c0306201 2000000001c0 returned -22
[ 1836.081780][T15419] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1836.291795][T15419] usb 4-1: Using ep0 maxpacket: 16
[ 1836.320952][T15419] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1836.339109][T15419] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 255, changing to 11
[ 1836.351684][T15419] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 57872, setting to 1024
[ 1836.363864][T15419] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1836.376226][T15419] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1836.386487][T15419] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1836.438147][T15419] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1836.470903][T16972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2306'.
[ 1836.473656][T15419] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1836.622182][T15419] usb 4-1: config 0 descriptor??
[ 1836.896778][T16961] loop3: detected capacity change from 0 to 1024
[ 1836.933272][T16961] hfsplus: unable to parse mount options
[ 1836.991593][T15419] rc_core: IR keymap rc-hauppauge not found
[ 1837.001761][T15044] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1837.014465][T15419] Registered IR keymap rc-empty
[ 1837.019842][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1837.121744][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1837.184047][T15419] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1837.274445][T16983] FAULT_INJECTION: forcing a failure.
[ 1837.274445][T16983] name failslab, interval 1, probability 0, space 0, times 0
[ 1837.287621][T16983] CPU: 1 PID: 16983 Comm: syz.1.2309 Not tainted syzkaller #0
[ 1837.295116][T16983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1837.305358][T16983] Call Trace:
[ 1837.308819][T16983]  <TASK>
[ 1837.311847][T16983]  dump_stack_lvl+0x18c/0x250
[ 1837.316560][T16983]  ? show_regs_print_info+0x20/0x20
[ 1837.321862][T16983]  ? load_image+0x400/0x400
[ 1837.326388][T16983]  ? __lock_acquire+0x7d40/0x7d40
[ 1837.331525][T16983]  should_fail_ex+0x39d/0x4d0
[ 1837.336314][T16983]  should_failslab+0x9/0x20
[ 1837.340835][T16983]  slab_pre_alloc_hook+0x59/0x310
[ 1837.345873][T16983]  ? rcu_is_watching+0x15/0xb0
[ 1837.350650][T16983]  ? kvmalloc_node+0x70/0x180
[ 1837.355364][T16983]  ? kvmalloc_node+0x70/0x180
[ 1837.360146][T16983]  __kmem_cache_alloc_node+0x53/0x250
[ 1837.365554][T16983]  ? kvmalloc_node+0x70/0x180
[ 1837.370254][T16983]  __kmalloc_node+0xa4/0x230
[ 1837.374862][T16983]  ? seq_read_iter+0xb1/0xd50
[ 1837.379552][T16983]  kvmalloc_node+0x70/0x180
[ 1837.384070][T16983]  traverse+0xdd/0x560
[ 1837.388244][T16983]  ? __lock_acquire+0x7d40/0x7d40
[ 1837.393552][T16983]  seq_read_iter+0xc4f/0xd50
[ 1837.398191][T16983]  ? aa_file_perm+0x3e3/0xee0
[ 1837.402901][T16983]  seq_read+0x175/0x220
[ 1837.407073][T16983]  ? seq_open+0x140/0x140
[ 1837.411417][T16983]  ? common_file_perm+0x198/0x1f0
[ 1837.416456][T16983]  ? fsnotify_perm+0x271/0x5e0
[ 1837.421322][T16983]  do_iter_read+0x4fa/0xc90
[ 1837.425862][T16983]  ? seq_open+0x140/0x140
[ 1837.430298][T16983]  ? vfs_iter_read+0xa0/0xa0
[ 1837.434908][T16983]  ? __import_iovec+0x5f2/0x850
[ 1837.439865][T16983]  ? import_iovec+0x73/0xa0
[ 1837.444554][T16983]  do_preadv+0x236/0x390
[ 1837.448814][T16983]  ? do_writev+0x480/0x480
[ 1837.453243][T16983]  ? __fget_files+0x28/0x4b0
[ 1837.457969][T16983]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1837.463970][T16983]  ? lock_chain_count+0x20/0x20
[ 1837.468839][T16983]  ? lockdep_hardirqs_on+0x98/0x150
[ 1837.474053][T16983]  do_syscall_64+0x55/0xa0
[ 1837.478512][T16983]  ? clear_bhb_loop+0x40/0x90
[ 1837.483221][T16983]  ? clear_bhb_loop+0x40/0x90
[ 1837.488010][T16983]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1837.493927][T16983] RIP: 0033:0x7f8e7999c819
[ 1837.498360][T16983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1837.517989][T16983] RSP: 002b:00007f8e7a846028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1837.526506][T16983] RAX: ffffffffffffffda RBX: 00007f8e79c16180 RCX: 00007f8e7999c819
[ 1837.534500][T16983] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000006
[ 1837.542484][T16983] RBP: 00007f8e7a846090 R08: 0000000000000000 R09: 0000000000000000
[ 1837.550834][T16983] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[ 1837.558825][T16983] R13: 00007f8e79c16218 R14: 00007f8e79c16180 R15: 00007ffd49553f08
[ 1837.566905][T16983]  </TASK>
[ 1838.075687][T16961] loop3: detected capacity change from 0 to 2048
[ 1838.210430][T16961] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1838.276567][T15419] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5
[ 1838.303398][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.310766][    C1] mceusb 4-1:0.0: Error: urb status = -75
[ 1838.341820][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.371904][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.421763][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.431275][T16995] loop5: detected capacity change from 0 to 16
[ 1838.442146][T16995] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1838.452951][T16995] syz.5.2311: attempt to access beyond end of device
[ 1838.452951][T16995] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1838.470082][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.479561][T16995] syz.5.2311: attempt to access beyond end of device
[ 1838.479561][T16995] loop5: rw=524288, sector=16, nr_sectors = 40 limit=16
[ 1838.494032][T16995] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[ 1838.516488][T16995] 9pnet_fd: Insufficient options for proto=fd
[ 1838.521807][   T27] audit: type=1800 audit(1774885650.656:251): pid=16995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2311" name="file2" dev="loop5" ino=89 res=0 errno=0
[ 1838.554221][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.602550][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.641668][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.681595][   T23] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1838.691011][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.731811][T15419] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1838.783670][T15419] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 1838.797324][T15419] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1838.817110][T15419] usb 4-1: USB disconnect, device number 13
[ 1838.891769][   T23] usb 2-1: Using ep0 maxpacket: 32
[ 1838.899280][   T23] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1838.908039][   T23] usb 2-1: config 0 has no interface number 0
[ 1838.916857][   T23] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1838.941952][   T23] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1838.955758][   T23] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1838.966309][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1838.980967][   T23] usb 2-1: config 0 descriptor??
[ 1839.230741][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1839.406959][   T23] usbhid 2-1:0.1: can't add hid device: -71
[ 1839.413284][   T23] usbhid: probe of 2-1:0.1 failed with error -71
[ 1839.441991][   T23] usb 2-1: USB disconnect, device number 14
[ 1842.593192][T17018] loop4: detected capacity change from 0 to 512
[ 1842.641787][T17018] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1842.687415][T17018] EXT4-fs (loop4): 1 truncate cleaned up
[ 1842.927158][T17018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1845.355756][T11142] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1846.550271][T17057] overlayfs: missing 'lowerdir'
[ 1846.644372][T17062] overlayfs: missing 'lowerdir'
[ 1847.488827][T17068] loop5: detected capacity change from 0 to 2048
[ 1847.533984][T17068] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1847.587761][T17070] loop3: detected capacity change from 0 to 2048
[ 1847.665029][T17070] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1850.732944][T17087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2336'.
[ 1851.009411][T17091] loop5: detected capacity change from 0 to 2048
[ 1851.047073][T17091] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1852.433307][T17099] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2339'.
[ 1852.778234][T17101] loop3: detected capacity change from 0 to 512
[ 1853.183861][T17110] overlayfs: missing 'lowerdir'
[ 1853.419676][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.439053][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1853.761966][ T6107] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1855.003212][ T6107] usb 4-1: Using ep0 maxpacket: 32
[ 1855.013095][ T6107] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1855.021158][ T6107] usb 4-1: config 0 has no interface number 0
[ 1855.051555][ T6107] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1855.071768][ T6107] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1855.101729][ T6107] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1855.110928][ T6107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1855.257792][T17121] loop4: detected capacity change from 0 to 512
[ 1855.348799][T17121] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1855.365560][ T6107] usb 4-1: config 0 descriptor??
