last executing test programs:

10m27.913447282s ago: executing program 32 (id=77):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000300)="ba", 0x1}], 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

8m26.935087206s ago: executing program 0 (id=492):
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xa0800, 0x154)
eventfd2(0x80000000, 0x80001)
open$dir(0x0, 0x101400, 0x82)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001740)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
eventfd(0x51)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r0, 0x1)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e21, 0x9f, @remote, 0x2}, 0x1c)
ioctl$int_in(r0, 0x5452, &(0x7f0000000740)=0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000880)=0x3, 0x4)
eventfd(0x200)
socket(0x10, 0x2, 0x0)
io_submit(0x0, 0x4, &(0x7f0000001b40)=[0x0, 0x0, 0x0, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x8, 0x5, 0xffffffffffffffff, &(0x7f0000001ac0), 0x0, 0x5b, 0x0, 0x1}])
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28}, 0x94)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000040)={{&(0x7f000063b000/0x4000)=nil, 0x4000}})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000080))
io_uring_setup(0x1555, &(0x7f0000000240)={0x0, 0x6522, 0x2, 0x1, 0x19e})
syz_emit_ethernet(0x22, &(0x7f0000000340)={@local, @random="b0c942034375", @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @local}}}}}, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x80)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

8m25.098323631s ago: executing program 0 (id=498):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0x5, 0xffffffffffffffff, 'id1\x00'})
shutdown(r0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x7, &(0x7f0000000080)=0x1f, 0x4)
getsockopt$inet_tcp_int(r1, 0x6, 0x7, 0x0, &(0x7f0000000040))
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

8m19.018889338s ago: executing program 0 (id=513):
r0 = socket(0x10, 0x803, 0x0)
write(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4)
sendto(r0, &(0x7f0000000380)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003180)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x10120, 0x0)

8m17.960827772s ago: executing program 0 (id=515):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

8m17.062371088s ago: executing program 0 (id=516):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
syz_open_dev$media(&(0x7f0000000000), 0x5, 0x200000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000100)={&(0x7f0000000380)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c000000000000000000000007000000440c05e3e0"], 0x20}, 0x0)

8m15.787535296s ago: executing program 0 (id=518):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x2000, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x4}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x78, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x48, 0x2, [@TCA_BASIC_EMATCHES={0x44, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x24, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_RVALUE={0x5, 0x3, [@TCF_META_TYPE_VAR="04"]}, @TCA_EM_META_LVALUE={0x4}]}}]}]}]}}]}, 0x78}}, 0x0)

8m0.199799441s ago: executing program 33 (id=518):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x2000, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x4}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x78, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x48, 0x2, [@TCA_BASIC_EMATCHES={0x44, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x24, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_RVALUE={0x5, 0x3, [@TCF_META_TYPE_VAR="04"]}, @TCA_EM_META_LVALUE={0x4}]}}]}]}]}}]}, 0x78}}, 0x0)

6m43.903445353s ago: executing program 6 (id=717):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001040)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @multicast}, 0x14)

6m42.15160409s ago: executing program 6 (id=721):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x11, &(0x7f0000000400)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x87}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

6m41.124650926s ago: executing program 6 (id=722):
r0 = socket(0x10, 0x803, 0x0)
write(r0, &(0x7f0000000340)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b000000000", 0x25)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4)
sendto(r0, &(0x7f0000000380)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003180)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x10120, 0x0)

6m40.141531539s ago: executing program 6 (id=724):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x4000003, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x5, [@decl_tag={0x5, 0x0, 0x0, 0x11, 0x5, 0xffffffffffffffff}, @const={0xd, 0x0, 0x0, 0xa, 0x3}, @func={0xf, 0x0, 0x0, 0xc, 0x4}, @const={0x9, 0x0, 0x0, 0xa, 0x3}, @fwd={0xf}, @var={0x7, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x5f, 0x30, 0x61]}}, &(0x7f0000000100)=""/34, 0x6d, 0x22, 0x0, 0x3}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x1, 0x0, r0, 0x200, '\x00', 0x0, r1, 0x1, 0x0, 0x5}, 0x50)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x8}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xc0ffffff}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

6m35.766026295s ago: executing program 6 (id=728):
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet(0x2, 0x1, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$pppoe(0x18, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/user\x00')
socket(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet(0x2, 0x1, 0x0)
socket$pptp(0x18, 0x1, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x206, 0x8401)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
socket$inet6(0xa, 0x5, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e21, @private=0xa010100}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e24, @loopback}, 0x1db, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x8})
r0 = socket(0x200000000000011, 0x4000000000080002, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x24040844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

6m34.842386079s ago: executing program 6 (id=730):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000100)={&(0x7f0000000380)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c000000000000000000000007000000440c05e3e0"], 0x20}, 0x0)

6m29.72076268s ago: executing program 4 (id=742):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rt_tgsigqueueinfo(r0, r0, 0x39, 0x0)
lremovexattr(0x0, 0x0)
syz_open_dev$vcsa(0x0, 0x1, 0x102)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000002080)={0x200f, {"20e30a30ed0d09f91b5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c526db51b1b5b31070d0773090acd3b78130daa61d8e8040001000000b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19300305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f6709000000a141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a027d5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf050000008000000000f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b3f3f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7af1d0e54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c01008e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2f5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d21488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e1a63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e09d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a603336c00000077cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046ca5b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe6531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e6586df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59555e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0d8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb601203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000930dedf800", 0x1000}}, 0x1006)

6m27.427830786s ago: executing program 4 (id=746):
syz_mount_image$exfat(&(0x7f0000000a00), &(0x7f0000001540)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[], 0x1, 0x14fe, &(0x7f0000002a80)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSEhL2/9J78L5v7/f1ff/e/993fbN+17Wv2WvuZ61n3bPmmue+n+ua57ueo+q1qF+7GRGJPwT+/CVFCBEjhBgmhLhOCBEIISrFV4q/fLyAgpQ/9iTs3+vh9KvdAbuaeP55G88/b+P55208/7yN55+38fzzNp5/3sbzZywv2z6n2PW88u7i9//zMn79/18kt/zkrzaWv7HXfyOF55+38fzzNp5/3sbzz9t4/nkbz/9/v1r/yTGef97G82csL9sOWoj/Ae9D87o662r//jHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYyxvO+Su0EOKv+6vdF2OMMcYYY4wxxv59fP6r3QFjjDHGGGOMMcb+3wMhhRJaBCKfyC9iRAERK64RceJaUVBcJyLiehEvbhCFxI2isCgiiopiIkEUFyWEESisIBGKkqKUiIqbRGlxs0gUZURZUU44UV4kiVtEBXGrqChuE5XE7aKyuENUEVVFNVFd3ClqiLtETVFL1BZ3izqirqgn6ot7RANxr2go7hONxP2isXhANBEPiqbiIdFMPCyai0dEC/GoaCkeE61Ea9FGtBXt/q/yXxJ9xcuin+gvUsQAMVC8IgaJwWKIGCqGiVfFcPGaGCFeF6lipBgl3hCjxZtijHhLjBXjxHjxtpggJopJYrKYIqaKNPGOmCbeFdPFe2KGmClmidkiXcwRc8X7Yp6YLxaID8RC8aFYJBaLJWKpyBAfiUyxTGSJj8Vy8YnIFivESrFKrBZrxFqxTqwXG8RGsUlsFlvEVrFNbBefih1ip9gldos9Yq/YJz4T+8Xn4oD4QuSIL/+b+Wf/Kb8XCBAgQYIGDfkgH8RADMRCLMRBHBSEghCBCMRDPBSCQlAYCkNRKAoJkAAloAQgIBAQlISSEIUolIbSkAiJUBbKggMHSZAEFeBWqAgVoRJUgspQGapAVagK1aE61IAaUBNqQm2oDXWgDtSDenAP3AP3QkNoCI2gETSGxtAEmkBTaArNoBk0h+bQAlpAS2gJraAVtIE20A7aQXtoDx2gA3SCTtAZOkMX6ALJkAxdoSt0g27QHbpDD+gBPaEn9ILe0BtegpfgZXgZ+kMdOQAGwkAYBINgCAyFofAqDIfX4DV4HVJhJIyCN+ANeBPGwBkYC+NgPIyHGnIiTILJQHIqpEEaTINpMB2mwwyYCTNhNqTDHJgLc2EezIf58AEshA/hQ1gMi2EpZEAGZMIyyIIsWA5nIRtWwEpYBathDayGdbAe1sFG2AQbYQtsgW2wDT6FT2En7ITdsBv2wl74DD6Dz+FzSIUcyIGDcBAOwSE4DIchF3LhCByBo3AUjsExOA7H4QSchFNwEk7DaTgDZ+EcnIPzcB4uwAsJ3zTfW2ZDqpCXaallPplPxsgYGStjZZyMkwVlQRmRERkv42UhWUgWloVlUVlUJsgEWUKWkChRkgxlSVlSRmVUlpalZaJMlGVlWemkk0kySVaQFWRFWVFWkrfLyvIOWUVWlR1ddVld1pCdXE1ZS9aWtWUdWVfWk/VlfdlANpANZUPZSDaSjWVj2UQ+KJvKATAEHpaXJ9NCjoSWchS0kq1lG9lWvgmPy/ZyDHSQHWUn+aQcB2Ohi2zvkuUzsqucBN3kc3IyPC97yKnQU74oe8neso98SfaVHVw/2V/OgAFyoJwNg+RgOUQOlfOgrrw8sXrydZkqR8pR8g25FN6UY+RbcqwcJ8fLt+UEOVFOkpPlFDlVpsl35DT5rpwu35Mz5Ew5S86W6XKOnCvfl/PkfLlAfiAXyg/lIrlYLpFLZYb8SGbKZTJLfiyXy09ktlwhV8pVcrVcI9fKdXK93CA3yk1ys9wit8ptcrv8VO6QO+UuuVvukXvlPvmZ3C8/lwfkFzJHfikPyj/JQ/IreVh+LXPlN/KI/FYeld/JY/J7eVz+IE/Ik/KU/FGelj/JM/KsPCd/luflL/KCvCgvSS+FAiWVUloFKp/Kr2JUARWrrlFx6lpVUF2nIup6Fa9uUIXUjaqwKqKKqmIqQRVXJZRRqKwiFaqSqpSKqptUaXWzSlRlVFlVTjlVXiWpW1QFdauqqG5TldTtqrK6Q1VRVVU1VV3dqWqou1RNVUvVVnerOqquqqfqq3tUA3WvaqjuU43U/aqxekA1UQ+qpuoh1Uw9rJqrR1QL9ahqqR5TrVRr1Ua1Ve3U46q9ekJ1UB1VJ/Wk6qyeUl3U0ypZPaO6qmdVN/Wc6q6eVz3UC6qnelH1Ur1VH3VRXVJe9VP9VYoaoAaqV9QgNVgNUUPVMPWqGq5eUyPU6ypVjVSj1BtqtHpTjVFvqbFqnBqv3lYT1EQ1SU1WU9RUlabeUdPUu2q6ek/NUDPVLDVbpas5ashfKi34L+S/+y/yR/z67NvUdvWp2qF2ql1qt9qj9qp9ap/ar/arA+qAylE56qA6qA6pQ+qwOqxyVa46oo6oo+qoOqaOqePquDqhTqqf1Y/qtPpJnVFn1Vn1szqvzqsLf/kZCA1aaqW1DnQ+nV/H6AI6Vl+j4/S1uqC+Tkf09Tpe36AL6Rt1YV1EF9XFdIIurktoo1FbTTrUJXUpHdU36dL6Zp2oy+iyupx2urxO0rf84fzf66+dbqfb6/a6g+6gO+lOurPurLvoLjpZJ+uuuqvuprvp7rq77qF76J66p+6le+k+uo/uq/vqfrqfTtEpeqB+RQ/Sg/UQPVQP06/q4Xq4HqFH6FSdqkfpUXq0Hq3H6DF6rB6rx+vxeoKeoCfpSXqKnqLTdJqepqfp6Xq6nqFn6Fl6lk7X6Xqunqvn6Xl6gV6gF+qFepFepJfoJTpDZ+hMnamzdJZerpfrbL1Cr9Cr9Cq9Rq/R6/Q6vUFv0Jv0Jr1Fb9HZervernfoHXqX3qX36D16n96n9+v9+oA+oHN0jj6oD+pD+pA+rA/rXJ2rj+gj+qg+qo/pY/q4Pq5P6BP6lD6lT+vT+ow+o8/pc/q8Pq8v6Av6kr50+bIvkIEMdKCDfEG+ICaICWKD2CAuiAsKBgWDSBAJ4oP4oFBwY1A4KBIUDYoFCUHxoERgAgxsQEEYlAxKBdHgpqB0cHOQGJQJygblAheUD5KCW4IKwa1BxeC2oFJwe1A5uCOoUkAE1YLqwZ1BjeCuoGZQK6gd3B3UCeoG9YL6wT1Bg+DeoGFwX9AouD9oHDwQNAkeDJoGDwXNgoeD5sEjQYvg0aBl8FjQKmgdtAnaBu3+uX5Q9Q/U9/5MkSdcP9PfpJgBZqB5xQwyg80QM9QMM6+a4eY1M8K8blLNSDPKvGFGmzfNGPOWGWvGmfHmbTPBTDSTzGQzxUw1aeYdM828a6ab98wMM9PMMrNNuplj5pr3zTwz3ywwH5iF5kOzyCw2S8xSk2E+MplmmckyH5vl5hOTbVaYlWaVWW3WmLVmnVlvNpiNZpPZbLaYrWab2W4+NTvMTrPL7DZ7zF6zz3xm9pvPzQHzhckxX5qD5k/mkPnKHDZfm1zzjTlivjVHzXfmmPneHDc/mBPmpDllfjSnzU/mjDlrzpmfzXnzi7lgLppLxl++uL/88o4aNebDfBiDMRiLsRiHcVgQC2IEIxiP8VgIC2FhLIxFsSgmYAKWwBJ4GSFhSSyJUYxiaSyNiZiIZbEsOnSYhElYAStgRayIlbASVsbKWAWrYDWshnfinXgX3oW1sBbejXdjXayL9bE+NsAG2BAbYiNshI2xMTbBJtgUm2IzbIbNsTm2wBbYEltiK2yFbbANtsN22B7bYwfsgJ2wE3bGztgFu2AyJmNX7IrdsBt2x+7YA3tgT+yJvbAX9sE+2Bf7Yj/shymYggNxIA7CQTgEh+AwHIbDcTiOwBGYiqk4CkfhaByNY3AMjsVxOB7fxgk4ESfhZJyCUzEN03AaTsPpOB1n4AychbMwHdNxLs7FeTgPF+ACXIgLcREuwiW4BDMwAzMxE7MwC5fjcszGbFyJK3E1rsa1uBbX43rciBtxM27GrbgVt+N23IE7cBfuwj24B/fhPtyP+/EAHsAczMGDeBAP4SE8jIcxF3PxCB7Bo3gUj+ExPI7H8QSewFN4Ck/jaTyDZ/AcnsPz+AtewIt4CT3GWCli7TU2zl5rC9rrbIwtYP8+LmqL2QRb3Jawxha2Rf4hRmttoi1jy9py1tnyNsne8pu4iq1qq9nq9k5bw95la/4mbmDvtQ3tfbaRvd/Wt/f8Q9zYPmCb2EdtU/uYbWZb2+a2rW1hH7Ut7WO2lW1t29i2trN9ynaxT9tk+4ztap/9TZxpl9n1doPdaDfZ/fZze87+bI/a7+x5+4vtZ/vbYfZVO9y+ZkfY122qHfmbeLx9206wE+0kO9lOsVN/E8+ys226nWPn2vftPDv/N3GG/cgutFl2kV1sl9ilv8aXe8qyH9vl9hObbVfYlXaVXW3X2LV23d96XWW32K12m91nP7M77E67y+62e+zeX+PL53HAfmFz7Jf2iP3WHrJf2cP2mM213/waXz6/Y/Z7e9z+YE/Yk/aU/dGetj/ZM/bsr+d/+dx/tBftJeutICBJijQFlI/yUwwVoFi6huLoWipI11GErqd4uoEK0Y1UmIpQUSpGCVScSpAhJEtEIZWkUhSlm6g03UyJVIbKUjlyVJ6S6BaqQLdSRbqNKtHtVJnuoCpUlapRdbqTatBdVJNqUW26m+pQXapH9ekeakD3UkO6jxrR/dSYHqAm9CA1pYeoGT1MzekRakGPUkt6jFpRa2pDbakdPU7t6QnqQB2pEz1Jnekp6kJPUzI9Q13pWepGz1F3ep560AvUk16kXtSb+tBL1Jdepn7Un1JoAA2kV2gQDaYhNJSG0as0nF6jEfQ6pdJIGkVv0Gh6k8bQWzSWxtF4epsm0ESaRJNpCk2lNHqHptG7NJ3eoxk0k2bRbEqnOTSX3qd5NJ8W0Ae0kD6kRbSYltBSyqCPKJOWURZ9TMvpE8qmFbSSVtFqWkNraR2tpw20kTbRZtpCW2kbbadPaQftpF20m/bQXtpHn9F++pwO0BeUQ1/SQfoTHaKv6DB9Tbn0DR2hb+kofUfH6Hs6Tj/QCTpJp+hHOk0/0Rk6S+foZzpPv9AFukiXyJMIIZShCnUYhPnC/GFMWCCMDa8J48Jrw4LhdWEkvD6MD28IC4U3hoXDImHRsFiYEBYPS4QmxNCGFIZhybBUGA1vCkuHN4eJYZmwbFgudGH5MCm8JawQ3hpWDG8LK4W3h5XDO8IqYdXw0furh3eGNcK7wpphrbB2eHdYJ6wb1gvrh/eEDcJ7w4bhfWGj8P6wYvhA2CR8MGwaPhQ2Cx8Om4ePhC3CR8OW4WNhq7B12CZsG7YLHw/bh0+EHcKOYafwybBz+FTYJXw6TA6fCbuGz/7u8ZRwQDgwfCV8JfT+PrUkujSaEf0omhldFs2KfhxdHv0kmh1dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a3Rb1vn5+4cBJp5x2gcvn8rsYV8DFumtcnLvWFXTXuYi73sW7G1whd6Mr7Iq4oq6YS3DFXQlnHDrryIWupCvlou4mV9rd7BJdGVfWlXPOlXdJrq1r59q59u4J18F1dJ3ck+5J95R7yj3tnnbPuK7uWdfNPee6u+ddD/eCe8G96Hq53q6Pe8n1dS+7fq6/S3EpbqAb6Aa5QW6IG+KGuWFuuBvuRrgRLtWlulFulBvtRrsxbowb68a68W68m+AmuElukpviprg0l+amuWluupvuZrgZbpab5dJdupvr5rp5bp5b4Ba4hYkL3SK3yC1xS1yGy3CZLtNluSy33C132S7brXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9wut8vtcXvcPrfP7Xf73QF3wOW4HHfQHXSH3CF32H3tct037oj71h1137lj7nt33P3gTriT7pT70Z12P7kz7qw75352590v7oK76C4579Ii70SmRd6NTI+8F5kRmRmZFZkdSY/MicyNvB+ZF5kfWRD5ILIw8mFkUWRxZElkaSQj8lEkM7IskhX5OLI88kkkO7IisjKyKrI6sibiffEdoS/pS/mov8mX9jf7RF/Gl/XlvPPlfZK/xVfwt/qK/jZfyd/uK/s7fBVf1Vfzj/lWvrVv49v6dv5x394/4Tv4jr6Tf9J39k/5Lv5pn+yf8V39s76bf85398/7Hv4F39O/6Hv53r6Pf8n39S/7fr6/T/ED/ED/ih/kB/shfqgf5l/1w/1rfoR/3af6kX6Uf8OP9m/6Mf4tP9aP8+P9236Cn+gn+cl+ip/q0/w7fpp/10/37/kZfqaf5Wf7dD/Hz/Xv+3l+vl/gP/AL/Yd+kV/sl/ilPsN/5DP9Mp/lP/bL/Sc+26/wK/0qv9qv8Wv9Or/eb/Ab/Sa/2W/xW/02v91/6nf4nX6X3+33+L1+n//M7/ef+wP+C5/jv/QH/Z/8If+VP+y/9rn+G3/Ef+uP+u/8Mf+9P+5/8Cf8SX/K/+hP+5/8GX/Wn/M/+/P+F3/BX/SX+H/WGGOMMcb+S9TvHB/wL74n/7IuGyiEuHZnsdx/rrm58J/3g2VC54gQ4pn+PR/+66pTJyUl5S+PzVYiKLVYCBG5kp9PXIlXiE7iKZEsOooK/7K/wbL3efqd+tHbhYj9W+dCxIi/xn9f/9b/oP7jT47PrByei/9P6i8WIrHUlZwC4kp8pX7F/6B+kfa/03+Br9KE6PB3OXHiSnylfpJ4Qjwrkv/hkYwxxhhjjDHG2J8NltW6/9798+X78wR9JSe/uBL/3v05Y4wxxhhjjDHGrr7ne/d5+vHk5I7decMb3vDmb5ur/ZeJMcYYY4wx9u925aL/anfCGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4zlXf8/Pk7sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//JhA6YA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)

