last executing test programs:

1m28.013625418s ago: executing program 2 (id=412):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r1, 0x3ba0, &(0x7f00000000c0)={0x48, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3afa})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
sendto$inet(r2, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
shutdown(r2, 0x0)
recvfrom(r2, &(0x7f0000000000)=""/116, 0xffffffdd, 0x734, 0x0, 0x0)
r3 = socket(0x2, 0x3, 0x6)
bind$inet(r3, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4)
sendto$inet(r3, 0x0, 0x0, 0x48812, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000e00)='./file0\x00', 0x9001)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000200)=0xff)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r6, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000000040)=ANY=[@ANYBLOB="ac0000000202010200000000000000000a000003980002800c00028000100100110000002c00018014000300ff020000000000000000000000000001140004"], 0xac}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r5, 0x4004f506, &(0x7f0000000180)=0x1)
renameat2(r4, &(0x7f0000000140)='./file0\x00', r4, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4)

1m27.239231683s ago: executing program 2 (id=414):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_FUNCS(r0, 0x705, 0x0)
setrlimit(0x6, &(0x7f0000000000)={0x3, 0x109})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, r1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ptrace$poke(0xffffffffffffffff, r1, &(0x7f0000000040), 0x3ff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0xef9, &(0x7f0000000f00)="$eJzs3U9sHFf9APA3639p7Mbrtr9f3ZYmoaWkDeAEJ4dyS6UIpKqqeuHeKo3bgFsiUoRaJYrLKUgcClUvRRyK2htSOCDRCglVSEj86YETB04VXEAooEi5ECk2svPeev3iYddje3a9+/lIX79982bn+x1v5MzMzr4NwNBqrP08eXK2COGdj94+/bXLy79cXXaotcbhtZ9F7DVDCGNt/SLb3qdxwa3rF8+ststZW4T5tZ9pPDx7rfXcyRDCUjgcPg7NcOho88aVkWcWPnj3kyOXzj/98i7tPgAADJWrf1j8yxN///0XZ25ePXgqTLSWp+PzZuxPxuP+4/H4Ph33N8LGftEW7caz9UZiNLL1RrL1RrM8oyX5xrLtjJWsN94h30jbss32EwAAAPaidF7bDEVjbkO/0Zibu33ev+rT6fFi7tVziwsXelQoAAAAUNmNy2s33QohhBBCCCGEEGKAY2W611cgAAAAgGGT5h1ozQ+WW8pnFtie1taa3eW/9lRj8+fDDqj737/8eyv/+2/6iwMAQHWDejSZ9isdR6d5DPJ5BEey5231+L+RbWd0i3WWzSu4V+YbLKsz/732q7L6t/o69kpZ/fl8mP2qrP58ns5+VVb/RM11VFVW/76a66iqrP67aq6jqrL699dcR1Vl9U/WXEdVZfVP1VxHVWX1311zHVWV1X+g5jqqKqt/r9xWW1Z/s+Y6qiqrf6bmOqoqq/+emuuoqqz+e2uuo6qy+u+ruY5eeTi26fdwMBtvP3/Oz+n2yjkeAAAADLv/mP9P7Epc6YMadjbW3tPtgzqEEEKILNZv2+l9LUIIIfo4Lvfy4gMAAADQF9LnAtKn3leiND7SYXy0w/hYh/HxDuMTHcYBAACAEH51ZeGBt4r1z/lvdz68dANamn9pq/MY5fMRbjX/duc9227+vTJvGQAAAMOl+OrHy0dPv/fazM2rB0+1nf0ux/PdNA/oaLw28GHsp/sCprJ+kc6hT23M0yhZL78+cHfZ9p7b5o4CAADAEJuKd+g3Q9GYazvvboZGY25u/Xx8NowVC+cWzx6P/fT9LL+bHptYXf7l2isHAAAAurV+vr/5+X/6Ht/ZMF7MvXpuceHC7f5Ua/lYo/26wPT68qL9ukAzWz5fsvxE7Kfv73x5+q615XNnvrX44k7vPAAAAAyJC6+/8c0XFhfPftsDDzzwoPWg13+ZAACAnfbB397+43dOTP369uf/1+e/S5//Pxz7zTi335/iCuk+gfQ5gDs+r//8xjzTZeud37heM1tvJMZEVve+tu2EtvkG0/NmyvI1N25nvCTfZJZvKsuXz1Mwmq2f8h3IlufzE6b1prPl+TyMo1mOIsv/SAAAAIByx1575fyxC6+/8aVzr7zw0tmXzr564vj8V+afnJ8/OX9s7b7+Y+139wMAAAB70fpNv72uBAAAAAAAAAAAAAAAAAAAAIZXHV8n1ut9BAAAgGH3r8shhCUhhBBCCNHr2B96X0O98ed/f/cbva5B9FVcHO19DUIMcKys5N80DwAAALC7bl2/eKa9vcNSsaP5Wltr3m6WY97U/vaxnzy2Gmm1a09tvF6yf0erYdjV/e9f/r2V//03dzb/vvSg679/jY0bOFUt7+d/+I/H2/M/ONpl/nz/n6uW/0iW/0joLv/Ke1n+56vlfzzLv7/L/Hfs//lq+Z+I+WdTPY92m3/j6z8R27Qfd3WZ/2i2/y+GbvNn+9/sMmHmCzE/AAyjRq8L2CXpKCEdR0/GftrfeLgZ8rsftnr838i2M7rtyjduNx0H3R/76XhpKsubbLX+yWx7d1esM7dX7iopq3+nXsfdVlb/WM11VFVW/3jNdVRVVv9EzXVUVVb/vprrqKqs/m7PQ3utrP69cl25rP7Jmuuoqqz+qZrrqKqs/q3+P94rZfUfqLmOqsrqn665jqrK6q94Wa12ZfXP1FxHVWX131NzHVWV1X9vzXVUVVb/fTXX0SsPxbbsfDidf07HsdRvZv2JTX6Xg3ptAQAAAPaaf7bN/7f2nmEfzEkghBBi+OJHfVCDEKJfIr4z1fM6hBBisGJlpccXIOip3f00MwD9yt//4eb1H25e/+Hm9ed/SffwF1k/GekwPtphfKzD+Hg2nv97negwfm+23ZUojd/XYfz/Oowf6DB+/6bj659One3w/Ac6jD/YYfyhDuMAAAAMh/+PrfNDAAAAGFyXfvbhD35x5PnrMzevHjwVxu+Yd/547E/E99avxH4+730yFt/z/17s/zS2v4ntX7P13X8CAAAAuy99T4z3/wEAAGBwpe8pdf4PAAAAg2smts7/AQAAYHDdE1vn/wAAADDAin2bL45tui7wSGy7ndcPAOh/n4ntw7E9GNtDsf1sbNNxwKOx/VxN9QEAO+fHX//+k28V6/P9n8jGb8Xlqb3D0u0rBUVj40z+6Rvu98f2sS7ryb8PoNv8yYEu8+xW/ult5gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkdj7efJk7NFCO989Pbp6UunX1pddqi1xuG1n0XsNUMIY63npdH1/s/jireuXzyz2i7HdiW2RZgPRSha4+HZa61MkyGEpXA4fBya4dDR5o0rI88sfPDuJ0cunX/65V38FQAAAMDA+28AAAD//zWpKII=")
rmdir(&(0x7f0000000000)='./file0\x00')
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r6, 0x5408, &(0x7f00000002c0)={0x7f, 0x8, 0x0, 0xb9ff, 0x14})
write$binfmt_aout(r6, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0))
r7 = syz_open_pts(r6, 0x101000)
r8 = dup3(r7, r6, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x17)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r8, 0xc1105518, &(0x7f00000006c0)={{0x7, 0x3, 0xfffffff7, 0x9c3, 'syz0\x00', 0x3}, 0x6, 0x44fec6bb5688e3be, 0x100, r1, 0x1, 0x9, 'syz0\x00', &(0x7f0000000380)=['$\x00'], 0x2})
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r5)
sendmsg$IPVS_CMD_GET_INFO(r8, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYRES8=r2, @ANYRES16=r9, @ANYBLOB="10002cbd7000fcdbdf250f000000040002800800060004000000640003801400020073797a6b616c6c6572300000000000000800010002000000080003000100000014000600fc000000000000000000000000000001060004000900000008000300010000000600040002000000080005000000000005000800fc000000"], 0x84}}, 0x4000040)
sendmsg$IPVS_CMD_SET_DEST(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="640000f8baf4b45d6db686ab78284900", @ANYRES16=r9, @ANYBLOB="000228bd7000fddbdf2506001200080005000000000024000280060100010022f3ff05000f00ff7f000006000e004e23000006000f0008000000240001800800050002000000080008000700000008000800070000000600020011000000"], 0x64}}, 0x24000000)

1m23.699882241s ago: executing program 2 (id=422):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="7c000000000101041100000000000000020000002400018014000180080001007f00000108000200e00000010c000280050001000000ba8c6e66d34100002400028014000180080001000000000008000200e00000010c00028005000100000000000800074000000000180006800c000380060001004e2400000800"], 0x7c}}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100)={'#! ', './file0'}, 0xb)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8c, &(0x7f0000000300)='trans=rdma,')

1m23.426322097s ago: executing program 2 (id=424):
r0 = syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file1\x00', 0x50, &(0x7f0000000280)={[{@usrquota}, {}, {@nobh}, {@grpjquota}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x2008410, &(0x7f0000000280)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45aca9836c319f437199ff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2680b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2100931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a530010ffffffffc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7245c84268030000000000000008886b313bd01a22d576e414011a4f0a897514329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57887cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515e34ac8c454a30dd54a580abcf2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55afad76a7b7a000016181a40ff1ec9da9ccc1191c2116322020c66d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5863380a41da382e73ea142b01b4a742fa11c0927ba811dd60903d575e2449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4ab22052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cfe0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a00000", @ANYRES32], 0x1, 0x5549, &(0x7f0000003d80)="$eJzs3EtvG9UXAPA7TpP++/xHiAW7jlQhJVJt1elDsAvQiodIFfFYsALHdiy3tieKHSeEDRIsEQu+CQKJFUs+AwvW7BALEDskkOeOKaE8WtmJk/b3k8Zn5s74zLkjK9GZsRyAJ9Zi+stPSbgYzoQQ5kII55OQryfFkluN4ZkQwqUQQulPS1KM/zGwEEI4G0K4OEoecybFrs+uDC/f+PG1n7/+9vSpc59/9d3sZg3M2rMhhO5WXN/txpi1YrxbjNeG7Tx2rw+LGHd07xXbWYy7zY08w25tfFwtj9da8fhsa6c/ipudWn0UW+3NfHyrF0/YH7bGefI33K1t59uN5kYe2/0sj639WNfefvzbtt8fxDyNIt/7efowGIxjHG/uNeN8tu7lsd4bFOMxb9Zo7o3isIjF6UI96zTyOjYmudLH2+vt3s5eOmxu99tZL71RqT5Xqd4sV7ezRnPQvF6udRs3r6dLrc7osPKgWeuutrKs1WlW6ll3OV1q1evlajVdutXcaNd6abVauVa5Wr6xXKxdSV++83baaaRLo/hiu7ez0O70081sO43vWE5XKteeX04vV9M319bT9Tdu315bf+vdW+/ceWHt1ZeKgx4oK11aubqyUq5eLa9Ul4/B/Ef/dx9y/oNJ5v9xUfQjzD+Z7PLAv3v0D9gHC4dSCMDJ8UD/H/T/wOE76f1/mGb/P2qp9P//3f+WJu//J+p/j2v/f4LnDxNxgwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4In1/fwXr+Qri3H7XDF+oRh6qthOQgilEMJvf2MuLBzIOVfkmf+H4+f/UsM3ScgzjM5xuljOhhBWi+XX/x/2VQAAAIDH15cfXvo0duvxZXHWBXGU4k2b0vn3ppQvCSHML/4wpWyl0cvTU0qWf75Phb0pZctvYP1vSsniLbdT08r2UObG4aML9wfzCSUxlI60HAAA4EjMHQhH24UAAABwlD6ZdQHMRhLGjzLHz4Lzb97ff7R55sA+AAAA4ARKZl0AAAAAcOjy/t/v/wEAAMDjLf7+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzt3cJg6EYQD+bDA/+6NFq71vK3uDMraEPe4xUECaoATSQhqgBnJLCRFE2CMkRyCBsGOBnkfymLHR6xnw5RtLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2vRSrGZPD78fr83Z7q7TzGwAAACAYzbFalZ+mFT9r+n493ToZ+pnEZFHxLHavReDWmYv5RQnvl98GMNzRJmwv8YwbV8i4k/a3n60/SsAAADA/VovltOqWq+aSdcD4jNVizb5t78N5WURUUxeG0rL982vhsLK+7sf/xtKKxewRg2FVUtu/ePnBueGjC+6ZK+2SzMZzcs/sezlF8UBAAA3oV4JnKhCAAAAuAP/uh4A3cgOzeE547DapQeC41oPAAAAuEFZ1wMAAAAAWlfW/97/BwAAAPetev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdoUq9l6sZyeOj8/M2e7u05zMwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Z3/ebQCEwRgMmjd0KPsPizwBZZq76tNvpQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK81ydLYGm+SvdfG0fNIcnZqXJ0ad+fG0wdj9icAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC/63S//J6bGmWTutLF0PJKsXTW2rhp7DxpHD8bbvwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYuX/eOIooAODv9m4vfwBhDHJhQEGigIbYl5CQEgqQRcFHQLKcczBcCCQuSGSB3ECFXKdBUCKEBDJdvkPqWEoTuhQujEQN2r1dZ5MYfFjH7sX+/aTZeXsezbzZO1l+3rUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABK2+/ES0kRt7PD1DAuX7uzs7aU9VuP9JlbG3dns5bFrf0W+ubt8Sc/2V6unpyaqZx8VX8yAAAAHA3tsr6PiHvp5kLWJ1N5/Z+WY7Ka//tnhnFZzz9a92/trB0vvjRb1v+//Xr/hd2FpobrZJMurwz684+n0vmftjjxnt13RCe/8vnvXtr5G5K8v/78dppfz9a3t2+/283DY3VkCwAcxOmyL4Ly56Gs7zWZGABHRqdSeJf1f3uq2ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6rC9Hk+VcSsiZjsP4szWztrSXv2tjbuzZTt/8+ZGdc5sijQillcG/bTGvUy6a9dvfLI4GPSvjhIk/2XwvsGpiBjrhAcJPhxhTMS/jyk+ntHcLv45aE1GGo0GSfH+TEo+4wzKz974Z27oGxIAAIdWWrSsrr+Xbi5kr7WmI/764eH6/7VKHCPW//c/On+nula1/u/VtsPJN7d6+bO5a9dvvLFyefFS/1L/0zfP9N7qnb1w7tyFuexazc8tR9KfbzpNAAAAnmDdolXr/2T68fv/JytxjFj/f/5d78vqWm31/54e3PRrOhMAAICjqLsbPffKn3+09hjR6nbji8XV1au94XH3/MzwWGu6B3SsaNX6vz3ddFYAAABAHbbXWw/d/79YiWPE+/9P//jiz9U52xFxIuJKRPRPL10ZXKxvOxOtjj9UzhfqNr1TAAAAmnKiaNX7/2n+/H+y+8hDEhGvvzqMy/91NUr9337v65+qa1Wf/z9b3xYnUjIzvB55PxPRmWk6IwAAAA6z40XLiv3f082Fj385+UHX8/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdfs7AAD//5X/Nho=")
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000640)=@nullb, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4, 0xa1]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r4, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000600)='kmem_cache_free\x00', r5}, 0x3b)
symlink(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)='./file0\x00')
lchown(&(0x7f0000000680)='./file0\x00', 0x0, 0xee01)
r6 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000500)='./file1\x00', 0x4400, &(0x7f0000000480)=ANY=[@ANYBLOB='shortad,rootdir=00000000000000000002,noadinicb\x00\x00\x00\x00=', @ANYRESDEC=0x0, @ANYRES16], 0x1, 0xa23, &(0x7f0000001b00)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6Y3BBuS0aXhfPpQoWbbVOLZk5/Mx7C/58veSzx+afMmHbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEb/1lVNDB9N2twIAeJBeGvvG0GHv/wDwkXLO538AAAAAAAAAAAAAANjpUhTxZ5Hi1Z+004Xqekf9TGv2ytXxkdHNd9uTIkUtiqq+/Fs/eOjwkaPHjg938877f9iejJfHzp1qnJ6bmV+YWlycmmyMz7Yuzk1Obfke7nX/jQarAWjMvHZl8tKlxcah5w6vu/nqwDu7H9s/cOL4i+f3dWvHR0ZHx3pq+vo/8KPf4nZneOyKIn4WKerfezc1I6IW9z4Wd3nu3G97qk4MVp0YHxmtOjLdas4ulTemWq6qRQz07HSyO0YPYC7uSSPiWtn8ssGDZffG5psLzYnpqcbZ5sJSa6k1N5tqndaW/RmIWgyniPmIaBe33l1/FPHvkeL777fTREQU3XF4tjox+O7tqd2HPm5BX9m3IuJmPARztoPtjiLeiBQ/OD8UF/O4VsP2TMTXy3w64ptlLkdcz9dT+QR5KuK9TZ5PPFz6ooh/ihRzqZ0mu3Nfva6ceaXxtdlLcz213deVh/794UHa4a9N9ShionrFb6cPfrADAAAAAMDOU8TfRoobMwfSfPSuKbZmLzfONSemO98Kd7/7b+S9VlZWVgZSJxs5h3KezHk254Wc8zmv5bye882cN3K+lfNmzuWc7ZxRy4+fs5FzKOfJnGdzXsg5n/Nazus538x5I+dbOW/mXM7ZzhnWvQAAAAAAAADYYfZEET+OFF/4m29V5xVHdV76J04MH/jqF3vPGf/MXe6nrH0uIm7E1s7J7c+nDqda+efD7xdbU48ivpPP//vD7W4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwrWpRxGcixQ/faKdIEdGIuBCdXC62u3UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB1FPRZyOFL/4Sr26fjMiPhsR/7dS/omI5ZUNtrvFAAAAAAAAAMAtUhFDkeLxJ9tpICKuDryz+7H9AyeOv3h+XxFFpLKkt/7lsXOnGqfnZuYXphYXpyYb47Oti3OTU1t9uPqZ1uyVq+Mjo/elM3e15z63f0/99Nz86wuty68ubXr73vqpicWlhebFzW+OPVGLGOrdMlg1eHxktGr0dKs5W+2aardpYC2isdXOAAAAAAAAAPDI2JuKOBopXm0dSd11477Omv+vdK4Vq7V/8QdrvwWY3pBdvb8f2MrltNWGDlYL743xkdHRsZ7Nff23lpZtSqmIv44Un/vdJ6r18BR7N10bL+t2RYpj3zqS6wY+V9adXFdVHxwfGW28NDf75VPT03MXm0vNiempxth88+KWfzgAAAAAAAAAAPfR3lTEn0eK3xu6mbrnnef1/77OtZ71/9+oltAr9bQ+V1Vr+x+v1vY7lz9xYrgx+mu3234/1v/LNqVUxL9Fisd//4nqfPru+v/Qhtqy7r8jxb/+41O5rrarrDvY7U7nHi+1pqeGUh6rzz/brY2q9niu/eRa7cGy9vOR4i+fWV87nGs/tVZ7qKz940jxv0c3r/30Wu3hsvaPIsVvv93o1u4ta8/k2v1rtc9dnJuevNuwlvP/d5Hi7C++mrp9vu389/z+49qGXHXLnN/58oc1/wM9267lef1xnv+Dd5n/v48Uf/LTp3JdZ+wP5dsfr/5dm//fiRT/9avra4/l2n1rtQe32q3tVs7/lyLFiR/9aLXPef7zyK7NUO/8f7Zvfa4+S7Zp/h/v2TaQ23X4lxyLj6LF17/9WnN6emrBBRce2IXyKGIHNMOFO1zY7lcmHoTy/f+fI8ULZ2qpexyT3/8/1rm2dvz3/nfW3v9f2JCrtun9f1/PthfyUUt/X0R9aWa+f39EffH1b3+5NdO8PHV5anb42NEjzw8fO/Z8/67usd3apS0P3SOhnP8zkeKVn/7L6ueY9cd/mx//792Qq7Zp/j/Z26d1xzVbHoqPpHL+r0eK77797urnzTsd/3c//x/4wvpc/f+3TfP/qZ5t1W/8Px7xfM+2A5+OOLXVxwIAAIBHzN68Tv6nv/4Pq+e8r//8H1/s1vZ+/3M7O+H8fwAAAAAA+Kjbm4r4q0jxP0NfSt1zyLby+8/JDblqm37/t79n2+QDOq9ly4MMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALADpSji6Ujx6k/aabkor3fUz7Rmr1wdHxndfLc9KVLUoqjqy7/1g4cOHzl67PhwN++8/4ftyXh57Nypxum5mfmFqcXFqcnG+Gzr4tzk1Jbv4V7332iwGoDGzGtXJi9dWmwceu7wupuvDryz+7H9AyeOv3h+X7d2fGR0dKynpq//Az/6LdJttu+KIi5Fivr33k3/UUTU4t7H4i7PnfttT9WJwaoT4yOjVUemW83ZpfLGVMtVtYiBnp1OdsfoAczFPWlEXCubXzZ4sOze2HxzoTkxPdU421xYai215mZTrdPasj8DUYvhFDEfEe3i1rvrjyImIsX332+nt4uIojsOz7409o2hw3dvT+0+9LHXync33dxX9q2IuBkPwZztYLujiI9Fih+cH4qfFZ1xrYbtmYivl/l0xDfLXI64nq+n8gnyVMR7mzyfeLj0RRFnI8Vcaqf/LPLcV68rZ15pfG320lxPbfd15aF/f3iQdvhrUz2K+Hn1it9OP/f/GQAAAADgEVLEb0aKGzMHUrU+uLqm2Jq93DjXnJjufK3f/e6/kfdaWVlZGUidbOQcynky59mcF3LO57yW83rON3PeyPlWzps5l3O2c0YtP37ORs6hnCdzns15Ied8zms5r+d8M+eNnG/lvJlzOWc7Z/ieHAAAAAAAANiBalHEE5Hih2+000rRWeC9EJ1cts75yPv/AAAA////DD1f")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f004)
truncate(&(0x7f0000000200)='./file1\x00', 0x20fffffffc)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
tee(r5, r2, 0x80000001, 0x0)
syz_mount_image$f2fs(&(0x7f0000000240), &(0x7f0000000180)='./file0\x00', 0x1805a, &(0x7f0000000000)=ANY=[], 0x1, 0x10661, &(0x7f0000021240)="$eJzs3E1vVFUYAOB3KKWAiMTwYeLCmxiTNnEaphQi0SgqRE2AED8WbtRp5zIZ6PTWdiiVjS40ceHfYGfcuPAXuPF/mBjjRhN3mpp77ym2VZTCUL6eJ7m85545973nTGg679z0BPDIOpD9/lsj9seeiJ0jEbEvomxHIx2VU3V4KiKeiYgd645G6r/RsSsi9kbE/jJ5xEgaU770zcff/bl87eyX11/8+YOT139t3LtVA9vtlU3nz0VEf6FuX+3XsejW8VLqby/3qtifXk6xfqF/OZ0Xdbyaz1QZrrbXxrWreKxbjy8WriyV8eJce7aM3d7Fqn9hvr7h0nJ3LU91waX2YnXeyWeq2Fsqqti9Vs9rJcVrS4M6Tyfl+6RKH4PBWqz785W8Xs/C5SrOzg9Sf5236OQrZVxOMd0uZou5TjWPmS291Q+Us735KyvZcr641Cvms+OTrRcmWyearcWikw/y6Wa73zkxnY1358phzUHe7p/qFkV3Lp+cLfoT2Xh3drbZamXjp/OZXns+a7Umj00ebR6fSK3nszfOv5fNdbLxMr7Wm78y6M0tZReLxay+YiKbmjx2ciJ7tpW9c+5CduHtM2fOXXj3w9Pvn3/13Fuvp0Fr0xqr/k8M8ulsfOro1FSzdbQ51Zq40/WXvyMfjPXfmNYQ1w93xCdJgC1bV/+H+h/YLur/jfX/2Ib6fzS9S+r/tfq3/3Q9frvr3xhu/bvndtf/ENX/o1u+Am7GJ0kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfWj6Pfvlk1DtTnj6X+x1PXkxFxJCI7HBGHInZFxOpmI1X33w5GRCO1/zF4dXV1dNMcvm/UictrxtKxNyJOpeOPJ+72uwAAAAAPr69/+PyLiJGyWf3z8r2eENspfWmze1j5qq98dt7kxc3f+fyvg1WylTueVe3QWsqhOFwu6MAvQ8p2JCJ27PvoP0a8NKQ71T5LP+43wu51oVGHHUO9IwAAcF/YWAncrHoDAADgwffVvZ4AQ3dLT1sb60amZ8FjdUgPBPdsOAMAAADuD6ufbmFw4y5OBAAAABiu2/1b3ar+v8X9/yLt//ev+/mt3//vJ/v/AQAAwH2l3v8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv9i5n1ylgTgO4D+o9eG/SAx/juAVWBmWLDiER3DpAfQ27jiCMSGcA3cewYBhGBdgY4idgo98PknfTKev3/6A1XSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXfperxZfNp8+t83Zfd23UubVAAAAAE229WqROsPj/os8/ioPvYmIaURMImIcEU1z9yqenmSOIqKX+03/X5/V8C0iJRzOecjb84iY5+3n667fBQAAALhfm/VsGVEduunPu1sXRCtv/3Js/udQvmkzKHX5dMvnSam0UQr7WCht/DuyiElE1MMfhdKmEdF/+b5Q2kWq3Jx89mmnd2z616wGAAC4juqkKTZ7AwAA4L/z4dYFcB3nC71pvTZ/Fz+vBT/kQ7v0g/xnzecBAAAAj0fv1gUAAAAAnUvzf8//AwAAgPt2fP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdrWq8VmPVu2zdntLzdoGPuni/bbVg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Iv9eUlhGAaCKNj5R3cSOVkObxps8MJrb1wFgscMQggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4ltt6ct/i0fgleXbaeHU8k7y7any6any7boxemMn/8IW9cc7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY2J+7EwiBIAiDfed/Tov5hyUNGoMIVbDwMcM8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8xu9++T8xNc4kc6eNpeORZO2qsXXV2HvQOHow3v4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbn3jZhIIzj8OtLosRtMkJ6K4EZaKgQjMCHhGTJMzAAC9FQ0VosAiuABOeazhQ8T/P/FVfcCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBrujx88RYRRaQuU6Tx5uf0HhEfkbZtO/q8ZbE7H5uve872h0nO75j+lhFRRtHHOQAAvau6zbFa18u/vP95B3mHeat5Uy+e+WkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiybz8t0VVhAMCf+avmotq4qE1QoJuaxv6NMNvACKKNi5aDTiKNJaOBigT2DYK+QPtaue0zuAxcFBQtAnFhEkGbYmbu6NXmVd/3xXuHd34/ON7nnuOcex4XwjPnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHsvZYcwO40JEvFS+intOzg9WR11PL47nTi+O44WL47lPfixvpefsTVGJiE83Ou03M8xl3Hx14357b/+zVqfT7j5gMJXhszILqhFxY+in3wd5jskKcwgmOffpvJcxExEjhqL0ZBNm/Z8JAIBnXSVpvbr+18rRcq+v0Iz497vr9f98Ko676/9++/v7rz9IPytd/9czy3Bs/PL8IwZqO5tbte29/dc3Nlvr7fX25/Wlpbffabz37mK91v+upDbp35gAAADwtKpJS9f/xeb/9/+fG8aVwfU+9f+XH378cq9vOvls6T71f/XBUh1bV5t+ea8EAABgsr34yl9/Fkb0F6rV2G3t7HTrg5+X94u7rZXoLuaw1LutXL+dSlox1VdqZr0oAAAAIA9nh4XZiDga3q8l15Hn/xeuPpfe///52/JH6TlLETGT7P+/sfpFZy2TTMZfFu8n550jAAAA+ZpJWvr8f6V//r98+TvFiFh4dRAPe0/OD/rn+m87/z//2g9/pJ+VPv//VnYp5qR4+2hj8PfoXxsR5UZmCwMAAGACTSetV///Vonl7j/fvF9tTuJb+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+xY/8oDQRRHIAnmaxWoiDY2HgC0c4qYCF4D1EQPIJX8A5eQbzHlqKltaQQC1uZ2RldghZpdkW/Dx6/F/JnX7baNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAq1kcf/UxhDAp/bTk4+v1WcqnpUxe3tqdVKH3Pb43ORp7AgAAAP6DWCp5bu5PU07nef9v6mfSzn+70fV1n1/e+2vW3T/Vbnx4/7zQVned9KMXl1fnB4P9w99v8+e37rqY5Tufz15iPYTZXjT5fk5u2vZkLbfrAw0MAKxsv2Zp6vNQysMxBwPgL9vrv5iVCr39P85HmQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgUB8BAAD//5kwYR0=")
r7 = open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r6, 0x4068aea3, &(0x7f00000006c0))
fallocate(r7, 0x20, 0x0, 0x7000000)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106, 0x8}}, 0x20)