[ 1855.377687][T17121] ext4 filesystem being mounted at /308/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1855.794304][ T6107] usbhid 4-1:0.1: can't add hid device: -71
[ 1855.803778][ T6107] usbhid: probe of 4-1:0.1 failed with error -71
[ 1855.823628][ T6107] usb 4-1: USB disconnect, device number 14
[ 1855.869341][T17129] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[ 1855.884370][T17129] Quota error (device loop4): write_blk: dquota write failed
[ 1855.894574][T17129] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[ 1855.904504][T17129] EXT4-fs error (device loop4): ext4_acquire_dquot:6949: comm syz.4.2345: Failed to acquire dquot type 0
[ 1856.044641][T17128] overlayfs: missing 'lowerdir'
[ 1856.404658][T11142] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1857.978655][T17138] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2348'.
[ 1858.385818][T17143] loop5: detected capacity change from 0 to 512
[ 1858.446017][T17143] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1858.462695][T17143] ext4 filesystem being mounted at /224/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1858.478877][T17145] loop4: detected capacity change from 0 to 2048
[ 1858.691801][T17145] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1858.762767][T17151] FAULT_INJECTION: forcing a failure.
[ 1858.762767][T17151] name failslab, interval 1, probability 0, space 0, times 0
[ 1858.775663][T17151] CPU: 0 PID: 17151 Comm: syz.5.2349 Not tainted syzkaller #0
[ 1858.783338][T17151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1858.793510][T17151] Call Trace:
[ 1858.796822][T17151]  <TASK>
[ 1858.799793][T17151]  dump_stack_lvl+0x18c/0x250
[ 1858.804521][T17151]  ? show_regs_print_info+0x20/0x20
[ 1858.809861][T17151]  ? load_image+0x400/0x400
[ 1858.814403][T17151]  ? __might_sleep+0xe0/0xe0
[ 1858.819080][T17151]  ? __lock_acquire+0x7d40/0x7d40
[ 1858.824224][T17151]  ? lockdep_hardirqs_on+0x98/0x150
[ 1858.829551][T17151]  should_fail_ex+0x39d/0x4d0
[ 1858.834386][T17151]  should_failslab+0x9/0x20
[ 1858.839030][T17151]  slab_pre_alloc_hook+0x59/0x310
[ 1858.844110][T17151]  ? trace_ma_write+0x8f/0x1b0
[ 1858.848919][T17151]  kmem_cache_alloc+0x5a/0x2d0
[ 1858.853802][T17151]  ? mas_alloc_nodes+0x2f8/0x8c0
[ 1858.858789][T17151]  mas_alloc_nodes+0x2f8/0x8c0
[ 1858.863634][T17151]  mas_preallocate+0xa62/0x11d0
[ 1858.868610][T17151]  ? vma_merge+0x1299/0x20e0
[ 1858.873322][T17151]  ? __lock_acquire+0x7d40/0x7d40
[ 1858.878378][T17151]  ? mas_destroy+0x2080/0x2080
[ 1858.883364][T17151]  ? down_read_killable+0x340/0x340
[ 1858.888637][T17151]  ? vma_iter_config+0xe6/0x270
[ 1858.893530][T17151]  vma_merge+0x169f/0x20e0
[ 1858.898010][T17151]  ? init_vma_prep+0x160/0x160
[ 1858.902834][T17151]  mlock_fixup+0x362/0x570
[ 1858.907306][T17151]  apply_vma_lock_flags+0x2a9/0x3c0
[ 1858.912547][T17151]  ? do_mlock+0x730/0x730
[ 1858.916906][T17151]  ? down_write_killable+0x181/0x230
[ 1858.922235][T17151]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1858.927900][T17151]  ? __fget_files+0x28/0x4b0
[ 1858.932545][T17151]  do_mlock+0x4b5/0x730
[ 1858.936839][T17151]  ? lru_gen_add_folio+0xda0/0xda0
[ 1858.941979][T17151]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1858.948023][T17151]  ? lock_chain_count+0x20/0x20
[ 1858.953009][T17151]  ? syscall_enter_from_user_mode+0x25/0x80
[ 1858.958945][T17151]  __x64_sys_mlock+0x60/0x70
[ 1858.963580][T17151]  do_syscall_64+0x55/0xa0
[ 1858.968058][T17151]  ? clear_bhb_loop+0x40/0x90
[ 1858.972790][T17151]  ? clear_bhb_loop+0x40/0x90
[ 1858.977513][T17151]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1858.983544][T17151] RIP: 0033:0x7f514719c819
[ 1858.988009][T17151] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1859.007819][T17151] RSP: 002b:00007f5148044028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[ 1859.016356][T17151] RAX: ffffffffffffffda RBX: 00007f5147416180 RCX: 00007f514719c819
[ 1859.024448][T17151] RDX: 0000000000000000 RSI: 0000000000005000 RDI: 0000200000626000
[ 1859.032446][T17151] RBP: 00007f5148044090 R08: 0000000000000000 R09: 0000000000000000
[ 1859.040445][T17151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1859.048701][T17151] R13: 00007f5147416218 R14: 00007f5147416180 R15: 00007ffe6c4c9cc8
[ 1859.056814][T17151]  </TASK>
[ 1859.434086][T12910] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1861.202314][T17167] FAULT_INJECTION: forcing a failure.
[ 1861.202314][T17167] name failslab, interval 1, probability 0, space 0, times 0
[ 1861.242093][T17167] CPU: 1 PID: 17167 Comm: syz.5.2355 Not tainted syzkaller #0
[ 1861.249648][T17167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1861.260229][T17167] Call Trace:
[ 1861.263699][T17167]  <TASK>
[ 1861.266721][T17167]  dump_stack_lvl+0x18c/0x250
[ 1861.271455][T17167]  ? show_regs_print_info+0x20/0x20
[ 1861.276876][T17167]  ? load_image+0x400/0x400
[ 1861.281436][T17167]  ? __might_sleep+0xe0/0xe0
[ 1861.286155][T17167]  ? __lock_acquire+0x7d40/0x7d40
[ 1861.291232][T17167]  ? mark_lock+0x94/0x320
[ 1861.295620][T17167]  should_fail_ex+0x39d/0x4d0
[ 1861.300436][T17167]  should_failslab+0x9/0x20
[ 1861.305083][T17167]  slab_pre_alloc_hook+0x59/0x310
[ 1861.310230][T17167]  ? __get_vm_area_node+0x125/0x370
[ 1861.315475][T17167]  __kmem_cache_alloc_node+0x53/0x250
[ 1861.321060][T17167]  ? __get_vm_area_node+0x125/0x370
[ 1861.326301][T17167]  kmalloc_node_trace+0x26/0xe0
[ 1861.331254][T17167]  __get_vm_area_node+0x125/0x370
[ 1861.336391][T17167]  __vmalloc_node_range+0x36e/0x1330
[ 1861.341738][T17167]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1861.347334][T17167]  ? mark_lock+0x94/0x320
[ 1861.351798][T17167]  ? __lock_acquire+0x1347/0x7d40
[ 1861.356912][T17167]  ? verify_lock_unused+0x140/0x140
[ 1861.362286][T17167]  ? free_vm_area+0x50/0x50
[ 1861.367025][T17167]  ? end_current_label_crit_section+0x170/0x170
[ 1861.373319][T17167]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1861.378909][T17167]  __vmalloc+0x7a/0x90
[ 1861.383127][T17167]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1861.388996][T17167]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1861.394407][T17167]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1861.399214][T17167]  bpf_prog_alloc+0x3d/0x1a0
[ 1861.403860][T17167]  bpf_prog_load+0x6eb/0x1670
[ 1861.408599][T17167]  ? map_freeze+0x420/0x420
[ 1861.413142][T17167]  ? __might_fault+0xaa/0x120
[ 1861.417858][T17167]  ? __lock_acquire+0x7d40/0x7d40
[ 1861.422956][T17167]  ? file_end_write+0x159/0x250
[ 1861.427854][T17167]  ? __might_fault+0xaa/0x120
[ 1861.432566][T17167]  ? __might_fault+0xc6/0x120
[ 1861.437285][T17167]  ? __might_fault+0xaa/0x120
[ 1861.442092][T17167]  ? bpf_lsm_bpf+0x9/0x10
[ 1861.446550][T17167]  ? security_bpf+0x7e/0xa0
[ 1861.451375][T17167]  __sys_bpf+0x5ba/0x890
[ 1861.455661][T17167]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1861.461267][T17167]  ? lock_chain_count+0x20/0x20
[ 1861.466167][T17167]  __x64_sys_bpf+0x7c/0x90
[ 1861.470713][T17167]  do_syscall_64+0x55/0xa0
[ 1861.475229][T17167]  ? clear_bhb_loop+0x40/0x90
[ 1861.480121][T17167]  ? clear_bhb_loop+0x40/0x90
[ 1861.484929][T17167]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1861.490863][T17167] RIP: 0033:0x7f514719c819
[ 1861.495319][T17167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1861.515068][T17167] RSP: 002b:00007f5148086028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1861.524091][T17167] RAX: ffffffffffffffda RBX: 00007f5147415fa0 RCX: 00007f514719c819
[ 1861.532301][T17167] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
[ 1861.540397][T17167] RBP: 00007f5148086090 R08: 0000000000000000 R09: 0000000000000000
[ 1861.548414][T17167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1861.556452][T17167] R13: 00007f5147416038 R14: 00007f5147415fa0 R15: 00007ffe6c4c9cc8