6m22.795084549s ago: executing program 4 (id=750):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2210886, &(0x7f00000001c0)={[{}, {@i_version}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r1, 0x0)
r2 = open(&(0x7f00000001c0)='./file2\x00', 0x86442, 0x0)
dup3(r2, r0, 0x0)
io_setup(0x2, &(0x7f0000000400)=<r3=>0x0)
io_submit(r3, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}])

6m21.2708598s ago: executing program 4 (id=755):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000240)='./file3\x00', 0x4002, &(0x7f0000000440), 0x1, 0xbd2, &(0x7f0000000540)="$eJzs3N1rXGUaAPDnnEymaZvtpMuybPdmsyxLC8tOky4p27KwrVS88ULQW6EhnZSQ6QdJpCbNxUT/AVGvBW8EtShe2OveKHrrjba3ihdCkdgoiGjkzEeSNjNJ2s70hPb3g3fO+553Zp7nmcPMOS/MTABPrOHsJo04FBFnk4hSc38aEcV6byCi1rjfyvLixE/LixNJrK4+/30SSUTcWV6caD1X0tzubw4GIuKLp5L446ub487OL0yPV6uVmeb46NyFy0dn5xf+PXVh/HzlfOXi6PH/jh0bOz5yYqxrtf789anrP/79mW9rv7z367Uf3ngniVMx2JzbWEe3DMfw2muyUSEixrsdLCd9zXo21pkUtnlQ2uOkAADoKN1wDffnKEVfrF+8leKTL3NNDgAAAOiK1b6IVQAAAOAxl1j/AwAAwGOu9T2AO8uLE62W7zcSHq3bpyNiqFH/SrM1ZgpRq28Hoj8i9t1JYuPPWpPGwx7acER8c+vEh1mLHv0OeSu1pYj4S7vjn9TrH6r/intz/WlEjHQh/vA9423q7+tCyLs8TP2nuhD/PusHgK64cbpxItt8/kvXrn+izfmv0Obc9SDanP+6fo7fSuv6b2XT9d96/X0drv+e22GMq+++daXTXFb//64//UGrZfGz7bZPuu2frOzM7aWIvxba1Z+s1Z90qP/sDmOUfrtS6TT3wPV3yerbEYejff0tydb/T3R0cqpaGWncto2x9PnY+53i511/dvz3dai/9f9PnY7/5R3GePHMmY827by13t26/vS7YvJCvVds7nl5fG5uZjSimDy7ef+xrXNp3af1HFn9R/6x9fu/Xf3ZZ0Kt+Tpka4Gl5jYbv3JPzP9fu/pxp3xa6788j/+5Dsd/Y/2fFTYf/9d2GOOfn75+pNPcxvVv1rL4rbUwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALSkETEYSVpe66dpuRyxPyL+FPvS6qXZuX9NXnrp4rlsLmIo+tPJqWplJCJKjXGSjUfr/fXxsXvG/4mIgxHxZmlvfVyeuFQ9l3fxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArNkfEYORpOWISCNipZSm5XLeWQEAAABddyDvBAAAAICeG8o7AQAAAKDnrP8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADosYN/u3EziYjayb31lik25/pzzQzotTTvBIDc9OWdAJCbQt4JALm5zzW+ywV4DCXbzA90nNnT9VwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L0OH7pxM4mI2sm99ZYpNuf6c80M6LU07wSA3PR1mhiIiMKjzQV4tLzF4clljQ8k28wPrN+ndvfMnp7lBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDuM1hvSVqOiGJzX7kc8YeIGIr+ZHKqWhmJiAMR8VWpf082Hs05ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALpvdn5herxarcxknTSanbU9OuudpPGK1XZLPjoP2SnGrkhjl3by/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPs/ML0+PVamVmNu9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLzNzi9Mj1erlZkedvKuEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/PweAAD//1pFCiI=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000300)={0x1800, r1, 0x2, 0x0, 0x10001})

6m19.47866118s ago: executing program 34 (id=730):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000100)={&(0x7f0000000380)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c000000000000000000000007000000440c05e3e0"], 0x20}, 0x0)

6m18.707271314s ago: executing program 4 (id=763):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000100), 0x22340, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12"], 0x48)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x1, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0x9, 0x8, 0x5, 0xfffffffffffffff7, 0x9, 0x0, 0x0, 0x0, 0xbd9], 0x1, 0x1c4292})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m16.03416565s ago: executing program 4 (id=767):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet6(0xa, 0x3, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xcd9}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6m0.758039408s ago: executing program 35 (id=767):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet6(0xa, 0x3, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xcd9}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m13.494359745s ago: executing program 1 (id=852):
timer_create(0xfffffffd, 0x0, &(0x7f00000011c0)=<r0=>0x0)
timer_create(0xfffffffffffffffd, 0x0, &(0x7f00000000c0)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_settime(r0, 0x1, &(0x7f0000000100)={{0x77359400}}, 0x0)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000000)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_read_part_table(0x407c, &(0x7f0000008140)="$eJzs079KemEYB/BHh98ParHoAt4tAqnjnySnqGhoMAenxgoLQQzSwqWlu+mSuoCuw8AM5FSDFgTx+UzPOd/3efku7+rL00FEFHbuBr1x5BQjYjKd9osRhYioz5JC/ujwutc/v+j237aK+ZiFlb74//A4G/4tfufmWsRpioiV0fPG0Xfa8Uf83zqb/5xMfXzfyzk5bKX2cStljUa1U6mmd7VUyz7fyLJsLvmhGktZL3Wuxum+ezvs3QzS7natnNqXo1TZK6dKs1n/xWYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDKDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rZPo3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG4FAAD//xQHINw=")

5m11.916831047s ago: executing program 1 (id=856):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000100), 0x22340, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12"], 0x48)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x1, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0x9, 0x8, 0x5, 0xfffffffffffffff7, 0x9, 0x0, 0x0, 0x0, 0xbd9], 0x1, 0x1c4292})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5m10.077814373s ago: executing program 1 (id=859):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000280)='./file1\x00', 0x2008412, &(0x7f0000000500)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRESDEC], 0x1, 0x553b, &(0x7f00000024c0)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x108)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

5m5.422933714s ago: executing program 1 (id=865):
keyctl$clear(0x3, 0xfffffffffffffffd)
keyctl$set_reqkey_keyring(0xe, 0x3)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000240)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1df}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x181)
bpf$MAP_CREATE(0xe4ffffff00000000, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1c00c, &(0x7f00000000c0)={[{@user_xattr}, {@nodelalloc}, {@noblock_validity}]}, 0x1, 0x470, &(0x7f0000000840)="$eJzs289vFFUcAPDvzHYLtWAr4i/wRxWNjT9aCqgcPKjRxAMmJnrAY9MWghQwtCZCSCzG4MkYE+7Go/+CJ70Y48nEq94NCTFcBE9rZmem3d1uC6W73ep+Psm0782v974782bfzNsJoG+NZX+SiF0R8XtEjOTZ5hXG8n83b1yauXXj0kwStdp7fyX19f6+cWmmXLW+3WDEcJEZTyPSz5PY36bchQsXT0/Pz8+dL/KTi2c+mly4cPHFU2emT86dnDt76OjRI4enXnn50EsdiXM40iL19gdfv3Psy6b4W+LokLH1Fj5Tq3W4uN7a3ZBOBnpYETakEhHZ4arW2/9IVGLl4I3EW5/1tHJAV9Vqtdrw2ouXasD/WBLNeU0e+kX5RZ/d/5ZTcxfgvm52P3ru+uv5DVAW981iypcMLD8xqLbc33bSWEQcX/rnm2yK7jyHAABo8kPW/3kh6+209v/SeLBhvXuLsaHRoke4JyLuj7OxNyIeiKiv+1BEPLzB8lsHSVb3f9JrjbknN7j/28n6f68WY1vN/b+y9xejlSK3ux5/NTlxan7uYPGZjEd1R5afatzpzuYyfnzzt6/WKr+x/5dNWfllX7Cox7WBHc3bzE4vTm827tL1yxH7BtrFnyyPBCQR8UhE7LvLMk49992jay27ffzr6MA4U+3biGfz478ULfGXkvXHJyd3xvzcwcnyrFjtl1+vvLtW+ZuKvwOy439P2/N/Of7RpHG8dmHjZVz544s172ka4s/O8js+/weT9+vpwWLeJ9OLS+enIgaTY3mlV+Yvnj+0sm2Zr/+fyuMfP9C+/e+JlU9if0RkJ/FjEfF4RDxR1D27Hj0VEQfWif/nN57+sHXe0Or4e3b8Zzd0/FcSg9E6p32icvqn75sKHV1JFvHfOr6UNea1rn9H6qnxYs6dXP/upF53dzYDAADAf08aEbsiSSeW02nERP4b/r0R6fy5hcXnT5z7+Oxs/o7AaFTT8knXSMPz0Knitj7PX46I/KcF5fLDxXPjq5When5i5tz8bK+Dhz43vLr9pxMT+bI/K72uHdB13teC/qX9Q//S/qF/baz97+haPYCt16b9D/WiHsDWa/f9/2kP6gFsvZb2b9gP+ojnf9C/tH/oX9o/9KWFobj9S/LrJso93d3mr22y9O2biOq2qEbXEpF2dIfVLa381UrENvgMt3Oit9clAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACATvk3AAD//+gM1ok=")
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000280)={@id={0x2, 0x0, @c}})
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)