1m18.176598578s ago: executing program 2 (id=434):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x80400, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
close_range(r3, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x10, {[@global=@item_4={0x3, 0x1, 0x8, "88ee1d91"}, @local=@item_4={0x3, 0x2, 0x3, "0e3ad5de"}, @global=@item_012={0x1, 0x1, 0x7, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @local=@item_012={0x1, 0x2, 0x8, "82"}]}}, 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
unshare(0x22020400)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)={@cgroup, 0xffffffffffffffff, 0x12, 0x6}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a000b000140020203600e41b0000900ac0006031100000016000500000000000004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d2a6823a45f28fcb1d", 0xd8}], 0x1}, 0x0)

1m17.807773935s ago: executing program 2 (id=437):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000280)={'#! ', './file0'}, 0xb)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000080)=0x9, 0x2, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffa}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r2}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xc, 0x13, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x8}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "0000000400", "6abc00000000000000000000001000", "f0630400", "c14ec98dcd2ad89f"}, 0x28)
sendto$inet6(r1, &(0x7f0000000140)="b9", 0x1, 0x8000, 0x0, 0x0)
write$binfmt_aout(r1, 0x0, 0xfdef)
sendto$inet6(r1, &(0x7f0000000240)="c62ee5d6a89f2387cb4093532f7c0a22ce", 0xffffffffffffff69, 0x8040, 0x0, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)
r5 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@nl=@proc, &(0x7f0000000180)=0x80, 0x800)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x82801, 0x0)
r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCFLSH(r6, 0x540b, 0x1)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x840)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbfbf, 0xbf})
pwrite64(r5, &(0x7f00000000c0)="c80005cceb23455d65af11500d74cf66a4169e5f1aa709920e869d6076152ce13ca5c0e17dcabdc9ecdac08d91b5379d1960ec5985e6d451215137d60162e80c122c851c359c1181e89d29769b1586e6753c0ca3fb29b381c742eeedc02a35663bb9e0c020dbd4d39bd6b908da0341c06cc70285fee3a4a17f3d265d40ade88a140a12e6e4ff6e19aec2", 0x8a, 0x2)
read$alg(r5, &(0x7f00000001c0)=""/108, 0x6c)

1m16.172674567s ago: executing program 32 (id=437):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000280)={'#! ', './file0'}, 0xb)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000080)=0x9, 0x2, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffa}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r2}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xc, 0x13, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x8}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "0000000400", "6abc00000000000000000000001000", "f0630400", "c14ec98dcd2ad89f"}, 0x28)
sendto$inet6(r1, &(0x7f0000000140)="b9", 0x1, 0x8000, 0x0, 0x0)
write$binfmt_aout(r1, 0x0, 0xfdef)
sendto$inet6(r1, &(0x7f0000000240)="c62ee5d6a89f2387cb4093532f7c0a22ce", 0xffffffffffffff69, 0x8040, 0x0, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)
r5 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@nl=@proc, &(0x7f0000000180)=0x80, 0x800)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x82801, 0x0)
r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCFLSH(r6, 0x540b, 0x1)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x840)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbfbf, 0xbf})
pwrite64(r5, &(0x7f00000000c0)="c80005cceb23455d65af11500d74cf66a4169e5f1aa709920e869d6076152ce13ca5c0e17dcabdc9ecdac08d91b5379d1960ec5985e6d451215137d60162e80c122c851c359c1181e89d29769b1586e6753c0ca3fb29b381c742eeedc02a35663bb9e0c020dbd4d39bd6b908da0341c06cc70285fee3a4a17f3d265d40ade88a140a12e6e4ff6e19aec2", 0x8a, 0x2)
read$alg(r5, &(0x7f00000001c0)=""/108, 0x6c)

9.873076478s ago: executing program 1 (id=599):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b"], 0x0}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000140)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x0]})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000180)={r3, 0x0, 0x3, 0x1})
getsockopt$inet6_int(r2, 0x29, 0x33, 0x0, &(0x7f00000003c0))
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xffff}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_TYPE={0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYBLOB="1c0000004e0001"], 0x1c}}, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r4, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000080)=@ethtool_wolinfo={0x6, 0x400d, 0x1, "cfd97a10c24a"}})

9.80093472s ago: executing program 1 (id=601):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
request_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='syz', 0xfffffffffffffff8)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000540)="31f4ab74", 0x4, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="e8000000", @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r5, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100040008010400440008004b000100000018004c000bac0f0001ac0f000fac0f0014ac0f000dac0f0004001e013400fe005b4b2efefbd21e89ebe44fed4ccafef683d6d2b615eaae470d346b912171f3b7964aa23b2b1cebf9b5e719d408580a7b08004b000100000008004c0013ac0f002400fe001c239bb7fafedd4381bff31d77124bfb354d84daed80e404deb71fdbdd2e3e6f08000c006400000008000d"], 0xe8}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x2, 0x1, 0x2, 0xa, 0xc53e, 0x8}, 0x20)
r7 = socket(0x1e, 0x1, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f00000000c0)={'veth1_macvtap\x00', 0x100})
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5603, 0x10000000000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x28, 0x0, 0x403, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x14}, 0x4008000)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r9)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r9, &(0x7f0000000080)={0x0, 0xa000000, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700260a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)

8.79292255s ago: executing program 1 (id=604):
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setrlimit(0xc, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000980)={'syz0\x00', {}, 0x41, [0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55f8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x200000]}, 0x45c)
ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000006480))
recvmmsg(r2, &(0x7f00000052c0), 0x0, 0x40000000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@newsa={0xf8, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0xee00}, {@in=@rand_addr=0x64010101, 0x0, 0x2b}, @in=@rand_addr=0x64010100, {0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x1}, {0x7fffffff, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@tfcpad={0x8, 0x16, 0x8}]}, 0xf8}}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)
r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
read$FUSE(r8, &(0x7f00000000c0)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r9, @ANYBLOB], 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)

7.469229715s ago: executing program 1 (id=607):
syz_usb_connect(0x5, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="120110039b4fb62011073002613c0102030109022400010508800009046704026d8f957b09050512ff0381020509050c021000e00204e46aeb7df789e53eba5470a89e730fda5a3a4325dbe7404e28c25f3c15b8fb330dff9e6f5deb2fce5d2cda94b263a046625d23e2e05a8199fcafbe7f5328d7a3a7ec2355724ee9998333f8259f7f0b4680fc3953e5ae86d9786a3e28f5bb4c850000000000000000"], &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
io_setup(0x2, &(0x7f0000000000))
userfaultfd(0x80801)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000005400000008000300", @ANYRES32=r2], 0x44}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0xffffffffffffffc9}, './file0\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
eventfd2(0x9, 0x80000)

6.18498943s ago: executing program 4 (id=618):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x4, @local, 'erspan0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'veth0_virt_wifi\x00'}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x30, r2, 0x1, 0xfffffffc, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x1c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_bridge\x00'}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4c010}, 0x800)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00')
r4 = syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f00000007c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000000)='./binderfs\x00', 0x0, 0x1488460, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$ax25_int(r3, 0x101, 0x6, &(0x7f0000000300), &(0x7f0000000340)=0x4)
setsockopt$inet6_udp_int(r6, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
fanotify_init(0x10, 0x2)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x210040)
ppoll(&(0x7f0000000200), 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
open_by_handle_at(r3, &(0x7f00000001c0)=ANY=[], 0x0)
recvfrom$ax25(r3, &(0x7f0000000380)=""/188, 0xbc, 0x40000122, &(0x7f0000000440)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r7, 0x29, 0x3b, 0x0, 0x8)
syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "45208e", 0x38, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, {[], @param_prob={0x4, 0x1, 0x0, 0x1, {0x3, 0x6, "0108f9", 0xfffb, 0x2b, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @loopback, [@srh={0x3a, 0x0, 0x4, 0x0, 0x3, 0x8, 0x1}]}}}}}}}, 0x0)
recvmmsg(r7, &(0x7f0000000100), 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)

6.014729403s ago: executing program 0 (id=620):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="07ef28bd7000ffdbdf2508"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x45080) (fail_nth: 2)

5.860044906s ago: executing program 0 (id=621):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x24, r1, 0x1, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}]}]}, 0x24}}, 0x10)

5.67626441s ago: executing program 0 (id=622):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x10002, 0x0)

5.13305702s ago: executing program 1 (id=623):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xa, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa2)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)=ANY=[@ANYRES8, @ANYRESOCT=r0, @ANYRESHEX=r1, @ANYRES32=0x0, @ANYRES64], 0x20)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgid(0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
keyctl$unlink(0x9, 0x0, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'dvmrp0\x00'})
unshare(0x2a020400)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r6 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r6, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0xa9}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2004888c)
setsockopt$sock_attach_bpf(r6, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r6)
socket$nl_route(0x10, 0x3, 0x0)

5.083017291s ago: executing program 4 (id=624):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") (async)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x6, 0xa, 0x3, "020000000000005525052e8bd9e6660201000000000000000000000200", 0x3132564e}) (async)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) (async)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) (async)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0)

4.983806753s ago: executing program 0 (id=625):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0f0000000400000008000000af04000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r2, &(0x7f0000002c00)={&(0x7f0000000040)={0xa, 0x4e1d, 0x5, @remote, 0x9}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000002280)='I', 0x1}], 0x1}, 0x200000c0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a0000000000fa82a3fa211411fa0008000a40000000000900020073797a31000000000900010073797a300000000008"], 0x6c}}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r3, 0x560f, &(0x7f00000002c0)={0xb, 0xfdfd, 0xfdfd})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES8=r3], 0xec}, 0x1, 0x0, 0x0, 0x24008010}, 0x0)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r4, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r4, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c)
r5 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r5, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_FLUSH(r5, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000a40)={0x14, &(0x7f0000000940)={0x20, 0x2, 0xe3, {0xe3, 0x23, "a8c6831472c79e1e2b1edaf34af895e591335fbe64dbc7a1e026612ee8ad092f32164078dc4f3bba55ff6570c6e696440c58b3fa075b2f3d61ea7d3f2ae643ae5a5c32d06521562369f818424ddd6ba59ff3aaaf5807f31afc44a7e5fcb2913f6360057ef4616847af22cbf9a51505b90f4ea039b5cccf0e8e14f74f67863d24fa3609b9599785c3ed78d4dee5b3c182825fa3e57c0017addf9ed51b0bc5fb2e1c26c5626b46445301c2b70989c3478b119abf1651ed8c6f337e8f3f03d5dc58c067f2cb900cef4afa580d68deee84d09ebb0fdbf29b6e83de7896ad023654bec4"}}, &(0x7f0000000840)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000b80)={0x1c, &(0x7f0000000a80)={0x0, 0x9, 0x58, "59e5a269b9755aa571b50cfca1f0c8f9d99b30dfdfa2ad3167e3fba2ae9445eb95afebbf96a2c6d991f5c400bb555e5d84a4c0afa0ae9be563acae5c4611d9aa8161879fe2d0c1f0d3f725d8bcac42084d3d1c642c00db8f"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0xc4}})
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', <r7=>0x0})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x0, r6}, 0x18)
r8 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x60, 0x10, 0x401, 0x400000, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}, @IFLA_MACVLAN_MACADDR={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8}]}, 0x60}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x53, &(0x7f0000000080)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000200)=0x28)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

4.571895001s ago: executing program 4 (id=627):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
request_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='syz', 0xfffffffffffffff8)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000540)="31f4ab74", 0x4, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="e8000000", @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r5, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100040008010400440008004b000100000018004c000bac0f0001ac0f000fac0f0014ac0f000dac0f0004001e013400fe005b4b2efefbd21e89ebe44fed4ccafef683d6d2b615eaae470d346b912171f3b7964aa23b2b1cebf9b5e719d408580a7b08004b000100000008004c0013ac0f002400fe001c239bb7fafedd4381bff31d77124bfb354d84daed80e404deb71fdbdd2e3e6f08000c006400000008000d"], 0xe8}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x2, 0x1, 0x2, 0xa, 0xc53e, 0x8}, 0x20)
r7 = socket(0x1e, 0x1, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f00000000c0)={'veth1_macvtap\x00', 0x100})
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5603, 0x10000000000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x28, 0x0, 0x403, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x14}, 0x4008000)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r9)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r9, &(0x7f0000000080)={0x0, 0xa000000, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700260a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)

2.131514289s ago: executing program 1 (id=631):
syz_usb_connect(0x5, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="120110039b4fb62011073002613c0102030109022400010508800009046704026d8f957b09050512ff0381020509050c021000e00204e46aeb7df789e53eba5470a89e730fda5a3a4325dbe7404e28c25f3c15b8fb330dff9e6f5deb2fce5d2cda94b263a046625d23e2e05a8199fcafbe7f5328d7a3a7ec2355724ee9998333f8259f7f0b4680fc3953e5ae86d9786a3e28f5bb4c850000000000000000"], &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
io_setup(0x2, &(0x7f0000000000))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000005400000008000300", @ANYRES32=r2], 0x44}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0xffffffffffffffc9}, './file0\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
eventfd2(0x9, 0x80000)

1.721529066s ago: executing program 0 (id=632):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x4, @local, 'erspan0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'veth0_virt_wifi\x00'}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x30, r2, 0x1, 0xfffffffc, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x1c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_bridge\x00'}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4c010}, 0x800)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00')
r4 = syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f00000007c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000000)='./binderfs\x00', 0x0, 0x1488460, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$ax25_int(r3, 0x101, 0x6, &(0x7f0000000300), &(0x7f0000000340)=0x4)
setsockopt$inet6_udp_int(r6, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
fanotify_init(0x10, 0x2)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x210040)
ppoll(&(0x7f0000000200), 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
open_by_handle_at(r3, &(0x7f00000001c0)=ANY=[], 0x0)
recvfrom$ax25(r3, &(0x7f0000000380)=""/188, 0xbc, 0x40000122, &(0x7f0000000440)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r7, 0x29, 0x3b, 0x0, 0x8)
syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "45208e", 0x38, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, {[], @param_prob={0x4, 0x1, 0x0, 0x1, {0x3, 0x6, "0108f9", 0xfffb, 0x2b, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @loopback, [@srh={0x3a, 0x0, 0x4, 0x0, 0x3, 0x8, 0x1}]}}}}}}}, 0x0)
recvmmsg(r7, &(0x7f0000000100), 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)

1.628759298s ago: executing program 4 (id=633):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000000040)}, 0xc}], 0x1, 0x10002, 0x0)

1.51600742s ago: executing program 3 (id=634):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000130a03000000000000000000020400000900020073797a31000000000800034000000001090001"], 0x34}}, 0x4000040)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000240)={0x0, 'pim6reg\x00', {0x3}, 0x6})
r2 = pidfd_getfd(r0, r0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0x1, 0x2, 0x6}) (async)
r3 = socket(0x2, 0x2, 0x1)
bind$unix(r3, &(0x7f0000000000)=@abs, 0x6e) (async)
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00e1ff", 0x8, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x3}, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x24, 0xf801}}}}}}, 0x0) (async)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="020100020e0000000093ffffff00000005000600332000000a00000000000000fc020000000000000000000000000000000000000000000005000500000000000a0000000000000000000000000000000000ffffffffffff00000000000000000200130003"], 0x70}, 0x1, 0x7}, 0x0)