[ 1861.564578][T17167]  </TASK>
[ 1861.593065][T17167] syz.5.2355: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz5,mems_allowed=0-1
[ 1861.614405][T10747] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1861.624730][T17167] CPU: 1 PID: 17167 Comm: syz.5.2355 Not tainted syzkaller #0
[ 1861.632431][T17167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1861.642625][T17167] Call Trace:
[ 1861.645943][T17167]  <TASK>
[ 1861.648894][T17167]  dump_stack_lvl+0x18c/0x250
[ 1861.653615][T17167]  ? show_regs_print_info+0x20/0x20
[ 1861.658838][T17167]  ? load_image+0x400/0x400
[ 1861.663454][T17167]  ? __rcu_read_unlock+0x7c/0xd0
[ 1861.668406][T17167]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1861.674839][T17167]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[ 1861.681360][T17167]  warn_alloc+0x246/0x340
[ 1861.685808][T17167]  ? __get_vm_area_node+0x125/0x370
[ 1861.691036][T17167]  ? zone_watermark_ok_safe+0x230/0x230
[ 1861.696598][T17167]  ? rcu_is_watching+0x15/0xb0
[ 1861.701386][T17167]  ? __get_vm_area_node+0x356/0x370
[ 1861.706600][T17167]  __vmalloc_node_range+0x393/0x1330
[ 1861.711899][T17167]  ? mark_lock+0x94/0x320
[ 1861.716253][T17167]  ? __lock_acquire+0x1347/0x7d40
[ 1861.721312][T17167]  ? verify_lock_unused+0x140/0x140
[ 1861.726651][T17167]  ? free_vm_area+0x50/0x50
[ 1861.731449][T17167]  ? end_current_label_crit_section+0x170/0x170
[ 1861.737934][T17167]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1861.743496][T17167]  __vmalloc+0x7a/0x90
[ 1861.747591][T17167]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1861.753149][T17167]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1861.758530][T17167]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1861.763306][T17167]  bpf_prog_alloc+0x3d/0x1a0
[ 1861.767911][T17167]  bpf_prog_load+0x6eb/0x1670
[ 1861.772613][T17167]  ? map_freeze+0x420/0x420
[ 1861.777180][T17167]  ? __might_fault+0xaa/0x120
[ 1861.781879][T17167]  ? __lock_acquire+0x7d40/0x7d40
[ 1861.787005][T17167]  ? file_end_write+0x159/0x250
[ 1861.791874][T17167]  ? __might_fault+0xaa/0x120
[ 1861.796558][T17167]  ? __might_fault+0xc6/0x120
[ 1861.801325][T17167]  ? __might_fault+0xaa/0x120
[ 1861.806096][T17167]  ? bpf_lsm_bpf+0x9/0x10
[ 1861.810435][T17167]  ? security_bpf+0x7e/0xa0
[ 1861.814955][T17167]  __sys_bpf+0x5ba/0x890
[ 1861.819208][T17167]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1861.824603][T17167]  ? lock_chain_count+0x20/0x20
[ 1861.829473][T17167]  __x64_sys_bpf+0x7c/0x90
[ 1861.833902][T17167]  do_syscall_64+0x55/0xa0
[ 1861.838430][T17167]  ? clear_bhb_loop+0x40/0x90
[ 1861.843205][T17167]  ? clear_bhb_loop+0x40/0x90
[ 1861.847903][T17167]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1861.853806][T17167] RIP: 0033:0x7f514719c819
[ 1861.858263][T17167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1861.878061][T17167] RSP: 002b:00007f5148086028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1861.886494][T17167] RAX: ffffffffffffffda RBX: 00007f5147415fa0 RCX: 00007f514719c819
[ 1861.894476][T17167] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
[ 1861.902454][T17167] RBP: 00007f5148086090 R08: 0000000000000000 R09: 0000000000000000
[ 1861.910512][T17167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1861.918683][T17167] R13: 00007f5147416038 R14: 00007f5147415fa0 R15: 00007ffe6c4c9cc8
[ 1861.926691][T17167]  </TASK>
[ 1861.940541][T10747] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1861.970012][T10747] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1861.979033][T10747] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1861.992383][T10747] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1861.999827][T10747] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1862.013521][T17167] Mem-Info:
[ 1862.016714][T17167] active_anon:49919 inactive_anon:0 isolated_anon:0
[ 1862.016714][T17167]  active_file:22896 inactive_file:40690 isolated_file:0
[ 1862.016714][T17167]  unevictable:768 dirty:62 writeback:0
[ 1862.016714][T17167]  slab_reclaimable:11105 slab_unreclaimable:93415
[ 1862.016714][T17167]  mapped:29237 shmem:44235 pagetables:726
[ 1862.016714][T17167]  sec_pagetables:0 bounce:0
[ 1862.016714][T17167]  kernel_misc_reclaimable:0
[ 1862.016714][T17167]  free:1288248 free_pcp:13597 free_cma:0
[ 1862.145441][T17167] Node 0 active_anon:204936kB inactive_anon:0kB active_file:91584kB inactive_file:162556kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122164kB dirty:160kB writeback:0kB shmem:180584kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11156kB pagetables:3004kB sec_pagetables:0kB all_unreclaimable? no
[ 1862.210973][T17167] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1862.267569][T17167] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1862.308621][T17167] lowmem_reserve[]: 0 2521 2522 2522 2522
[ 1862.335274][T17167] Node 0 DMA32 free:1252772kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:208300kB inactive_anon:0kB active_file:91584kB inactive_file:161728kB unevictable:1536kB writepending:160kB present:3129332kB managed:2586956kB mlocked:0kB bounce:0kB free_pcp:28840kB local_pcp:18388kB free_cma:0kB
[ 1862.430512][T17170] overlayfs: missing 'lowerdir'
[ 1862.488500][T17167] lowmem_reserve[]: 0 0 0 0 0
[ 1862.506341][T17167] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1862.554194][ T1006] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1862.573528][T17167] lowmem_reserve[]: 0 0 0 0 0
[ 1862.578343][T17167] Node 1 Normal free:3889444kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20684kB local_pcp:9484kB free_cma:0kB
[ 1862.666335][T17167] lowmem_reserve[]: 0 0 0 0 0
[ 1862.671287][T17167] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1862.704242][ T1006] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1862.715900][T17167] Node 0 DMA32: 885*4kB (UME) 548*8kB (UME) 531*16kB (UME) 516*32kB (UME) 365*64kB (UME) 452*128kB (UME) 139*256kB (UM) 76*512kB (UM) 35*1024kB (UM) 14*2048kB (M) 244*4096kB (UME) = 1252580kB
[ 1862.765877][T17167] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1862.811311][ T1006] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1862.813683][T17167] Node 1 Normal: 253*4kB (UM) 60*8kB (UME) 39*16kB (UME) 43*32kB (UM) 24*64kB (UE) 3*128kB (UM) 2*256kB (UE) 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 947*4096kB (M) = 3889444kB
[ 1862.918299][T17167] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1862.953771][T17167] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1862.996084][T17167] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1863.032024][ T1006] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1863.042640][T17167] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1863.071587][T17167] 109865 total pagecache pages
[ 1863.076408][T17167] 0 pages in swap cache
[ 1863.080589][T17167] Free swap  = 124472kB
[ 1863.111638][T17167] Total swap = 124996kB
[ 1863.115868][T17167] 2097051 pages RAM
[ 1863.159571][T17167] 0 pages HighMem/MovableOnly
[ 1863.189145][T17167] 416926 pages reserved
[ 1863.196197][T17167] 0 pages cma reserved
[ 1863.218968][T17168] chnl_net:caif_netlink_parms(): no params data found
[ 1863.639662][ T1006] tipc: Disabling bearer <udp:syz2>
[ 1863.652472][ T1006] tipc: Left network mode
[ 1863.715825][T17168] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1863.751718][T17168] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1863.759106][T17168] bridge_slave_0: entered allmulticast mode
[ 1863.787138][T17168] bridge_slave_0: entered promiscuous mode
[ 1863.887873][T17186] loop4: detected capacity change from 0 to 4096
[ 1863.984831][T17186] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match.  Run ntfsfix or chkdsk.