5m2.704841578s ago: executing program 1 (id=868):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000e000000020033c2fad0d5b034169b0004ff9c3e0003000016030000000015000009000000041fd6efd9c21e101a430c8ed113dcafb4c7423e603d1e0bc802bcc6d1d055fdc0e83408"], &(0x7f0000000140)=""/143, 0x3e, 0x8f, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = creat(0x0, 0x49)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
unshare(0x22020400)
openat(r3, 0x0, 0x0, 0x36)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x20000000, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r6, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="3c0100001900010029bd7000fbdbdf25fe880000000000000000000000000101fe8000"/45, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x13c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
sendmsg$key(r4, &(0x7f0000000180)={0x700, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000000800000000000005000600000000000a0080ff00000000fc010000000000000000000000002200000000000000000005000500000000000a000000000000000000000000000000000000000000000000000000000000000800120002000200000000000000000030002b00020300000000000000000000fe880000000000000000000000000001fc0100"/158], 0xa0}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x180)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'lo\x00', &(0x7f0000000680)=@ethtool_gstrings={0x18, 0x1}})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="21000000fd20fd2d6e4700f80000181100002bce6985fda373a8bc376a4a39be251e89cdba9b19789a205076ade9944e4be0b34e853b64e2939ce1eaccb8577a444ee0ecbf97da8988256eddf22570c16dfc3e3a21f2796103a78bc400d3ecbcec7e7ea01aba07855ed89aa7d57fec97bb8a6a3d411768", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m0.486240212s ago: executing program 1 (id=873):
unshare(0x64000600)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fsopen(&(0x7f0000000300)='ext3\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32=r0], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
openat$kvm(0xffffffffffffff9c, 0x0, 0x88203, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x12, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @generic={0xa7}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x94)
ioctl$HIDIOCGFIELDINFO(r2, 0xc038480a, &(0x7f0000000280)={0x2, 0x200, 0x7, 0x26, 0xc, 0xffffffff, 0x7, 0x400, 0xfffffff8, 0x101, 0x9, 0x1, 0x0, 0x6})
fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x7002, 0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000240)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0xd240, 0xb, r4})
fcntl$lock(r2, 0x0, &(0x7f0000000140)={0x5a8628442418df32, 0x2, 0x7ffd, 0x80000000})
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r7, 0x25, 0x2, @val=@tracing={0x0, 0x10}}, 0x20)

4m58.765534196s ago: executing program 36 (id=873):
unshare(0x64000600)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fsopen(&(0x7f0000000300)='ext3\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32=r0], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
openat$kvm(0xffffffffffffff9c, 0x0, 0x88203, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x12, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @generic={0xa7}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x94)
ioctl$HIDIOCGFIELDINFO(r2, 0xc038480a, &(0x7f0000000280)={0x2, 0x200, 0x7, 0x26, 0xc, 0xffffffff, 0x7, 0x400, 0xfffffff8, 0x101, 0x9, 0x1, 0x0, 0x6})
fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x7002, 0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000240)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0xd240, 0xb, r4})
fcntl$lock(r2, 0x0, &(0x7f0000000140)={0x5a8628442418df32, 0x2, 0x7ffd, 0x80000000})
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r7, 0x25, 0x2, @val=@tracing={0x0, 0x10}}, 0x20)

3m58.518151327s ago: executing program 7 (id=988):
syz_mount_image$f2fs(&(0x7f0000010580), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x8, 0x105b7, &(0x7f00000105c0)="$eJzs3E1vG1UXAOAzTtO37VtKhFiw60gIKZFqq04/RHcFUvEhUkV8LFiBYzuWW9sTxU5iihAVa8SyfwRW7NnzJ2CFWCCxqwTyzLg0CCTUujFJnkcan7nX12fOtbI5M5EDOLGW0t9+TeJCnI2IhYg4H5GfJ+WRu1mElyLiYkRUHjuScv7RxOmIOBcRFybJi5xJ+dbnD+6vPxyvf/bdg1/Wvmz8cGl+uwbm7ZWI6G8X5/v9ImadIt4p5xt73Tz2r+6VsXijf7ccZ0Xcb2/mGfYb03WNPF7pFOuz7d3hJG71Gs1J7HS38vntQXHB4V5nmif/wJ3GTj5utTfz2B1meezcK+oal/HecFTkaZX5Ps3Tx2g0jcV8e9wu9rN9N4/NwaicL/JmrfZ4EvfKWF4umlmvldex+cRf83/eu93B7jjda+8Mu9kgvVarv1qrX6/Wd7JWe9S+Wm30W9evpsud3mRZddRu9G92sqzTa9eaWX8lXe40m9V6PV1ea292G4O0Xq9dqV2uXlspzy6lb97+MO210uVJfL072B11e8N0K9tJi0+spKu1KzdW0pfr6fvrG+nGe7durW988PHaR7dfW3/7jXJRWdZP70zLSpdXL6+uVuuXq6v1lROz/z/LmuH+zzzdxznpkhvzrgDgyNH/A/Og/48k9P+z7X8rR6//PRb9/xdPvn/9P08lmXcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMy4+L37yVnywV4/+X88+VUy+U4yQiKhHx+99YiNMHci6UeRb/Yf3iX2r4Pok8w+Qa/yuPcxFxszwePv+svwUAAAA4vr69f/HrolsvXpbmXRCHqbhpUzn/yYzyJRGxuPTzjLJVJi8vzihZ/vd9KsYzypbfwDozo2TFLbdTs8r2rywcCGceC0kRKodaDgAAcCgOdgKH24UAAABwmL6adwHMRxLTR5nTZ8H5f94XTwIXIuLsoxEAAABwRCXzLgAAAAB45vL+3+//AQAAwPFW/P4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzBzt2kpg5FcQA/iebp++LJo/NupTNdRpfQYYfFBXQTLsFuoRtwDXbWJRQtJlfaFAuFfFH5/SC53iB/TySTcy8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSU7FePNxd3jfN2e2baeduAAAAgFO2xXpRfphV89/p+t906X+aZxGRR8Sp3n0UP2qZo5RTfPL94kMNjxFlwuE3Jun4FRFX6Xj51/W/AAAAAOdrs1zNq269Os2GLog+VYs2+Z/rlvKyiChmzy2l5YfTxdt8P2mSdni+x3HbvKxSuYA1bSmsWnIbt5X2JaPaMH03ZNWQ91oOAADQi3on0G8XAgAAQJ9uhi6AYWRx3Mo87gVH2mNNG4I/azMAAADgG8qGLgAAAADoXNn/e/8fAAAAnLfq/X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0aVusF5vlat40Z7dvpp27AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADglf15R4EQCIMw2Lu+M5n7H1YaNDU1qQLh428MBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu6fRY4yjgP4M7s7cyYoOU5ZiFXESEQxexv/IdikEA4LxUosl8teWN2oJFeYcIXXWAi+Axtt0whXSSx8BSmsTBmbCLJFBBGrk2f+eJPklBHN7Gbz+cAzz4/Nk5nnmYPjvvPMHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUZmfDiaruxsNqUXfKz368vbMZ+xt39dGt0dXjscU6aXfaD5xevEf9ec8CAACAZdet8n0I4Wa6txH7zmqe/5+pxsTMv/NYUVd5/u7cX/VV9o/t2ndfv/PXhVaL66QhhK3JdLze2goXWPp2ONlw6LEGY/JnCcUTmm7+Zeu8ufv4LM3vevLF9etvZHm58t8mDQD8H05XfVlUPx/FfjjPiQGwtHplC7X8312d75wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2jDbDc9XdRJCeLJ3UEc3bu9sHtbfGl09XrVj7z3xWf2c8RRpCGFrMh2vt7iWRXay4bhLl698MJpOxxcVD2rxaFiIaSiWq7jP36AAAFgqadlirr+Z7m3Ez5K1EPa/ujP/n4pFdvD/muT/7yfXTtWvVc//w9ZWuNia5v/B9oWPB5cuX3lhcmF0fnx+/OGZ4UvDV9dfe3n4yiB/njLwVAUAAIC/l5Wtnv87a/fu/x+t1aFh/v/h53d/qV+rK//f45/y/0qtPtj0a2FSAAAAD5sjZX/it1+TQ/45ybJP90fb2xeHn+THJMtCXp0pji3P9l/4fb+qVspWz//dtblODgAAAGjJbDe5Y///XK0ODff/v33ujy/r5+yWj1S2JtPx6c2PpufaW87CWqTf/7/PSwUAAGCOjpStvv+f5u//d56qxnRCCM8+XdTlnwE8JP8Xb6vX8//rvc/P1q9Vf///xdZWuJg6/eJ+NMn/+dh+CL1+CxMDAABgKT1Stpj/f0r3Nt7/5uhbmff/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mR/7m0TBsI4Dr++JErcJiOkt/IxAw0VghH4kJAseQYGYCEaKlqLRWAFkMy5pjMUz9P8/sUV9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy9y90XLxFRROpnijTefJ1eI+It0rZtR+/dLHbnY/Nxm7P9YZLnZ0y/y4gooxjiHACAwVV9q7Lral0vf3J/c/9y/3OreVMvHvprAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAruzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfBQAA//+ermNK")
syz_emit_ethernet(0x3e, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
pipe2$9p(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_any}]}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x121542, 0x60)

3m51.564595381s ago: executing program 7 (id=999):
r0 = open$dir(0x0, 0x30200, 0x2c)
renameat2(0xffffffffffffffff, 0x0, r0, &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x560, &(0x7f0000000b00)="$eJzs3d9vW1cdAPDvvYnjrOuaFvYAE9ACg4Kq2o27VdNetr6A0DQJMfGAeOhC4kahdl1qZyyhEtnfMCSQeII/gQckHpD2xANvPCLxgJDGA1KBCtQigWR0rx3XS5zFm39t8ecj3d577vE933Oa2Of4OL4ngLl1ISL2ImIpIl6PiJXu+aS7xcudLXvcwwf31h89uLeeRLv92j+SPD87l19QfFzmk90ylyPiW1+P+F5yOG5zZ/fWWq1WvdtNl1v1O+Xmzu7lrfraZnWzertSubZ67coLV5+vjK2t5+u/uv+1rVe+/dvffPbdP+x99UdZtU5383rtGLNO0wu9OJnFiHhlEsFmYKG7X5pxPfhw0oj4RER8IX/+r8RC/tsJAJxk7fZKtFf60wDASZfmc2BJWoqINO0OAkqdObyn41RaazRbl242tm9vdObKzkYhvblVq145V/zTD/IHF5IsvZrn5fl5unIgfTUizkXET4pP5OnSeqO2MZshDwDMvSf7+/+I+HcxTUuloS4d8KkeAPCxsTzrCgAAU6f/B4D5o/8HgPkzRP/f/bB/b+J1AQCm44O9/z8zsXoAANNj/h8A5o/+HwDmyjdffTXb2o+697/eeGNn+1bjjcsb1eatUn17vbTeuHuntNlobOb37KkfV16t0biz+lxsv1luVZutcnNn90a9sX27dSO/r/eNamEqrQIA3s+58+/8MYmIvRefyLfoW8tBXw0nWzrrCgAzszDKxQYI8LFmtS+YX0N14fkg4fcTrwswGwNv5r088PC9ftbZvT1MEH9nBB8pFz89/Py/NZ7hZDH/D/Prw83/vzT2egDTZ/4f5le7nRxc83+plwUAnEgj/Alf+8fjGoQAM3XcYt7Hff4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8+h0RHw/krSUrwWeZv+mpVLEUxFxNgrJza1a9UpEnInzEVEoZunVWVcaABhR+reku/7XxZVnTx/MXUr+U8z3EfHDn7/20zfXWq27q9n5f/bOF/eXD6s8vm6EdQUBgDHL++9Kd9/3Rv7hg3vr+9vgKxcnUp/71+N/3aWI1x89uJdv+/GykxHL+Vji1L+SXg2WI+KZiFgYQ/y9tyLiU4Pan+RzI2e7K5/2x49u7KfGFT+JJI6Nn74nfprndfbZ4OuTY6gLzJt3rkfEy4Oe/2lcyPeDn//LY3pFvH+9U9j+a9+jvviL3UgLA+Jnz/kLw8Z47nffOHSyvdLJeyvimcVB8ZNe/OSI+M8OGf/Pn/nc2y8dkdf+RcTFGBy/P1a5Vb9Tbu7sXt6qr21WN6u3K5Vrq9euvHD1+Uo5n6Mu789UH/b3Fy+dOapuWftPHRF/eWD7l3rXfmnI9v/yv69/9/OPk8WD8b/yxcE//6cHxu/I+sQvDxl/7dSvj1y+O4u/cUT7j/v5Xxoy/rt/3d0Y8qEAwBQ0d3ZvrdVq1bsjHWTvQsdRzqGDrIrDPXh/uDha0L/EJFox7MGByhcm9b868YPF3lhxvCV/JytxQFa6/0uSvVV6/3KW4qisxRh4VTr2Vox08HBasWb3mgRMR1/nAwAAAAAAAAAAAAAAfEQd/32gwuhfawMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAJ+X8AAAD//7xIx1c=")
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)

3m50.05915335s ago: executing program 7 (id=1006):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x20000000)

3m49.050934603s ago: executing program 7 (id=1010):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000240)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1df}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x181)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)

3m43.300038842s ago: executing program 7 (id=1026):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x68000, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000002c0)={'veth0\x00', 0xe00})

3m42.606879085s ago: executing program 7 (id=1030):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)

3m41.146755588s ago: executing program 37 (id=1030):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)

2m25.629778538s ago: executing program 5 (id=1301):
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x20008c0, &(0x7f0000000c80)=ANY=[@ANYBLOB="6e66733d7374616c655f72772c73686f72746e616d653d6c6f7765722c696f636861727365743d69736f383835392d362c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c696f636861727365743d6b6f69382d752c757466383d302c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c696f636861727365743d6d6163637972696c6c69632c73686f72746e616d653d6c6f7765722c00a56b5bbfb959378e17e551154f7ce1796bd7d60f9a33b9a1273118efa95ae856a8986a4ec800243d3673047b0cdad0bf5512608d4828b7cf7bac7fa80234c95ed5e1a26a0033a9fea87d93cfc84ae7bb14a2e8ccbb075d8e6b05f6b5f34d79eb11ce9ba11f0d20a45bc1fa846d36f11148159bfb4aea9a0354fb91e4accb9a3c0351a8482d2353c99dddff5d1e9d2d9969aaf08a20ec5ecdf052d85f05267ba8912b0037021d2fe66895b413a70901e8b61e5dd08dd7859ff5121db92114ff5716e72c12cef6431b832e69a90a7fe94d28029106c05bf6557c9ed13f714ad0e608c41f29b7800f2874d0dd6e20a64309e3cf829e2c3c684b924f007fea7ee1e19b81bea8952d8fd759fe39973aa003a1172ddfca734ae94c23bfe8e812cdaef8675a6781bdfbd0c8d0322644e249df0cc0a7"], 0x4, 0x360, &(0x7f0000000900)="$eJzs3U+IG9UfAPBvOmmyLfS3e/hBURBGb4IubcWDnraULRRzUQn+OYjBblU2a2GDwfaw6XoRj4JHPXnzoAcPPYugiDcPXq0gVfGgvRUsjiSZJJM/m27BtK5+Pofw7Xvf77z3OsNmdnbz9uW12Dx/OC7cuHE9lpZKUV47sxY3S7ESSQxciWmVGW0AwMFwM8vi96xvnyWlBU8JAFiw3vv/q8cKLW9/OS8/8+4PAAde/v3/kXk5S3t1XFzIlACABZt6/v/QWHdl/Ef95cJvBQAAB9WzL7z41OlaxDNpuhSx9U673q7Hk6P+0xfi9WjGRpyI5bgV0b9R6L6Ueq9nz9XWT6Rp2omfVqLerWjXI7Y67Xr/TuF00quvxslYjpW8Pr/byLIsOftZbf1k2hMRVzq98WOr1K4fjqP5+N8fjY04FWn8f6o+4lxt/VSaH6C+NajvROyOnlt0578ay/HtK3ExmnE+urWD25ra+s7JND2T1cbq2/VqL69v7AnIxsJPCgAAAAAAAAAAAAAAAAAAAAAA/3qr6dDKcP+bbLR/z+rqjP7e/jj9+nx/oN3+/kBZNYss++2tR+vvJjG2P9Dk/jztejkO3dulAwAAAAAAAAAAAAAAAAAAwD9G61IlGs3mxnbr0uXNYtDZbl06FBHdlje+/uSLIzGdc5ugnI9R6ErzpsubjSwZJGfJWE4eJN3BBy0fXx3OuJhTHa5i5jSqe3c1m8ce/PGDUcsDyeDIf45ykpi9wGRiGsVg63/9Kd3Jf9QwOHWbnGtZlg1aYmLtOy9NV0UponznJ25+kHWDr66/dt9jreOP91o+z/oefmT5uWvvf/TLZqPZHTl6Z7Cy3bqVbTbyf8++2PYOksL1U4p+UCpeCeV55bvjLY3ku1+fv/+9b4YHLM+bT1ZseXNGTtJfzqeTXZV+0J3mRNeRiSG6KVnhnP6dp2kyOP7hWuPqzg8/77eq8EXCRh0AAAAAAAAAAAAAAAAAAHBXFD4rnss/7Ht4XtUTTy9+ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw94z+/n8h2J1q2U/wRyemu6ob262Iyr1eJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/3F/BQAA//9COmsa")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