1.459834471s ago: executing program 4 (id=635):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a00), &(0x7f0000000080)='./file0\x00', 0x800408, &(0x7f0000000500)=ANY=[@ANYBLOB="00c1d143753d2c083ee422f83383b46202c4de2de291601c80052445e264d4679b97678c14da06e79245374cfb5a59ebaeff670caadb5694b952eb30672a383ac36fadcd60e27a35d7"], 0x1, 0xa0e, &(0x7f00000020c0)="$eJzs3c9vXEcdAPB5G/+MU3tNCpimTQy0JBXUcRwjlQt1Siv1VPUUReJUhTSNcFMgXFpVasofgIKqXiMCAXooAqRwyAGp4oAoByTEhWPVUyUU1EoICVBqFHtmvTv24+36x3rX+/lIX4/fm/Gbed71vtnn2ZkADKza6tfFxZkihLduv/nUiwenxosQwrFGiXpTubWt4RBC0fLz696PGXc/fu38ZmkRFla/pu3w7J3Gz06EEK6G2fBuqIeZ6/WxW+88c/vG0vGz55479+QunX5DsdsVAABAD/juX+7+5tEP3/vK9H9+dXQpjDb2p/55PW5PxH7/fOwo5/3/oiktNulPj2TlDsTI3z8cyMoNZfUMldQ3nB1nuKTcSEV9B5r2bXaeALAfrN/XK2pzLdu12tzc2nX/nvdHR4q5y5eWX7iyRw0FAHbMP58IISwJIYQQYpBiZWqveyAAwKDLxwtvcHVnR+o2jjbWXv13ztQ2/3nYAd1+/qu/v+q/+YZXHHbOfn02pfNKf0dpHEM+jvBA9nOd/v3XsuMMddjOsnGF/TLesKyd+e+1V5W1v9PHca+UtT8fD9urytqfj9PtVWXtH+1yO7aqrP1jXW7HVpW1f7zL7ehXD8U0/R6PZvnN18/8Nb1fXuMBgFb/Nv5PCDHoMdIDbRCiy/H6XndAAICek8+PsxKl/Hw+njw/n4cnz8/nBcrzRyvyxyryAYCNTt+6+Mtrxfr/+bc7Hi6NuzgY04kO25OPR+y0/u2Oe9pu/f0ybgmAwfbyDxeffm/pzIG1+X/Xr2WfZPP/prl6r8XtNF7wULbdmPt3trWeWkm5Q7txUgDA/5Wuv5vO/9v0IaiZMFy8cGn5wnzcnozpH0eHR+/tP9XNRgMA29Lu/P8zoXX+/0ON/cO15n7B1Pr+orlfUM/2L5TsPx23p2P64uj46v658y8vf2unTx4ABtT1s08f/ugPl8Pa/f/1/3+n+//pNn49jrX7KBZI/YT7Qut24/7/idZ6JsvKzbeWmyor93hruXpWbjhGPu9GPj5wPPu5NE4hjXtI/Z1062O6rD3ZBBkjWbmhGPdl7ZnM2rPhfOdb25PPQ5Pqr2f783EPqdx0AICNrrzy6refX16+8D3f+MY3vml8s9evTMBuO/n9l75z8sorrz526aXnL164eOHyqfmFhfnF01/92qmTq/f1Tzbf3QcA9oP1Tv9etwQAAAAAAAAAAAAAACiTf/r3kR+v7d/JjxPv9TkCAK3+8UQIYUmIwYjDPdAGIYTohVhZyVf8BQDork7X29+uxtHifP5p3YOUHnrsr9P3IhW7c6a1v2T9YnZSt5//6u+v+m++sbP1N9YXafv1r9Z6gNnNjvp6Zb0//dHf/tRc/wNDbdafn/+Jyqo2dTOr/3hor/6VG1n9W5wa92dZ/QfbrH/D+T++tfp/Huu/P26f+GK79bc+/mm9nbQcznh2PhMl9f8iO/+0tl/H5z/WwUk3eTvWDwCDqLbXDdglqZeQ+tGpH9K8Pl9oWmcvZOXb7f/XsuPk6/VtVTpu6gd9Pm6n7k5aNzBf77DT9qf1CSez4xZt9mvLnj/98l+lsvbv1OO428ran68H2avK2j/S5XZsVVn787/LXlXW/i2+req6svaPd7kd/epITMuuh+n6Mxnz0nY9257Y5LHYr30LAOh33/j6nx++9uWhb66t/z+y4X1nehs4Ed9Tvx238/e9yXjWdyyy8l+I6Q9i+pOY/j6mH2TH293/tgHAYPrQ5/+EEEKIgYtB//yf+wsMskF//g/6+Q/2q7/Hv0p6fuT38ZOhivzhivyRivzRLD9/vMYq8u/PjrsSpfxPV+R/piL/sxX5MxX5UxX5D1TkH6nIf7Ai/2hF/rGKfAD60+di6vUdAAZH+tyX6z8ADI40sY7rPwAMjk/FtOz6/1BFPgDQfw7H1PUdAAZIsflMj9udtwfoH2l+6fR3HpcDCQ/H9JGYfimmab2ULS6/AvSA//7rd3+/VqzP93cky293Pvmi1vrJu3z9n0fbbE/++b1O57Ovt1nPbtU/vc36AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiu2urXxcWZIoS3br/51IMfXPltEUI41ihRbyq3tjXctD3bcpwQfl2spXc/fu18c/pJTIuwEIpQNPaHZ+80apoIIVwNs+HdUA8z1+tjt9555vaNpeNnzz137sld/BWEtXYBAADA/vW/AAAA//8xrzgs")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000180)='./bus\x00', 0x0)
renameat2(r1, &(0x7f0000000140)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000001dc0)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xad}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x34, 0x0, &(0x7f0000000040))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r3 = accept$alg(r2, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000200)="ff0d2fdc7af34e", 0x7}], 0x1, 0x0, 0x0, 0xc000}, 0x4044180)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0xd, 0x0, 0x3, 0x80}, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0xc, 0x0, 0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r7, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

1.401760353s ago: executing program 3 (id=636):
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x40080, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r1)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x80, r3, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7, 0x6f}}}}, [@fils_params, @NL80211_ATTR_PREV_BSSID={0xa}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x24, 0x4c, [0xfac14, 0xfac12, 0x17, 0xfac0e, 0xfac04, 0xfac0b, 0xfac02, 0xfac01]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_AKM_SUITES={0xc, 0x4c, [0xfac04, 0xfac03]}, @NL80211_ATTR_CONTROL_PORT={0x4}], @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0xc000000, {0x9, 0x3, 0x1000, 0x1}}}, @NL80211_ATTR_DISABLE_VHT={0x4}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x200000d0)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000140)={0x14, r2, 0xf1aad47e89fb43b5}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0xd0, r2, 0x4, 0x70bd26, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xb08}, {0x6, 0x11, 0x6}, {0x8, 0x13, 0x1}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x81}, {0x8, 0x13, 0x4}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0xdef}, {0x8, 0x13, 0x51a6e98c}, {0x5, 0x14, 0x1}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x44010}, 0x804)
r4 = socket$nl_route(0x10, 0x3, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0xc00, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@ipv4_newrule={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7}}, 0x1c}}, 0x4000000)

1.279524835s ago: executing program 3 (id=637):
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000340)=""/177, 0xb1, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r0, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r0, &(0x7f00000007c0)={0x1, {&(0x7f00000042c0)=""/4110, 0x100e, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f00000006c0)={0x2, 0x0, {&(0x7f0000000480)=""/25, 0x19, 0x0, 0x2, 0x2}}, 0x72)
write$vhost_msg_v2(r0, &(0x7f00000004c0)={0x2, 0x0, {&(0x7f0000000880)=""/196, 0xc4, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48)

1.04393632s ago: executing program 3 (id=638):
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x4, 0x40000)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f00000000c0))
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1a, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000001c0)={r2, r1, 0x4, r1}, 0x10)
r3 = syz_open_dev$vivid(&(0x7f0000000100), 0x2, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f00000003c0)={0x9d0000, 0x5, 0xa80, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x99096f, 0x5, '\x00', @p_u8=&(0x7f0000000140)=0x2}}) (async)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d", @ANYBLOB="510f"], 0x0) (async)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000840)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000280)={0x50, 0x0, r6, {0x7, 0x2b, 0x2, 0x7fffffffc0004000, 0x0, 0xc0, 0x80000000, 0x6, 0x0, 0x0, 0x80, 0x6}}, 0x50) (async)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000240)={0x2c, 0x0, &(0x7f0000000800)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x816}}, &(0x7f0000000400)=ANY=[@ANYBLOB="000f05477f04c89024fd00"], 0x0, 0x0}, 0x0) (async)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)

918.256762ms ago: executing program 3 (id=639):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061190000180100002020782500000000002020207b1af8ff00000000bfa100194c00000007010000f8ffffffb702000008000000b703000055000000850000000700000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x27, 0xe, 0x0, &(0x7f0000000000)="f8ad48c5fce216ef0010000086dd", 0x0, 0x4400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x96)

639.179427ms ago: executing program 3 (id=640):
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setrlimit(0xc, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000980)={'syz0\x00', {}, 0x41, [0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55f8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x200000]}, 0x45c)
ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000006480))
recvmmsg(r2, &(0x7f00000052c0), 0x0, 0x40000000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@newsa={0xf8, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0xee00}, {@in=@rand_addr=0x64010101, 0x0, 0x2b}, @in=@rand_addr=0x64010100, {0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x1}, {0x7fffffff, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@tfcpad={0x8, 0x16, 0x8}]}, 0xf8}}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)
r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
read$FUSE(r8, &(0x7f00000000c0)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r9, @ANYBLOB], 0x28}}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x0, 0x55f, &(0x7f0000001040)="$eJzs3V1rHNUbAPBnNknf//+mUAoKSqAXVmo3TeJLBcF6KVos6H1dkmko2XRLdlOaWGh7YW+8kSKIWBA/gPdeFr+An6KghSIl6IU3K7OZTbfNbpKmGzd1fj+Y9pyZ2Zx59sxz9szOLhtAYY1l/5QiXoqIr5OIwx3bhiPfOLa638qj69PZkkSz+ekfSST5uvb+Sf7/weRx5ZcvI06W1rdbX1qeq1Sr6UJeH2/MXxmvLy2fujRfmU1n08uTU1Nn3pqafPedt/sW6+vn//ruk3sfnvnq+Mq3Pz04cieJs3Eo39YZx3O42VkZi7H8aRiJs0/tONGHxnaTZNAHwLYM5Xk+EtkYcDiG8qwH/vtuREQTKKhE/kNBtecB7Wv7Pl0HvzAefrB6AbQ+/uHV90ZiX+va6MBK8sSVUXa9O9qH9rM2fv797p1siU3eh7jRh/YA2m7eiojTw8Prx78kH/+273TrzeONPd1G0V5/YJDuZfOfN7rNf0pr85/oMv852CV3t2Pz/C896EMzPWXzv/e6zn/Xhq7Robz2v9acbyS5eKmano6I/0fEiRjZm9U3up9zZuV+s9e2zvlftmTtt+eC+XE8GN775GNmKo3K88Tc6eGtiJe7zn+Ttf5PuvR/9nyc32Ibx9K7r/batnn8O6v5Y8RrXfv/8R2tZOP7k+Ot82G8fVas9+ftY7/2an/Q8Wf9f2Dj+EeTzvu19Wdv44d9f6e9tm33/N+TfNYq78nXXas0GgsTEXuSj9evn3z82Ha9vX8W/4njG49/3c7//RHx+Rbjv330ds9dB97/zSRmnqn/n71w/6Mvvu/V/tb6/81W6US+Zivj31YP8HmeOwAAAAAAANhtShFxKJJSea1cKpXLq5/vOBoHStVavXHyYm3x8ky0vis7GiOl/E73K9HxeYiJ/POw7frkU/WpiDgSEd8M7W/Vy9O16syggwcAAAAAAAAAAAAAAAAAAIBd4mCP7/9nfhsa9NEBO85PfkNxbZr//filJ2BX8voPxSX/objkPxSX/Ifikv9QXPIfikv+Q3HJfwAAAAAAAAAAAAAAAAAAAAAAAAAAAOir8+fOZUtz5dH16aw+c3Vpca529dRMWp8rzy9Ol6drC1fKs7XabDUtT9fmN/t71VrtysRkLF4bb6T1xnh9afnCfG3xcuPCpfnKbHohHflXogIAAAAAAAAAAAAAAAAAAIAXS31pea5SraYLCj0L78euOIydDHDVth4+vFuiUOhrYcADEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0+CcAAP//PZ416Q==")

362.341083ms ago: executing program 0 (id=641):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
request_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='syz', 0xfffffffffffffff8)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000540)="31f4ab74", 0x4, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="e8000000", @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r5, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100040008010400440008004b000100000018004c000bac0f0001ac0f000fac0f0014ac0f000dac0f0004001e013400fe005b4b2efefbd21e89ebe44fed4ccafef683d6d2b615eaae470d346b912171f3b7964aa23b2b1cebf9b5e719d408580a7b08004b000100000008004c0013ac0f002400fe001c239bb7fafedd4381bff31d77124bfb354d84daed80e404deb71fdbdd2e3e6f08000c006400000008000d"], 0xe8}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x2, 0x1, 0x2, 0xa, 0xc53e, 0x8}, 0x20)
r7 = socket(0x1e, 0x1, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f00000000c0)={'veth1_macvtap\x00', 0x100})
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5603, 0x10000000000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x28, 0x0, 0x403, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x14}, 0x4008000)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r9)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r9, &(0x7f0000000080)={0x0, 0xa000000, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700260a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)

0s ago: executing program 4 (id=642):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000055000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x32}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x27, 0xe, 0x0, &(0x7f0000000000)="f8ad48c5fce216efcc244f7f86dd", 0x0, 0x4400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 2)

kernel console output (not intermixed with test programs):