[ 1864.002244][T17186] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[ 1864.039434][T17186] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[ 1864.052148][T14835] Bluetooth: hci2: command tx timeout
[ 1864.058977][T17186] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[ 1864.075291][T17186] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[ 1864.088112][ T1006] bond2: (slave ip6gretap1): Releasing active interface
[ 1864.095630][ T1006] ip6gretap1 (unregistering): left allmulticast mode
[ 1864.105046][T17186] ntfs: volume version 3.1.
[ 1864.125250][T17168] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1864.153388][T17186] ntfs: (device loop4): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[ 1864.157263][T17168] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1864.183242][T17186] ntfs: (device loop4): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[ 1864.209672][T17186] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[ 1864.238906][T17168] bridge_slave_1: entered allmulticast mode
[ 1864.253387][T17168] bridge_slave_1: entered promiscuous mode
[ 1864.259907][T17186] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[ 1864.288418][T17186] ntfs: (device loop4): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[ 1864.420218][T17168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1864.518621][T17168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1864.643517][T17168] team0: Port device team_slave_0 added
[ 1864.733549][T17168] team0: Port device team_slave_1 added
[ 1864.838103][T17168] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1864.846295][T17168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1864.874242][T17168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1864.887414][T17168] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1864.894808][T17168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1864.923600][T17168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1865.030041][T17168] hsr_slave_0: entered promiscuous mode
[ 1865.037204][T17168] hsr_slave_1: entered promiscuous mode
[ 1865.043818][T17168] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1865.053182][T17168] Cannot create hsr debugfs directory
[ 1865.499657][ T1006] hsr_slave_0: left promiscuous mode
[ 1865.521961][ T1006] hsr_slave_1: left promiscuous mode
[ 1865.528646][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1865.537053][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1865.545768][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1865.555020][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1865.571904][ T1006] bridge_slave_1: left allmulticast mode
[ 1865.577748][ T1006] bridge_slave_1: left promiscuous mode
[ 1865.592187][ T1006] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1865.608374][ T1006] bridge_slave_0: left allmulticast mode
[ 1865.618109][ T1006] bridge_slave_0: left promiscuous mode
[ 1865.627638][ T1006] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1865.670724][ T1006] bond2: left allmulticast mode
[ 1865.685944][ T1006] bond2: left promiscuous mode
[ 1865.693957][ T1006] bond1: left allmulticast mode
[ 1865.698892][ T1006] bond1: left promiscuous mode
[ 1865.710166][ T1006] veth1_macvtap: left promiscuous mode
[ 1865.719911][ T1006] veth0_macvtap: left promiscuous mode
[ 1865.730533][ T1006] veth1_vlan: left promiscuous mode
[ 1865.872509][ T1006] team0 (unregistering): Port device macvlan3 removed
[ 1866.014999][ T1006] bond2 (unregistering): Released all slaves
[ 1866.039062][ T1006] team0 (unregistering): Port device macvlan2 removed
[ 1866.136082][T14835] Bluetooth: hci2: command tx timeout
[ 1866.194143][ T1006] bond1 (unregistering): Released all slaves
[ 1867.641389][T17234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2360'.
[ 1867.810173][T17236] FAULT_INJECTION: forcing a failure.
[ 1867.810173][T17236] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1867.837435][T17236] CPU: 1 PID: 17236 Comm: syz.5.2363 Not tainted syzkaller #0
[ 1867.845061][T17236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1867.855148][T17236] Call Trace:
[ 1867.858444][T17236]  <TASK>
[ 1867.861501][T17236]  dump_stack_lvl+0x18c/0x250
[ 1867.866338][T17236]  ? show_regs_print_info+0x20/0x20
[ 1867.871714][T17236]  ? load_image+0x400/0x400
[ 1867.876335][T17236]  ? __might_fault+0xaa/0x120
[ 1867.881116][T17236]  ? __lock_acquire+0x7d40/0x7d40
[ 1867.886158][T17236]  should_fail_ex+0x39d/0x4d0
[ 1867.890869][T17236]  _copy_from_user+0x2f/0xe0
[ 1867.895631][T17236]  __se_sys_memfd_create+0x295/0x660
[ 1867.901045][T17236]  do_syscall_64+0x55/0xa0
[ 1867.905484][T17236]  ? clear_bhb_loop+0x40/0x90
[ 1867.910178][T17236]  ? clear_bhb_loop+0x40/0x90
[ 1867.914959][T17236]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1867.920869][T17236] RIP: 0033:0x7f514719c819
[ 1867.925386][T17236] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1867.945445][T17236] RSP: 002b:00007f5148085e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[ 1867.953963][T17236] RAX: ffffffffffffffda RBX: 000000000000019e RCX: 00007f514719c819
[ 1867.962036][T17236] RDX: 00007f5148085ee0 RSI: 0000000000000000 RDI: 00007f5147232e71
[ 1867.970025][T17236] RBP: 0000200000000280 R08: 00000000ffffffff R09: 0000000000000000
[ 1867.978092][T17236] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000240
[ 1867.986077][T17236] R13: 00007f5148085ee0 R14: 00007f5148085ea0 R15: 0000200000002100
[ 1867.994077][T17236]  </TASK>
[ 1868.184836][ T1006] team0 (unregistering): Port device team_slave_1 removed
[ 1868.220630][T14835] Bluetooth: hci2: command tx timeout
[ 1868.269619][ T1006] team0 (unregistering): Port device team_slave_0 removed
[ 1868.353473][ T1006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1868.423314][ T1006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1869.299262][T17251] overlayfs: missing 'lowerdir'
[ 1869.625817][ T1006] bond0 (unregistering): Released all slaves
[ 1870.176798][T17259] loop5: detected capacity change from 0 to 16
[ 1870.211724][T17259] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1870.223329][T17259] syz.5.2367: attempt to access beyond end of device
[ 1870.223329][T17259] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1870.264767][T17259] syz.5.2367: attempt to access beyond end of device
[ 1870.264767][T17259] loop5: rw=524288, sector=16, nr_sectors = 40 limit=16
[ 1870.279078][T17259] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[ 1870.282174][T17264] 9pnet_fd: Insufficient options for proto=fd
[ 1870.296190][T14835] Bluetooth: hci2: command tx timeout
[ 1870.302463][   T27] kauditd_printk_skb: 8 callbacks suppressed
[ 1870.302477][   T27] audit: type=1800 audit(1774885682.446:252): pid=17259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2367" name="file2" dev="loop5" ino=89 res=0 errno=0
[ 1870.832798][T17168] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1871.108072][T17168] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1871.376490][T17168] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1871.450255][T17168] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1871.760343][T17277] FAULT_INJECTION: forcing a failure.
[ 1871.760343][T17277] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1871.812360][T17277] CPU: 0 PID: 17277 Comm: syz.4.2372 Not tainted syzkaller #0
[ 1871.819979][T17277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1871.830081][T17277] Call Trace:
[ 1871.833401][T17277]  <TASK>
[ 1871.836540][T17277]  dump_stack_lvl+0x18c/0x250
[ 1871.841272][T17277]  ? show_regs_print_info+0x20/0x20
[ 1871.846610][T17277]  ? load_image+0x400/0x400
[ 1871.851158][T17277]  ? __might_fault+0xaa/0x120
[ 1871.856055][T17277]  ? __lock_acquire+0x7d40/0x7d40
[ 1871.861303][T17277]  should_fail_ex+0x39d/0x4d0
[ 1871.866033][T17277]  _copy_from_user+0x2f/0xe0
[ 1871.870668][T17277]  __se_sys_memfd_create+0x295/0x660
[ 1871.876090][T17277]  do_syscall_64+0x55/0xa0
[ 1871.880562][T17277]  ? clear_bhb_loop+0x40/0x90
[ 1871.885403][T17277]  ? clear_bhb_loop+0x40/0x90
[ 1871.890132][T17277]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1871.896151][T17277] RIP: 0033:0x7f1805d9c819
[ 1871.900585][T17277] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1871.920309][T17277] RSP: 002b:00007f1806bc2e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[ 1871.928737][T17277] RAX: ffffffffffffffda RBX: 00000000000002e2 RCX: 00007f1805d9c819
[ 1871.936802][T17277] RDX: 00007f1806bc2ee0 RSI: 0000000000000000 RDI: 00007f1805e32e71
[ 1871.944782][T17277] RBP: 00002000000003c0 R08: 00000000ffffffff R09: 0000000000000000
[ 1871.952848][T17277] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000340
[ 1871.960951][T17277] R13: 00007f1806bc2ee0 R14: 00007f1806bc2ea0 R15: 0000200000000380
[ 1871.968964][T17277]  </TASK>
[ 1871.998428][T17168] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1872.026155][T17168] 8021q: adding VLAN 0 to HW filter on device team0
[ 1872.130401][ T1006] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1872.137860][ T1006] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1872.153441][ T1006] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1872.160743][ T1006] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1872.196371][T17284] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2373'.