2m23.342919706s ago: executing program 5 (id=1305):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0500000004000000060000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m17.455333301s ago: executing program 5 (id=1314):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[@code={0xa, 0x75, {"f326460f019f00200000420f01c5470f01c248b8f61e0000000000000f23c80f21f835080030000f23f8c462bd9791040000000f07c7442400e3420000c744240264000000c7442406000000000f011c24c421e3d040000f009f082c000066660f388000"}}], 0x75})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x43, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0xfffffffffffffffa, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)=@arm64={0x8, 0x9, 0xe8, '\x00', 0xfffffffffffffff9})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x1000, 0x10000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x10000, 0xc, 0x0, 0xff, 0x0, 0x0, 0x0, 0x7, 0xff}, {0xdddd0000, 0x2000, 0xc, 0x9, 0x4, 0xc4, 0x0, 0x5, 0x6a, 0x2, 0x0, 0xfc}, {0x1, 0xd000, 0x6, 0x0, 0x1, 0x0, 0x9, 0x0, 0x8, 0x4, 0x4}, {0x6000, 0xffff1000, 0xf, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x3c, 0x9}, {0x100000, 0xf000, 0x0, 0x78, 0x5, 0x0, 0x2, 0x0, 0x40, 0xfe, 0x5}, {0x4, 0x71000, 0x0, 0x4, 0x1, 0x2, 0xa1, 0x20, 0x0, 0x7}, {0x3000, 0x6000, 0xc, 0x0, 0x0, 0x7, 0xc, 0x40, 0x26, 0x0, 0x0, 0x2}, {0xdddd0000, 0x3}, {0xdddd0000}, 0xddf8ffdb, 0x0, 0x0, 0x18, 0x0, 0x801, 0xd000, [0x80000001, 0x0, 0x40000000001]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m16.733611753s ago: executing program 5 (id=1316):
pipe(0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f00000000c0)={0x14, 0x0, 0x0}, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
mount$nfs(0x0, 0x0, &(0x7f0000001c80), 0x0, &(0x7f0000000100)=ANY=[])
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket(0x22, 0x2, 0x3)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000100))
get_mempolicy(0x0, 0x0, 0xa, &(0x7f0000ffa000/0x4000)=nil, 0x3)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, &(0x7f00000005c0)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\//\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1gMMm,\xa1\xff\xf0\x98PW\x87\xcf\x15\x8d\x9f\xc6\fc\xa26(.\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\xf9\x00\x00\x00No\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7\xe9\x92\xc6\x89|U\xf6cos\xe5L\x88\xc9\xa2\xa9`n\xfe=\xed\xb2\xc8s\xc06/X\xb1\'\xf9$\xbd\xbb+\x8f\x9b\xb7\xb4kT\x874-\xfb\xabL\xd4Is\x95\xd3\xc0#\xd6\xf0\x98\x80\xcb\xa7X`V\xf6\xac\xa1(`\xc9O_y\xafK\xc9\x82l[fP\x91y\x90^\x92u\xdc\xd2/o\x0f\xb1\xbe\xb1W\xf6\xd4L\b7\x1d\xa2\x0e\xb41\xc5C\xeaI\x02\x03mD>\xa5\xe6k\xb8\xf8@\xc5\xbd\xbc\xc9)\xab\xdek\x89\x81\xca\t\xc7\v\xfcP\x02\xd4\b\x94\xa0)\xf3N\xf0c\xf8\x1eX\xff\xd8V\xeb\"\xf5%\xb3t\xac\xafK.\xaa\t\x12e\xf7\xc3\xf67\xbcH\xf7Pv&\xe4<\xad\xdbLAS\x89\xb3bd:\xe4(\xa4\x11\x14TK\x03\x95\"[\xb1\xec\x00}o\x864\x93\xba\x86\xdd\xfc\x04\t\x99\f\xfb\xab\xb9\x17\\0\x1d\x7f4M9\xcf\x9f\xe8B\x14\xd4\x8dZy\xa9`\xc0\x8f\\\x063\x16;\xf8\xf9K\xb2OQ\xc5\xcb\x8b\x8e\xe8;\xc6\xf9\xb5\xed\xc1]\xb6\xd46\x9c\x95\xa2l\xd7\xd9~\xbd\xb0p6\xa1\xccy\x84\x80P\x84\x825\'$\x1e\xbf\xa4\x114N\x18\x7f\\\xb8\xce7^\x84\xb1\xd0\xd1\x9fB`k_\xfa\xdf5N\xbag7\xd2(\x8e\xfaT\x11', 0x0)
clock_gettime(0x5, 0x0)
setitimer(0x0, &(0x7f00000002c0)={{}, {0x0, 0xea60}}, &(0x7f0000000300))
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000000)={0xa}, 0x10)
ioctl$UI_ABS_SETUP(r3, 0x401c5504, 0x0)

2m13.736333033s ago: executing program 5 (id=1325):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000100010ac0547020000000000010902"], 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000332}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2m12.462023337s ago: executing program 5 (id=1329):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r2, &(0x7f00000002c0)={'#! ', './file0'}, 0xb)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x15, 0x1, 0x70bd26, 0x25dfdbff, {0xa}, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48c1}, 0x40010)
write$FUSE_NOTIFY_STORE(r2, 0x0, 0x28)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x58b8, 0x9fd, 0x84}, 0x50)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(r5, &(0x7f0000000140), 0x12)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f0009058202"], 0x0)
r6 = syz_open_dev$dvb_demux(&(0x7f0000000000), 0x800, 0x40100)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r6, 0x403c6f2b, &(0x7f0000000040)={0x4, {"77049af57536ceafe8f5991977e11c14", "497613819be22e3fef2b9664f263ff82", "d49415d85f2c3e388746f7cca0e2ff60"}, 0x7, 0x2})

1m56.884112093s ago: executing program 38 (id=1329):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r2, &(0x7f00000002c0)={'#! ', './file0'}, 0xb)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x15, 0x1, 0x70bd26, 0x25dfdbff, {0xa}, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48c1}, 0x40010)
write$FUSE_NOTIFY_STORE(r2, 0x0, 0x28)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x58b8, 0x9fd, 0x84}, 0x50)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(r5, &(0x7f0000000140), 0x12)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f0009058202"], 0x0)
r6 = syz_open_dev$dvb_demux(&(0x7f0000000000), 0x800, 0x40100)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r6, 0x403c6f2b, &(0x7f0000000040)={0x4, {"77049af57536ceafe8f5991977e11c14", "497613819be22e3fef2b9664f263ff82", "d49415d85f2c3e388746f7cca0e2ff60"}, 0x7, 0x2})

1m28.718709033s ago: executing program 3 (id=1376):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x700, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000000800000000000005000600000000000a0080ff00000000fc010000000000000000000000002200000000000000000005000500000000000a0000000000000000000000000000000000000000000000000000000000000008001200"], 0xa0}}, 0x0)