 6
[  194.050545][ T7055] loop3: detected capacity change from 0 to 256
[  194.236124][ T7055] FAT-fs (loop3): Directory bread(block 64) failed
[  194.272067][ T7055] FAT-fs (loop3): Directory bread(block 65) failed
[  194.282808][ T7055] FAT-fs (loop3): Directory bread(block 66) failed
[  194.291760][ T7055] FAT-fs (loop3): Directory bread(block 67) failed
[  195.088110][ T7055] FAT-fs (loop3): Directory bread(block 68) failed
[  195.094797][ T7055] FAT-fs (loop3): Directory bread(block 69) failed
[  195.107247][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  195.114835][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  195.166756][ T7055] FAT-fs (loop3): Directory bread(block 70) failed
[  195.173344][ T7055] FAT-fs (loop3): Directory bread(block 71) failed
[  195.267072][ T7055] FAT-fs (loop3): Directory bread(block 72) failed
[  195.284775][ T7055] FAT-fs (loop3): Directory bread(block 73) failed
[  195.618967][ T5788] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  195.640739][ T7062] loop3: detected capacity change from 0 to 4096
[  195.666580][ T7062] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  195.846580][ T7062] ntfs3: loop3: failed to convert "c46c" to iso8859-14
[  196.137885][ T7060] loop0: detected capacity change from 0 to 32768
[  196.186223][ T7060] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.312 (7060)
[  196.229712][ T7060] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  196.241701][ T7060] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  196.251338][ T7060] BTRFS info (device loop0): force clearing of disk cache
[  196.258991][ T7060] BTRFS info (device loop0): metadata ratio 0
[  196.265953][ T7060] BTRFS info (device loop0): enabling ssd optimizations
[  196.279979][ T7060] BTRFS info (device loop0): using spread ssd allocation scheme
[  196.290224][ T7060] BTRFS info (device loop0): using free space tree
[  196.770036][ T7060] BTRFS info (device loop0): auto enabling async discard
[  196.806337][ T7060] BTRFS info (device loop0): rebuilding free space tree
[  197.288377][ T7092] netlink: 48 bytes leftover after parsing attributes in process `syz.2.318'.
[  197.345873][ T7094] loop2: detected capacity change from 0 to 164
[  197.578108][ T7090] netlink: 8 bytes leftover after parsing attributes in process `syz.3.309'.
[  197.632228][ T7094] rock: corrupted directory entry. extent=32, offset=131072, size=237
[  197.682395][ T7090] netlink: 56 bytes leftover after parsing attributes in process `syz.3.309'.
[  197.769661][ T7095] tipc: Started in network mode
[  197.806398][ T7095] tipc: Node identity 2d0b50e1d8a655f0002e, cluster identity 4711
[  198.024339][   T11] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[  198.319936][ T7104] loop1: detected capacity change from 0 to 40427
[  198.353905][ T7104] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  198.362068][ T7104] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  198.388556][ T7104] F2FS-fs (loop1): invalid crc value
[  198.414817][ T7104] F2FS-fs (loop1): Found nat_bits in checkpoint
[  198.475138][ T7104] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  198.482666][ T7104] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  198.731904][ T5790] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  199.357174][ T7117] loop1: detected capacity change from 0 to 512
[  199.459086][ T7117] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.493940][ T7123] netlink: 12 bytes leftover after parsing attributes in process `syz.2.311'.
[  199.549726][ T7124] FAULT_INJECTION: forcing a failure.
[  199.549726][ T7124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.567405][ T7117] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  199.588748][ T7124] CPU: 1 PID: 7124 Comm: syz.0.314 Not tainted syzkaller #0
[  199.596114][ T7124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.606204][ T7124] Call Trace:
[  199.609519][ T7124]  <TASK>
[  199.612503][ T7124]  dump_stack_lvl+0x16c/0x230
[  199.617213][ T7124]  ? show_regs_print_info+0x20/0x20
[  199.622447][ T7124]  ? load_image+0x3b0/0x3b0
[  199.626993][ T7124]  ? __might_fault+0xaa/0x120
[  199.631693][ T7124]  ? __lock_acquire+0x7c80/0x7c80
[  199.636750][ T7124]  should_fail_ex+0x39d/0x4d0
[  199.641453][ T7124]  _copy_from_user+0x2f/0xe0
[  199.646087][ T7124]  __se_sys_memfd_create+0x295/0x660
[  199.651416][ T7124]  do_syscall_64+0x55/0xb0
[  199.655879][ T7124]  ? clear_bhb_loop+0x40/0x90
[  199.660577][ T7124]  ? clear_bhb_loop+0x40/0x90
[  199.665273][ T7124]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  199.671188][ T7124] RIP: 0033:0x7f07c758ebe9
[  199.675625][ T7124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.695253][ T7124] RSP: 002b:00007f07c8441e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  199.703682][ T7124] RAX: ffffffffffffffda RBX: 0000000000000201 RCX: 00007f07c758ebe9
[  199.711662][ T7124] RDX: 00007f07c8441ef0 RSI: 0000000000000000 RDI: 00007f07c76127e8
[  199.719646][ T7124] RBP: 0000200000000f40 R08: 00007f07c8441bb7 R09: 00007f07c8441e40
[  199.727661][ T7124] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000280
[  199.735647][ T7124] R13: 00007f07c8441ef0 R14: 00007f07c8441eb0 R15: 0000200000000500
[  199.743645][ T7124]  </TASK>
[  199.886589][ T7117] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #15: comm syz.1.315: corrupted xattr block 33: invalid ea_ino
[  199.908979][ T7117] fscrypt (loop1, inode 15): Error -117 getting encryption context
[  200.068249][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.071927][ T7115] loop3: detected capacity change from 0 to 32768
[  200.114584][ T7115] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.313 (7115)
[  200.149460][ T7128] lo speed is unknown, defaulting to 1000
[  200.276694][ T7115] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  200.323581][ T7115] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  200.368338][ T7115] BTRFS info (device loop3): force zlib compression, level 3
[  200.401010][ T7115] BTRFS info (device loop3): force clearing of disk cache
[  200.436009][ T7115] BTRFS info (device loop3): setting nodatasum
[  200.454588][ T7115] BTRFS info (device loop3): use zlib compression, level 3
[  200.475921][ T7115] BTRFS info (device loop3): allowing degraded mounts
[  200.486650][ T7115] BTRFS info (device loop3): enabling disk space caching
[  200.526924][ T7115] BTRFS info (device loop3): disk space caching is enabled
[  200.752373][ T7115] BTRFS info (device loop3): enabling ssd optimizations
[  200.761042][ T7153] loop0: detected capacity change from 0 to 8
[  200.836812][ T7115] BTRFS info (device loop3): auto enabling async discard
[  200.859013][ T7115] BTRFS info (device loop3): rebuilding free space tree
[  200.871156][ T7157] loop1: detected capacity change from 0 to 4096
[  200.880880][ T7157] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  200.891928][ T7157] ntfs3: loop1: It is recommened to use chkdsk.
[  200.950736][ T7153] SQUASHFS error: lzo decompression failed, data probably corrupt
[  200.967951][ T7115] BTRFS info (device loop3): disabling free space tree
[  200.970116][ T7159] loop2: detected capacity change from 0 to 64
[  200.984834][ T7115] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  200.999885][ T7153] SQUASHFS error: Failed to read block 0x91: -5
[  201.040759][ T7115] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  201.044855][ T7153] SQUASHFS error: Unable to read metadata cache entry [8f]
[  201.136822][ T7157] ntfs3: loop1: failed to convert "076c" to cp857
[  201.166808][ T7153] SQUASHFS error: Unable to read inode 0x11f
[  201.184495][ T7115] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  202.688963][ T5806] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 11 /dev/loop3 scanned by udevd (5806)
[  204.600463][ T7179] netlink: 'syz.0.327': attribute type 4 has an invalid length.
[  204.889994][ T7166] loop3: detected capacity change from 0 to 32768
[  204.924837][ T7166] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.324 (7166)
[  205.022653][ T7166] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  205.076679][ T7166] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  205.105880][ T7166] BTRFS info (device loop3): force clearing of disk cache
[  205.126623][ T7166] BTRFS info (device loop3): metadata ratio 0
[  205.166850][ T7166] BTRFS info (device loop3): enabling ssd optimizations
[  205.196673][ T7166] BTRFS info (device loop3): using spread ssd allocation scheme
[  205.204469][ T7166] BTRFS info (device loop3): using free space tree
[  205.406715][ T7166] BTRFS info (device loop3): auto enabling async discard
[  205.462508][ T7187] loop0: detected capacity change from 0 to 8192
[  205.470600][ T7166] BTRFS info (device loop3): rebuilding free space tree
[  205.490174][ T7187] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  205.596111][ T7187] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  205.632808][ T7187] REISERFS (device loop0): using ordered data mode
[  205.696666][ T7187] reiserfs: using flush barriers
[  205.708266][ T7187] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  205.777317][ T7187] REISERFS (device loop0): checking transaction log (loop0)
[  205.900739][ T7212] netlink: 'syz.2.333': attribute type 4 has an invalid length.
[  205.918718][   T11] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared)
[  205.959150][ T7213] FAULT_INJECTION: forcing a failure.
[  205.959150][ T7213] name failslab, interval 1, probability 0, space 0, times 0
[  206.053746][ T7213] CPU: 0 PID: 7213 Comm: syz.2.333 Not tainted syzkaller #0
[  206.061123][ T7213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  206.071211][ T7213] Call Trace:
[  206.074520][ T7213]  <TASK>
[  206.077483][ T7213]  dump_stack_lvl+0x16c/0x230
[  206.082230][ T7213]  ? show_regs_print_info+0x20/0x20
[  206.087484][ T7213]  ? load_image+0x3b0/0x3b0
[  206.088030][ T7187] REISERFS (device loop0): Using tea hash to sort names
[  206.092015][ T7213]  ? __might_sleep+0xe0/0xe0
[  206.103605][ T7213]  ? __lock_acquire+0x7c80/0x7c80
[  206.108693][ T7213]  should_fail_ex+0x39d/0x4d0
[  206.113425][ T7213]  should_failslab+0x9/0x20
[  206.117967][ T7213]  slab_pre_alloc_hook+0x59/0x310
[  206.118515][ T7187] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  206.123016][ T7213]  kmem_cache_alloc_node+0x60/0x330
[  206.137290][ T7213]  ? __alloc_skb+0x108/0x2c0
[  206.141928][ T7213]  __alloc_skb+0x108/0x2c0
[  206.146566][ T7213]  _sctp_make_chunk+0x5e/0x430
[  206.151374][ T7213]  sctp_make_datafrag_empty+0x123/0x230
[  206.156946][ T7213]  ? sctp_make_ecne+0x330/0x330
[  206.161813][ T7213]  ? sctp_auth_send_cid+0x69/0x250
[  206.166947][ T7213]  sctp_datamsg_from_user+0x722/0xee0
[  206.172374][ T7213]  sctp_sendmsg_to_asoc+0xff2/0x17f0
[  206.177683][ T7213]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  206.183708][ T7213]  ? sctp_sendmsg_check_sflags+0x2e0/0x2e0
[  206.189528][ T7213]  ? __local_bh_enable_ip+0x12e/0x1c0
[  206.194906][ T7213]  ? _local_bh_enable+0xa0/0xa0
[  206.199776][ T7213]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[  206.205625][ T7213]  sctp_sendmsg+0x1941/0x27e0
[  206.210331][ T7213]  ? aa_file_perm+0x120/0xec0
[  206.215073][ T7213]  ? sctp_getsockopt+0xb60/0xb60
[  206.220043][ T7213]  ? aa_sk_perm+0x7fc/0x930
[  206.224582][ T7213]  ? aa_af_perm+0x2b0/0x2b0
[  206.229118][ T7213]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  206.235578][ T7213]  ? sock_rps_record_flow+0x19/0x400
[  206.240872][ T7213]  ? inet_sendmsg+0x7c/0x2f0
[  206.245467][ T7213]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  206.250766][ T7213]  ? security_socket_sendmsg+0x80/0xa0
[  206.256236][ T7213]  sock_write_iter+0x2bb/0x3f0
[  206.261023][ T7213]  ? sock_read_iter+0x3b0/0x3b0
[  206.265895][ T7213]  ? common_file_perm+0x198/0x1f0
[  206.270935][ T7213]  do_iter_write+0x79a/0xc70
[  206.275557][ T7213]  ? __asan_memset+0x22/0x40
[  206.280171][ T7213]  ? vfs_iter_write+0xa0/0xa0
[  206.284854][ T7213]  ? __import_iovec+0x5f2/0x860
[  206.289733][ T7213]  ? import_iovec+0x73/0xa0
[  206.294268][ T7213]  do_writev+0x252/0x410
[  206.298555][ T7213]  ? do_readv+0x3e0/0x3e0
[  206.302926][ T7213]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  206.308930][ T7213]  ? lock_chain_count+0x20/0x20
[  206.313808][ T7213]  ? lockdep_hardirqs_on+0x98/0x150
[  206.319033][ T7213]  do_syscall_64+0x55/0xb0
[  206.323469][ T7213]  ? clear_bhb_loop+0x40/0x90
[  206.328157][ T7213]  ? clear_bhb_loop+0x40/0x90
[  206.332847][ T7213]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.338758][ T7213] RIP: 0033:0x7f8588d8ebe9
[  206.343186][ T7213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.362833][ T7213] RSP: 002b:00007f8589bce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  206.371261][ T7213] RAX: ffffffffffffffda RBX: 00007f8588fc6090 RCX: 00007f8588d8ebe9
[  206.379259][ T7213] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  206.387267][ T7213] RBP: 00007f8589bce090 R08: 0000000000000000 R09: 0000000000000000
[  206.395260][ T7213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.403255][ T7213] R13: 00007f8588fc6128 R14: 00007f8588fc6090 R15: 00007fffdbe48318
[  206.411257][ T7213]  </TASK>
[  206.614881][ T5789] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  206.625592][ T1190] lo speed is unknown, defaulting to 1000
[  206.715714][ T7187] bridge1: the hash_elasticity option has been deprecated and is always 16
[  206.770862][ T7217] FAULT_INJECTION: forcing a failure.
[  206.770862][ T7217] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  206.837388][ T7187] bridge1: entered promiscuous mode
[  206.863383][ T7187] bridge1: entered allmulticast mode
[  206.882010][ T7217] CPU: 0 PID: 7217 Comm: syz.2.335 Not tainted syzkaller #0
[  206.889359][ T7217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  206.899446][ T7217] Call Trace:
[  206.902776][ T7217]  <TASK>
[  206.905745][ T7217]  dump_stack_lvl+0x16c/0x230
[  206.910467][ T7217]  ? show_regs_print_info+0x20/0x20
[  206.915707][ T7217]  ? load_image+0x3b0/0x3b0
[  206.920274][ T7217]  ? __lock_acquire+0x7c80/0x7c80
[  206.925342][ T7217]  ? snprintf+0xdb/0x120
[  206.929630][ T7217]  should_fail_ex+0x39d/0x4d0
[  206.934365][ T7217]  _copy_to_user+0x2f/0xa0
[  206.938831][ T7217]  simple_read_from_buffer+0xe7/0x150
[  206.944252][ T7217]  proc_fail_nth_read+0x1e3/0x250
[  206.949337][ T7217]  ? proc_fault_inject_write+0x340/0x340
[  206.955016][ T7217]  ? fsnotify_perm+0x271/0x5e0
[  206.959823][ T7217]  ? proc_fault_inject_write+0x340/0x340
[  206.965504][ T7217]  vfs_read+0x27e/0x920
[  206.969718][ T7217]  ? kernel_read+0x1e0/0x1e0
[  206.974355][ T7217]  ? __fget_files+0x28/0x4d0
[  206.978973][ T7217]  ? __fget_files+0x44a/0x4d0
[  206.983693][ T7217]  ? __fdget_pos+0x2a3/0x330
[  206.988323][ T7217]  ? ksys_read+0x75/0x250
[  206.992707][ T7217]  ksys_read+0x147/0x250
[  206.996998][ T7217]  ? vfs_write+0x940/0x940
[  207.001468][ T7217]  ? lockdep_hardirqs_on+0x98/0x150
[  207.006716][ T7217]  do_syscall_64+0x55/0xb0
[  207.011164][ T7217]  ? clear_bhb_loop+0x40/0x90
[  207.016047][ T7217]  ? clear_bhb_loop+0x40/0x90
[  207.020741][ T7217]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  207.026653][ T7217] RIP: 0033:0x7f8588d8d5fc
[  207.031080][ T7217] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  207.050707][ T7217] RSP: 002b:00007f8589bef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  207.059139][ T7217] RAX: ffffffffffffffda RBX: 00007f8588fc5fa0 RCX: 00007f8588d8d5fc
[  207.067143][ T7217] RDX: 000000000000000f RSI: 00007f8589bef0a0 RDI: 0000000000000005
[  207.075140][ T7217] RBP: 00007f8589bef090 R08: 0000000000000000 R09: 0000000000000000
[  207.083125][ T7217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.091128][ T7217] R13: 00007f8588fc6038 R14: 00007f8588fc5fa0 R15: 00007fffdbe48318
[  207.099137][ T7217]  </TASK>
[  207.654450][ T7223] FAULT_INJECTION: forcing a failure.
[  207.654450][ T7223] name failslab, interval 1, probability 0, space 0, times 0
[  207.667404][ T7223] CPU: 1 PID: 7223 Comm: syz.3.334 Not tainted syzkaller #0
[  207.674718][ T7223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  207.684798][ T7223] Call Trace:
[  207.688101][ T7223]  <TASK>
[  207.691057][ T7223]  dump_stack_lvl+0x16c/0x230
[  207.695771][ T7223]  ? show_regs_print_info+0x20/0x20
[  207.701012][ T7223]  ? load_image+0x3b0/0x3b0
[  207.705545][ T7223]  ? __might_sleep+0xe0/0xe0
[  207.710168][ T7223]  ? __lock_acquire+0x7c80/0x7c80
[  207.715214][ T7223]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  207.721220][ T7223]  should_fail_ex+0x39d/0x4d0
[  207.725934][ T7223]  should_failslab+0x9/0x20
[  207.730479][ T7223]  slab_pre_alloc_hook+0x59/0x310
[  207.735535][ T7223]  ? lockdep_hardirqs_on+0x98/0x150
[  207.740778][ T7223]  ? tomoyo_encode+0x28b/0x540
[  207.745594][ T7223]  ? tomoyo_encode+0x28b/0x540
[  207.750387][ T7223]  __kmem_cache_alloc_node+0x53/0x260
[  207.755824][ T7223]  ? tomoyo_encode+0x28b/0x540
[  207.760620][ T7223]  __kmalloc+0xa4/0x240
[  207.764807][ T7223]  tomoyo_encode+0x28b/0x540
[  207.769482][ T7223]  tomoyo_realpath_from_path+0x592/0x5d0
[  207.775158][ T7223]  tomoyo_path_number_perm+0x1ea/0x590
[  207.780644][ T7223]  ? tomoyo_path_number_perm+0x1ba/0x590
[  207.786302][ T7223]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  207.791793][ T7223]  ? asan.module_dtor+0x20/0x20
[  207.796714][ T7223]  ? __fget_files+0x28/0x4d0
[  207.801352][ T7223]  security_file_ioctl+0x70/0xa0
[  207.806315][ T7223]  __se_sys_ioctl+0x48/0x170
[  207.810936][ T7223]  do_syscall_64+0x55/0xb0
[  207.815393][ T7223]  ? clear_bhb_loop+0x40/0x90
[  207.820094][ T7223]  ? clear_bhb_loop+0x40/0x90
[  207.824797][ T7223]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  207.830742][ T7223] RIP: 0033:0x7f232e98ebe9
[  207.835178][ T7223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.854806][ T7223] RSP: 002b:00007f232f72c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  207.863256][ T7223] RAX: ffffffffffffffda RBX: 00007f232ebc6180 RCX: 00007f232e98ebe9
[  207.871253][ T7223] RDX: 0000000000000336 RSI: 00000000400454cd RDI: 0000000000000005
[  207.879247][ T7223] RBP: 00007f232f72c090 R08: 0000000000000000 R09: 0000000000000000
[  207.887242][ T7223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.895235][ T7223] R13: 00007f232ebc6218 R14: 00007f232ebc6180 R15: 00007ffdebaad148
[  207.903243][ T7223]  </TASK>
[  207.907393][ T7223] ERROR: Out of memory at tomoyo_realpath_from_path.
[  208.100248][ T7225] process 'syz.2.338' launched './file0' with NULL argv: empty string added
[  209.438872][ T7225] loop2: detected capacity change from 0 to 32768
[  209.501182][ T7225] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  209.527207][ T7225] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  209.556484][ T7246] loop1: detected capacity change from 0 to 128
[  209.569603][ T7225] (syz.2.338,7225,1):ocfs2_read_blocks:239 ERROR: status = -12
[  209.595727][ T7246] EXT4-fs: Ignoring removed nobh option
[  209.629638][ T7225] (syz.2.338,7225,1):ocfs2_xattr_block_find:2831 ERROR: status = -12
[  209.668476][ T7246] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  209.767457][ T7246] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  209.821916][ T5787] ocfs2: Unmounting device (7,2) on (node local)
[  210.023709][ T5788] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  210.165126][ T7255] loop2: detected capacity change from 0 to 256
[  210.179077][ T7255] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  210.216849][ T7255] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  210.311473][ T7259] loop1: detected capacity change from 0 to 512
[  210.364991][ T7259] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  210.469574][ T7259] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  210.557292][ T7259] EXT4-fs (loop1): 1 truncate cleaned up
[  210.598042][ T7259] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.709610][ T7268] loop2: detected capacity change from 0 to 2048
[  210.799560][ T7268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.852157][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.863638][ T7268] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  210.983054][ T7272] loop3: detected capacity change from 0 to 4096
[  211.263325][ T7278] loop1: detected capacity change from 0 to 2048
[  211.303093][ T7272] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  211.598505][ T7278] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.668283][ T7272] ntfs3: loop3: Failed to initialize $Extend/$Reparse.
[  211.717037][ T7278] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  212.010240][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.255082][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.510318][ T7290] netlink: 'syz.2.358': attribute type 2 has an invalid length.
[  212.582237][ T7292] loop2: detected capacity change from 0 to 1024
[  212.615031][ T7292] EXT4-fs error (device loop2): __ext4_fill_super:5504: inode #2: comm syz.2.358: iget: bad extra_isize 43552 (inode size 256)
[  212.632484][ T7292] EXT4-fs (loop2): Remounting filesystem read-only
[  212.639710][ T7292] EXT4-fs (loop2): get root inode failed
[  212.645387][ T7292] EXT4-fs (loop2): mount failed
[  212.677155][ T7298] loop3: detected capacity change from 0 to 256
[  212.738789][ T7298] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.359'.
[  212.899238][ T7305] loop1: detected capacity change from 0 to 1024
[  212.991063][ T7307] overlayfs: failed to resolve './file0/file1/file0': -2
[  213.113509][ T7310] loop0: detected capacity change from 0 to 2048
[  213.170706][ T7310] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.190565][ T7310] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.217330][ T1190] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  213.340701][ T7314] loop2: detected capacity change from 0 to 2048
[  213.386509][ T7314] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.415553][ T7316] loop3: detected capacity change from 0 to 64
[  213.426613][ T1190] usb 2-1: Using ep0 maxpacket: 8
[  213.439290][ T1190] usb 2-1: unable to get BOS descriptor or descriptor too short
[  213.453574][ T7314] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.458543][ T1190] usb 2-1: config 4 interface 0 has no altsetting 0
[  213.476322][ T1190] usb 2-1: string descriptor 0 read error: -22
[  213.486813][ T1190] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  213.496048][ T1190] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.517998][ T1190] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  213.535967][ T1190] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  213.549058][ T1190] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  213.566747][ T1190] usb 2-1: media controller created
[  213.656019][ T1190] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  213.740348][ T7321] loop3: detected capacity change from 0 to 512
[  213.914773][ T7321] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #4: comm syz.3.368: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  213.943024][ T7321] EXT4-fs error (device loop3): ext4_quota_enable:7134: comm syz.3.368: Bad quota inode: 4, type: 1
[  213.956620][ T7321] EXT4-fs warning (device loop3): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  213.975545][ T7321] EXT4-fs (loop3): mount failed
[  214.048864][ T7326] loop1: detected capacity change from 0 to 256
[  214.118129][ T7326] overlay: filesystem on ./file0 not supported
[  215.279701][ T7335] FAULT_INJECTION: forcing a failure.
[  215.279701][ T7335] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.321679][ T7335] CPU: 0 PID: 7335 Comm: syz.0.365 Not tainted syzkaller #0
[  215.329126][ T7335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  215.339258][ T7335] Call Trace:
[  215.342561][ T7335]  <TASK>
[  215.345511][ T7335]  dump_stack_lvl+0x16c/0x230
[  215.350231][ T7335]  ? show_regs_print_info+0x20/0x20