[ 1872.499710][T17296] loop4: detected capacity change from 0 to 16
[ 1872.833417][T17296] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1872.853979][T17296] syz.4.2375: attempt to access beyond end of device
[ 1872.853979][T17296] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1872.942272][T17297] 9pnet_fd: Insufficient options for proto=fd
[ 1873.393314][   T27] audit: type=1800 audit(1774885685.476:253): pid=17296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2375" name="file2" dev="loop4" ino=89 res=0 errno=0
[ 1874.566064][T17168] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1874.767207][T17168] veth0_vlan: entered promiscuous mode
[ 1874.873575][T17168] veth1_vlan: entered promiscuous mode
[ 1874.999820][T17168] veth0_macvtap: entered promiscuous mode
[ 1875.035923][T17168] veth1_macvtap: entered promiscuous mode
[ 1875.150927][T17168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1875.165846][T17321] loop4: detected capacity change from 0 to 16
[ 1875.182382][T17321] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1875.193327][T17321] syz.4.2381: attempt to access beyond end of device
[ 1875.193327][T17321] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1875.212344][T17321] syz.4.2381: attempt to access beyond end of device
[ 1875.212344][T17321] loop4: rw=524288, sector=16, nr_sectors = 40 limit=16
[ 1875.218033][T17168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1875.226253][T17321] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[ 1875.505754][T17324] 9pnet_fd: Insufficient options for proto=fd
[ 1876.395238][T17168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1876.488389][T17168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1876.592863][   T27] audit: type=1800 audit(1774885688.746:254): pid=17321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2381" name="file2" dev="loop4" ino=89 res=0 errno=0
[ 1876.635540][T17168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1876.651601][T17168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1876.780699][T17168] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1876.869593][T17168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1876.949375][T17168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1876.978401][T17331] loop4: detected capacity change from 0 to 128
[ 1876.981990][T17168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1877.021531][T17168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1877.111609][T17168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1877.247662][T17337] loop1: detected capacity change from 0 to 16
[ 1877.265626][T17337] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1877.327770][T17168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1877.529729][T17337] 9pnet_fd: Insufficient options for proto=fd
[ 1878.287088][T17168] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1878.390102][T17334] loop5: detected capacity change from 0 to 2048
[ 1878.419124][T17168] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1878.447782][T15044] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1878.493647][T17168] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1878.522632][T17334] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1878.542290][T17168] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1878.572601][T17168] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1879.951636][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1879.999894][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1880.021715][ T5827] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1880.218890][T17351] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2385'.
[ 1880.510404][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1880.600643][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1880.616366][ T5827] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1880.616420][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1880.637937][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1880.652057][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1880.719389][ T5827] usb 5-1: config 0 descriptor??
[ 1881.008688][T17348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1881.032762][T17348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1881.323389][T17348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1881.354791][T17348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1881.402409][T17368] loop3: detected capacity change from 0 to 16
[ 1881.410605][T17368] erofs: (device loop3): mounted with root inode @ nid 36.
[ 1881.423052][T17368] syz.3.2390: attempt to access beyond end of device
[ 1881.423052][T17368] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1881.443642][T17348] loop4: detected capacity change from 0 to 128
[ 1881.462773][T17368] syz.3.2390: attempt to access beyond end of device
[ 1881.462773][T17368] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[ 1881.476716][T17368] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[ 1881.484928][T17371] 9pnet_fd: Insufficient options for proto=fd
[ 1881.489071][   T27] audit: type=1800 audit(1774885693.646:255): pid=17368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2390" name="file2" dev="loop3" ino=89 res=0 errno=0
[ 1881.620115][ T5827] usbhid 5-1:0.0: can't add hid device: -71
[ 1881.635802][ T5827] usbhid: probe of 5-1:0.0 failed with error -71
[ 1881.695620][ T5827] usb 5-1: USB disconnect, device number 7
[ 1882.370651][T17381] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1882.381158][T17381] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1882.390117][T17381] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1882.403725][T17381] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1882.424348][T17381] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1882.434216][T17381] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1883.605712][T17392] overlayfs: missing 'lowerdir'
[ 1884.458084][T17378] chnl_net:caif_netlink_parms(): no params data found
[ 1884.532787][T14835] Bluetooth: hci0: command tx timeout
[ 1884.639737][T17400] loop5: detected capacity change from 0 to 128
[ 1885.025261][T17394] loop3: detected capacity change from 0 to 131072
[ 1885.098448][T17394] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1885.122572][T17378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1885.164280][T17394] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1885.173900][T17378] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1885.189658][T17378] bridge_slave_0: entered allmulticast mode
[ 1885.197467][T17378] bridge_slave_0: entered promiscuous mode
[ 1885.213310][T17378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1885.220760][T17378] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1885.233234][T17394] F2FS-fs (loop3): recover xattr in inode (7), error(0)
[ 1885.240677][T17394] F2FS-fs (loop3): set inode (7) has corrupted xattr
[ 1885.254608][T17378] bridge_slave_1: entered allmulticast mode
[ 1885.262656][T17378] bridge_slave_1: entered promiscuous mode
[ 1885.269836][T17394] F2FS-fs (loop3): set inode (7) has corrupted xattr
[ 1885.337942][T17378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1885.365907][T17378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1885.841951][T17413] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2395'.
[ 1886.138597][T17378] team0: Port device team_slave_0 added
[ 1886.229490][T17378] team0: Port device team_slave_1 added
[ 1886.537409][T17378] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1886.553291][T17378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1886.611719][T14835] Bluetooth: hci0: command tx timeout
[ 1886.651809][T17378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1886.698942][T17378] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1886.731744][T17378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1886.828182][T17378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1886.969463][T12062] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1887.329453][T17424] loop5: detected capacity change from 0 to 16
[ 1887.444231][T17424] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1887.630635][T17424] syz.5.2399: attempt to access beyond end of device
[ 1887.630635][T17424] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1887.683406][T17425] 9pnet_fd: Insufficient options for proto=fd
[ 1887.716191][T17424] syz.5.2399: attempt to access beyond end of device
[ 1887.716191][T17424] loop5: rw=524288, sector=16, nr_sectors = 40 limit=16
[ 1887.730598][T17424] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[ 1887.861145][   T27] audit: type=1800 audit(1774885699.896:256): pid=17424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2399" name="file2" dev="loop5" ino=89 res=0 errno=0
[ 1887.880965][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1888.002891][T17378] hsr_slave_0: entered promiscuous mode
[ 1888.014880][T17378] hsr_slave_1: entered promiscuous mode
[ 1888.202216][T17378] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1888.240655][T17378] Cannot create hsr debugfs directory
[ 1889.291831][T14835] Bluetooth: hci0: command tx timeout
[ 1889.572586][T17435] loop5: detected capacity change from 0 to 128
[ 1889.581114][T17435] EXT4-fs: Ignoring removed nobh option
[ 1889.634299][T17435] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1889.644170][T12062] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1889.677146][T17435] ext4 filesystem being mounted at /242/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1889.860950][T17441] loop4: detected capacity change from 0 to 16
[ 1889.874585][T17441] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1889.905365][T17441] syz.4.2403: attempt to access beyond end of device
[ 1889.905365][T17441] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1889.926938][T17441] syz.4.2403: attempt to access beyond end of device
[ 1889.926938][T17441] loop4: rw=524288, sector=16, nr_sectors = 40 limit=16
[ 1889.942242][T17441] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[ 1890.069155][T17441] 9pnet_fd: Insufficient options for proto=fd
[ 1890.083208][   T27] audit: type=1800 audit(1774885702.106:257): pid=17441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2403" name="file2" dev="loop4" ino=89 res=0 errno=0
[ 1890.169602][T17435] EXT4-fs warning (device loop5): verify_group_input:151: Cannot add at group 2175 (only 1 groups)
[ 1890.857157][T12062] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1890.910477][T12910] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1891.284140][T12062] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1891.332407][T14835] Bluetooth: hci0: command tx timeout
[ 1891.559861][T17447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2404'.