1m27.787699869s ago: executing program 3 (id=1380):
r0 = syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file0\x00', 0x20074ce, &(0x7f0000000100)=ANY=[], 0x21, 0x1536, &(0x7f0000003480)="$eJzs3QucTtX6OPDnWWvtMSS9TXIZ1lrP5k0uiyTJJUkuSZIkSW4JiUmOJCSG3JKGJCSXIbkMIblMTBr3+/2SkDRpkiQkt2T9P8JPnTr/c87v9Dt+vzPP9/PZn1nPu/ez9trv8172Xu/MO992GVqjUc2qDYgI/iV48UciAMQCwEAAuA4AAgAoG1c27sL67BIT/7WdsD/XIylXewTsauL6Z21c/6yN65+1cf2zNq5/1sb1z9q4/lkb15+xrGzz9PzX85J1lz9z/j8bz///H8Pv//9BMkuO/XJtyRu7AsT8A1t74PpneVz//xB4+fP3/xL8I2lc/6yN659VxV7tAbD/Bfj5nxVk+5truP5ZG9efsazsas8/X+0FIln7Prjajz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY1nDaX+FAoDL7as9LsYYY4wxxhhjjP15fLbfxupqDYQxxhhjjDHGGGP/gxAESFAQQAxkg1jIDjlAAMC1kAuugwhcD3FwA+SGGyEP5IV8kB/ioQAUBA0GLBCEUAgKQxRugiJwMxSFYlAcSoCDklAKboHScCuUgdugLNwO5eAOKA8VoCJUgjuhMtwFVeBuqAr3QDWoDjWgJtwLteA+qA33Qx14AOrCg1APHoL68DA0gEegITwKjeAxaAyPQxNoCs2gObT4b+W/CD3gJegJvSARekMfeBn6Qj/oDwNgILwCg+BVGAyvQRIMgaHwOgyDN2A4vAkjYCSMgrdgNLwNY2AsjIPxkAwTYCK8A5PgXZgMU2AqTIMUmA4z4D2YCbNgNrwPc+ADmAvzYD4sgFT4EBbCIkiDj2AxfAzpsASWwjJYDitgJayC1bAG1sI6WA8bYCNsgs2wBbbCNtgOO2AnfAK74FPYDXtgL3wG++DzfzL/1F/ld0VAQIECFSqMwRiMxVjMgTkwJ+bEXJgLIxjBOIzD3Jgb82AezIf5MB7jsSAWRIMGCQkLYSGMYhSLYBEsikWxOBZHhw5LYSksjbdiGSyDZbEslsNyWB4rYAWshJWwMlbGKlgFq2JVrIbVsAbWwHvxXuyNtbE21sE6WBfrXp6ewgbYABtiQ2yEjbAxNsYm2ASbYTNsgS2wJbbEVtgK22AbbIttsR22wwRMwA7YATtiR+yEnbAzdsYu2AW7YjfslvliNsCX8CXshdVEb+yDfbAvJmXrjwNwAL6Cg/BVfBVfwyQcgkPxdXwd38DheBJH4EgchaOwsngbx+BYJDEekzEZJ+JEnISTcDJOwSk4DVNwOs7AGTgTZ+EsfB/n4Af4Ac7DebgAUzEVF+IiTMM0XIynMB2X4FJchstxBS7HVbgaV+FaXIdrcQNuwE24CbfgFtyG23AH7sBPUAHgp7gH92AS7sN9uB/3YwZm4AE8gJmYiQfxIB7CQ3gYD+MRPIJH8Rgex2N4Ak/gSTyFp/E0nsWzeA6fj/+64SfF1iSBuEAJJWJEjIgVsSKHyCFyipwil8glIiIi4kScyC1yizwij8gn8ol4ES8KioLCCCNIhDEAIKIiKoqIIqKoKCqKi+LCCSdKiVKitCgtyogyoqy4XZQTd4jyooJo7SqJSqKyaOOqiLtFVVFVVBPVRQ1RU9QUtUQtUVvUFnVEHVFX1BX1xEOivuiN/fERcaEyjcQQbCyGYhPRVMhLr2AtxXBsJVqLNuIpMRJHYDvR0iWIZ0QHMQY7ir+Isfic6CzGYxfxgugquonu4kXRQ7RyPUUvMRl7iz5iGvYV/UR/MUDMxOrifZyTvYZ4TSSJIWKoeF0swDfEcPGmGCFGilHiLTFavC3GiLFinBgvksUEMVG8IyaJd8VkMUVMFdNEipguZoj3xEwxS8wW74s54gMxV8wT88UCkSo+FAvFIpEmPhKLxcciXSwRS8UysVysECvFKrFarBFrxTqxXmwQG8UmsVlsEVvFNrFd7BA7xSdil/hU7BZ7xF7xmdgnPhf7xRciQ3wpDoivRKb4WhwU34hD4ltxWHwnjojvxVFxTBwXP4gT4kdxUpwSp8UZcVb8JM6Jn8V54QVIlEJKqWQgY2Q2GSuzyxzyGplTBpfu3etlnLxB5pY3yjwyr8wn88t4WUAWlFoaaSXJUBaShWVU3iSLyJtlUVlMFpclpJMlZSl5iywtb5Vl5G2yrLxdlpN3yPKygqwoK8k7ZWV5l4SMi/uoJqvLGrKmvFcmwn2ytrxf1pEPyLryQVlPPiTry4dlA/mIbCgflY3kY7KxfFw2kU1lM9lctpBPyJbySdlKtpZt5FOyrXxatpPtZYJ8RnaQ/tJD5DnZWT4vu8gXZFfZTXaXP8vz0suespeE3iD7yJdlX9lP9pcD5ED5ihwkX5WD5WsySQ6RQ+Xrcph8Qw6Xb8oRcqQcJd+So+XbcowcK8fJ8TJZTpAT5TtyknxXTpZT5FQ5TabI6bL/pZ5mS/l389/5g/zBv+x9k9wst8itcpvcLnfInfITuUvukrvlbrlX7pX75D65X+6XGTJDHpAHZKbMlAflQXlIHpKH5WF5RB6RR+UxeUb+IE/IH+VJeUqekmfkWXlWnrt0H4BCJZRUSgUqRmVTsSq7yqGuUTnVtSqXuk5F1PUqTt2gcqsbVR6VV+VT+VW8KqAKKq2MsopUqAqpwiqqbsJLDxhVXJVQTpVUpdQt/0y+KqJuVkVVsd/kXx5f4t8YXwvVQrVULVUr1Uq1UW1UW9VWtVPtVIJKUB1UB9VRdVSdVCfVWXVWXVQX1VV1Vd1Vd9VD9VA9VU+VqBJVH/Wy6qv6qf5qgBqoXlGD1CA1WA1WSSpJDVVD1TA1TA1Xw9UINUKNUqPUaDVajVFj1Dg1TiWrZDVRTVST1CQ1WU1WU9VUlaJS1Aw1Q81UM9VsNVvNUXPUXDVXzVfzVapKVQvVQpWm0tRitVilqyVqiVqmlqkVaoVapVapNWqNWqfWqQ1qg0pXm9VmtVVtVdvVdrVT7VS71C61W+1We9VetU/tU/vVfpWhMtQBdUBlqkx1UB1Uh9QhdVgdVkfUEXVUHVXH1XF1Qp1QJ9VJdVqdVmfVWXVOnVPn1fkLp32BCESgAhXEBDFBbBAb5AhyBDmDnEGuIFcQCSJBXBAX5A5uDPIEeYN8Qf4gPigQFAx0YAIbiEtFjwY3BUWCm4OiQbGgeFAicEHJoFRwS1A6uDUoE9wWlA1uD8oFdwTlgwpBxaBScGdQObgrqBLcHVQN7gmqBdWDGkHN4N6gVnBfUDu4P6gTPBDUDR4M6gUPBfWDh4MGwSNBw+DRoFHwWNA4eDxoEjQNmgXNgxZ/av/en8z7pOupe+lE3Vv30S/rvrqf7q8H6IH6FT1Iv6oH69d0kh6ih+rX9TD9hh6u39Qj9Eg9Sr+lR+u39Rg9Vo/T43WynqAn6nf0JP2unqyn6Kl6mk7R0/UM/Z6eqWfp2fp9PUd/oOfqeXq+XqBT9Yd6oV6k0/RHerH+WKfrJXqpXqaX6xV6pV6lV+s1eq1ep9frDXqjbp8dYIveqrfp7XqH3qk/0bv0p3q33qP36s/0Pv253q+/0Bn6S31Af6Uz9df6oP5GH9Lf6sP6O31Ef6+P6mP6uP5Bn9A/6pP6lD6tz+iz+id9Tv+sz2t/4eT+wtu7UUaZGBNjYk2syWFymJwmp8llcpmIiZg4E2dym9wmj8lj8pl8Jt7Em4KmoLmADJlCppCJmqgpYoqYoqaoKW6KG2ecKWVKmdKmtCljypiypqwpZ8qZ8qa8qWgqmjvNneYuc5e529xt7jH3mOqmuqlpappappapbWqbOqaOqWvqmnqmnqlv6psGpoFpaBqaRqaRaWwamyamiWlmmpkWpoVpaVqaVqaVaWPamLamrWln2pkEk2A6mA6mo+loOplOprPpbLqYLqar6Wq6m+6mh+lhepqeJtEkmj6mj+lr+pr+pr8ZaAaaQWaQGWwGmySTZIaaoWaYGWaGm+FmhBlpRl04UTVvmzFmrBlnxptkk2wmmolmkplkJpvJZqqZalJMiplhZpiZZqaZbWabOWaOmWvmmvlmvkk1qWahWWjSTJpZbBabdJNulpqlZrlZblaalWa1WW3WmrVmPaw3G81Gs9lsNlvNVrPdbDc7zU6zy+wyu81us9fsNfvMPrPf7DcZJsMcMAdMpsk0B81Bc8gcMofNYXPEHDFHzVFz3Bw3J8wJc9KcNKfNaXPW5L30fulNrM1uc9hrbE57rc1lr7N/Heez+W28LWALWm3z2Ly/iY21tqgtZovbEtbZkraUveV3cXlbwVa0leydtrK9y1b5XVzL3mdr2/ttHfuArWnv/U1c1z5o69nHbH1EANvUNrTNbSP7mG1sH7dNbFPbzDa3be3Ttp1tbxPsM7aDffZ38UK7yK62a+xau87utnvsaXvGHrLf2rP2J9vT9rID7St2kH3VDrav2SQ75HfxKPuWHW3ftmPsWDvOjv9dPNVOsyl2up1h37Mz7azfxan2QzvHptm5dp6dbxf8El8YU5r9yC62H9t0G8BSu8wutyvsSrvqv8a6zG6wG+0mu8t+arfabXa73WF3Xj4RtnvsXvuZ3Wc/twftNzbDfmkP2MM20379S3zh+A7b7+wR+709ao/Z4/YHe8L+ePkj/1+O/Qf7sz1vvQVCApKkKKAYykaxlJ1y0DWUk66lXHQdReh6iqMbKDfdSHkoL+Wj/BRPBaggaTJkiSikQlSYonQTXR5ecSpBjkpSKbqFStOtVIZuo7J0O5WjO6g8VaCKVInupMp0F1Whu6kq3UPVqDrVoJp0L9Wi+6g23U916AGqSw9SPXqI6tPD1IAeoYb0KDWix6gxPU5NqCk1o+bUgp6glvQktaLW1Iaeorb0NLWj9pRAz1AHepY60l+oEz1Hnel56kIvUFfqRt3pRepBL1FP6kWJ1Jv60MvUl/pRfxpAA+kVGkSv0mB6jZJoCA2l12kYvUHD6U0aQSNpFL1Fo+ltGkNjaRyNp2SaQBPpHZpE79JkmkJTaRql0HSaQe/RTJpFs+l9mkMf0FyaR/NpAaXSh7SQFlEafUSL6WNKpyW0lJbRclpBK2kVraY1tJbW0XraQBtpE22mLbSVttF22kE76RPaRZ/SbtpDe+kz2kef0376gjLoSzpAX1EmfU0H6Rs6RN/SYfrO96Lv6Sgdo+P0A52gH+kknaLTdIbO0k90jn6m8+QJQgxFKEMVBmFMmC2MDbOHOcJrwpzhtWGu8LowEl4fxoU3hLnDG8M8Yd4wX5g/jA8LhAVDHZrQhhSGYaGwcBgNbwqLhDeHRcNiYfGwROjCkmGp8JawdHhrWCa8LSwb3h6WC+8Iy4cVwsceqBTeGVYO7wqrhHeHVcN7wmph9bBGWPPae8Na4X1h7fD+sE74QFgmfDCsFz4U1g8fDhuEj4QNw0fDRuFjYePw8bBJ2DRsFjYPW4RPhC3DJ8NWYeuwTfhU2DZ8OmwXtg8TwmfCDuGzv6x/cNHfXp8Y9g77hC+HL4fe3y/nRxdEU6MfRhdGF0XToh9FF0c/jqZHl0SXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFva+ZDRw64aRTLnAxLpuLddldDneNy+mudbncdS7irndx7gaX293o8ri8Lp/L7+JdAVfQaWecdeRCV8gVdlF3kyvibnZFXTFX3JVwzpV0pVxz18K1cC3dk66Va+3auKfcU+5p97Rr79q7Z1wH96zr6P7iOrnnXGf3vHveveC6um6uu3vR9XATcl18Tia6Pq6P6+v6uv6uvxvoBrpBbpAb7Aa7JJfkhrqhbpgb5oa74W6EG+FGuVFutBvtxrgxbpwb55JdspvoJrpJbpKb7Ca7qW6qS3Epboab4Wa6ma7yrIt7mevmuvluvkt1qW6hu3DOmOYWu8Uu3aW7pW6pW+6Wu5VupVvtVru1bq1b79a7jW6j2+w2u61uq9vutrudbqfb5Xa53f66i526fW6/2+8yXIY74L5yme5rd9B94w65b91h95074r53R90xd9z94E64H91Jd8qddmfcWfeTO+d+duedd8mRCZGJkXcikyLvRiZHpkSmRqZFUiLTIzMi70VmRmZFZkfej8yJfBCZG5kXmR9ZEEmNfBhZGFkUSYt8FFkc+TiSHlkSWRpZFlkeWRHxvsDW0BfyhX3U3+SL+Jt9UV/MF/clvPMlfSl/iy/tb/Vl/G2+rL/dl/N3+PK+gq/oH/dNfFPfzDf3LfwTvqV/0rfyrX0b/5Rv65/27Xx7n+Cf8R38s76j/4vv5J/znf3zvot/wXf13Xx3/6Lv4V/yPX0vn+h7+z7+Zd/X9/P9/QA/0L/iB/lX/WD/mk/yQ/xQ/7of5t/ww/2bfoQf6UfFvOVHX75EhvE+2U/wE/07fpJ/10/2U/xUP82n+Ol+hn/Pz/Sz/Gz/vp/jP/Bz/Tw/3y/wqf5Dv9Av8mn+I7/Yf+zT/ZLLk8p+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqf/xO/yn/rdfo/f6z/z+/znfr//wmf4L/0B/5XP9F/7g/4bf8h/6w/77/wR/70/6o/54/4Hf8L/6E/6U/60P+PP+p/8Of+zP89/s8YYY4wx9g+ZcKUpfrvm4nR+7z/IEb/auA8AXLstf+av1184o1yf52K7n4hvGwGAZ3p1eeTyUq1aYmLipW3TJQSF5wFA5Ep+DFyJl0AbeBoSoDWU/sPx9xPdztLf6T96O0COX+XEwpX4Sv9fnP6jrz7oJ554atTCcuHpuP9P//MAiha+kpMdrsRLoM0v8yutoczfGH/eln9n/Nm/TAZo9aucnHAlvjL+UvAkPAsJv9mSMcYYY4wxxhi7qJ+o2Ony9efl3/j8o+vz+F99MUA2uBL/vetzxhhjjDHGGGOMXX3Pdeve/omEhNad/vlGlf9W1j/caAz/Uz1z4w8b3gNcvkUBwL/YIcCFhvx3HsWWf8u+ki49df561fIzPoD/HaX8MxpX+YWJMcYYY4wx9qe7ctL/29v5/wAwxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGP/Pv+OrxO72sfIGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMXW3/LwAA//8lqQsO")
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, 0x0, 0x0)
socket(0x840000000002, 0x3, 0xff)
statx(r0, 0x0, 0x400, 0x100, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000005c0)={0x0, <r3=>0x0}, &(0x7f0000000600)=0xc)
mount$tmpfs(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000000), 0x4800, &(0x7f0000000380)={[{@uid={'uid', 0x3d, r3}}]})

1m26.715388004s ago: executing program 3 (id=1384):
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000840), 0x1, 0x782, &(0x7f0000000880)="$eJzs3FGIVNUfB/Dfvbvrf//u5LgZCGEkaCVE4+omGURsEMj6FAgRKOSWs7rt6NrORu3mgxZIvUQIZiCJvkTQi/QSvUkPoSSED/USGUVFBVZYD9HLxszsrMs6Y4O769X184G7c86Zvfd7zszlcA/MvQHctlZX/iQRuYjYGRH5qfY0IpZUS50RB2v/d6T39J7KlsTk5Lbfk8pucaD39J76sZKp166o7hKbI+LTviTWLLk6tzw+MTxQKhVHp+rrx/buX18en3hoaO/A7uLu4r5HHt60qbe3p2fz/I31nZU7Vnz5eP+moys/X7X6n2+OJ9FXHXfMGsd8Spo09i9EWIZmjjNpz7AjtGxZ53MLcs4DADe3ynV+W0S0V6/389EWtYu3j1/bcTkfjzW9TL3zyRO/3Mh+AgAAANdvsm0SAAAAWPSSyLoHAAAAwMKq/w7gQO/pPfXtRv324J7tEZeeiIjltfz6/cW1d9ur9xBHdEZHRCz9M4mZt5Umtd3mlv/sHA8wR+Wt2eZfeDrb/O4Ps80/+XXEwUMRcaavwfmfTJ1/169nVn32veD3rZhjwBz98H22+WvvzTb/6EjEmcr809do/kun559oMP+015+dMAevdl+Z/45cNf9dyW9rMv/1tZjz1vvn3mvUfvaLiEuHIu5ub5SfTOcnTfKfajG/u23tukbtz3wQMXkq4v5onD8zq/nzIdYPDpWKPbW/jfM/++7NYqP2/o7a+Jc2y0/imp//zhbH3/XThfP7G7RP9tfy16259vff6PNvm3rGRitOjX872qi98EItf1eT8f/X9/92i/lfbX/0bKP2Yx+1eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuO2lE5CJJC9PlNC0UIroi4q5YmpZGymMPDo68tG9X5b2I5dGRDg6Vij0Rka/Vk0p9Q7V8pb5xVr03Iroj4o38/6v1wvMjpV1ZDx4AAAAWuVzExe2vf7Iy634AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBr6IqIXCRpISLSiPg5n6aFQta9AgAAAOZDLuLiqpMnjlfKf+Wz7g0AAACwECrr/8uHfzsX1v8AAACwaFn/AwAAwOI3c/0PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwM8hVtyQtRERaLadpoRBxR0Qsj45kcKhU7ImIZRFxPt/xv0p9Q9adBgAAAFqSi7i4pXPLj1n3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAW0N5fGJ4oFQqjiooKChMF7KemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyEJ5fGJ4oFQqjpaz7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZSn9NIqKyPZBfm3vx0uGtM99dkvydr75GxMvHtx17ZWBsbHRDpf2P6faxd6faN2Y1BgAAAGCm+jq9vo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoVXl8YnigVCqOLmAh6zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw/f4NAAD//100t4w=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r0, 0x0, 0x0)

1m25.18813149s ago: executing program 3 (id=1389):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x700, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000000800000000000005000600000000000a0080ff00000000fc010000000000000000000000002200000000000000000005000500000000000a0000000000000000000000000000000000000000000000000000000000000008001200"], 0xa0}}, 0x0)

1m16.775044944s ago: executing program 3 (id=1395):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x441, 0x108)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000240)='\x00', 0x81000)
renameat2(r1, 0x0, r1, &(0x7f0000000980)='./file0\x00', 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f00000000c0)={0x17c04, r0, 0xe, 0x1001, 0x7ffffffff, 0x10})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x100010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0)
connect$unix(r3, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet(0x2, 0x3, 0x33)
getsockopt$inet_mreqsrc(r5, 0x0, 0x34, 0x0, &(0x7f0000000040))
r6 = shmget$private(0x0, 0x3000, 0x184, &(0x7f0000e71000/0x3000)=nil)
shmat(r6, &(0x7f0000f62000/0x1000)=nil, 0x7000)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000100)={0xf0f018, 0x1})

1m15.856187995s ago: executing program 3 (id=1397):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000780), 0x0, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
close_range(r2, r2, 0x0)

1m12.843514534s ago: executing program 8 (id=1401):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b52, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x3, 0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102384, 0x18ff0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0x120)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000080)=0x5, 0x4)
sendmmsg$inet6(r3, &(0x7f0000000c80)=[{{&(0x7f0000000580)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x40000cc, 0xc000)