[  215.355473][ T7335]  ? load_image+0x3b0/0x3b0
[  215.360018][ T7335]  ? __lock_acquire+0x7c80/0x7c80
[  215.365077][ T7335]  ? snprintf+0xdb/0x120
[  215.369364][ T7335]  should_fail_ex+0x39d/0x4d0
[  215.374106][ T7335]  _copy_to_user+0x2f/0xa0
[  215.378585][ T7335]  simple_read_from_buffer+0xe7/0x150
[  215.384011][ T7335]  proc_fail_nth_read+0x1e3/0x250
[  215.389093][ T7335]  ? proc_fault_inject_write+0x340/0x340
[  215.394773][ T7335]  ? fsnotify_perm+0x271/0x5e0
[  215.399576][ T7335]  ? proc_fault_inject_write+0x340/0x340
[  215.405238][ T7335]  vfs_read+0x27e/0x920
[  215.409448][ T7335]  ? kernel_read+0x1e0/0x1e0
[  215.414090][ T7335]  ? __fget_files+0x28/0x4d0
[  215.418721][ T7335]  ? __fget_files+0x44a/0x4d0
[  215.423422][ T7335]  ? __fdget_pos+0x2a3/0x330
[  215.428029][ T7335]  ? ksys_read+0x75/0x250
[  215.432389][ T7335]  ksys_read+0x147/0x250
[  215.436653][ T7335]  ? vfs_write+0x940/0x940
[  215.441089][ T7335]  ? lockdep_hardirqs_on+0x98/0x150
[  215.446312][ T7335]  do_syscall_64+0x55/0xb0
[  215.450747][ T7335]  ? clear_bhb_loop+0x40/0x90
[  215.455447][ T7335]  ? clear_bhb_loop+0x40/0x90
[  215.460143][ T7335]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  215.466067][ T7335] RIP: 0033:0x7f07c758d5fc
[  215.470500][ T7335] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  215.490220][ T7335] RSP: 002b:00007f07c8400030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  215.498652][ T7335] RAX: ffffffffffffffda RBX: 00007f07c77c6180 RCX: 00007f07c758d5fc
[  215.506639][ T7335] RDX: 000000000000000f RSI: 00007f07c84000a0 RDI: 0000000000000007
[  215.514620][ T7335] RBP: 00007f07c8400090 R08: 0000000000000000 R09: 0000000000000000
[  215.522686][ T7335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.530668][ T7335] R13: 00007f07c77c6218 R14: 00007f07c77c6180 R15: 00007ffc30facb78
[  215.538669][ T7335]  </TASK>
[  215.829707][ T1190] zl10353_read_register: readreg error (reg=127, ret==0)
[  215.839757][ T7337] FAULT_INJECTION: forcing a failure.
[  215.839757][ T7337] name failslab, interval 1, probability 0, space 0, times 0
[  215.852850][ T7337] CPU: 1 PID: 7337 Comm: syz.3.370 Not tainted syzkaller #0
[  215.860169][ T7337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  215.870253][ T7337] Call Trace:
[  215.873559][ T7337]  <TASK>
[  215.876519][ T7337]  dump_stack_lvl+0x16c/0x230
[  215.881253][ T7337]  ? show_regs_print_info+0x20/0x20
[  215.886508][ T7337]  ? load_image+0x3b0/0x3b0
[  215.891055][ T7337]  ? __might_sleep+0xe0/0xe0
[  215.895696][ T7337]  ? __lock_acquire+0x7c80/0x7c80
[  215.900765][ T7337]  should_fail_ex+0x39d/0x4d0
[  215.905497][ T7337]  should_failslab+0x9/0x20
[  215.910045][ T7337]  slab_pre_alloc_hook+0x59/0x310
[  215.915108][ T7337]  ? rt_acct_proc_show+0x58/0x4f0
[  215.920146][ T7337]  __kmem_cache_alloc_node+0x53/0x260
[  215.925566][ T7337]  ? rt_acct_proc_show+0x58/0x4f0
[  215.930631][ T7337]  kmalloc_trace+0x2a/0xe0
[  215.935082][ T7337]  rt_acct_proc_show+0x58/0x4f0
[  215.939937][ T7337]  ? kvmalloc_node+0x70/0x180
[  215.944706][ T7337]  ? __kmalloc_node+0xe2/0x230
[  215.949495][ T7337]  ? seq_read_iter+0xb1/0xd50
[  215.954205][ T7337]  traverse+0x1ca/0x560
[  215.958388][ T7337]  seq_read_iter+0xc4f/0xd50
[  215.962999][ T7337]  ? end_current_label_crit_section+0x149/0x170
[  215.969259][ T7337]  proc_reg_read_iter+0x1af/0x280
[  215.974300][ T7337]  vfs_read+0x431/0x920
[  215.978496][ T7337]  ? kernel_read+0x1e0/0x1e0
[  215.983113][ T7337]  ? __fget_files+0x44a/0x4d0
[  215.987809][ T7337]  ? __fdget+0x180/0x210
[  215.992065][ T7337]  ? __x64_sys_pread64+0xf0/0x220
[  215.997104][ T7337]  __x64_sys_pread64+0x195/0x220
[  216.002060][ T7337]  ? ksys_pread64+0x1c0/0x1c0
[  216.006758][ T7337]  ? lockdep_hardirqs_on+0x98/0x150
[  216.011978][ T7337]  do_syscall_64+0x55/0xb0
[  216.016403][ T7337]  ? clear_bhb_loop+0x40/0x90
[  216.021090][ T7337]  ? clear_bhb_loop+0x40/0x90
[  216.025777][ T7337]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  216.031694][ T7337] RIP: 0033:0x7f232e98ebe9
[  216.036116][ T7337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.055728][ T7337] RSP: 002b:00007f232f76e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  216.064172][ T7337] RAX: ffffffffffffffda RBX: 00007f232ebc5fa0 RCX: 00007f232e98ebe9
[  216.072149][ T7337] RDX: 00000000000000c3 RSI: 0000200000000180 RDI: 0000000000000005
[  216.080126][ T7337] RBP: 00007f232f76e090 R08: 0000000000000000 R09: 0000000000000000
[  216.088104][ T7337] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001
[  216.096100][ T7337] R13: 00007f232ebc6038 R14: 00007f232ebc5fa0 R15: 00007ffdebaad148
[  216.104095][ T7337]  </TASK>
[  216.280817][ T1190] usb 2-1: USB disconnect, device number 7
[  216.651033][ T7348] FAULT_INJECTION: forcing a failure.
[  216.651033][ T7348] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.686762][ T7348] CPU: 0 PID: 7348 Comm: syz.3.373 Not tainted syzkaller #0
[  216.694128][ T7348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  216.704300][ T7348] Call Trace:
[  216.707611][ T7348]  <TASK>
[  216.710571][ T7348]  dump_stack_lvl+0x16c/0x230
[  216.715291][ T7348]  ? show_regs_print_info+0x20/0x20
[  216.720520][ T7348]  ? load_image+0x3b0/0x3b0
[  216.725060][ T7348]  ? __lock_acquire+0x7c80/0x7c80
[  216.730120][ T7348]  ? snprintf+0xdb/0x120
[  216.734394][ T7348]  should_fail_ex+0x39d/0x4d0
[  216.739102][ T7348]  _copy_to_user+0x2f/0xa0
[  216.743544][ T7348]  simple_read_from_buffer+0xe7/0x150
[  216.748967][ T7348]  proc_fail_nth_read+0x1e3/0x250
[  216.754030][ T7348]  ? proc_fault_inject_write+0x340/0x340
[  216.759727][ T7348]  ? fsnotify_perm+0x271/0x5e0
[  216.764521][ T7348]  ? proc_fault_inject_write+0x340/0x340
[  216.770189][ T7348]  vfs_read+0x27e/0x920
[  216.774386][ T7348]  ? kernel_read+0x1e0/0x1e0
[  216.779002][ T7348]  ? __fget_files+0x28/0x4d0
[  216.783629][ T7348]  ? __fget_files+0x44a/0x4d0
[  216.788356][ T7348]  ? __fdget_pos+0x2a3/0x330
[  216.792977][ T7348]  ? ksys_read+0x75/0x250
[  216.797351][ T7348]  ksys_read+0x147/0x250
[  216.801728][ T7348]  ? vfs_write+0x940/0x940
[  216.806216][ T7348]  ? lockdep_hardirqs_on+0x98/0x150
[  216.811470][ T7348]  do_syscall_64+0x55/0xb0
[  216.815917][ T7348]  ? clear_bhb_loop+0x40/0x90
[  216.820626][ T7348]  ? clear_bhb_loop+0x40/0x90
[  216.825337][ T7348]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  216.831278][ T7348] RIP: 0033:0x7f232e98d5fc
[  216.835725][ T7348] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  216.855373][ T7348] RSP: 002b:00007f232f76e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  216.863834][ T7348] RAX: ffffffffffffffda RBX: 00007f232ebc5fa0 RCX: 00007f232e98d5fc
[  216.871842][ T7348] RDX: 000000000000000f RSI: 00007f232f76e0a0 RDI: 0000000000000004
[  216.879849][ T7348] RBP: 00007f232f76e090 R08: 0000000000000000 R09: 0000000000000000
[  216.887864][ T7348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.895958][ T7348] R13: 00007f232ebc6038 R14: 00007f232ebc5fa0 R15: 00007ffdebaad148
[  216.903994][ T7348]  </TASK>
[  217.081897][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.248367][ T7356] loop3: detected capacity change from 0 to 4096
[  217.300877][ T7356] ntfs: volume version 3.1.
[  217.639577][ T7365] loop3: detected capacity change from 0 to 1764
[  217.669095][ T7365] iso9660: Corrupted directory entry in block 2 of inode 1920
[  217.721709][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.747274][    T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  217.984075][ T7360] loop0: detected capacity change from 0 to 32768
[  218.012305][ T7360] (syz.0.377,7360,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  218.046331][ T7360] (syz.0.377,7360,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  218.123610][    T9] usb 2-1: Using ep0 maxpacket: 32
[  218.150127][ T7360] JBD2: Ignoring recovery information on journal
[  218.165799][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  218.183772][    T9] usb 2-1: config 5 has an invalid interface number: 103 but max is 0
[  218.263727][ T7373] netlink: 12 bytes leftover after parsing attributes in process `syz.3.382'.
[  218.352963][ T7373] loop3: detected capacity change from 0 to 1024
[  218.367707][ T7373] EXT4-fs: Ignoring removed nomblk_io_submit option
[  218.605914][ T7373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.840038][ T7360] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  218.902856][    T9] usb 2-1: config 5 has no interface number 0
[  218.911206][    T9] usb 2-1: config 5 interface 103 altsetting 4 bulk endpoint 0x5 has invalid maxpacket 1023
[  218.913190][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.921649][    T9] usb 2-1: config 5 interface 103 altsetting 4 bulk endpoint 0xC has invalid maxpacket 16
[  218.921677][    T9] usb 2-1: config 5 interface 103 has no altsetting 0
[  218.929775][    T9] usb 2-1: New USB device found, idVendor=0711, idProduct=0230, bcdDevice=3c.61
[  218.962875][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.972039][    T9] usb 2-1: Product: syz
[  218.976243][    T9] usb 2-1: Manufacturer: syz
[  218.981371][    T9] usb 2-1: SerialNumber: syz
[  219.018833][ T7363] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  219.026211][ T7363] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  219.340424][ T7363] netlink: 40 bytes leftover after parsing attributes in process `syz.1.379'.
[  219.393623][    T9] mct_u232 2-1:5.103: MCT U232 converter detected
[  219.405008][    T9] mct_u232 ttyUSB0: expected endpoint missing
[  219.431428][    T9] usb 2-1: USB disconnect, device number 8
[  219.455708][    T9] mct_u232 2-1:5.103: device disconnected
[  219.601966][ T7393] loop2: detected capacity change from 0 to 1024
[  219.652827][ T7393] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.827284][ T7404] loop3: detected capacity change from 0 to 4096
[  220.839970][ T7404] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  220.844305][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.860331][ T7404] ntfs3: loop3: It is recommened to use chkdsk.
[  221.041262][ T7404] ntfs3: loop3: failed to convert "076c" to cp857
[  221.779549][ T7412] loop2: detected capacity change from 0 to 128
[  221.790460][ T7412] EXT4-fs: Ignoring removed nobh option
[  222.588737][ T7412] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  222.602117][ T7412] ext4 filesystem being mounted at /89/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  222.851597][ T5787] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  223.122633][ T7422] loop2: detected capacity change from 0 to 1024
[  223.136482][ T7422] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  224.456334][ T5790] ocfs2: Unmounting device (7,0) on (node local)
[  224.949709][ T7434] Illegal XDP return value 4294967283 on prog  (id 47) dev syz_tun, expect packet loss!
[  226.026733][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  226.226738][    T9] usb 3-1: Using ep0 maxpacket: 32
[  226.243985][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  226.264948][ T7439] loop1: detected capacity change from 0 to 32768
[  226.270811][    T9] usb 3-1: config 5 has an invalid interface number: 103 but max is 0
[  226.276928][ T7439] xfs: Unknown parameter 'subj_type'
[  226.287888][    T9] usb 3-1: config 5 has no interface number 0
[  226.304240][    T9] usb 3-1: config 5 interface 103 altsetting 4 bulk endpoint 0x5 has invalid maxpacket 1023
[  226.324910][    T9] usb 3-1: config 5 interface 103 altsetting 4 bulk endpoint 0xC has invalid maxpacket 16
[  226.350752][    T9] usb 3-1: config 5 interface 103 has no altsetting 0
[  226.375666][    T9] usb 3-1: New USB device found, idVendor=0711, idProduct=0230, bcdDevice=3c.61
[  226.395064][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.419655][    T9] usb 3-1: Product: syz
[  226.423892][    T9] usb 3-1: Manufacturer: syz
[  226.441010][    T9] usb 3-1: SerialNumber: syz
[  226.460985][ T7442] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  226.477009][ T7442] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  226.695209][ T7442] netlink: 40 bytes leftover after parsing attributes in process `syz.2.399'.
[  226.733699][    T9] mct_u232 3-1:5.103: MCT U232 converter detected
[  226.764343][    T9] mct_u232 ttyUSB0: expected endpoint missing
[  226.789146][    T9] usb 3-1: USB disconnect, device number 7
[  226.829324][    T9] mct_u232 3-1:5.103: device disconnected
[  226.891690][ T7444] loop0: detected capacity change from 0 to 32768
[  226.966105][ T7444] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  227.096871][ T7444] XFS (loop0): Ending clean mount
[  227.250167][ T7450] loop1: detected capacity change from 0 to 32768
[  227.278882][ T7448] loop3: detected capacity change from 0 to 32768
[  227.296181][ T7450] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  227.348477][ T7444] lo speed is unknown, defaulting to 1000
[  227.360657][ T7448] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  227.480813][ T7450] XFS (loop1): Ending clean mount
[  227.548131][ T7479] loop2: detected capacity change from 0 to 4096
[  227.620843][ T7448] XFS (loop3): Ending clean mount
[  227.801219][ T5789] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  228.889819][ T7487] tipc: Enabled bearer <ib:veth0_to_bridge>, priority 10
[  229.254200][ T5790] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  229.380863][ T5788] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  229.608469][ T7493] loop0: detected capacity change from 0 to 2048
[  229.684664][ T7493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.706729][ T7493] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.979297][ T5858] tipc: Node number set to 4119004433
[  229.985805][ T7491] loop3: detected capacity change from 0 to 32768
[  230.144151][ T7506] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  230.155650][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.192914][ T7502] loop2: detected capacity change from 0 to 4096
[  230.195693][ T7491] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.308459][ T7514] loop1: detected capacity change from 0 to 512
[  230.369493][ T7491] XFS (loop3): Ending clean mount
[  230.392871][ T7514] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #4: comm syz.1.411: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  230.463698][ T7514] EXT4-fs error (device loop1): ext4_quota_enable:7134: comm syz.1.411: Bad quota inode: 4, type: 1
[  230.478662][ T7502] netlink: 180876 bytes leftover after parsing attributes in process `syz.2.409'.
[  230.688984][ T7514] EXT4-fs warning (device loop1): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  231.734924][ T7522] FAULT_INJECTION: forcing a failure.
[  231.734924][ T7522] name failslab, interval 1, probability 0, space 0, times 0
[  231.748269][ T7522] CPU: 1 PID: 7522 Comm: syz.3.405 Not tainted syzkaller #0
[  231.755599][ T7522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  231.765690][ T7522] Call Trace:
[  231.768990][ T7522]  <TASK>
[  231.771952][ T7522]  dump_stack_lvl+0x16c/0x230
[  231.776672][ T7522]  ? show_regs_print_info+0x20/0x20
[  231.781900][ T7522]  ? load_image+0x3b0/0x3b0
[  231.786439][ T7522]  ? __might_sleep+0xe0/0xe0
[  231.791071][ T7522]  ? __lock_acquire+0x7c80/0x7c80
[  231.796129][ T7522]  should_fail_ex+0x39d/0x4d0
[  231.800845][ T7522]  should_failslab+0x9/0x20
[  231.805383][ T7522]  slab_pre_alloc_hook+0x59/0x310
[  231.810449][ T7522]  kmem_cache_alloc_node+0x60/0x330
[  231.815700][ T7522]  ? __alloc_skb+0x108/0x2c0
[  231.820458][ T7522]  __alloc_skb+0x108/0x2c0
[  231.824989][ T7522]  alloc_skb_with_frags+0xca/0x7c0
[  231.830138][ T7522]  ? mark_lock+0x94/0x320
[  231.834511][ T7522]  sock_alloc_send_pskb+0x857/0x990
[  231.839765][ T7522]  ? sock_kzfree_s+0x50/0x50
[  231.844386][ T7522]  ? mark_lock+0x94/0x320
[  231.848753][ T7522]  ? __might_sleep+0xe0/0xe0
[  231.853374][ T7522]  ? mark_lock+0x94/0x320
[  231.857739][ T7522]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x10
[  231.863845][ T7522]  ? security_socket_getpeersec_dgram+0x83/0xa0
[  231.870126][ T7522]  unix_stream_sendmsg+0x476/0xba0
[  231.875292][ T7522]  ? unix_show_fdinfo+0x270/0x270
[  231.880350][ T7522]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  231.886816][ T7522]  ? aa_sock_msg_perm+0x94/0x150
[  231.891787][ T7522]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  231.897114][ T7522]  ? security_socket_sendmsg+0x80/0xa0
[  231.902615][ T7522]  ? unix_show_fdinfo+0x270/0x270
[  231.907681][ T7522]  sock_sendmsg+0x225/0x370
[  231.912215][ T7522]  ? __sock_tx_timestamp+0xb0/0xb0
[  231.917346][ T7522]  ? mod_objcg_state+0x50b/0x890
[  231.922317][ T7522]  ? import_ubuf+0x130/0x230
[  231.926933][ T7522]  io_send+0x387/0x9a0
[  231.931025][ T7522]  ? io_setup_async_msg+0x550/0x550
[  231.936252][ T7522]  ? percpu_ref_get_many+0x21/0x1e0
[  231.941482][ T7522]  ? rcu_is_watching+0x15/0xb0
[  231.946260][ T7522]  ? io_file_get_normal+0xe0/0x300
[  231.951401][ T7522]  io_issue_sqe+0x289/0xc90
[  231.955932][ T7522]  io_submit_sqes+0xa8a/0x1d00
[  231.960709][ T7522]  ? __mutex_lock+0x322/0xcc0
[  231.965427][ T7522]  __se_sys_io_uring_enter+0x2de/0x22e0
[  231.971015][ T7522]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[  231.976583][ T7522]  ? asan.module_dtor+0x20/0x20
[  231.981459][ T7522]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  231.987102][ T7522]  ? lockdep_hardirqs_on+0x98/0x150
[  231.992322][ T7522]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  231.998322][ T7522]  ? lock_chain_count+0x20/0x20
[  232.003205][ T7522]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  232.008769][ T7522]  do_syscall_64+0x55/0xb0
[  232.013192][ T7522]  ? clear_bhb_loop+0x40/0x90
[  232.017873][ T7522]  ? clear_bhb_loop+0x40/0x90
[  232.022566][ T7522]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  232.028483][ T7522] RIP: 0033:0x7f232e98ebe9
[  232.032906][ T7522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.052520][ T7522] RSP: 002b:00007f232f72c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  232.060958][ T7522] RAX: ffffffffffffffda RBX: 00007f232ebc6180 RCX: 00007f232e98ebe9
[  232.068957][ T7522] RDX: 0000000004000000 RSI: 0000000000007f5f RDI: 0000000000000008
[  232.076940][ T7522] RBP: 00007f232f72c090 R08: 0000000000000000 R09: 0000000000000000
[  232.084919][ T7522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.092987][ T7522] R13: 00007f232ebc6218 R14: 00007f232ebc6180 R15: 00007ffdebaad148
[  232.100985][ T7522]  </TASK>
[  232.304873][ T7514] EXT4-fs (loop1): mount failed
[  232.498821][ T7526] loop2: detected capacity change from 0 to 1024
[  232.526914][ T7526] EXT4-fs: Ignoring removed bh option
[  232.533351][ T7526] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  232.549121][ T5789] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  232.573547][ T7526] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.611693][ T7526] netlink: 92 bytes leftover after parsing attributes in process `syz.2.412'.
[  232.622400][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.412'.
[  232.739540][ T7529] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  232.832361][ T7529] EXT4-fs error (device loop2): ext4_check_all_de:666: inode #12: block 7: comm syz.2.412: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0
[  232.919259][ T7529] EXT4-fs (loop2): Remounting filesystem read-only
[  233.004843][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.331955][ T7534] netlink: 12 bytes leftover after parsing attributes in process `syz.0.410'.
[  233.417777][ T5798] Bluetooth: hci2: unexpected event for opcode 0x0405
[  233.526728][   T23] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  233.733575][   T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  233.753931][   T23] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  233.776548][   T23] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  233.785631][   T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.817040][   T23] usb 3-1: config 0 descriptor??
[  233.839737][   T23] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  233.857026][   T23] dvb-usb: bulk message failed: -22 (3/0)
[  233.880816][   T23] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  233.897545][   T23] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  233.914978][   T23] usb 3-1: media controller created
[  233.931339][   T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  233.961872][   T23] dvb-usb: bulk message failed: -22 (6/0)
[  233.976777][   T23] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  233.998749][   T23] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9
[  234.032952][   T23] dvb-usb: schedule remote query interval to 150 msecs.
[  234.048863][   T23] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  234.132663][ T7545] loop2: detected capacity change from 0 to 4096
[  234.152209][ T7545] NILFS (loop2): unrecognized mount option ""
[  234.208837][   T23] dvb-usb: bulk message failed: -22 (1/0)
[  234.219288][   T23] dvb-usb: error while querying for an remote control event.
[  234.398588][   T23] dvb-usb: bulk message failed: -22 (1/0)
[  234.422900][   T23] dvb-usb: error while querying for an remote control event.
[  234.519137][ T7549] tipc: Enabled bearer <ib:veth0_to_bridge>, priority 10
[  234.607405][   T23] dvb-usb: bulk message failed: -22 (1/0)
[  234.619780][   T23] dvb-usb: error while querying for an remote control event.
[  234.846791][ T5858] dvb-usb: bulk message failed: -22 (1/0)
[  234.853214][ T5858] dvb-usb: error while querying for an remote control event.
[  234.915831][ T7556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.416'.
[  235.009504][ T7556] loop0: detected capacity change from 0 to 1024
[  235.021492][ T7556] EXT4-fs: Ignoring removed nomblk_io_submit option
[  235.066427][ T5858] dvb-usb: bulk message failed: -22 (1/0)
[  235.181738][ T7556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  235.216781][ T5798] Bluetooth: hci3: command 0x0c1a tx timeout
[  235.250539][ T5858] dvb-usb: error while querying for an remote control event.
[  235.535111][   T28] tipc: Node number set to 4119004433
[  235.563022][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.587891][   T28] dvb-usb: bulk message failed: -22 (1/0)
[  235.618248][   T28] dvb-usb: error while querying for an remote control event.
[  235.759647][ T7565] loop0: detected capacity change from 0 to 256
[  235.796841][   T28] dvb-usb: bulk message failed: -22 (1/0)
[  235.808030][   T28] dvb-usb: error while querying for an remote control event.
[  235.964860][ T7565] FAT-fs (loop0): Directory bread(block 64) failed
[  235.985432][ T7565] FAT-fs (loop0): Directory bread(block 65) failed
[  235.986647][   T23] dvb-usb: bulk message failed: -22 (1/0)
[  235.993559][ T7565] FAT-fs (loop0): Directory bread(block 66) failed
[  236.009150][ T7565] FAT-fs (loop0): Directory bread(block 67) failed
[  236.015944][   T23] dvb-usb: error while querying for an remote control event.
[  236.016053][ T7565] FAT-fs (loop0): Directory bread(block 68) failed
[  236.039894][ T7565] FAT-fs (loop0): Directory bread(block 69) failed
[  236.106882][ T7565] FAT-fs (loop0): Directory bread(block 70) failed
[  236.174900][ T7565] FAT-fs (loop0): Directory bread(block 71) failed
[  236.504003][  T785] usb 3-1: USB disconnect, device number 8
[  236.636705][ T7565] FAT-fs (loop0): Directory bread(block 72) failed
[  236.666709][ T7565] FAT-fs (loop0): Directory bread(block 73) failed
[  236.755509][ T7571] netlink: 68 bytes leftover after parsing attributes in process `syz.2.422'.
[  236.807871][  T785] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  236.924092][ T7574] loop3: detected capacity change from 0 to 1024
[  236.985864][ T7574] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.019640][ T7576] loop2: detected capacity change from 0 to 512
[  237.051847][ T7576] EXT4-fs: Ignoring removed nobh option