[ 1891.689240][T17450] loop5: detected capacity change from 0 to 512
[ 1891.714983][T17451] loop3: detected capacity change from 0 to 256
[ 1891.834469][T17450] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1891.859474][T17450] ext4 filesystem being mounted at /243/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1892.048156][T12910] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1892.203355][T12062] tipc: Disabling bearer <udp:syz2>
[ 1892.217737][T12062] tipc: Left network mode
[ 1892.323016][T17459] loop5: detected capacity change from 0 to 16
[ 1892.340446][T17459] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1892.353222][T17459] syz.5.2407: attempt to access beyond end of device
[ 1892.353222][T17459] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1892.391363][T17459] syz.5.2407: attempt to access beyond end of device
[ 1892.391363][T17459] loop5: rw=524288, sector=16, nr_sectors = 40 limit=16
[ 1892.405688][T17459] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[ 1892.412748][T17461] 9pnet_fd: Insufficient options for proto=fd
[ 1892.417647][   T27] audit: type=1800 audit(1774885704.566:258): pid=17459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2407" name="file2" dev="loop5" ino=89 res=0 errno=0
[ 1893.059278][T17456] loop4: detected capacity change from 0 to 32768
[ 1893.134047][T17456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.2408 (17456)
[ 1893.216502][T17456] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1893.229473][T17470] overlayfs: missing 'lowerdir'
[ 1893.253237][T17456] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[ 1893.281821][T17456] BTRFS info (device loop4): allowing degraded mounts
[ 1893.298931][T17456] BTRFS info (device loop4): enabling ssd optimizations
[ 1893.321701][T17456] BTRFS info (device loop4): allowing degraded mounts
[ 1893.343718][T17456] BTRFS info (device loop4): using free space tree
[ 1894.199815][T17378] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1894.221088][T11142] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1894.411832][T17378] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1894.455165][T17378] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1894.499165][T17378] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1894.634864][T12062] hsr_slave_0: left promiscuous mode
[ 1894.687570][T12062] hsr_slave_1: left promiscuous mode
[ 1894.706840][T12062] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1894.721642][T12062] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1894.742426][T12062] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1894.749940][T12062] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1894.807681][T12062] bridge_slave_1: left allmulticast mode
[ 1894.821516][T12062] bridge_slave_1: left promiscuous mode
[ 1894.827460][T12062] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1894.864341][T12062] bridge_slave_0: left allmulticast mode
[ 1894.876601][T12062] bridge_slave_0: left promiscuous mode
[ 1894.892022][T12062] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1894.989804][T12062] veth1_macvtap: left promiscuous mode
[ 1894.995771][T12062] veth0_macvtap: left promiscuous mode
[ 1895.011805][T12062] veth1_vlan: left promiscuous mode
[ 1895.021700][T12062] veth0_vlan: left promiscuous mode
[ 1896.180065][T12062] team0 (unregistering): Port device team_slave_1 removed
[ 1896.230798][T12062] team0 (unregistering): Port device team_slave_0 removed
[ 1896.285579][T12062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1896.346174][T12062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1896.770012][T12062] bond0 (unregistering): Released all slaves
[ 1897.398266][T17543] loop5: detected capacity change from 0 to 16
[ 1897.418920][T17543] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1898.033008][T17543] 9pnet_fd: Insufficient options for proto=fd
[ 1899.334353][T17542] syz.5.2426: attempt to access beyond end of device
[ 1899.334353][T17542] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[ 1899.381855][   T27] audit: type=1800 audit(1774885711.516:259): pid=17542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2426" name="file2" dev="loop5" ino=89 res=0 errno=0
[ 1899.537648][T17378] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1899.635466][T17378] 8021q: adding VLAN 0 to HW filter on device team0
[ 1899.678069][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1899.685337][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1899.736038][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1899.743386][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1900.174325][T17570] syz.4.2436 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1900.567422][T17378] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1900.740282][T17378] veth0_vlan: entered promiscuous mode
[ 1900.776361][T17378] veth1_vlan: entered promiscuous mode
[ 1900.878570][T17378] veth0_macvtap: entered promiscuous mode
[ 1900.892628][T17378] veth1_macvtap: entered promiscuous mode
[ 1900.964497][T17378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1901.001951][T17378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1901.032543][T17378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1901.061282][T17378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1901.071959][T17378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1901.091845][T17378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1901.120771][T17378] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1901.168510][T17378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1901.180501][T17378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1901.192504][T17378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1901.208763][T17378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1901.230244][T17378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1901.249600][T17378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1901.267361][T17378] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1901.357673][T17378] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1901.401568][T17378] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1901.422925][T17378] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1901.447544][T17378] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1901.801625][ T4332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1901.827646][ T4332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1901.936759][ T4332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1901.981194][ T4332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1902.193439][T17625] loop1: detected capacity change from 0 to 256
[ 1902.593993][T17637] loop4: detected capacity change from 0 to 256
[ 1902.643110][T17637] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe65d9f0a, utbl_chksum : 0x7319d30d)
[ 1902.969178][T17647] loop4: detected capacity change from 0 to 512
[ 1903.003119][T17647] EXT4-fs: Ignoring removed i_version option
[ 1903.025538][T17647] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 1903.046651][T17647] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 1903.061293][T17647] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002]
[ 1903.070817][T17647] System zones: 1-12
[ 1903.086085][T17647] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1903.109820][T17647] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 33619980: comm syz.4.2470: invalid block
[ 1903.143383][T17647] EXT4-fs (loop4): Remounting filesystem read-only
[ 1903.157536][T17647] EXT4-fs (loop4): 1 truncate cleaned up
[ 1903.175892][T17647] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback.
[ 1903.427574][T11142] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 1903.430445][T17657] loop5: detected capacity change from 0 to 256
[ 1904.593748][T17685] overlayfs: missing 'lowerdir'
[ 1905.184472][    T9] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[ 1905.416443][    T9] usb 5-1: device descriptor read/64, error -71
[ 1906.473360][    T9] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[ 1906.631569][    T9] usb 5-1: device descriptor read/64, error -71
[ 1906.763995][T17702] loop3: detected capacity change from 0 to 512
[ 1906.775116][    T9] usb usb5-port1: attempt power cycle
[ 1906.965713][T17689] loop5: detected capacity change from 0 to 40427
[ 1906.982214][T17689] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[ 1907.001707][T17689] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[ 1907.034534][T17689] F2FS-fs (loop5): invalid crc value
[ 1907.067799][T17689] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1907.165010][T17689] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[ 1907.201761][T17689] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1907.440873][   T49] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1907.464335][   T49] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[ 1907.487648][T17719] process 'syz.4.2492' launched './file0' with NULL argv: empty string added
[ 1907.765139][   T36] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1908.129556][   T27] audit: type=1800 audit(1774885720.276:260): pid=17719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2492" name="/" dev="fuse" ino=4 res=0 errno=0
[ 1909.811771][T14835] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1909.811950][T17381] Bluetooth: hci1: command 0x1003 tx timeout
[ 1909.876446][T17748] loop1: detected capacity change from 0 to 256
[ 1910.052362][T17752] binder: 17751:17752 unknown command 1074553619
[ 1910.071570][T17752] binder: 17751:17752 ioctl c0306201 200000000540 returned -22
[ 1910.083408][T17748] FAT-fs (loop1): Directory bread(block 64) failed
[ 1910.090016][T17748] FAT-fs (loop1): Directory bread(block 65) failed
[ 1910.121758][T17748] FAT-fs (loop1): Directory bread(block 66) failed
[ 1910.128588][T17748] FAT-fs (loop1): Directory bread(block 67) failed
[ 1910.136086][T17748] FAT-fs (loop1): Directory bread(block 68) failed
[ 1910.144693][T17757] binder: 17751:17757 unknown command 1074291477
[ 1910.151335][T17757] binder: 17751:17757 ioctl c0306201 200000000640 returned -22
[ 1910.160326][T17748] FAT-fs (loop1): Directory bread(block 69) failed
[ 1910.168063][T17748] FAT-fs (loop1): Directory bread(block 70) failed
[ 1910.176695][T17748] FAT-fs (loop1): Directory bread(block 71) failed
[ 1910.184574][T17748] FAT-fs (loop1): Directory bread(block 72) failed
[ 1910.206462][T17748] FAT-fs (loop1): Directory bread(block 73) failed
[ 1911.718477][T12444] kernel read not supported for file /1283/oom_score (pid: 12444 comm: kworker/1:3)
[ 1911.852027][T17765] loop1: detected capacity change from 0 to 4096
[ 1911.868191][   T27] audit: type=1326 audit(1774885724.016:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad7b9c819 code=0x7ffc0000
[ 1911.890890][T17765] ext4: Unknown parameter 'noacl'
[ 1911.942332][   T27] audit: type=1326 audit(1774885724.016:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad7b9c819 code=0x7ffc0000
[ 1912.041576][   T27] audit: type=1326 audit(1774885724.066:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7ffad7b9c819 code=0x7ffc0000
[ 1912.121667][   T27] audit: type=1326 audit(1774885724.066:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad7b9c819 code=0x7ffc0000
[ 1912.186524][   T27] audit: type=1326 audit(1774885724.066:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad7b9c819 code=0x7ffc0000
[ 1914.502387][ T5827] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 1914.553745][    T9] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1914.575411][T17809] loop1: detected capacity change from 0 to 128
[ 1914.840807][T17809] syz.1.2524: attempt to access beyond end of device
[ 1914.840807][T17809] loop1: rw=2049, sector=138, nr_sectors = 2 limit=128
[ 1914.942465][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1915.036820][T17811] overlayfs: missing 'lowerdir'
[ 1915.046074][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1915.511688][ T5827] usb 4-1: Using ep0 maxpacket: 16
[ 1915.517068][    T9] usb 6-1: Using ep0 maxpacket: 32
[ 1915.543903][ T5827] usb 4-1: config 0 has no interfaces?