1m11.018627737s ago: executing program 8 (id=1402):
syz_mount_image$ext4(&(0x7f0000000980)='ext4\x00', &(0x7f0000003000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x58, &(0x7f0000000000)={[{@delalloc}, {@sysvgroups}]}, 0xfe, 0x799, &(0x7f00000001c0)="$eJzs3c1rHGUYAPBnNp+m1UYQbL00Jy2UbtoaWwWh8SSChYKebcNmG2I22ZLdlCbkYBFBEEGLB0Evnv2oN28ievZv8CIiLVXTYsWDrMx+JJtukm7TTdI2vx9M8r4zs/PMs7Pzvu/uDLsB7FpD6Z9MxIGI+CiJ2Fefn0RET7XUHTFaW+/20mIunZKoVN74M6muc2tpMRdNj0ntqVf2R8SP70UczrTGLc0vTI0VCvnZen24PH1huDS/cGRyemwiP5GfOXFsZOT4yRdOnuhcrn//vLD3+sevPvfN6L/vPn31w5+SGI299WXNeXTKUAzVn5Oe9Cms+b7TUR4MyU7vAJuSnppdtbM8DsS+6KqWAIBHWdr/VwCAXSbR/wPALtP4HODW0mKuMe3sJxLb68YrEdFfy79xfbO2pLt+za6/eh104Fay6spIEhGDHYi/PyI+/+6tr9Iptug6JMBa3rkcEecGh1rb/2TlnoVNOtrGOkN31LV/sH1+SMc/L641/sssj39ijfFP3xrn7mYMRfTWN1fVev5nrq0K2nCqA8Hr47+Xa/e2pYk2jf+Wb1ob7KrXHk8rByNispBP27YnIuJQ9PSdnyzkj20Q49DN/26ut2yoafz315W3v0zjp/9X1shc6+5b/ZjxsfLY/eTc7MbliGe6V+7tu93S/jeOeuv498xGGz64Unztpfc/W2+1NP8038bUmv/WqnwR8WysnX9DsuH9icPp4T9a+7t2jG9//XRgvfjNxz+d0viN9wLbIT3+AxvnP5g0369Z6mz8u+e//Ppf3qH09d+bvFkt99bnXRorl2ePRfQmr7fOP76ytUa9sX6af23Di72xKv+V9i9Zo/1L3xOeazPH7ut/fL35/LdWmv/4PR3/ey9cvT3VtV789o7/SLV0qD6nnfav3R28n+cOAAAAAAAAAAAAAAAAAAAAAAAAANqViYi9kWSyy+VMJput/Yb3UzGQKRRL5cPni3Mz41H9rezB6Mk0vupyX62eNL7/dLCpfvyO+vMR8WREfNL3WLWezRUL4zudPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU7Vnn9/9Tv/ft9N4BAFumv2VOpVKpNNdv5jdcDAA8dFr7fwDgUaf/B4DdR/8PALuP/h8Adh/9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvszOnT6VT5Z2kxl9bHL87PTRUvHhnPl6ay03O5bK44eyE7USxOFPLZXHH6btsrFIsXRmJm7tJwOV8qD5fmF85OF+dmymcnp8dOxdl8z7ZkBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3pjS/MDVWKORnH4nCBxHxAOyGQmcLvx35Zf9G61y5y8t4tI1Y/fUT4gFJeecLO9wwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwk/g8AAP//Ez0kyA==")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000340)=ANY=[], 0x21)
sendfile(r1, r0, 0x0, 0x40001)

1m6.043988212s ago: executing program 8 (id=1408):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1m4.991293295s ago: executing program 8 (id=1409):
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
writev(r0, &(0x7f0000001880)=[{&(0x7f00000005c0)='~', 0x1}, {&(0x7f0000000680)='T', 0x1}], 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1m0.953873131s ago: executing program 8 (id=1413):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
getpgid(0xffffffffffffffff)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x9})
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8}, 0x4040800)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000200)={0x0, 0x4, 0x8, &(0x7f00000001c0)={0x11, "694b68174bf36f5aec48ed65bbb44df72cbbe29ca8a535bed614dfa2844c483711"}})
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0xb)

58.514544964s ago: executing program 39 (id=1397):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000780), 0x0, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
close_range(r2, r2, 0x0)

58.006487274s ago: executing program 8 (id=1417):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5)
pwrite64(r0, &(0x7f0000000140)='2', 0xff10, 0x8000c61)
read$msr(r0, &(0x7f0000001200)=""/244, 0xfffffc9c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
preadv(r1, &(0x7f00000002c0)=[{0x0}], 0x1, 0x5fae, 0x5)

42.229174866s ago: executing program 40 (id=1417):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5)
pwrite64(r0, &(0x7f0000000140)='2', 0xff10, 0x8000c61)
read$msr(r0, &(0x7f0000001200)=""/244, 0xfffffc9c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
preadv(r1, &(0x7f00000002c0)=[{0x0}], 0x1, 0x5fae, 0x5)

12.276805471s ago: executing program 9 (id=1444):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='highspeed', 0x9)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f00000000c0), 0xffffffffffffffef, 0x0, 0x0, 0x0)

12.209535994s ago: executing program 2 (id=1445):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xf, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

11.812508347s ago: executing program 2 (id=1446):
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000840), 0x1, 0x782, &(0x7f0000000880)="$eJzs3FGIVNUfB/Dfvbvrf//u5LgZCGEkaCVE4+omGURsEMj6FAgRKOSWs7rt6NrORu3mgxZIvUQIZiCJvkTQi/QSvUkPoSSED/USGUVFBVZYD9HLxszsrMs6Y4O769X184G7c86Zvfd7zszlcA/MvQHctlZX/iQRuYjYGRH5qfY0IpZUS50RB2v/d6T39J7KlsTk5Lbfk8pucaD39J76sZKp166o7hKbI+LTviTWLLk6tzw+MTxQKhVHp+rrx/buX18en3hoaO/A7uLu4r5HHt60qbe3p2fz/I31nZU7Vnz5eP+moys/X7X6n2+OJ9FXHXfMGsd8Spo09i9EWIZmjjNpz7AjtGxZ53MLcs4DADe3ynV+W0S0V6/389EWtYu3j1/bcTkfjzW9TL3zyRO/3Mh+AgAAANdvsm0SAAAAWPSSyLoHAAAAwMKq/w7gQO/pPfXtRv324J7tEZeeiIjltfz6/cW1d9ur9xBHdEZHRCz9M4mZt5Umtd3mlv/sHA8wR+Wt2eZfeDrb/O4Ps80/+XXEwUMRcaavwfmfTJ1/169nVn32veD3rZhjwBz98H22+WvvzTb/6EjEmcr809do/kun559oMP+015+dMAevdl+Z/45cNf9dyW9rMv/1tZjz1vvn3mvUfvaLiEuHIu5ub5SfTOcnTfKfajG/u23tukbtz3wQMXkq4v5onD8zq/nzIdYPDpWKPbW/jfM/++7NYqP2/o7a+Jc2y0/imp//zhbH3/XThfP7G7RP9tfy16259vff6PNvm3rGRitOjX872qi98EItf1eT8f/X9/92i/lfbX/0bKP2Yx+1eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuO2lE5CJJC9PlNC0UIroi4q5YmpZGymMPDo68tG9X5b2I5dGRDg6Vij0Rka/Vk0p9Q7V8pb5xVr03Iroj4o38/6v1wvMjpV1ZDx4AAAAWuVzExe2vf7Iy634AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBr6IqIXCRpISLSiPg5n6aFQta9AgAAAOZDLuLiqpMnjlfKf+Wz7g0AAACwECrr/8uHfzsX1v8AAACwaFn/AwAAwOI3c/0PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwM8hVtyQtRERaLadpoRBxR0Qsj45kcKhU7ImIZRFxPt/xv0p9Q9adBgAAAFqSi7i4pXPLj1n3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAW0N5fGJ4oFQqjiooKChMF7KemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyEJ5fGJ4oFQqjpaz7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZSn9NIqKyPZBfm3vx0uGtM99dkvydr75GxMvHtx17ZWBsbHRDpf2P6faxd6faN2Y1BgAAAGCm+jq9vo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoVXl8YnigVCqOLmAh6zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw/f4NAAD//100t4w=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r0, 0x0, 0x0)

11.257101373s ago: executing program 2 (id=1447):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

11.150106647s ago: executing program 9 (id=1448):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
lseek(0xffffffffffffffff, 0x7, 0x4)

8.804579652s ago: executing program 2 (id=1449):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0xf4240, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
read(r0, &(0x7f00000019c0)=""/4107, 0x100b)

5.934268606s ago: executing program 9 (id=1450):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)

5.126505692s ago: executing program 9 (id=1451):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000000)=0xfffffff9, 0x4)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
recvmmsg(r0, &(0x7f0000002640)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x45833af92e4b39ff, 0x0)

962.336716ms ago: executing program 2 (id=1452):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0xd, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000008e000000d5"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)

711.927182ms ago: executing program 9 (id=1453):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xf, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

446.991161ms ago: executing program 2 (id=1454):
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000840), 0x1, 0x782, &(0x7f0000000880)="$eJzs3FGIVNUfB/Dfvbvrf//u5LgZCGEkaCVE4+omGURsEMj6FAgRKOSWs7rt6NrORu3mgxZIvUQIZiCJvkTQi/QSvUkPoSSED/USGUVFBVZYD9HLxszsrMs6Y4O769X184G7c86Zvfd7zszlcA/MvQHctlZX/iQRuYjYGRH5qfY0IpZUS50RB2v/d6T39J7KlsTk5Lbfk8pucaD39J76sZKp166o7hKbI+LTviTWLLk6tzw+MTxQKhVHp+rrx/buX18en3hoaO/A7uLu4r5HHt60qbe3p2fz/I31nZU7Vnz5eP+moys/X7X6n2+OJ9FXHXfMGsd8Spo09i9EWIZmjjNpz7AjtGxZ53MLcs4DADe3ynV+W0S0V6/389EWtYu3j1/bcTkfjzW9TL3zyRO/3Mh+AgAAANdvsm0SAAAAWPSSyLoHAAAAwMKq/w7gQO/pPfXtRv324J7tEZeeiIjltfz6/cW1d9ur9xBHdEZHRCz9M4mZt5Umtd3mlv/sHA8wR+Wt2eZfeDrb/O4Ps80/+XXEwUMRcaavwfmfTJ1/169nVn32veD3rZhjwBz98H22+WvvzTb/6EjEmcr809do/kun559oMP+015+dMAevdl+Z/45cNf9dyW9rMv/1tZjz1vvn3mvUfvaLiEuHIu5ub5SfTOcnTfKfajG/u23tukbtz3wQMXkq4v5onD8zq/nzIdYPDpWKPbW/jfM/++7NYqP2/o7a+Jc2y0/imp//zhbH3/XThfP7G7RP9tfy16259vff6PNvm3rGRitOjX872qi98EItf1eT8f/X9/92i/lfbX/0bKP2Yx+1eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuO2lE5CJJC9PlNC0UIroi4q5YmpZGymMPDo68tG9X5b2I5dGRDg6Vij0Rka/Vk0p9Q7V8pb5xVr03Iroj4o38/6v1wvMjpV1ZDx4AAAAWuVzExe2vf7Iy634AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBr6IqIXCRpISLSiPg5n6aFQta9AgAAAOZDLuLiqpMnjlfKf+Wz7g0AAACwECrr/8uHfzsX1v8AAACwaFn/AwAAwOI3c/0PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwM8hVtyQtRERaLadpoRBxR0Qsj45kcKhU7ImIZRFxPt/xv0p9Q9adBgAAAFqSi7i4pXPLj1n3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAW0N5fGJ4oFQqjiooKChMF7KemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyEJ5fGJ4oFQqjpaz7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZSn9NIqKyPZBfm3vx0uGtM99dkvydr75GxMvHtx17ZWBsbHRDpf2P6faxd6faN2Y1BgAAAGCm+jq9vo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoVXl8YnigVCqOLmAh6zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw/f4NAAD//100t4w=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r0, 0x0, 0x0)

0s ago: executing program 9 (id=1455):
r0 = syz_open_dev$dvb_demux(&(0x7f0000000400), 0x0, 0x700)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r0, 0x40146f2c, &(0x7f0000000000)={0xefb8, 0x1, 0x2, 0x3, 0x4})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x541b, &(0x7f0000000040)={<r1=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
close_range(r1, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