[  237.106058][ T7576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.361774][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.458667][ T7586] netlink: 24 bytes leftover after parsing attributes in process `syz.0.427'.
[  238.896344][ T7586] loop0: detected capacity change from 0 to 4096
[  238.924022][ T7586] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512).
[  239.125130][ T7586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.427'.
[  239.459393][ T7596] netlink: 12 bytes leftover after parsing attributes in process `syz.1.428'.
[  239.548182][ T7596] loop1: detected capacity change from 0 to 1024
[  239.560039][ T7596] EXT4-fs: Ignoring removed nomblk_io_submit option
[  239.643514][ T7596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  240.104422][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.271589][ T7600] loop0: detected capacity change from 0 to 512
[  240.311183][ T7576] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.424: iget: bad i_size value: 15393162788874
[  240.335229][ T7576] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.424: iget: bad i_size value: 15393162788874
[  240.337780][ T7600] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.429: corrupted in-inode xattr: e_value size too large
[  240.496031][ T7600] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.429: couldn't read orphan inode 15 (err -117)
[  240.540956][ T7600] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.460124][ T7608] loop1: detected capacity change from 0 to 128
[  241.467629][ T7608] EXT4-fs: Ignoring removed nobh option
[  241.611642][ T7608] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  241.624350][ T7608] ext4 filesystem being mounted at /117/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  241.721345][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.863657][ T5788] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  242.170144][ T5787] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz-executor: iget: bad i_size value: 15393162788874
[  242.249912][ T5787] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz-executor: iget: bad i_size value: 15393162788874
[  242.279558][ T7611] ipt_REJECT: TCP_RESET invalid for non-tcp
[  242.290527][ T7614] lo speed is unknown, defaulting to 1000
[  242.424763][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.522429][ T7619] loop1: detected capacity change from 0 to 1024
[  242.658596][ T7619] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.773129][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.857717][ T7617] lo speed is unknown, defaulting to 1000
[  244.065099][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.123379][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.148590][ T7614] FAULT_INJECTION: forcing a failure.
[  244.148590][ T7614] name failslab, interval 1, probability 0, space 0, times 0
[  244.161878][ T7614] CPU: 1 PID: 7614 Comm: syz.0.432 Not tainted syzkaller #0
[  244.169198][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  244.179289][ T7614] Call Trace:
[  244.182599][ T7614]  <TASK>
[  244.185567][ T7614]  dump_stack_lvl+0x16c/0x230
[  244.190290][ T7614]  ? show_regs_print_info+0x20/0x20
[  244.195611][ T7614]  ? load_image+0x3b0/0x3b0
[  244.200170][ T7614]  ? __might_sleep+0xe0/0xe0
[  244.204796][ T7614]  ? __lock_acquire+0x7c80/0x7c80
[  244.209854][ T7614]  ? __asan_memset+0x22/0x40
[  244.214487][ T7614]  should_fail_ex+0x39d/0x4d0
[  244.219212][ T7614]  should_failslab+0x9/0x20
[  244.223754][ T7614]  slab_pre_alloc_hook+0x59/0x310
[  244.228826][ T7614]  kmem_cache_alloc+0x5a/0x2e0
[  244.233635][ T7614]  ? security_inode_alloc+0x34/0x110
[  244.238968][ T7614]  security_inode_alloc+0x34/0x110
[  244.244127][ T7614]  inode_init_always+0x8fc/0xc90
[  244.249127][ T7614]  new_inode_pseudo+0x95/0x1d0
[  244.253935][ T7614]  __sock_create+0x12d/0x940
[  244.258566][ T7614]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  244.264679][ T7614]  __sys_socket+0xd7/0x1a0
[  244.269146][ T7614]  __x64_sys_socket+0x7a/0x90
[  244.273869][ T7614]  do_syscall_64+0x55/0xb0
[  244.278325][ T7614]  ? clear_bhb_loop+0x40/0x90
[  244.283074][ T7614]  ? clear_bhb_loop+0x40/0x90
[  244.287795][ T7614]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  244.293740][ T7614] RIP: 0033:0x7f07c758ebe9
[  244.298190][ T7614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.317833][ T7614] RSP: 002b:00007f07c8442038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  244.326320][ T7614] RAX: ffffffffffffffda RBX: 00007f07c77c5fa0 RCX: 00007f07c758ebe9
[  244.334326][ T7614] RDX: 000000000000003a RSI: 0000000000000002 RDI: 000000000000000a
[  244.342340][ T7614] RBP: 00007f07c8442090 R08: 0000000000000000 R09: 0000000000000000
[  244.350353][ T7614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.358356][ T7614] R13: 00007f07c77c6038 R14: 00007f07c77c5fa0 R15: 00007ffc30facb78
[  244.366394][ T7614]  </TASK>
[  244.385441][ T7614] socket: no more sockets
[  244.553772][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.605880][ T7636] tipc: Failed to obtain node identity
[  244.648689][ T7636] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  244.729151][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.812476][ T7641] loop0: detected capacity change from 0 to 2048
[  244.842021][ T7641] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[  244.891430][ T7641] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  244.997626][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  245.025209][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  245.034377][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  245.044539][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  245.057202][ T5803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  245.068580][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  245.157945][ T7645] lo speed is unknown, defaulting to 1000
[  245.204144][   T12] tipc: Disabling bearer <ib:veth0_to_bridge>
[  245.223122][   T12] tipc: Left network mode
[  245.891740][ T7659] netlink: 12 bytes leftover after parsing attributes in process `syz.3.441'.
[  246.517818][  T785] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  246.703737][ T7648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.442'.
[  246.718643][ T7645] chnl_net:caif_netlink_parms(): no params data found
[  246.729737][  T785] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  246.739192][  T785] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.766949][  T785] usb 2-1: Product: syz
[  246.771168][  T785] usb 2-1: Manufacturer: syz
[  246.775792][  T785] usb 2-1: SerialNumber: syz
[  246.822696][  T785] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  246.896058][ T5906] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  247.166977][ T5803] Bluetooth: hci1: command tx timeout
[  247.428599][ T7645] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.465279][ T7645] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.507725][ T7645] bridge_slave_0: entered allmulticast mode
[  247.542110][ T7645] bridge_slave_0: entered promiscuous mode
[  247.583516][ T7645] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.596782][ T7645] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.605284][ T7645] bridge_slave_1: entered allmulticast mode
[  247.612810][ T7645] bridge_slave_1: entered promiscuous mode
[  247.620198][ T7664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.445'.
[  247.635365][   T28] usb 2-1: USB disconnect, device number 9
[  247.966992][ T7692] loop3: detected capacity change from 0 to 4096
[  247.993860][ T7692] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  248.069237][ T5906] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  248.083889][ T5906] ath9k_htc: Failed to initialize the device
[  248.196700][   T28] usb 2-1: ath9k_htc: USB layer deinitialized
[  248.209466][ T7687] netlink: 24 bytes leftover after parsing attributes in process `syz.3.449'.
[  248.753650][ T7700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.449'.
[  249.246612][ T5803] Bluetooth: hci1: command tx timeout
[  249.266830][ T7701] tipc: Failed to obtain node identity
[  249.284157][ T7701] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  249.567563][ T7645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  249.621386][ T7645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  249.730371][   T12] hsr_slave_0: left promiscuous mode
[  249.737898][   T12] hsr_slave_1: left promiscuous mode
[  249.747864][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.770249][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.795244][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.805558][ T7718] loop3: detected capacity change from 0 to 256
[  249.811350][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.824318][   T12] bridge_slave_1: left allmulticast mode
[  249.838405][ T7718] exfat: Deprecated parameter 'namecase'
[  249.839012][   T12] bridge_slave_1: left promiscuous mode
[  249.867891][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.915954][   T12] bridge_slave_0: left allmulticast mode
[  249.921467][ T7718] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x587066de, utbl_chksum : 0xe619d30d)
[  249.935379][   T12] bridge_slave_0: left promiscuous mode
[  249.943572][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.034751][   T12] veth1_macvtap: left promiscuous mode
[  250.041223][   T12] veth0_macvtap: left promiscuous mode
[  250.048398][   T12] veth1_vlan: left promiscuous mode
[  250.054005][   T12] veth0_vlan: left promiscuous mode
[  250.652980][   T12] team0 (unregistering): Port device team_slave_1 removed
[  250.706412][   T12] team0 (unregistering): Port device team_slave_0 removed
[  250.753098][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  250.803373][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  251.326931][ T5803] Bluetooth: hci1: command tx timeout
[  251.416079][   T12] bond0 (unregistering): Released all slaves
[  251.534795][ T7723] netlink: 80 bytes leftover after parsing attributes in process `syz.1.455'.
[  251.549190][ T7727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.455'.
[  251.662992][ T7645] team0: Port device team_slave_0 added
[  251.680102][ T7645] team0: Port device team_slave_1 added
[  251.812352][ T7645] batman_adv: batadv0: Adding interface: batadv_slave_0
[  251.850336][ T7645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  251.933242][ T7737] fuse: Bad value for 'group_id'
[  251.944458][ T7645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  251.964859][ T7645] batman_adv: batadv0: Adding interface: batadv_slave_1
[  251.971233][ T7737] loop3: detected capacity change from 0 to 512
[  251.977890][ T7645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.020471][ T7645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.044536][ T7737] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  252.074761][ T7737] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  252.120499][ T7737] System zones: 0-1, 15-15, 18-18, 34-34
[  252.144610][ T7737] EXT4-fs (loop3): orphan cleanup on readonly fs
[  252.164569][ T7737] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0
[  252.169417][ T7645] hsr_slave_0: entered promiscuous mode
[  252.180750][ T7645] hsr_slave_1: entered promiscuous mode
[  252.187322][ T7737] EXT4-fs warning (device loop3): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  252.202997][ T7737] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  252.210169][ T7645] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  252.218745][ T7645] Cannot create hsr debugfs directory
[  252.233860][ T7737] EXT4-fs (loop3): 1 truncate cleaned up
[  252.247953][ T7737] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  252.353602][ T7737] fscrypt (loop3, inode 16): Error -61 getting encryption context
[  252.389807][ T7745] tipc: Failed to obtain node identity
[  252.400191][ T7745] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  252.726043][ T7645] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  252.757302][ T5858] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  252.776115][ T7645] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  252.806855][ T7645] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  252.868016][ T7645] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  252.969592][ T5858] usb 4-1: config 0 has no interfaces?
[  252.984311][ T5858] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  253.015133][ T5858] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.032981][ T5858] usb 4-1: Product: syz
[  253.043733][ T5858] usb 4-1: Manufacturer: syz
[  253.051922][ T5858] usb 4-1: SerialNumber: syz
[  253.070462][ T5858] usb 4-1: config 0 descriptor??
[  253.157630][ T7645] 8021q: adding VLAN 0 to HW filter on device bond0
[  253.202875][ T7645] 8021q: adding VLAN 0 to HW filter on device team0
[  253.288644][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.297512][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.428948][ T5798] Bluetooth: hci1: command tx timeout
[  253.491225][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.498537][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[  254.666466][ T7785] loop1: detected capacity change from 0 to 4096
[  254.907038][   T28] usb 4-1: USB disconnect, device number 13
[  255.406412][ T7645] 8021q: adding VLAN 0 to HW filter on device batadv0
[  255.441189][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.537571][ T5798] Bluetooth: hci1: command tx timeout
[  255.828677][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  255.835042][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  256.056693][ T7817] tipc: Failed to obtain node identity
[  256.080766][ T7817] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  256.463551][ T7645] veth0_vlan: entered promiscuous mode
[  256.544202][ T7645] veth1_vlan: entered promiscuous mode
[  256.596081][ T7645] veth0_macvtap: entered promiscuous mode
[  256.657280][ T7645] veth1_macvtap: entered promiscuous mode
[  256.715239][ T7645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.726016][ T7645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.736036][ T7645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.748979][ T7645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.758945][ T7645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.775646][ T7645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.992745][ T7645] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.820612][ T5803] Bluetooth: hci1: command tx timeout
[  257.869407][ T7645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.933733][ T7645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.989866][ T7645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.016859][ T7645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.029246][ T7645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.040371][ T7645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.052414][ T7645] batman_adv: batadv0: Interface activated: batadv_slave_1
[  258.071950][ T7645] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.082727][ T7645] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.094732][ T7645] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.104979][ T7645] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  258.482041][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.518370][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  258.625407][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.638576][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.321428][ T7874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.438'.
[  260.266210][ T7885] netlink: 12 bytes leftover after parsing attributes in process `syz.1.477'.
[  260.801364][ T7890] loop1: detected capacity change from 0 to 128
[  260.846215][ T7890] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  260.873711][ T7890] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  261.081563][ T7880] loop4: detected capacity change from 0 to 32768
[  261.109956][ T7880] resize option for remount only
[  261.905353][ T5788] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  262.084030][ T7900] fuse: Bad value for 'fd'
[  262.107970][ T7900] fuse: Bad value for 'fd'
[  262.157382][ T7902] loop1: detected capacity change from 0 to 128
[  262.181769][ T7902] affs: No valid root block on device loop1
[  262.428367][ T7884] loop3: detected capacity change from 0 to 32768
[  262.507624][ T7900] loop4: detected capacity change from 0 to 4096
[  262.514926][ T7884] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  262.528845][ T7900] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  262.771863][ T7884] XFS (loop3): Ending clean mount
[  263.000156][ T7900] ntfs3: loop4: Failed to initialize $Secure::$SDH (-22).
[  263.057720][ T7900] ntfs3: loop4: Failed to initialize $Secure (-22).
[  263.396682][    T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  263.586786][    T8] usb 5-1: Using ep0 maxpacket: 16
[  263.605131][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.626370][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.664570][    T8] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  263.687299][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.716948][    T8] usb 5-1: config 0 descriptor??
[  264.015340][ T1190] libceph: connect (1)[c::]:6789 error -101
[  264.044701][ T1190] libceph: mon0 (1)[c::]:6789 connect error
[  264.220177][ T7932] ceph: No mds server is up or the cluster is laggy
[  264.335610][    T8] hid-multitouch 0003:1FD2:6007.0002: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  264.490349][ T5789] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  264.733762][ T7947] netlink: 12 bytes leftover after parsing attributes in process `syz.0.489'.
[  265.384946][ T5791] usb 5-1: USB disconnect, device number 2
[  266.976469][ T7969] xt_TCPMSS: Only works on TCP SYN packets
[  267.409189][ T5798] Bluetooth: hci1: command tx timeout
[  267.563556][ T7983] vlan2: entered allmulticast mode
[  267.596128][ T7983] dummy0: entered allmulticast mode
[  268.498164][ T7995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.501'.
[  269.043336][ T7981] loop1: detected capacity change from 0 to 32768
[  269.168382][ T7976] loop4: detected capacity change from 0 to 32768
[  269.227513][ T7977] loop3: detected capacity change from 0 to 32768
[  269.267454][ T7981] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  269.280037][ T7976] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  269.304540][ T7977] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  269.369027][ T7981] XFS (loop1): Ending clean mount
[  269.442775][ T7976] XFS (loop4): Ending clean mount
[  269.555997][ T7977] XFS (loop3): Ending clean mount
[  271.743186][ T5789] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  271.883416][ T7645] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  271.907579][ T5788] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  272.434512][ T8048] FAULT_INJECTION: forcing a failure.
[  272.434512][ T8048] name failslab, interval 1, probability 0, space 0, times 0
[  272.458692][ T8048] CPU: 0 PID: 8048 Comm: syz.1.503 Not tainted syzkaller #0
[  272.466035][ T8048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  272.476125][ T8048] Call Trace:
[  272.479446][ T8048]  <TASK>
[  272.482410][ T8048]  dump_stack_lvl+0x16c/0x230
[  272.487147][ T8048]  ? show_regs_print_info+0x20/0x20
[  272.492393][ T8048]  ? load_image+0x3b0/0x3b0
[  272.496935][ T8048]  ? __might_sleep+0xe0/0xe0
[  272.501567][ T8048]  ? __lock_acquire+0x7c80/0x7c80
[  272.506631][ T8048]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[  272.507713][ T8051] tipc: Failed to obtain node identity
[  272.512298][ T8048]  should_fail_ex+0x39d/0x4d0
[  272.512333][ T8048]  should_failslab+0x9/0x20
[  272.527015][ T8048]  slab_pre_alloc_hook+0x59/0x310
[  272.530536][ T8051] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  272.532085][ T8048]  ? __se_sys_memfd_create+0x25a/0x660
[  272.546722][ T8048]  ? __se_sys_memfd_create+0x25a/0x660
[  272.552223][ T8048]  __kmem_cache_alloc_node+0x53/0x260
[  272.557627][ T8048]  ? __se_sys_memfd_create+0x25a/0x660
[  272.563118][ T8048]  __kmalloc+0xa4/0x240
[  272.567303][ T8048]  __se_sys_memfd_create+0x25a/0x660
[  272.572611][ T8048]  do_syscall_64+0x55/0xb0
[  272.577050][ T8048]  ? clear_bhb_loop+0x40/0x90
[  272.581747][ T8048]  ? clear_bhb_loop+0x40/0x90
[  272.586438][ T8048]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  272.592356][ T8048] RIP: 0033:0x7f662cf8ebe9
[  272.596784][ T8048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.616488][ T8048] RSP: 002b:00007f662ddece18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  272.624935][ T8048] RAX: ffffffffffffffda RBX: 0000000000001120 RCX: 00007f662cf8ebe9
[  272.632928][ T8048] RDX: 00007f662ddecef0 RSI: 0000000000000000 RDI: 00007f662d0127e8
[  272.640907][ T8048] RBP: 0000200000000100 R08: 00007f662ddecbb7 R09: 00007f662ddece40
[  272.648893][ T8048] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040
[  272.656881][ T8048] R13: 00007f662ddecef0 R14: 00007f662ddeceb0 R15: 00002000000000c0
[  272.664888][ T8048]  </TASK>
[  273.214909][ T8063] netlink: 12 bytes leftover after parsing attributes in process `syz.1.509'.
[  273.828749][ T8075] loop3: detected capacity change from 0 to 8192
[  273.851681][ T8075] REISERFS warning (device loop3): super-6502 reiserfs_getopt: unknown mount option ""
[  273.910097][ T1190] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  274.071964][ T8082] FAULT_INJECTION: forcing a failure.
[  274.071964][ T8082] name failslab, interval 1, probability 0, space 0, times 0
[  274.105118][ T8082] CPU: 1 PID: 8082 Comm: syz.3.512 Not tainted syzkaller #0
[  274.112470][ T8082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  274.122558][ T8082] Call Trace:
[  274.125864][ T8082]  <TASK>
[  274.128830][ T8082]  dump_stack_lvl+0x16c/0x230
[  274.133557][ T8082]  ? show_regs_print_info+0x20/0x20
[  274.138792][ T8082]  ? load_image+0x3b0/0x3b0
[  274.143328][ T8082]  ? __might_sleep+0xe0/0xe0
[  274.147960][ T8082]  ? __lock_acquire+0x7c80/0x7c80
[  274.153025][ T8082]  should_fail_ex+0x39d/0x4d0
[  274.157749][ T8082]  should_failslab+0x9/0x20
[  274.162300][ T8082]  slab_pre_alloc_hook+0x59/0x310
[  274.167371][ T8082]  ? __lock_acquire+0x7c80/0x7c80
[  274.172441][ T8082]  kmem_cache_alloc_node+0x60/0x330
[  274.177686][ T8082]  ? __alloc_skb+0x108/0x2c0
[  274.182331][ T8082]  __alloc_skb+0x108/0x2c0
[  274.186798][ T8082]  netlink_sendmsg+0x65b/0xbe0
[  274.191621][ T8082]  ? netlink_getsockopt+0x580/0x580
[  274.196865][ T8082]  ? aa_sock_msg_perm+0x94/0x150
[  274.201862][ T8082]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  274.207199][ T8082]  ? security_socket_sendmsg+0x80/0xa0
[  274.212701][ T8082]  ? netlink_getsockopt+0x580/0x580
[  274.217950][ T8082]  ____sys_sendmsg+0x5bf/0x950
[  274.222786][ T8082]  ? __asan_memset+0x22/0x40
[  274.227589][ T8082]  ? __sys_sendmsg_sock+0x30/0x30
[  274.232663][ T8082]  ? __import_iovec+0x5f2/0x860
[  274.237567][ T8082]  ? import_iovec+0x73/0xa0
[  274.242134][ T8082]  ___sys_sendmsg+0x220/0x290
[  274.246867][ T8082]  ? __sys_sendmsg+0x270/0x270
[  274.251711][ T8082]  ? __lock_acquire+0x7c80/0x7c80
[  274.256803][ T8082]  __se_sys_sendmsg+0x1a5/0x270
[  274.261713][ T8082]  ? __x64_sys_sendmsg+0x80/0x80
[  274.266717][ T8082]  ? lockdep_hardirqs_on+0x98/0x150
[  274.271973][ T8082]  do_syscall_64+0x55/0xb0
[  274.276433][ T8082]  ? clear_bhb_loop+0x40/0x90
[  274.281157][ T8082]  ? clear_bhb_loop+0x40/0x90
[  274.285873][ T8082]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  274.291817][ T8082] RIP: 0033:0x7f232e98ebe9
[  274.296248][ T8082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.315873][ T8082] RSP: 002b:00007f232f76e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  274.324306][ T8082] RAX: ffffffffffffffda RBX: 00007f232ebc5fa0 RCX: 00007f232e98ebe9