[ 1915.561415][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1915.583857][ T5827] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1915.594280][    T9] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 7
[ 1915.631006][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1915.646358][ T5827] usb 4-1: Product: syz
[ 1915.651054][ T5827] usb 4-1: Manufacturer: syz
[ 1915.658476][    T9] usb 6-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice= 0.40
[ 1915.684473][ T5827] usb 4-1: SerialNumber: syz
[ 1915.689619][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1915.703135][T17817] loop4: detected capacity change from 0 to 128
[ 1915.722874][ T5827] usb 4-1: config 0 descriptor??
[ 1915.736579][    T9] usb 6-1: Product: syz
[ 1915.740859][    T9] usb 6-1: Manufacturer: syz
[ 1915.745567][T17817] xt_hashlimit: size too large, truncated to 1048576
[ 1915.771617][    T9] usb 6-1: SerialNumber: syz
[ 1916.012352][T17801] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1916.088977][ T5827] usb 4-1: USB disconnect, device number 15
[ 1916.185028][    T9] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found
[ 1916.519923][T17824] overlayfs: missing 'lowerdir'
[ 1917.074180][    T9] usb 6-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[ 1917.082774][    T9] usb 6-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1917.112060][    T9] usb 6-1: USB disconnect, device number 15
[ 1917.188084][T15044] udevd[15044]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1920.991885][T12706] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1921.221570][T12706] usb 6-1: Using ep0 maxpacket: 16
[ 1921.252704][T12706] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1921.273984][T12706] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1921.292195][T12706] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1921.316348][T12706] usb 6-1: New USB device found, idVendor=04b8, idProduct=1002, bcdDevice= 0.40
[ 1921.341587][T12706] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1921.349781][T12706] usb 6-1: Product: syz
[ 1921.376350][T12706] usb 6-1: Manufacturer: syz
[ 1921.381219][T12706] usb 6-1: SerialNumber: syz
[ 1921.632548][T12706] usb 6-1: USB disconnect, device number 16
[ 1922.142704][T17861] loop4: detected capacity change from 0 to 1024
[ 1922.162852][T17861] EXT4-fs: inline encryption not supported
[ 1922.168831][T17861] EXT4-fs: Ignoring removed bh option
[ 1922.216298][T17861] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 1922.286272][T17861] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1922.378093][T17866] loop5: detected capacity change from 0 to 512
[ 1922.426746][T17866] EXT4-fs (loop5): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0
[ 1922.471631][T17866] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[ 1922.501617][T17866] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1922.519464][T11142] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1922.522442][T17866] EXT4-fs (loop5): Couldn't mount because of unsupported optional features (fffc1829)
[ 1922.570552][T17866] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities
[ 1922.963881][T17873] loop5: detected capacity change from 0 to 1024
[ 1922.971334][T17873] EXT4-fs: Ignoring removed bh option
[ 1923.041859][T17873] ext4: Unknown parameter 'noacl'
[ 1923.388282][T17879] loop5: detected capacity change from 0 to 256
[ 1923.420805][T17879] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 1923.894933][T17883] sit0: left promiscuous mode
[ 1924.063411][T17883] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1925.462186][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1925.888598][T17875] loop4: detected capacity change from 0 to 131072
[ 1925.946831][T17875] F2FS-fs (loop4): Test dummy encryption mode enabled
[ 1925.972552][T17875] F2FS-fs (loop4): invalid crc value
[ 1925.980157][T17875] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-4)
[ 1926.190282][T17901] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1926.609256][T17904] loop3: detected capacity change from 0 to 4096
[ 1926.648608][T17904] ntfs3: Unknown parameter '8'
[ 1927.302989][T17907] loop3: detected capacity change from 0 to 512
[ 1927.370727][T17907] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1927.384474][T17907] ext4 filesystem being mounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1927.491794][T10747] Bluetooth: hci1: command 0x1003 tx timeout
[ 1927.498965][T14835] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1927.577273][T17903] loop4: detected capacity change from 0 to 40427
[ 1927.627229][T17903] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1927.638760][T17891] loop5: detected capacity change from 0 to 131072
[ 1927.647866][T17903] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1927.659157][T17891] F2FS-fs (loop5): invalid crc value
[ 1927.687862][T17903] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1927.703294][T17891] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1927.872965][T17903] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1927.892889][T17891] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[ 1927.901190][T17903] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1928.129191][T17168] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1928.312245][T12706] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 1928.506179][T12706] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[ 1928.550641][T12706] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1928.571543][T12706] usb 2-1: Product: syz
[ 1928.581668][T12706] usb 2-1: Manufacturer: syz
[ 1928.596747][T12706] usb 2-1: SerialNumber: syz
[ 1928.623160][T12706] usb 2-1: config 0 descriptor??
[ 1928.912055][T12706] usb 2-1: ignoring: probably an ADSL modem
[ 1930.150243][T12706] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19!
[ 1930.159729][T12706] usb 2-1: USB disconnect, device number 15
[ 1930.536958][T17947] loop4: detected capacity change from 0 to 2048
[ 1931.213475][T17947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1931.385675][ T5827] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1931.429185][   T12] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1931.456234][   T12] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1931.478340][   T12] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1931.478340][   T12] 
[ 1931.488497][   T12] EXT4-fs (loop4): Total free blocks count 0
[ 1931.562827][   T12] EXT4-fs (loop4): Free/Dirty block details
[ 1931.568959][   T12] EXT4-fs (loop4): free_blocks=2415919504
[ 1931.591631][   T12] EXT4-fs (loop4): dirty_blocks=32
[ 1931.601809][ T5827] usb 6-1: Using ep0 maxpacket: 32
[ 1931.606828][   T12] EXT4-fs (loop4): Block reservation details
[ 1931.617713][T17956] loop1: detected capacity change from 0 to 64
[ 1931.618381][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1931.624163][   T12] EXT4-fs (loop4): i_reserved_data_blocks=2
[ 1931.647730][   T12] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28
[ 1931.658099][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1931.693229][ T5827] usb 6-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1931.708843][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1931.717548][ T5827] usb 6-1: Product: syz
[ 1931.732266][ T5827] usb 6-1: Manufacturer: syz
[ 1931.739862][ T5827] usb 6-1: SerialNumber: syz
[ 1931.788269][ T5827] usb 6-1: config 0 descriptor??
[ 1931.972136][T15419] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1932.088436][ T5827] usb 6-1: USB disconnect, device number 17
[ 1932.136784][T15044] udevd[15044]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1932.382119][T15419] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1932.453677][T15419] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1932.546140][T15419] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1932.680876][T15419] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1932.827085][T15419] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1932.988100][T15419] usb 2-1: config 0 descriptor??