9][ T7875] EXT4-fs (loop5): Skipping orphan cleanup due to unknown ROCOMPAT features
[  391.096652][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.578'.
[  391.161483][ T7875] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  391.190012][ T7875] EXT4-fs warning (device loop5): dx_probe:861: inode #2: comm syz.5.577: dx entry: limit 65535 != root limit 120
[  391.202507][ T7875] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.577: Corrupt directory, running e2fsck is recommended
[  391.332875][ T7813] hsr_slave_0: entered promiscuous mode
[  391.393885][ T7813] hsr_slave_1: entered promiscuous mode
[  391.420137][ T7813] debugfs: 'hsr0' already exists in 'hsr'
[  391.426036][ T7813] Cannot create hsr debugfs directory
[  391.639763][ T6362] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.404704][ T7893] loop5: detected capacity change from 0 to 512
[  393.491803][ T7893] EXT4-fs: inline encryption not supported
[  393.589665][ T7893] EXT4-fs: Ignoring removed oldalloc option
[  393.766077][ T7893] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  393.910510][   T30] audit: type=1326 audit(1770460054.485:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  393.935036][   T30] audit: type=1326 audit(1770460054.485:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  393.957705][   T30] audit: type=1326 audit(1770460054.495:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  393.980221][   T30] audit: type=1326 audit(1770460054.495:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  394.002784][   T30] audit: type=1326 audit(1770460054.495:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  394.029603][   T30] audit: type=1326 audit(1770460054.495:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  394.054150][   T30] audit: type=1326 audit(1770460054.495:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  394.076650][   T30] audit: type=1326 audit(1770460054.495:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  394.099178][   T30] audit: type=1326 audit(1770460054.505:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e28b9aeb9 code=0x7ffc0000
[  394.261923][ T7813] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  394.501293][ T7813] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  394.652267][ T7813] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  394.751494][ T7893] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.583: invalid indirect mapped block 2683928664 (level 1)
[  394.770331][ T7813] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  394.944229][ T7893] EXT4-fs (loop5): Remounting filesystem read-only
[  394.983963][ T7893] EXT4-fs (loop5): 1 truncate cleaned up
[  395.049960][ T7893] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  396.045536][ T6362] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.289491][ T7901] syzkaller0: entered promiscuous mode
[  396.295161][ T7901] syzkaller0: entered allmulticast mode
[  396.816199][ T7813] 8021q: adding VLAN 0 to HW filter on device bond0
[  397.023339][ T7813] 8021q: adding VLAN 0 to HW filter on device team0
[  397.103707][ T7908] netlink: 'syz.5.587': attribute type 4 has an invalid length.
[  397.150161][ T3439] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.157709][ T3439] bridge0: port 1(bridge_slave_0) entered forwarding state
[  397.315357][ T3439] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.322993][ T3439] bridge0: port 2(bridge_slave_1) entered forwarding state
[  397.625316][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.761427][ T7912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.588'.
[  399.779705][ T7930] loop1: detected capacity change from 0 to 512
[  400.293602][ T7935] netlink: 4 bytes leftover after parsing attributes in process `syz.5.592'.
[  400.307799][ T7935] netlink: 12 bytes leftover after parsing attributes in process `syz.5.592'.
[  400.385066][ T7935] 9p: Bad value for 'wfdno'
[  400.830734][ T7930] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  400.960827][ T7930] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  400.994321][ T7813] 8021q: adding VLAN 0 to HW filter on device batadv0
[  401.864481][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.104627][ T7939] syzkaller0: entered promiscuous mode
[  402.110481][ T7939] syzkaller0: entered allmulticast mode
[  402.943417][ T7953] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  403.553213][ T7957] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input15
[  403.620345][ T7958] loop5: detected capacity change from 0 to 512
[  403.629155][ T7958] EXT4-fs: Ignoring removed nobh option
[  403.813561][ T7958] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #3: comm syz.5.598: corrupted inode contents
[  403.830930][ T7958] EXT4-fs (loop5): Remounting filesystem read-only
[  403.880484][ T7958] __quota_error: 11 callbacks suppressed
[  403.880569][ T7958] Quota error (device loop5): write_blk: dquota write failed
[  403.894621][ T7958] Quota error (device loop5): qtree_write_dquot: Error -30 occurred while creating quota
[  403.905058][ T7958] EXT4-fs (loop5): 1 truncate cleaned up
[  403.913068][ T7958] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  403.926253][ T7958] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  404.041898][ T7958] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.855817][ T7966] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  405.693867][ T7813] veth0_vlan: entered promiscuous mode
[  405.834207][ T7813] veth1_vlan: entered promiscuous mode
[  406.597835][   T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  406.868313][   T10] usb 5-1: Using ep0 maxpacket: 16
[  406.869197][ T7989] syzkaller0: entered promiscuous mode
[  406.879725][ T7989] syzkaller0: entered allmulticast mode
[  406.926427][   T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  406.937128][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  406.969241][   T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  406.979017][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.987202][   T10] usb 5-1: Product: syz
[  406.992055][   T10] usb 5-1: Manufacturer: syz
[  406.996902][   T10] usb 5-1: SerialNumber: syz
[  407.150050][ T7981] fuse: Unknown parameter '€'
[  407.192392][ T7978] tipc: Started in network mode
[  407.197814][ T7978] tipc: Node identity bef64b6ad3b4, cluster identity 4711
[  407.205729][ T7978] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  407.450050][ T7976] tipc: Resetting bearer <eth:syzkaller0>
[  407.473952][   T10] usb 5-1: 0:2 : does not exist
[  407.557981][ T7976] tipc: Disabling bearer <eth:syzkaller0>
[  407.588003][   T10] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  407.677598][ T7813] veth0_macvtap: entered promiscuous mode
[  407.755306][   T10] usb 5-1: USB disconnect, device number 9
[  407.766956][ T7813] veth1_macvtap: entered promiscuous mode
[  408.012509][ T5994] udevd[5994]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  408.057024][ T7813] batman_adv: batadv0: Interface activated: batadv_slave_0
[  408.134281][ T7813] batman_adv: batadv0: Interface activated: batadv_slave_1
[  408.339297][   T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  408.424615][   T36] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  408.474866][   T36] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  408.557257][   T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  408.809926][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  408.816677][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  409.235171][ T8007] loop3: detected capacity change from 0 to 128
[  409.382054][ T8007] FAT-fs (loop3): error, corrupted file size (i_pos 548, 512)
[  409.390069][ T8007] FAT-fs (loop3): Filesystem has been set read-only
[  409.759691][ T8011] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  409.838160][ T8011] netlink: 'syz.4.614': attribute type 12 has an invalid length.
[  409.846063][ T8011] netlink: 'syz.4.614': attribute type 29 has an invalid length.
[  409.854160][ T8011] netlink: 148 bytes leftover after parsing attributes in process `syz.4.614'.
[  409.863450][ T8011] netlink: 'syz.4.614': attribute type 2 has an invalid length.
[  409.871511][ T8011] netlink: 'syz.4.614': attribute type 3 has an invalid length.
[  409.879477][ T8011] netlink: 15 bytes leftover after parsing attributes in process `syz.4.614'.
[  411.035905][ T8026] loop4: detected capacity change from 0 to 512
[  411.074647][ T8027] loop5: detected capacity change from 0 to 512
[  411.084594][ T8026] EXT4-fs (loop4): blocks per group (34) and clusters per group (32768) inconsistent
[  411.138117][ T8027] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  411.193231][ T8027] EXT4-fs (loop5): invalid journal inode
[  411.249227][ T8027] EXT4-fs (loop5): can't get journal size
[  411.372024][ T8027] EXT4-fs (loop5): 1 truncate cleaned up
[  411.414917][ T8027] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  411.598313][ T8027] EXT4-fs warning (device loop5): ext4_group_add:1736: No reserved GDT blocks, can't resize
[  411.918931][ T6362] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.366747][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  413.549693][    T9] usb 5-1: Using ep0 maxpacket: 32
[  413.586464][    T9] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  413.595040][    T9] usb 5-1: config 0 has no interface number 0
[  413.631128][    T9] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  413.640741][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.649160][    T9] usb 5-1: Product: syz
[  413.653489][    T9] usb 5-1: Manufacturer: syz
[  413.658563][    T9] usb 5-1: SerialNumber: syz
[  413.716986][    T9] usb 5-1: config 0 descriptor??
[  413.768050][    T9] smsc95xx v2.0.0
[  414.198134][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  414.209379][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  414.226253][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  414.235359][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  414.468032][   T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  414.476236][   T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  414.722429][ T8042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  414.723740][ T8042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  414.993003][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  415.050585][    T9] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  415.117783][    T9] usb 5-1: USB disconnect, device number 10
[  416.484566][ T8064] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input16
[  416.561711][ T8064] loop6: detected capacity change from 0 to 512
[  416.570464][ T8064] EXT4-fs: Ignoring removed nobh option
[  416.738833][ T8064] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #3: comm syz.6.627: corrupted inode contents
[  416.784514][ T8064] EXT4-fs (loop6): Remounting filesystem read-only
[  416.800646][ T8064] Quota error (device loop6): write_blk: dquota write failed
[  416.809033][ T8064] Quota error (device loop6): qtree_write_dquot: Error -30 occurred while creating quota
[  416.819397][ T8064] EXT4-fs (loop6): 1 truncate cleaned up
[  416.827221][ T8064] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.840827][ T8064] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  416.880240][ T8064] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.745488][ T8077] loop6: detected capacity change from 0 to 256
[  418.091219][ T8077] FAT-fs (loop6): Directory bread(block 64) failed
[  418.113638][ T8077] FAT-fs (loop6): Directory bread(block 65) failed
[  418.543179][  T796] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  418.560375][ T8077] FAT-fs (loop6): Directory bread(block 66) failed
[  418.567126][ T8077] FAT-fs (loop6): Directory bread(block 67) failed
[  418.629560][ T8077] FAT-fs (loop6): Directory bread(block 68) failed
[  418.636391][ T8077] FAT-fs (loop6): Directory bread(block 69) failed
[  418.664909][ T8077] FAT-fs (loop6): Directory bread(block 70) failed
[  418.746856][ T8077] FAT-fs (loop6): Directory bread(block 71) failed
[  418.784572][ T8077] FAT-fs (loop6): Directory bread(block 72) failed
[  418.824853][  T796] usb 2-1: unable to get BOS descriptor or descriptor too short
[  418.849774][  T796] usb 2-1: not running at top speed; connect to a high speed hub
[  418.862645][ T8077] FAT-fs (loop6): Directory bread(block 73) failed
[  418.890935][  T796] usb 2-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  418.906788][  T796] usb 2-1: config 5 has 1 interface, different from the descriptor's value: 2
[  419.014216][  T796] usb 2-1: New USB device found, idVendor=0582, idProduct=0074, bcdDevice=2a.70
[  419.023735][  T796] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.037657][  T796] usb 2-1: Product: syz
[  419.042015][  T796] usb 2-1: Manufacturer: syz
[  419.046779][  T796] usb 2-1: SerialNumber: syz
[  419.660990][  T796] usb 2-1: USB disconnect, device number 13
[  419.846889][ T5987] udevd[5987]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:5.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  420.709816][  T796] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  420.888129][  T796] usb 7-1: Using ep0 maxpacket: 16
[  420.926709][  T796] usb 7-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  420.936299][  T796] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.949817][  T796] usb 7-1: Product: syz
[  420.957800][  T796] usb 7-1: Manufacturer: syz
[  420.962592][  T796] usb 7-1: SerialNumber: syz
[  421.070557][  T796] usb 7-1: config 0 descriptor??
[  421.161476][  T796] usb-storage 7-1:0.0: USB Mass Storage device detected
[  421.310857][  T796] usb-storage 7-1:0.0: Quirks match for vid 054c pid 002e: 1
[  421.319175][  T796] usb-storage 7-1:0.0: This device (054c,002e,0500 S 04 P 00) has an unneeded SubClass entry in unusual_devs.h (kernel syzkaller)
[  421.319175][  T796]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  421.636627][ T8107] loop4: detected capacity change from 0 to 256
[  421.695794][ T8106] loop1: detected capacity change from 0 to 512
[  421.704495][ T8106] EXT4-fs: Ignoring removed nobh option
[  421.735523][ T8107] exfat: Invalid uid '0x00000000ffffffff'
[  421.749995][ T8106] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.642: corrupted inode contents
[  421.784921][ T8106] EXT4-fs (loop1): Remounting filesystem read-only
[  421.796648][ T8106] Quota error (device loop1): write_blk: dquota write failed
[  421.805189][ T8106] Quota error (device loop1): qtree_write_dquot: Error -30 occurred while creating quota
[  421.806719][  T796] usb 7-1: USB disconnect, device number 2
[  421.815462][ T8106] EXT4-fs (loop1): 1 truncate cleaned up
[  421.817512][ T8106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  421.840209][ T8106] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  421.880751][ T8106] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.858298][ T8120] loop3: detected capacity change from 0 to 128
[  422.874170][ T8120] EXT4-fs (loop3): Test dummy encryption mode enabled
[  422.966237][ T8120] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  423.018178][ T8120] ext4 filesystem being mounted at /134/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  423.642804][ T8120] fscrypt (loop3): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  423.688428][    T9] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  423.948526][    T9] usb 7-1: unable to get BOS descriptor or descriptor too short
[  423.985499][    T9] usb 7-1: not running at top speed; connect to a high speed hub
[  424.033302][    T9] usb 7-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  424.043952][    T9] usb 7-1: config 5 has 1 interface, different from the descriptor's value: 2
[  424.137269][ T5783] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  424.198601][    T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0074, bcdDevice=2a.70
[  424.208047][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.216413][    T9] usb 7-1: Product: syz
[  424.224978][    T9] usb 7-1: Manufacturer: syz
[  424.230993][    T9] usb 7-1: SerialNumber: syz
[  424.941813][    T9] usb 7-1: USB disconnect, device number 3
[  425.375413][ T5994] udevd[5994]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:5.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  426.431271][ T8153] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input17
[  426.495244][ T8156] loop6: detected capacity change from 0 to 512
[  428.035886][ T8166] lo: entered promiscuous mode
[  428.052308][ T8166] tunl0: entered promiscuous mode
[  428.064566][ T8166] gre0: entered promiscuous mode
[  428.423277][ T8162] loop1: detected capacity change from 0 to 65536
[  428.586347][ T8162] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  428.619035][ T8166] gretap0: entered promiscuous mode
[  429.067729][ T8166] erspan0: entered promiscuous mode
[  429.491586][ T8166] ip_vti0: entered promiscuous mode
[  429.552220][ T8166] ip6_vti0: entered promiscuous mode
[  429.622958][ T8166] sit0: entered promiscuous mode
[  429.726352][ T8166] ip6tnl0: entered promiscuous mode
[  429.802993][ T8166] ip6gre0: entered promiscuous mode
[  430.044077][ T8166] syz_tun: entered promiscuous mode
[  430.095414][ T8162] XFS (loop1): Ending clean mount
[  430.148798][ T8162] XFS (loop1): Quotacheck needed: Please wait.
[  430.339131][ T8166] ip6gretap0: entered promiscuous mode
[  430.355495][ T8162] XFS (loop1): Quotacheck: Done.
[  430.549443][ T5785] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  430.572965][ T8166] bridge0: port 2(bridge_slave_1) entered disabled state
[  430.582627][ T8166] bridge0: port 1(bridge_slave_0) entered disabled state
[  430.812678][ T8166] bridge0: entered promiscuous mode
[  431.100305][ T8166] vcan0: entered promiscuous mode
[  431.161903][ T8166] bond0: entered promiscuous mode
[  431.167251][ T8166] bond_slave_0: entered promiscuous mode
[  431.174149][ T8166] bond_slave_1: entered promiscuous mode
[  431.346214][ T8166] team0: entered promiscuous mode
[  431.353769][ T8166] team_slave_0: entered promiscuous mode
[  431.361303][ T8166] team_slave_1: entered promiscuous mode
[  431.477757][ T8166] dummy0: entered promiscuous mode
[  431.535840][ T8166] nlmon0: entered promiscuous mode
[  431.563504][ T8166] caif0: entered promiscuous mode
[  431.597832][ T8166] batadv0: entered promiscuous mode
[  431.666341][ T8166] vxcan0: entered promiscuous mode
[  431.700975][ T8166] vxcan1: entered promiscuous mode
[  431.731850][ T8166] veth0: entered promiscuous mode
[  431.788542][ T8166] veth1: entered promiscuous mode
[  431.968076][ T8166] veth0_to_bridge: entered promiscuous mode
[  432.217673][ T8166] veth1_to_bridge: entered promiscuous mode
[  432.440414][ T8166] veth0_to_bond: entered promiscuous mode
[  432.583435][ T8166] veth1_to_bond: entered promiscuous mode
[  432.757052][ T8166] veth0_to_team: entered promiscuous mode
[  432.939017][ T8166] veth1_to_team: entered promiscuous mode
[  432.999598][ T8201] loop4: detected capacity change from 0 to 256
[  433.265313][ T8166] veth0_to_batadv: entered promiscuous mode
[  433.393978][ T8201] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xfdb20923, utbl_chksum : 0xe619d30d)
[  433.431267][ T8166] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  433.530330][ T8166] batadv_slave_0: entered promiscuous mode
[  433.549618][ T8201] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  433.629948][ T8166] veth1_to_batadv: entered promiscuous mode
[  433.656517][ T8201] exFAT-fs (loop4): failed to load alloc-bitmap
[  433.666573][ T8201] exFAT-fs (loop4): failed to recognize exfat type
[  433.744977][ T8166] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  433.837753][ T8166] batadv_slave_1: entered promiscuous mode
[  433.917214][ T8166] xfrm0: entered promiscuous mode
[  433.956046][ T8166] veth0_to_hsr: entered promiscuous mode
[  434.053465][ T8166] veth1_to_hsr: entered promiscuous mode
[  434.163771][ T8166] hsr0: entered promiscuous mode