[  274.332293][ T8082] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  274.340273][ T8082] RBP: 00007f232f76e090 R08: 0000000000000000 R09: 0000000000000000
[  274.348252][ T8082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.356251][ T8082] R13: 00007f232ebc6038 R14: 00007f232ebc5fa0 R15: 00007ffdebaad148
[  274.364252][ T8082]  </TASK>
[  274.448601][ T1190] usb 5-1: unable to get BOS descriptor set
[  274.466690][ T1190] usb 5-1: not running at top speed; connect to a high speed hub
[  274.488063][ T1190] usb 5-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  274.521606][ T1190] usb 5-1: config 1 interface 0 has no altsetting 0
[  274.558760][ T1190] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  274.576887][ T1190] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.584927][ T1190] usb 5-1: Product: syz
[  274.616534][ T1190] usb 5-1: Manufacturer: syz
[  274.626946][ T1190] usb 5-1: SerialNumber: syz
[  274.967042][ T1190] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[  275.015125][ T1190] usb 5-1: USB disconnect, device number 3
[  275.053867][ T1190] usblp0: removed
[  275.643032][ T8084] loop3: detected capacity change from 0 to 65536
[  275.678278][ T8084] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  276.428433][ T8084] XFS (loop3): Ending clean mount
[  276.751177][ T8110] mmap: syz.4.520 (8110) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  277.156265][ T7786] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  277.184847][ T7786] XFS (loop3): Unmount and run xfs_repair
[  277.989709][ T7786] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  278.016614][ T7786] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  278.025532][ T7786] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  278.058772][ T7786] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  278.293587][ T7786] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  278.303139][ T7786] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  278.312269][ T7786] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  278.321771][ T7786] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  278.330894][ T7786] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  278.343876][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  278.375427][ T1092] XFS (loop3): page discard on page ffffea0001587800, inode 0x29, pos 0.
[  278.387203][ T5791] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  278.403751][ T5791] XFS (loop3): Unmount and run xfs_repair
[  278.410045][ T5791] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  278.424059][ T5791] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  278.433232][ T5791] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  278.444517][ T5791] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  278.476114][ T5791] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  278.512668][ T5791] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  278.537889][ T5791] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  278.561136][ T5791] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  278.574004][ T5791] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  278.799192][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  278.809906][ T1092] XFS (loop3): page discard on page ffffea0001b713c0, inode 0x26, pos 1024.
[  278.829462][ T8133] netlink: 12 bytes leftover after parsing attributes in process `syz.1.524'.
[  278.914158][  T785] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  278.951702][ T5791] loop3: writeback error on inode 38, offset 0, sector 22
[  278.980476][  T785] XFS (loop3): Unmount and run xfs_repair
[  279.013033][  T785] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  279.032519][  T785] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  279.074689][  T785] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  279.104096][  T785] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  279.145563][  T785] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  279.180015][  T785] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  279.208084][  T785] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  279.236868][  T785] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  279.264733][  T785] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  279.299449][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  279.329095][ T1092] XFS (loop3): page discard on page ffffea0001587700, inode 0x29, pos 32768.
[  279.359138][ T5858] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  279.377725][ T5858] XFS (loop3): Unmount and run xfs_repair
[  279.393700][ T5858] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  279.419596][ T5858] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  279.442102][ T5858] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  279.461209][ T5858] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  279.481832][ T5858] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  279.493173][ T5858] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  279.508229][ T5858] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  279.523441][ T5858] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  279.535480][ T5858] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  279.546977][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  279.566688][ T5791] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  279.576118][ T1092] XFS (loop3): page discard on page ffffea00014f9400, inode 0x29, pos 49152.
[  279.602626][ T5858] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  279.626256][ T5858] XFS (loop3): Unmount and run xfs_repair
[  279.642002][ T5858] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  279.671006][ T5858] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  279.686534][ T5858] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  279.712381][ T5858] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  279.727993][ T5858] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  279.740615][ T5858] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  279.754825][ T5858] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  279.764033][ T5791] usb 5-1: Using ep0 maxpacket: 32
[  279.774025][ T5858] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  279.786339][ T5858] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  279.802184][ T5791] usb 5-1: unable to get BOS descriptor or descriptor too short
[  279.806564][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  279.812331][ T5791] usb 5-1: config 5 has an invalid interface number: 103 but max is 0
[  279.832684][ T5791] usb 5-1: config 5 has no interface number 0
[  279.832824][ T1092] XFS (loop3): page discard on page ffffea000165e840, inode 0x29, pos 57344.
[  279.856893][ T5791] usb 5-1: config 5 interface 103 altsetting 4 bulk endpoint 0x5 has invalid maxpacket 1023
[  279.876567][ T5791] usb 5-1: config 5 interface 103 altsetting 4 bulk endpoint 0xC has invalid maxpacket 16
[  279.895613][ T5858] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  279.921108][ T5858] XFS (loop3): Unmount and run xfs_repair
[  279.927222][ T5791] usb 5-1: config 5 interface 103 has no altsetting 0
[  279.934267][ T5858] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  279.956634][ T5858] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  279.965530][ T5858] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  279.976455][ T5791] usb 5-1: New USB device found, idVendor=0711, idProduct=0230, bcdDevice=3c.61
[  279.985681][ T5791] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.006553][ T5791] usb 5-1: Product: syz
[  280.010767][ T5791] usb 5-1: Manufacturer: syz
[  280.015390][ T5791] usb 5-1: SerialNumber: syz
[  280.020093][ T5858] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  280.036718][ T5858] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  280.056264][ T5858] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  280.066997][ T8144] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  280.074280][ T8144] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  280.078851][ T5858] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  280.106919][ T5858] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.126022][ T5858] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.163076][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  280.186867][ T1092] XFS (loop3): page discard on page ffffea000165e880, inode 0x29, pos 61440.
[  280.218796][ T7786] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  280.234197][ T7786] XFS (loop3): Unmount and run xfs_repair
[  280.251252][ T7786] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  280.256677][ T8145] loop1: detected capacity change from 0 to 40427
[  280.266959][ T7786] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  280.275854][ T7786] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  280.291512][ T7786] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  280.303091][ T7786] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  280.328471][ T8145] F2FS-fs (loop1): invalid crc value
[  280.340902][ T8144] netlink: 40 bytes leftover after parsing attributes in process `syz.4.526'.
[  280.354710][ T7786] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  280.385336][ T5791] mct_u232 5-1:5.103: MCT U232 converter detected
[  280.401969][ T7786] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  280.413079][ T5791] mct_u232 ttyUSB0: expected endpoint missing
[  280.436780][ T7786] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.452265][ T7786] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.460587][ T5791] usb 5-1: USB disconnect, device number 4
[  280.482743][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  280.497443][ T5791] mct_u232 5-1:5.103: device disconnected
[  280.518896][ T8145] F2FS-fs (loop1): Start checkpoint disabled!
[  280.522170][ T1092] XFS (loop3): page discard on page ffffea000165e8c0, inode 0x26, pos 4096.
[  280.538481][ T1190] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  280.545994][ T8145] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  280.550905][ T1190] XFS (loop3): Unmount and run xfs_repair
[  280.564574][ T1190] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  280.576617][ T1190] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  280.589720][ T1190] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  280.601122][ T1190] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  280.614434][ T1190] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  280.630765][ T1190] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  280.642969][ T1190] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  280.656451][ T1190] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.670410][ T1190] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.679617][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  280.706297][ T1092] XFS (loop3): page discard on page ffffea00014f9480, inode 0x26, pos 8192.
[  280.731246][ T5791] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  280.755833][ T5791] XFS (loop3): Unmount and run xfs_repair
[  280.779773][ T5791] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  280.791195][ T5791] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  280.803239][ T5791] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  280.817548][ T5791] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  280.831232][ T5791] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  280.843059][ T5791] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  280.855759][ T5791] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  280.872365][ T5791] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.884661][ T5791] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  280.897375][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  280.929275][ T1092] XFS (loop3): page discard on page ffffea0001516600, inode 0x26, pos 16384.
[  280.972605][ T5791] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  280.996826][ T5791] XFS (loop3): Unmount and run xfs_repair
[  281.012911][ T5791] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  281.030811][ T5791] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  281.057340][ T5791] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  281.082584][ T5791] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  281.112286][ T5791] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  281.136241][ T5791] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  281.174226][ T5791] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  281.196924][ T5791] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  281.236048][ T5791] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  281.275946][ T1092] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  281.315835][ T1092] XFS (loop3): page discard on page ffffea0001516700, inode 0x26, pos 32768.
[  281.346381][ T7786] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  281.362836][ T7786] XFS (loop3): Unmount and run xfs_repair
[  281.373175][ T8152] overlayfs: failed to clone upperpath
[  281.382696][ T7786] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  281.393786][ T7786] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  281.403260][ T7786] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  281.414102][ T7786] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  281.427853][ T7786] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  281.437402][ T7786] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  281.453055][ T7786] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  281.464075][ T7786] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  281.475975][ T7786] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  281.699808][ T5858] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  281.730482][ T5858] XFS (loop3): Unmount and run xfs_repair
[  281.750260][ T5858] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  281.762512][ T5858] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  282.076746][ T7786] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  282.287646][ T7786] usb 2-1: device descriptor read/64, error -71
[  282.564841][ T5858] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  282.605026][ T5858] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  282.629887][ T5858] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  282.641089][ T5858] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  282.654149][ T5858] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  282.664624][ T5858] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  282.682570][ T5858] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  282.703841][ T5858] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  282.761903][ T5858] XFS (loop3): Unmount and run xfs_repair
[  282.771660][ T5858] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  282.782934][ T5858] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  282.799053][ T5858] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  282.811905][ T5858] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  282.825419][ T5858] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  282.838445][ T5858] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  282.850193][ T5858] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  282.875292][ T5858] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  282.884893][ T5858] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  282.907767][ T5789] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  282.976633][ T7786] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  283.036614][ T8172] netlink: 'syz.4.534': attribute type 13 has an invalid length.
[  283.137112][ T7786] usb 2-1: device descriptor read/64, error -71
[  283.215553][ T8172] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.224596][ T8172] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.260743][ T7786] usb usb2-port1: attempt power cycle
[  283.676593][ T7786] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  283.750138][ T7786] usb 2-1: device descriptor read/8, error -71
[  284.026676][ T7786] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  284.077440][ T7786] usb 2-1: device descriptor read/8, error -71
[  284.160540][ T8172] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  284.212376][ T7786] usb usb2-port1: unable to enumerate USB device
[  284.290777][ T8172] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  285.016300][ T8172] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.025985][ T8172] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.035021][ T8172] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.044201][ T8172] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.856224][ T8209] netlink: 12 bytes leftover after parsing attributes in process `syz.3.538'.
[  286.308486][ T8196] loop1: detected capacity change from 0 to 32768
[  286.352315][ T8196] xfs: Unknown parameter 'seclabel'
[  288.687353][ T8233] FAULT_INJECTION: forcing a failure.
[  288.687353][ T8233] name fail_futex, interval 1, probability 0, space 0, times 1
[  288.700267][ T8233] CPU: 1 PID: 8233 Comm: syz.1.543 Not tainted syzkaller #0
[  288.707581][ T8233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  288.717665][ T8233] Call Trace:
[  288.720973][ T8233]  <TASK>
[  288.723923][ T8233]  dump_stack_lvl+0x16c/0x230
[  288.728632][ T8233]  ? show_regs_print_info+0x20/0x20
[  288.733852][ T8233]  ? load_image+0x3b0/0x3b0
[  288.738395][ T8233]  ? __lock_acquire+0x1334/0x7c80
[  288.743454][ T8233]  ? verify_lock_unused+0x140/0x140
[  288.748699][ T8233]  should_fail_ex+0x39d/0x4d0
[  288.753407][ T8233]  get_futex_key+0x12b/0x1020
[  288.758135][ T8233]  ? verify_lock_unused+0x140/0x140
[  288.763449][ T8233]  ? futex_setup_timer+0xc0/0xc0
[  288.768437][ T8233]  futex_wake+0x10b/0x4b0
[  288.772799][ T8233]  ? futex_wake_mark+0x150/0x150
[  288.777767][ T8233]  do_futex+0x35d/0x3e0
[  288.781942][ T8233]  ? __might_fault+0xaa/0x120
[  288.786655][ T8233]  ? __ia32_sys_get_robust_list+0x90/0x90
[  288.792401][ T8233]  ? __might_fault+0xc6/0x120
[  288.797093][ T8233]  mm_release+0x189/0x390
[  288.801439][ T8233]  ? exit_mm_release+0x30/0x30
[  288.806209][ T8233]  ? lockdep_hardirqs_on+0x98/0x150
[  288.811443][ T8233]  exit_mm+0xa8/0x2c0
[  288.815444][ T8233]  ? do_exit+0x23c0/0x23c0
[  288.819885][ T8233]  ? taskstats_exit+0x35e/0x9e0
[  288.824761][ T8233]  do_exit+0x88e/0x23c0
[  288.828940][ T8233]  ? put_task_struct+0xc0/0xc0
[  288.833725][ T8233]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  288.839713][ T8233]  ? get_signal+0x1068/0x1400
[  288.844407][ T8233]  ? lock_chain_count+0x20/0x20
[  288.849269][ T8233]  ? _raw_spin_lock_irq+0xaf/0xe0
[  288.854315][ T8233]  do_group_exit+0x21b/0x2d0
[  288.858923][ T8233]  ? lockdep_hardirqs_on+0x98/0x150
[  288.864146][ T8233]  get_signal+0x12fc/0x1400
[  288.868679][ T8233]  arch_do_signal_or_restart+0x96/0x780
[  288.874265][ T8233]  ? get_sigframe_size+0x20/0x20
[  288.879230][ T8233]  ? exit_to_user_mode_loop+0x3b/0x110
[  288.884710][ T8233]  exit_to_user_mode_loop+0x70/0x110
[  288.890009][ T8233]  exit_to_user_mode_prepare+0xb1/0x140
[  288.895659][ T8233]  syscall_exit_to_user_mode+0x1a/0x50
[  288.901142][ T8233]  do_syscall_64+0x61/0xb0
[  288.905571][ T8233]  ? clear_bhb_loop+0x40/0x90
[  288.910259][ T8233]  ? clear_bhb_loop+0x40/0x90
[  288.914950][ T8233]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  288.920871][ T8233] RIP: 0033:0x7f662cf8ebe9
[  288.925301][ T8233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.944917][ T8233] RSP: 002b:00007f662ddab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000082
[  288.953342][ T8233] RAX: fffffffffffffdfe RBX: 00007f662d1c6180 RCX: 00007f662cf8ebe9
[  288.961322][ T8233] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000200000000040
[  288.969311][ T8233] RBP: 00007f662ddab090 R08: 0000000000000000 R09: 0000000000000000
[  288.977293][ T8233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.985274][ T8233] R13: 00007f662d1c6218 R14: 00007f662d1c6180 R15: 00007fff18cf10e8
[  288.993265][ T8233]  </TASK>
[  288.996343][ T5798] Bluetooth: hci1: command tx timeout
[  290.003719][ T8245] ceph: No mds server is up or the cluster is laggy
[  290.023035][ T8175] libceph: connect (1)[c::]:6789 error -101
[  290.035810][ T8175] libceph: mon0 (1)[c::]:6789 connect error
[  291.121223][ T8250] netlink: 12 bytes leftover after parsing attributes in process `syz.1.549'.
[  291.243448][ T5798] Bluetooth: hci1: command tx timeout
[  291.439816][ T8261] (syz.1.551,8261,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  291.486244][ T8261] (syz.1.551,8261,0):ocfs2_fill_super:1178 ERROR: status = -22
[  291.551948][ T5858] libceph: connect (1)[c::]:6789 error -101
[  291.567062][ T5858] libceph: mon0 (1)[c::]:6789 connect error
[  291.603298][ T8267] ceph: No mds server is up or the cluster is laggy
[  292.713439][ T8282] loop3: detected capacity change from 0 to 128
[  293.216931][ T5858] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  293.227886][ T8302] loop1: detected capacity change from 0 to 65
[  293.246735][ T8302] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  293.396921][ T5858] usb 5-1: device descriptor read/64, error -71
[  293.650716][ T7786] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  293.687830][ T5858] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  293.806681][ T5798] Bluetooth: hci1: command tx timeout
[  293.866590][ T7786] usb 4-1: Using ep0 maxpacket: 32
[  293.868185][ T5858] usb 5-1: device descriptor read/64, error -71
[  293.885106][ T7786] usb 4-1: unable to get BOS descriptor or descriptor too short
[  293.897364][ T7786] usb 4-1: config 5 has an invalid interface number: 103 but max is 0
[  293.923719][ T7786] usb 4-1: config 5 has no interface number 0
[  293.948379][ T7786] usb 4-1: config 5 interface 103 altsetting 4 bulk endpoint 0x5 has invalid maxpacket 1023
[  293.991892][ T7786] usb 4-1: config 5 interface 103 altsetting 4 bulk endpoint 0xC has invalid maxpacket 16
[  294.007637][ T5858] usb usb5-port1: attempt power cycle
[  294.028903][ T7786] usb 4-1: config 5 interface 103 has no altsetting 0
[  294.055852][ T7786] usb 4-1: New USB device found, idVendor=0711, idProduct=0230, bcdDevice=3c.61
[  294.072418][ T7786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.098385][ T7786] usb 4-1: Product: syz
[  294.102624][ T7786] usb 4-1: Manufacturer: syz
[  294.126693][ T7786] usb 4-1: SerialNumber: syz
[  294.140761][ T8296] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  294.154648][ T8296] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  294.395091][ T8296] netlink: 40 bytes leftover after parsing attributes in process `syz.3.559'.
[  294.433431][ T7786] mct_u232 4-1:5.103: MCT U232 converter detected
[  294.453245][ T7786] mct_u232 ttyUSB0: expected endpoint missing
[  294.466777][ T5858] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  294.486845][ T7786] usb 4-1: USB disconnect, device number 14
[  294.495252][ T7786] mct_u232 4-1:5.103: device disconnected
[  294.527186][ T5858] usb 5-1: device descriptor read/8, error -71
[  294.830029][ T5858] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  294.880635][ T5858] usb 5-1: device descriptor read/8, error -71
[  295.027417][ T5858] usb usb5-port1: unable to enumerate USB device
[  295.323246][ T8358] tipc: Failed to obtain node identity
[  295.328945][ T8358] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  295.673047][ T5858] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  295.693812][ T8365] loop4: detected capacity change from 0 to 1024
[  295.701392][ T8365] EXT4-fs: Ignoring removed orlov option
[  295.707173][ T8365] EXT4-fs: Ignoring removed mblk_io_submit option
[  295.736916][ T8365] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  295.768602][ T8365] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  295.886727][ T5858] usb 2-1: Using ep0 maxpacket: 32