[ 1933.461298][T15419] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[ 1933.544801][T15419] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1934.228763][T14840] usb 2-1: USB disconnect, device number 16
[ 1934.520316][T17980] loop3: detected capacity change from 0 to 256
[ 1934.695796][T17974] loop4: detected capacity change from 0 to 32768
[ 1934.739063][T17974] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.2576 (17974)
[ 1934.814352][T17974] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1934.835383][T17974] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1934.856208][T17974] BTRFS info (device loop4): enabling auto defrag
[ 1934.890886][T17974] BTRFS info (device loop4): use no compression
[ 1934.911974][T17974] BTRFS info (device loop4): force clearing of disk cache
[ 1934.919227][T17974] BTRFS info (device loop4): max_inline at 4096
[ 1934.958322][T17974] BTRFS info (device loop4): disabling free space tree
[ 1935.285118][T17974] BTRFS info (device loop4): enabling ssd optimizations
[ 1935.304756][T17974] BTRFS info (device loop4): auto enabling async discard
[ 1935.386366][T18003] hub 9-0:1.0: USB hub found
[ 1935.396998][T18003] hub 9-0:1.0: 1 port detected
[ 1935.641908][T17974] BTRFS info (device loop4): rebuilding free space tree
[ 1936.015517][T17974] BTRFS info (device loop4): disabling free space tree
[ 1936.071712][T17974] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1936.151738][T17974] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1936.404100][T11142] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1936.566826][T18010] loop1: detected capacity change from 0 to 256
[ 1936.611125][T18010] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d)
[ 1936.725027][T18010] syz.1.2584: attempt to access beyond end of device
[ 1936.725027][T18010] loop1: rw=524288, sector=34359738488, nr_sectors = 8 limit=256
[ 1936.793149][T18010] syz.1.2584: attempt to access beyond end of device
[ 1936.793149][T18010] loop1: rw=0, sector=34359738488, nr_sectors = 8 limit=256
[ 1936.859380][   T27] audit: type=1800 audit(1774885749.006:266): pid=18010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2584" name="file1" dev="loop1" ino=1048617 res=0 errno=0
[ 1936.941890][T17983] loop3: detected capacity change from 0 to 40427
[ 1937.775664][T17983] F2FS-fs (loop3): Unrecognized mount option "whint_mode=user-based" or missing value
[ 1940.318119][T18028] loop3: detected capacity change from 0 to 256
[ 1940.432109][T12706] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1940.461974][T18030] loop5: detected capacity change from 0 to 256
[ 1940.554247][T18030] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d)
[ 1940.701739][T12706] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1940.754976][T12706] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1940.805913][T12706] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1940.825129][T12706] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1940.874942][T12706] usb 5-1: Manufacturer: syz
[ 1940.901685][T12706] usb 5-1: config 0 descriptor??
[ 1942.543959][T12706] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0009/input/input7
[ 1942.659877][T12706] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0009/input/input8
[ 1942.680520][T18052] binder: binder_mmap: 18051 2000009c6000-2000009c8000 bad vm_flags failed -1
[ 1942.709254][T12706] input: syz Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0009/input/input9
[ 1942.764850][T12706] input: syz Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0009/input/input10
[ 1942.859134][T12706] uclogic 0003:256C:006D.0009: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.4-1/input0
[ 1942.917508][T12706] usb 5-1: USB disconnect, device number 11
[ 1943.289372][T18061] fido_id[18061]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[ 1944.153742][T18080] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1944.954955][T18085] loop1: detected capacity change from 0 to 512
[ 1944.971369][T18085] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1945.007163][T18085] EXT4-fs (loop1): SIPHASH is not a valid default hash value
[ 1945.129442][T18090] loop4: detected capacity change from 0 to 2048
[ 1945.253252][T18090] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1945.384328][T18090] ext4 filesystem being mounted at /375/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1946.279541][ T3463] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm kworker/u4:8: bg 0: block 345: padding at end of block bitmap is not set
[ 1946.308479][ T3463] EXT4-fs (loop4): Remounting filesystem read-only
[ 1946.327853][ T4332] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 1946.339725][ T4332] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 1946.348171][ T4332] CPU: 0 PID: 4332 Comm: kworker/u4:10 Not tainted syzkaller #0
[ 1946.355861][ T4332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1946.366034][ T4332] Workqueue: ext4-rsv-conversion ext4_end_io_rsv_work
[ 1946.372877][ T4332] RIP: 0010:ext4_ext_map_blocks+0x2cf3/0x6800
[ 1946.379083][ T4332] Code: 8b 04 24 89 18 89 9c 24 38 01 00 00 4c 8b 7c 24 10 4d 85 ff 0f 84 bd 00 00 00 e8 78 dc 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 3d 1e 00 00 41 0f b7 47 08 c1 e0 04 48
[ 1946.398823][ T4332] RSP: 0018:ffffc9000f0b7520 EFLAGS: 00010246
[ 1946.404924][ T4332] RAX: 0000000000000000 RBX: fffffffffffffffb RCX: ffff88802ff75a00
[ 1946.412994][ T4332] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: 0000000000000003
[ 1946.421169][ T4332] RBP: ffffc9000f0b77d0 R08: ffffffff911c359f R09: 1ffffffff22386b3
[ 1946.429175][ T4332] R10: dffffc0000000000 R11: fffffbfff22386b4 R12: 0000000000000001
[ 1946.437252][ T4332] R13: 1ffff92001e16ed0 R14: dffffc0000000000 R15: fffffffffffffffb
[ 1946.445339][ T4332] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1946.454469][ T4332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1946.461061][ T4332] CR2: 00007ffe6c4ca028 CR3: 000000007869b000 CR4: 00000000003506f0
[ 1946.469148][ T4332] Call Trace:
[ 1946.472472][ T4332]  <TASK>
[ 1946.475440][ T4332]  ? rwsem_down_read_slowpath+0x880/0x880
[ 1946.481192][ T4332]  ? ext4_ext_release+0x10/0x10
[ 1946.486078][ T4332]  ? ext4_es_lookup_extent+0x60e/0xa00
[ 1946.491739][ T4332]  ext4_map_blocks+0x9e2/0x1b80
[ 1946.496787][ T4332]  ? ext4_issue_zeroout+0x250/0x250
[ 1946.502087][ T4332]  ? ext4_journal_check_start+0x178/0x250
[ 1946.507836][ T4332]  ? __ext4_journal_start_sb+0x259/0x560
[ 1946.513484][ T4332]  ext4_convert_unwritten_extents+0x2c2/0x5f0
[ 1946.519758][ T4332]  ? trace_ext4_fallocate_exit+0x1d0/0x1d0
[ 1946.525685][ T4332]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1946.531682][ T4332]  ? lockdep_hardirqs_on+0x98/0x150
[ 1946.537064][ T4332]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1946.542964][ T4332]  ? _raw_spin_unlock+0x40/0x40
[ 1946.547823][ T4332]  ext4_convert_unwritten_io_end_vec+0xff/0x170
[ 1946.554077][ T4332]  ext4_end_io_rsv_work+0x2f5/0x690
[ 1946.559293][ T4332]  ? ext4_last_io_end_vec+0x70/0x70
[ 1946.564508][ T4332]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1946.569713][ T4332]  ? process_scheduled_works+0x96f/0x15d0
[ 1946.575618][ T4332]  ? process_scheduled_works+0x96f/0x15d0
[ 1946.581367][ T4332]  process_scheduled_works+0xa5d/0x15d0
[ 1946.586939][ T4332]  ? worker_attach_to_pool+0x380/0x380
[ 1946.592438][ T4332]  ? assign_work+0x3d2/0x5d0
[ 1946.597231][ T4332]  worker_thread+0xa55/0xfc0
[ 1946.602206][ T4332]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1946.608252][ T4332]  ? _raw_spin_unlock+0x40/0x40
[ 1946.613213][ T4332]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1946.619131][ T4332]  kthread+0x2fa/0x390
[ 1946.623210][ T4332]  ? pr_cont_work+0x560/0x560
[ 1946.627985][ T4332]  ? kthread_blkcg+0xd0/0xd0
[ 1946.632579][ T4332]  ret_from_fork+0x48/0x80
[ 1946.637036][ T4332]  ? kthread_blkcg+0xd0/0xd0
[ 1946.641632][ T4332]  ret_from_fork_asm+0x11/0x20
[ 1946.646423][ T4332]  </TASK>
[ 1946.649441][ T4332] Modules linked in:
[ 1946.662290][ T4332] ---[ end trace 0000000000000000 ]---
[ 1946.671360][ T4332] RIP: 0010:ext4_ext_map_blocks+0x2cf3/0x6800
[ 1946.679929][ T4332] Code: 8b 04 24 89 18 89 9c 24 38 01 00 00 4c 8b 7c 24 10 4d 85 ff 0f 84 bd 00 00 00 e8 78 dc 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 3d 1e 00 00 41 0f b7 47 08 c1 e0 04 48
[ 1946.710992][ T4332] RSP: 0018:ffffc9000f0b7520 EFLAGS: 00010246
[ 1946.719094][ T4332] RAX: 0000000000000000 RBX: fffffffffffffffb RCX: ffff88802ff75a00
[ 1946.728751][ T4332] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: 0000000000000003
[ 1946.736997][ T4332] RBP: ffffc9000f0b77d0 R08: ffffffff911c359f R09: 1ffffffff22386b3
[ 1946.751645][ T4332] R10: dffffc0000000000 R11: fffffbfff22386b4 R12: 0000000000000001
[ 1946.759858][ T4332] R13: 1ffff92001e16ed0 R14: dffffc0000000000 R15: fffffffffffffffb
[ 1946.770561][ T4332] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1946.780168][ T4332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1946.787158][ T4332] CR2: 000000110c3c1e98 CR3: 0000000024e5e000 CR4: 00000000003506f0
[ 1946.795585][ T4332] Kernel panic - not syncing: Fatal exception
[ 1946.801883][ T4332] Kernel Offset: disabled
[ 1946.806218][ T4332] Rebooting in 86400 seconds..