[  295.917016][ T5858] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  295.942698][ T5858] usb 2-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  295.979815][ T5858] usb 2-1: Product: syz
[  296.000538][ T5858] usb 2-1: Manufacturer: syz
[  296.019006][ T5858] usb 2-1: SerialNumber: syz
[  296.039566][ T5858] usb 2-1: config 0 descriptor??
[  296.277862][ T8385] overlay: filesystem on ./file0 not supported as upperdir
[  296.757882][ T7645] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.955064][ T8404] FAULT_INJECTION: forcing a failure.
[  297.955064][ T8404] name failslab, interval 1, probability 0, space 0, times 0
[  297.968636][ T8404] CPU: 0 PID: 8404 Comm: syz.3.573 Not tainted syzkaller #0
[  297.975965][ T8404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  297.986069][ T8404] Call Trace:
[  297.989424][ T8404]  <TASK>
[  297.992383][ T8404]  dump_stack_lvl+0x16c/0x230
[  297.997114][ T8404]  ? show_regs_print_info+0x20/0x20
[  298.002351][ T8404]  ? load_image+0x3b0/0x3b0
[  298.006893][ T8404]  ? __might_sleep+0xe0/0xe0
[  298.011522][ T8404]  ? __lock_acquire+0x7c80/0x7c80
[  298.016585][ T8404]  should_fail_ex+0x39d/0x4d0
[  298.021316][ T8404]  should_failslab+0x9/0x20
[  298.025861][ T8404]  slab_pre_alloc_hook+0x59/0x310
[  298.030928][ T8404]  kmem_cache_alloc_node+0x60/0x330
[  298.036176][ T8404]  ? lock_chain_count+0x20/0x20
[  298.041058][ T8404]  ? dup_task_struct+0x57/0x7c0
[  298.045946][ T8404]  dup_task_struct+0x57/0x7c0
[  298.050658][ T8404]  ? lockdep_hardirqs_on+0x98/0x150
[  298.055897][ T8404]  copy_process+0x549/0x3d70
[  298.060539][ T8404]  ? __might_fault+0xaa/0x120
[  298.065266][ T8404]  ? __lock_acquire+0x7c80/0x7c80
[  298.070338][ T8404]  ? __pidfd_prepare+0x140/0x140
[  298.075310][ T8404]  ? __might_fault+0xaa/0x120
[  298.080011][ T8404]  ? __might_fault+0xaa/0x120
[  298.084747][ T8404]  kernel_clone+0x21b/0x840
[  298.089292][ T8404]  ? create_io_thread+0x140/0x140
[  298.094399][ T8404]  __se_sys_clone3+0x252/0x2c0
[  298.099223][ T8404]  ? __x64_sys_clone3+0x60/0x60
[  298.104123][ T8404]  ? do_sys_openat2+0x168/0x1c0
[  298.109035][ T8404]  ? lockdep_hardirqs_on+0x98/0x150
[  298.114274][ T8404]  do_syscall_64+0x55/0xb0
[  298.118720][ T8404]  ? clear_bhb_loop+0x40/0x90
[  298.123425][ T8404]  ? clear_bhb_loop+0x40/0x90
[  298.128134][ T8404]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  298.134073][ T8404] RIP: 0033:0x7f232e98ebe9
[  298.138532][ T8404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.158191][ T8404] RSP: 002b:00007f232f72bf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  298.166647][ T8404] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f232e98ebe9
[  298.174641][ T8404] RDX: 00007f232f72bf20 RSI: 0000000000000058 RDI: 00007f232f72bf20
[  298.182641][ T8404] RBP: 00007f232f72c090 R08: 0000000000000000 R09: 0000000000000058
[  298.190639][ T8404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.198637][ T8404] R13: 00007f232ebc6218 R14: 00007f232ebc6180 R15: 00007ffdebaad148
[  298.206655][ T8404]  </TASK>
[  298.628511][ T5858] peak_usb 2-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  298.636895][ T5858] peak_usb 2-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  299.017472][ T8417] loop3: detected capacity change from 0 to 1024
[  299.360819][ T5858] peak_usb: probe of 2-1:0.0 failed with error -71
[  299.568386][ T5858] usb 2-1: USB disconnect, device number 14
[  301.116994][ T8439] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0
[  301.381844][ T8441] tipc: Failed to obtain node identity
[  301.413105][ T8441] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  301.621594][   T41] hfsplus: b-tree write err: -5, ino 4
[  302.021294][ T8427] netlink: 12 bytes leftover after parsing attributes in process `syz.4.578'.
[  302.403331][ T8458] FAULT_INJECTION: forcing a failure.
[  302.403331][ T8458] name failslab, interval 1, probability 0, space 0, times 0
[  302.416149][ T8458] CPU: 1 PID: 8458 Comm: syz.3.581 Not tainted syzkaller #0
[  302.423469][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  302.433576][ T8458] Call Trace:
[  302.433588][ T8458]  <TASK>
[  302.433596][ T8458]  dump_stack_lvl+0x16c/0x230
[  302.433625][ T8458]  ? show_regs_print_info+0x20/0x20
[  302.433646][ T8458]  ? load_image+0x3b0/0x3b0
[  302.433665][ T8458]  ? __might_sleep+0xe0/0xe0
[  302.433687][ T8458]  ? __lock_acquire+0x7c80/0x7c80
[  302.433713][ T8458]  should_fail_ex+0x39d/0x4d0
[  302.433742][ T8458]  should_failslab+0x9/0x20
[  302.433766][ T8458]  slab_pre_alloc_hook+0x59/0x310
[  302.433793][ T8458]  ? __lock_acquire+0x7c80/0x7c80
[  302.433816][ T8458]  kmem_cache_alloc_node+0x60/0x330
[  302.433841][ T8458]  ? __alloc_skb+0x108/0x2c0
[  302.433871][ T8458]  __alloc_skb+0x108/0x2c0
[  302.433899][ T8458]  netlink_sendmsg+0x65b/0xbe0
[  302.433931][ T8458]  ? netlink_getsockopt+0x580/0x580
[  302.433957][ T8458]  ? aa_sock_msg_perm+0x94/0x150
[  302.433980][ T8458]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  302.434002][ T8458]  ? security_socket_sendmsg+0x80/0xa0
[  302.434036][ T8458]  ? netlink_getsockopt+0x580/0x580
[  302.434060][ T8458]  ____sys_sendmsg+0x5bf/0x950
[  302.434092][ T8458]  ? __asan_memset+0x22/0x40
[  302.434116][ T8458]  ? __sys_sendmsg_sock+0x30/0x30
[  302.434140][ T8458]  ? __import_iovec+0x5f2/0x860
[  302.434173][ T8458]  ? import_iovec+0x73/0xa0
[  302.434202][ T8458]  ___sys_sendmsg+0x220/0x290
[  302.434230][ T8458]  ? __sys_sendmsg+0x270/0x270
[  302.434276][ T8458]  ? __lock_acquire+0x7c80/0x7c80
[  302.434320][ T8458]  __se_sys_sendmsg+0x1a5/0x270
[  302.434350][ T8458]  ? __x64_sys_sendmsg+0x80/0x80
[  302.434392][ T8458]  ? lockdep_hardirqs_on+0x98/0x150
[  302.434423][ T8458]  do_syscall_64+0x55/0xb0
[  302.434444][ T8458]  ? clear_bhb_loop+0x40/0x90
[  302.434462][ T8458]  ? clear_bhb_loop+0x40/0x90
[  302.434482][ T8458]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  302.434511][ T8458] RIP: 0033:0x7f232e98ebe9
[  302.434530][ T8458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.434546][ T8458] RSP: 002b:00007f232f74d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  302.434568][ T8458] RAX: ffffffffffffffda RBX: 00007f232ebc6090 RCX: 00007f232e98ebe9
[  302.434582][ T8458] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  302.434594][ T8458] RBP: 00007f232f74d090 R08: 0000000000000000 R09: 0000000000000000
[  302.434606][ T8458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.434618][ T8458] R13: 00007f232ebc6128 R14: 00007f232ebc6090 R15: 00007ffdebaad148
[  302.434647][ T8458]  </TASK>
[  303.635724][ T8453] tty tty4: ldisc open failed (-12), clearing slot 3
[  305.792983][ T8509] tipc: Failed to obtain node identity
[  305.817826][ T8509] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  306.214222][ T8466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  306.643730][ T8529] netlink: 12 bytes leftover after parsing attributes in process `syz.3.592'.
[  308.378048][ T8535] loop3: detected capacity change from 0 to 32768
[  308.410288][ T8535] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.595 (8535)
[  308.449787][ T8535] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  310.164768][ T8535] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  310.207118][ T8535] BTRFS info (device loop3): setting nodatacow, compression disabled
[  310.215349][ T8535] BTRFS info (device loop3): max_inline at 0
[  310.284489][ T8535] BTRFS info (device loop3): using free space tree
[  310.396927][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  310.397738][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  310.490867][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  310.567397][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  310.627342][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  310.675677][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  310.716129][ T8570] loop4: detected capacity change from 0 to 64
[  310.723846][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  310.733589][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  310.763795][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  310.774093][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  310.784609][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  310.797192][ T8535] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  310.860288][ T8575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.601'.
[  311.309920][ T8535] BTRFS error (device loop3): open_ctree failed: -12
[  311.502722][ T8581] tipc: Failed to obtain node identity
[  311.521552][ T8581] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  311.746202][ T8588] loop4: detected capacity change from 0 to 1024
[  311.821571][ T8588] hfsplus: unable to parse mount options
[  311.889131][ T8588] netlink: 68 bytes leftover after parsing attributes in process `syz.4.606'.
[  312.160825][ T8591] netlink: 12 bytes leftover after parsing attributes in process `syz.1.604'.
[  313.156750][ T8178] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  313.526640][ T8178] usb 2-1: Using ep0 maxpacket: 32
[  313.545664][ T8178] usb 2-1: unable to get BOS descriptor or descriptor too short
[  313.574328][ T8178] usb 2-1: config 5 has an invalid interface number: 103 but max is 0
[  313.598621][ T8178] usb 2-1: config 5 has no interface number 0
[  313.612338][ T8178] usb 2-1: config 5 interface 103 altsetting 4 bulk endpoint 0x5 has invalid maxpacket 1023
[  313.634275][ T8178] usb 2-1: config 5 interface 103 altsetting 4 bulk endpoint 0xC has invalid maxpacket 16
[  313.655806][ T8178] usb 2-1: config 5 interface 103 has no altsetting 0
[  313.669436][ T8178] usb 2-1: New USB device found, idVendor=0711, idProduct=0230, bcdDevice=3c.61
[  313.686015][ T8178] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.704205][ T8178] usb 2-1: Product: syz
[  313.712876][ T8178] usb 2-1: Manufacturer: syz
[  313.723963][ T8178] usb 2-1: SerialNumber: syz
[  313.746896][ T8595] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  313.759690][ T8595] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  313.990394][ T8595] netlink: 40 bytes leftover after parsing attributes in process `syz.1.607'.
[  314.020727][ T8178] mct_u232 2-1:5.103: MCT U232 converter detected
[  314.030257][ T8178] mct_u232 ttyUSB0: expected endpoint missing
[  314.180990][ T8178] usb 2-1: USB disconnect, device number 15
[  314.189550][ T8178] mct_u232 2-1:5.103: device disconnected
[  314.213881][ T8627] loop3: detected capacity change from 0 to 1024
[  314.238464][ T8627] hfsplus: unable to parse mount options
[  314.273979][ T8629] tipc: Failed to obtain node identity
[  314.288272][ T8629] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  314.320311][ T8627] netlink: 68 bytes leftover after parsing attributes in process `syz.3.617'.
[  315.364981][ T8652] FAULT_INJECTION: forcing a failure.
[  315.364981][ T8652] name failslab, interval 1, probability 0, space 0, times 0
[  315.379531][ T8652] CPU: 0 PID: 8652 Comm: syz.3.626 Not tainted syzkaller #0
[  315.386881][ T8652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  315.396973][ T8652] Call Trace:
[  315.400282][ T8652]  <TASK>
[  315.403241][ T8652]  dump_stack_lvl+0x16c/0x230
[  315.407967][ T8652]  ? show_regs_print_info+0x20/0x20
[  315.413212][ T8652]  ? load_image+0x3b0/0x3b0
[  315.417760][ T8652]  ? __might_sleep+0xe0/0xe0
[  315.422391][ T8652]  ? __lock_acquire+0x7c80/0x7c80
[  315.427487][ T8652]  should_fail_ex+0x39d/0x4d0
[  315.432221][ T8652]  should_failslab+0x9/0x20
[  315.436779][ T8652]  slab_pre_alloc_hook+0x59/0x310
[  315.441875][ T8652]  kmem_cache_alloc_node+0x60/0x330
[  315.447125][ T8652]  ? __lock_acquire+0x1334/0x7c80
[  315.452192][ T8652]  ? __alloc_skb+0x108/0x2c0
[  315.456831][ T8652]  __alloc_skb+0x108/0x2c0
[  315.461300][ T8652]  netlink_sendmsg+0x65b/0xbe0
[  315.465445][ T8651] netlink: 'syz.0.625': attribute type 9 has an invalid length.
[  315.466118][ T8652]  ? netlink_getsockopt+0x580/0x580
[  315.478959][ T8652]  ? aa_sock_msg_perm+0x94/0x150
[  315.483939][ T8652]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  315.489263][ T8652]  ? security_socket_sendmsg+0x80/0xa0
[  315.494754][ T8652]  ? netlink_getsockopt+0x580/0x580
[  315.499973][ T8652]  ____sys_sendmsg+0x5bf/0x950
[  315.504771][ T8652]  ? __asan_memset+0x22/0x40
[  315.509381][ T8652]  ? __sys_sendmsg_sock+0x30/0x30
[  315.514445][ T8652]  ? __import_iovec+0x5f2/0x860
[  315.519335][ T8652]  ? import_iovec+0x73/0xa0
[  315.523880][ T8652]  ___sys_sendmsg+0x220/0x290
[  315.528582][ T8652]  ? __sys_sendmsg+0x270/0x270
[  315.533398][ T8652]  __sys_sendmmsg+0x275/0x4a0
[  315.538106][ T8652]  ? __ia32_sys_sendmsg+0x90/0x90
[  315.543169][ T8652]  ? mutex_unlock+0x10/0x10
[  315.547684][ T8652]  ? __fget_files+0x44a/0x4d0
[  315.552385][ T8652]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  315.558390][ T8652]  ? lock_chain_count+0x20/0x20
[  315.563260][ T8652]  __x64_sys_sendmmsg+0xa0/0xb0
[  315.568151][ T8652]  do_syscall_64+0x55/0xb0
[  315.572581][ T8652]  ? clear_bhb_loop+0x40/0x90
[  315.577265][ T8652]  ? clear_bhb_loop+0x40/0x90
[  315.581955][ T8652]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  315.587869][ T8652] RIP: 0033:0x7f232e98ebe9
[  315.592295][ T8652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.611915][ T8652] RSP: 002b:00007f232f76e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  315.620351][ T8652] RAX: ffffffffffffffda RBX: 00007f232ebc5fa0 RCX: 00007f232e98ebe9
[  315.628338][ T8652] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  315.636339][ T8652] RBP: 00007f232f76e090 R08: 0000000000000000 R09: 0000000000000000
[  315.644329][ T8652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.652330][ T8652] R13: 00007f232ebc6038 R14: 00007f232ebc5fa0 R15: 00007ffdebaad148
[  315.660327][ T8652]  </TASK>
[  317.255448][ T8666] netlink: 52 bytes leftover after parsing attributes in process `syz.3.629'.
[  317.757085][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  317.763527][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  318.114617][ T8670] netlink: 12 bytes leftover after parsing attributes in process `syz.4.627'.
[  318.676149][ T8680] tipc: Failed to obtain node identity
[  318.683457][ T8680] tipc: Enabling of bearer <ib:veth0_to_bridge> rejected, failed to enable media
[  318.816612][ T8178] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  318.902118][ T8689] loop4: detected capacity change from 0 to 2048
[  318.956000][ T8692] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  319.007972][ T8178] usb 2-1: Using ep0 maxpacket: 32
[  319.019824][ T8178] usb 2-1: unable to get BOS descriptor or descriptor too short
[  319.042095][ T8178] usb 2-1: config 5 has an invalid interface number: 103 but max is 0
[  319.057853][ T8689] NILFS error (device loop4): nilfs_dotdot: directory #12 missing '..'
[  319.064853][ T8178] usb 2-1: config 5 has no interface number 0
[  319.082296][ T8178] usb 2-1: config 5 interface 103 altsetting 4 bulk endpoint 0x5 has invalid maxpacket 1023
[  319.098363][ T8689] Remounting filesystem read-only
[  319.100768][ T8178] usb 2-1: config 5 interface 103 altsetting 4 bulk endpoint 0xC has invalid maxpacket 16
[  319.114382][ T8178] usb 2-1: config 5 interface 103 has no altsetting 0
[  319.121987][   T48] NILFS (loop4): discard dirty page: offset=4096, ino=6
[  319.129289][   T48] NILFS (loop4): discard dirty block: blocknr=28, size=2048
[  319.137188][   T48] NILFS (loop4): discard dirty block: blocknr=29, size=2048
[  319.145682][   T48] NILFS (loop4): discard dirty page: offset=0, ino=3
[  319.153942][ T8178] usb 2-1: New USB device found, idVendor=0711, idProduct=0230, bcdDevice=3c.61
[  319.163820][ T8178] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.172252][   T48] NILFS (loop4): discard dirty block: blocknr=33, size=2048
[  319.180727][   T48] NILFS (loop4): discard dirty block: blocknr=34, size=2048
[  319.188197][ T8178] usb 2-1: Product: syz
[  319.193269][ T8178] usb 2-1: Manufacturer: syz
[  319.198285][   T48] NILFS (loop4): discard dirty page: offset=135168, ino=3
[  319.205603][ T8178] usb 2-1: SerialNumber: syz
[  319.211462][   T48] NILFS (loop4): discard dirty block: blocknr=0, size=2048
[  319.221547][   T48] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=2048
[  319.231134][ T8676] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  319.239488][ T8676] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  319.247244][   T48] NILFS (loop4): discard dirty page: offset=0, ino=18
[  319.254436][   T48] NILFS (loop4): discard dirty block: blocknr=0, size=2048
[  319.262518][   T48] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=2048
[  319.272048][   T48] NILFS (loop4): discard dirty page: offset=0, ino=2
[  319.279179][   T48] NILFS (loop4): discard dirty block: blocknr=15, size=2048
[  319.290544][   T48] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=2048
[  319.299985][ T8693] NILFS (loop4): mounting fs with errors
[  319.485620][ T8676] netlink: 40 bytes leftover after parsing attributes in process `syz.1.631'.
[  319.533591][ T8178] mct_u232 2-1:5.103: MCT U232 converter detected
[  319.564214][ T8178] mct_u232 ttyUSB0: expected endpoint missing
[  319.607461][ T8178] usb 2-1: USB disconnect, device number 16
[  319.649122][ T8178] mct_u232 2-1:5.103: device disconnected
[  320.339136][ T8714] netlink: 12 bytes leftover after parsing attributes in process `syz.3.640'.
[  320.425598][ T8714] loop3: detected capacity change from 0 to 1024
[  320.439652][ T8714] EXT4-fs: Ignoring removed nomblk_io_submit option
[  321.526708][ T8692] ------------[ cut here ]------------
[  321.532618][ T8692] WARNING: CPU: 0 PID: 8692 at fs/buffer.c:1188 mark_buffer_dirty+0x2bb/0x4d0
[  321.541672][ T8692] Modules linked in:
[  321.545597][ T8692] CPU: 0 PID: 8692 Comm: segctord Not tainted syzkaller #0
[  321.552864][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  321.562967][ T8692] RIP: 0010:mark_buffer_dirty+0x2bb/0x4d0
[  321.569109][ T8692] Code: 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 ef ac fc ff e8 aa 11 8a ff 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 8a 58 e8 ff e8 95 11 8a ff <0f> 0b e9 84 fd ff ff e8 89 11 8a ff 0f 0b e9 b0 fd ff ff e8 7d 11
[  321.588996][ T8692] RSP: 0018:ffffc900035476f0 EFLAGS: 00010293
[  321.595096][ T8692] RAX: ffffffff81fb7e0b RBX: ffff88807875a1d0 RCX: ffff888023451e00
[  321.603415][ T8692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  321.611479][ T8692] RBP: ffffc90003547b01 R08: ffff88807875a1d7 R09: 1ffff1100f0eb43a
[  321.619597][ T8692] R10: dffffc0000000000 R11: ffffed100f0eb43b R12: 1ffff1100bcb1829
[  321.627727][ T8692] R13: ffff88805e58c158 R14: ffff88805e58bae0 R15: 1ffff1100bcb182b
[  321.635729][ T8692] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  321.644717][ T8692] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  321.651677][ T8692] CR2: 00007f8fa29c1a90 CR3: 0000000079e93000 CR4: 00000000003506f0
[  321.659784][ T8692] Call Trace:
[  321.663093][ T8692]  <TASK>
[  321.666326][ T8692]  nilfs_segctor_do_construct+0x32c/0x6870
[  321.672318][ T8692]  ? mark_lock+0x94/0x320
[  321.676717][ T8692]  ? verify_lock_unused+0x140/0x140
[  321.681965][ T8692]  ? verify_lock_unused+0x140/0x140
[  321.687267][ T8692]  ? nilfs_transaction_unlock+0x220/0x220
[  321.693033][ T8692]  ? nilfs_bmap_test_and_clear_dirty+0x50/0x70
[  321.699300][ T8692]  ? nilfs_segctor_confirm+0x24d/0x2d0
[  321.704807][ T8692]  ? __lock_acquire+0x7c80/0x7c80
[  321.709915][ T8692]  ? __rwlock_init+0x150/0x150
[  321.714719][ T8692]  ? do_raw_spin_unlock+0x121/0x230
[  321.720035][ T8692]  ? _raw_spin_unlock+0x28/0x40
[  321.724927][ T8692]  ? nilfs_segctor_confirm+0x24d/0x2d0
[  321.730615][ T8692]  nilfs_segctor_construct+0x17b/0x690
[  321.736122][ T8692]  nilfs_segctor_thread+0x4f6/0x1000
[  321.741512][ T8692]  ? nilfs_iput_work_func+0x70/0x70
[  321.746793][ T8692]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  321.752731][ T8692]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  321.758701][ T8692]  ? wake_bit_function+0x200/0x200
[  321.763859][ T8692]  ? __kthread_parkme+0x7a/0x1c0
[  321.769162][ T8692]  kthread+0x2fa/0x390
[  321.773268][ T8692]  ? nilfs_iput_work_func+0x70/0x70
[  321.778537][ T8692]  ? kthread_blkcg+0xd0/0xd0
[  321.783162][ T8692]  ret_from_fork+0x48/0x80
[  321.787666][ T8692]  ? kthread_blkcg+0xd0/0xd0
[  321.792286][ T8692]  ret_from_fork_asm+0x11/0x20
[  321.797139][ T8692]  </TASK>
[  321.800210][ T8692] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  321.807596][ T8692] CPU: 0 PID: 8692 Comm: segctord Not tainted syzkaller #0
[  321.814816][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  321.824902][ T8692] Call Trace:
[  321.828212][ T8692]  <TASK>
[  321.831171][ T8692]  dump_stack_lvl+0x16c/0x230
[  321.835877][ T8692]  ? show_regs_print_info+0x20/0x20
[  321.841092][ T8692]  ? load_image+0x3b0/0x3b0
[  321.845618][ T8692]  panic+0x2c0/0x710
[  321.849545][ T8692]  ? bpf_jit_dump+0xd0/0xd0
[  321.854069][ T8692]  ? ret_from_fork_asm+0x11/0x20
[  321.859049][ T8692]  __warn+0x2e0/0x470
[  321.863051][ T8692]  ? mark_buffer_dirty+0x2bb/0x4d0
[  321.868187][ T8692]  ? mark_buffer_dirty+0x2bb/0x4d0
[  321.873313][ T8692]  report_bug+0x2be/0x4f0
[  321.877658][ T8692]  ? mark_buffer_dirty+0x2bb/0x4d0
[  321.882787][ T8692]  ? mark_buffer_dirty+0x2bb/0x4d0
[  321.887911][ T8692]  ? mark_buffer_dirty+0x2bd/0x4d0
[  321.893038][ T8692]  handle_bug+0xcf/0x120
[  321.897294][ T8692]  exc_invalid_op+0x1a/0x50
[  321.901813][ T8692]  asm_exc_invalid_op+0x1a/0x20
[  321.906679][ T8692] RIP: 0010:mark_buffer_dirty+0x2bb/0x4d0
[  321.912413][ T8692] Code: 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 ef ac fc ff e8 aa 11 8a ff 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 8a 58 e8 ff e8 95 11 8a ff <0f> 0b e9 84 fd ff ff e8 89 11 8a ff 0f 0b e9 b0 fd ff ff e8 7d 11
[  321.932039][ T8692] RSP: 0018:ffffc900035476f0 EFLAGS: 00010293
[  321.938132][ T8692] RAX: ffffffff81fb7e0b RBX: ffff88807875a1d0 RCX: ffff888023451e00
[  321.946117][ T8692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  321.954097][ T8692] RBP: ffffc90003547b01 R08: ffff88807875a1d7 R09: 1ffff1100f0eb43a
[  321.962079][ T8692] R10: dffffc0000000000 R11: ffffed100f0eb43b R12: 1ffff1100bcb1829
[  321.970061][ T8692] R13: ffff88805e58c158 R14: ffff88805e58bae0 R15: 1ffff1100bcb182b
[  321.978051][ T8692]  ? mark_buffer_dirty+0x2bb/0x4d0
[  321.983185][ T8692]  nilfs_segctor_do_construct+0x32c/0x6870
[  321.989015][ T8692]  ? mark_lock+0x94/0x320
[  321.993362][ T8692]  ? verify_lock_unused+0x140/0x140
[  321.998690][ T8692]  ? verify_lock_unused+0x140/0x140
[  322.003906][ T8692]  ? nilfs_transaction_unlock+0x220/0x220
[  322.009641][ T8692]  ? nilfs_bmap_test_and_clear_dirty+0x50/0x70
[  322.015814][ T8692]  ? nilfs_segctor_confirm+0x24d/0x2d0
[  322.021293][ T8692]  ? __lock_acquire+0x7c80/0x7c80
[  322.026334][ T8692]  ? __rwlock_init+0x150/0x150
[  322.031116][ T8692]  ? do_raw_spin_unlock+0x121/0x230
[  322.036331][ T8692]  ? _raw_spin_unlock+0x28/0x40
[  322.041196][ T8692]  ? nilfs_segctor_confirm+0x24d/0x2d0
[  322.046683][ T8692]  nilfs_segctor_construct+0x17b/0x690
[  322.052162][ T8692]  nilfs_segctor_thread+0x4f6/0x1000
[  322.057491][ T8692]  ? nilfs_iput_work_func+0x70/0x70
[  322.062789][ T8692]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  322.068700][ T8692]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  322.074621][ T8692]  ? wake_bit_function+0x200/0x200
[  322.079745][ T8692]  ? __kthread_parkme+0x7a/0x1c0
[  322.084709][ T8692]  kthread+0x2fa/0x390
[  322.088805][ T8692]  ? nilfs_iput_work_func+0x70/0x70
[  322.094023][ T8692]  ? kthread_blkcg+0xd0/0xd0
[  322.098621][ T8692]  ret_from_fork+0x48/0x80
[  322.103044][ T8692]  ? kthread_blkcg+0xd0/0xd0
[  322.107649][ T8692]  ret_from_fork_asm+0x11/0x20
[  322.112441][ T8692]  </TASK>
[  322.115793][ T8692] Kernel Offset: disabled
[  322.120214][ T8692] Rebooting in 86400 seconds..