[  434.206986][ T8166] veth1_virt_wifi: entered promiscuous mode
[  434.284811][ T8166] veth0_virt_wifi: entered promiscuous mode
[  434.345399][ T8166] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  434.511118][ T8166] vlan0: entered promiscuous mode
[  434.521010][ T8166] vlan1: entered promiscuous mode
[  434.584786][ T8166] macvlan0: entered promiscuous mode
[  434.626832][ T8166] macvlan1: entered promiscuous mode
[  434.691789][ T8166] ipvlan0: entered promiscuous mode
[  434.698419][ T8166] ipvlan1: entered promiscuous mode
[  434.805695][ T8166] macvtap0: entered promiscuous mode
[  434.859184][ T8166] macsec0: entered promiscuous mode
[  434.955840][ T8166] geneve0: entered promiscuous mode
[  435.025828][ T8166] geneve1: entered promiscuous mode
[  435.218003][ T8166] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  435.252074][ T8166] netdevsim netdevsim6 netdevsim1: entered promiscuous mode
[  435.314951][ T8166] netdevsim netdevsim6 netdevsim2: entered promiscuous mode
[  435.358930][ T8166] netdevsim netdevsim6 netdevsim3: entered promiscuous mode
[  435.446359][ T8166] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  435.641197][ T8166] mac80211_hwsim hwsim15 wlan1: entered promiscuous mode
[  436.278704][ T8210] xt_SECMARK: invalid mode: 2
[  436.757664][ T1130] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.838282][ T1130] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.878209][ T1130] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.937127][ T1130] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  437.605588][ T8217] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input18
[  437.671882][ T8219] loop4: detected capacity change from 0 to 512
[  438.048850][   T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  438.341264][   T10] usb 6-1: Using ep0 maxpacket: 16
[  438.939716][   T10] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  438.951725][   T10] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  438.962109][   T10] usb 6-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  438.979916][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  438.986770][   T10] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  438.996209][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.328473][ T8223] loop1: detected capacity change from 0 to 65536
[  439.441746][   T10] usb 6-1: config 0 descriptor??
[  439.487122][ T8223] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  440.466163][ T8233] loop5: detected capacity change from 0 to 512
[  440.669090][ T8233] EXT4-fs (loop5): blocks per group (255) and clusters per group (8192) inconsistent
[  441.578447][ T8223] XFS (loop1): Ending clean mount
[  441.667846][ T8223] XFS (loop1): Quotacheck needed: Please wait.
[  441.835613][ T8223] XFS (loop1): Quotacheck: Done.
[  442.024313][ T5785] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  442.228445][   T10] usbhid 6-1:0.0: can't add hid device: -71
[  442.235077][   T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  442.334596][   T10] usb 6-1: USB disconnect, device number 6
[  445.080771][ T8265] Bluetooth: MGMT ver 1.23
[  446.180860][ T8264] loop1: detected capacity change from 0 to 65536
[  446.263143][ T8264] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  446.422236][ T8264] XFS (loop1): Ending clean mount
[  446.431261][ T8264] XFS (loop1): Quotacheck needed: Please wait.
[  446.539374][ T8264] XFS (loop1): Quotacheck: Done.
[  446.719442][ T5785] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  447.159173][   T30] audit: type=1326 audit(1770460107.765:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65f719aeb9 code=0x7ffc0000
[  447.313238][   T30] audit: type=1326 audit(1770460107.895:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f65f719aeb9 code=0x7ffc0000
[  447.335975][   T30] audit: type=1326 audit(1770460107.895:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65f719aeb9 code=0x7ffc0000
[  447.358849][   T30] audit: type=1326 audit(1770460107.895:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65f719aeb9 code=0x7ffc0000
[  447.935518][ T8287] loop4: detected capacity change from 0 to 1024
[  448.064879][ T8291] loop5: detected capacity change from 0 to 512
[  448.147173][ T8287] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  448.177957][ T8291] EXT4-fs (loop5): 1 truncate cleaned up
[  448.210514][ T8291] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  448.218540][ T8287] ext4 filesystem being mounted at /161/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  448.608637][ T8296] kvm: vcpu 0: requested 26624 ns lapic timer period limited to 200000 ns
[  448.617543][ T8296] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=213499701 (3415995216 ns) > initial count (200000 ns). Using initial count to start timer.
[  448.774700][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  449.448209][ T8306] loop4: detected capacity change from 0 to 256
[  449.488462][ T8306] exfat: Deprecated parameter 'namecase'
[  449.522662][ T6362] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  449.532199][ T8306] exfat: Deprecated parameter 'utf8'
[  449.712939][ T8306] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  451.175056][ T8328] netlink: 24 bytes leftover after parsing attributes in process `syz.3.710'.
[  451.870335][  T796] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  452.312895][  T796] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  452.321711][  T796] usb 2-1: config 0 has no interface number 0
[  452.420052][  T796] usb 2-1: config 0 interface 41 has no altsetting 0
[  452.547166][  T796] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  452.556974][  T796] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.565301][  T796] usb 2-1: Product: syz
[  452.569763][  T796] usb 2-1: Manufacturer: syz
[  452.574507][  T796] usb 2-1: SerialNumber: syz
[  452.724465][  T796] usb 2-1: config 0 descriptor??
[  453.758099][  T796] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffb9
[  453.865287][  T796] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71
[  453.993092][  T796] usb 2-1: USB disconnect, device number 14
[  455.190340][ T8348] loop4: detected capacity change from 0 to 128
[  455.340204][ T8348] EXT4-fs (loop4): Test dummy encryption mode enabled
[  455.539314][ T8353] loop1: detected capacity change from 0 to 16
[  455.698885][ T8353] erofs (device loop1): mounted with root inode @ nid 36.
[  455.722848][ T8353] overlayfs: failed to resolve './bus': -2
[  456.459995][ T8348] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  456.632501][ T8348] ext4 filesystem being mounted at /167/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  458.122361][ T8348] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  458.723196][ T8369] loop5: detected capacity change from 0 to 256
[  458.737144][ T8369] msdos: Bad value for 'dmask'
[  461.649156][ T5800] INFO: The task syz-executor:5800 has been waiting for writeback completion for more than 1 seconds.
[  461.649285][ T5800] INFO: The task syz-executor:5800 has been waiting for writeback completion for more than 1 seconds.
[  462.221588][ T5800] INFO: The task syz-executor:5800 has been waiting for writeback completion for more than 1 seconds.
[  462.360286][ T5800] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  465.184720][ T8388] loop4: detected capacity change from 0 to 2048
[  465.368094][ T8388] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  466.802560][ T8405] capability: warning: `syz.1.733' uses deprecated v2 capabilities in a way that may be insecure
[  467.035887][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  467.187743][ T5797] Bluetooth: hci5: command 0x0406 tx timeout
[  467.875971][ T8409] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  467.902984][ T8413] netlink: 24 bytes leftover after parsing attributes in process `syz.4.736'.
[  470.340009][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  470.346626][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  471.573815][ T8435] loop4: detected capacity change from 0 to 256
[  472.627826][ T8435] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[  473.673741][ T8444] exFAT-fs (loop4): valid_size(562949953421322) is greater than size(10)
[  474.916879][ T8448] netlink: 24 bytes leftover after parsing attributes in process `syz.3.748'.
[  475.252823][ T8450] fuse: Unknown parameter '0x0000000000000004'
[  476.314775][ T8457] loop4: detected capacity change from 0 to 512
[  476.331172][ T8457] EXT4-fs: Ignoring removed i_version option
[  476.679159][ T8457] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  476.679532][ T8457] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  476.820208][   T30] audit: type=1800 audit(1770460137.425:81): pid=8457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.750" name="file2" dev="loop4" ino=16 res=0 errno=0
[  477.201144][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.440802][ T8471] netlink: 16 bytes leftover after parsing attributes in process `syz.5.756'.
[  477.935141][ T8473] loop4: detected capacity change from 0 to 4096
[  478.039563][ T8473] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  479.189190][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.006584][ T8482] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  481.013039][ T8482] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  481.024982][ T8482] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  481.031179][ T8482] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  481.044096][ T8482] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  481.056561][ T8482] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  481.365631][ T8482] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  481.375519][ T8482] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  481.473627][ T8482] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  481.486217][ T8482] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  482.367735][ T8498] loop1: detected capacity change from 0 to 512
[  482.506114][ T8498] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  482.740793][ T5797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  482.771255][ T5797] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  482.780177][ T5797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  482.808442][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  482.832992][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  483.008552][ T5787] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  483.038382][ T5787] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  483.048157][ T5787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  483.073553][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  483.118357][ T5787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  485.203273][ T5797] Bluetooth: hci3: command tx timeout
[  487.478964][ T5797] Bluetooth: hci3: command tx timeout
[  488.543428][ T8529] loop3: detected capacity change from 0 to 4096
[  488.571273][ T8529] EXT4-fs: inline encryption not supported
[  488.859015][ T8529] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  489.151023][ T8539] loop5: detected capacity change from 0 to 256
[  489.219813][ T8542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.773'.
[  489.290487][ T8543] netlink: 12 bytes leftover after parsing attributes in process `syz.1.773'.
[  489.517972][ T5797] Bluetooth: hci3: command tx timeout
[  490.163346][ T8504] chnl_net:caif_netlink_parms(): no params data found
[  490.180623][ T8539] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  490.192531][ T8539] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  490.280585][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  490.411007][ T8539] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  490.527565][ T8539] exFAT-fs (loop5): failed to load alloc-bitmap
[  490.534159][ T8539] exFAT-fs (loop5): failed to recognize exfat type
[  491.588163][ T5797] Bluetooth: hci3: command tx timeout
[  492.216408][ T8551] loop1: detected capacity change from 0 to 512
[  492.311022][ T8551] EXT4-fs: inline encryption not supported
[  492.317221][ T8551] EXT4-fs: Ignoring removed mblk_io_submit option
[  492.492855][ T8551] EXT4-fs (loop1): Test dummy encryption mode enabled
[  492.608139][ T8551] EXT4-fs (loop1): orphan cleanup on readonly fs
[  492.614685][ T8551] EXT4-fs error (device loop1): ext4_orphan_get:1391: comm syz.1.776: inode #13: comm syz.1.776: iget: illegal inode #
[  492.773838][ T8551] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.776: couldn't read orphan inode 13 (err -117)
[  492.950292][ T8551] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  493.238773][ T8551] EXT4-fs (loop1): shut down requested (2)
[  493.768224][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  493.843347][ T6604] bridge_slave_1: left allmulticast mode
[  493.850055][ T6604] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.919295][ T6604] bridge_slave_0: left allmulticast mode
[  493.925939][ T6604] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.649393][ T6604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  494.699524][ T6604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  494.762493][ T6604] bond0 (unregistering): Released all slaves
[  495.989584][ T8572] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  496.067074][ T8572] fuse: Unknown parameter '€'
[  496.279966][ T8571] tipc: Disabling bearer <eth:syzkaller0>
[  496.630443][ T6604] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.720187][ T6604] batman_adv: batadv0: Removing interface: batadv_slave_1
[  498.162107][ T6604] team0 (unregistering): Port device team_slave_1 removed
[  498.341181][ T6604] team0 (unregistering): Port device team_slave_0 removed
[  498.879103][ T8604] loop3: detected capacity change from 0 to 8192
[  499.118544][ T5787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  499.144682][ T5787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  499.160251][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  499.198057][ T5787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  499.211546][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  499.660180][ T8504] bridge0: port 1(bridge_slave_0) entered blocking state
[  499.671855][ T8504] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.727906][ T8504] bridge_slave_0: entered allmulticast mode
[  499.773490][ T8504] bridge_slave_0: entered promiscuous mode
[  499.850386][ T8504] bridge0: port 2(bridge_slave_1) entered blocking state
[  499.858260][ T8504] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.911039][ T8504] bridge_slave_1: entered allmulticast mode
[  499.939820][ T8504] bridge_slave_1: entered promiscuous mode
[  500.501133][ T8504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  500.634893][ T8504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  500.932001][ T8630] loop3: detected capacity change from 0 to 256
[  501.082775][ T8504] team0: Port device team_slave_0 added
[  501.278677][ T8630] FAT-fs (loop3): Directory bread(block 64) failed
[  501.317910][ T5797] Bluetooth: hci1: command tx timeout
[  501.335251][ T8630] FAT-fs (loop3): Directory bread(block 65) failed
[  501.368577][ T8630] FAT-fs (loop3): Directory bread(block 66) failed
[  501.399130][ T8630] FAT-fs (loop3): Directory bread(block 67) failed
[  501.406004][ T8630] FAT-fs (loop3): Directory bread(block 68) failed
[  501.463225][ T8630] FAT-fs (loop3): Directory bread(block 69) failed
[  501.505893][ T8630] FAT-fs (loop3): Directory bread(block 70) failed
[  501.540200][ T8630] FAT-fs (loop3): Directory bread(block 71) failed
[  501.547078][ T8630] FAT-fs (loop3): Directory bread(block 72) failed
[  501.619081][ T8630] FAT-fs (loop3): Directory bread(block 73) failed
[  502.244978][ T8504] team0: Port device team_slave_1 added
[  502.874314][ T8504] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.881629][ T8504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.908391][ T8504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  503.398460][ T5797] Bluetooth: hci1: command tx timeout
[  504.059083][ T8504] batman_adv: batadv0: Adding interface: batadv_slave_1
[  504.066195][ T8504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  504.092582][ T8504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  504.767811][ T5440] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  505.031264][ T5440] usb 4-1: too many endpoints for config 1 interface 0 altsetting 7: 255, using maximum allowed: 30
[  505.086209][ T5440] usb 4-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 255
[  505.101665][ T5440] usb 4-1: config 1 interface 0 has no altsetting 0
[  505.234339][ T5440] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  505.244133][ T5440] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  505.252463][ T5440] usb 4-1: SerialNumber: syz
[  505.275722][ T8504] hsr_slave_0: entered promiscuous mode
[  505.356346][ T8504] hsr_slave_1: entered promiscuous mode
[  505.399392][ T8504] debugfs: 'hsr0' already exists in 'hsr'
[  505.405296][ T8504] Cannot create hsr debugfs directory
[  505.459000][ T5797] Bluetooth: hci1: command tx timeout
[  505.489912][ T5440] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  505.498208][ T5440] cdc_acm 4-1:1.0: This needs exactly 3 endpoints
[  505.586290][ T5440] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22
[  505.764041][ T5440] usb 4-1: USB disconnect, device number 15
[  505.885345][ T8616] chnl_net:caif_netlink_parms(): no params data found
[  507.508010][ T5787] Bluetooth: hci1: command tx timeout
[  507.963255][ T8616] bridge0: port 1(bridge_slave_0) entered blocking state
[  507.970964][ T8616] bridge0: port 1(bridge_slave_0) entered disabled state
[  508.018265][ T8616] bridge_slave_0: entered allmulticast mode
[  508.062371][ T8616] bridge_slave_0: entered promiscuous mode
[  508.106983][ T8616] bridge0: port 2(bridge_slave_1) entered blocking state
[  508.114868][ T8616] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.168994][ T8616] bridge_slave_1: entered allmulticast mode
[  508.197878][ T8616] bridge_slave_1: entered promiscuous mode
[  508.332859][ T8676] loop3: detected capacity change from 0 to 256
[  508.612211][ T8616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  508.692044][ T5440] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  508.721790][ T8616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  508.843072][ T8504] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  508.883306][ T5440] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.894755][ T5440] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  508.904890][ T5440] usb 2-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  508.914412][ T5440] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.935235][ T8504] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  509.033278][ T8504] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  509.041612][ T5440] usb 2-1: config 0 descriptor??
[  509.150893][ T8504] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  509.399827][ T8616] team0: Port device team_slave_0 added
[  509.545793][ T8616] team0: Port device team_slave_1 added
[  509.596007][ T5440] steelseries 0003:1038:1410.000F: unknown main item tag 0x0
[  509.610155][ T5440] steelseries 0003:1038:1410.000F: collection stack underflow
[  509.620254][ T5440] steelseries 0003:1038:1410.000F: item 0 2 0 12 parsing failed
[  509.874762][ T5440] steelseries 0003:1038:1410.000F: parse failed
[  509.881941][ T5440] steelseries 0003:1038:1410.000F: probe with driver steelseries failed with error -22
[  510.154470][ T5440] usb 2-1: USB disconnect, device number 15
[  510.470018][ T8616] batman_adv: batadv0: Adding interface: batadv_slave_0
[  510.477135][ T8616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  510.503818][ T8616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  510.803941][ T8616] batman_adv: batadv0: Adding interface: batadv_slave_1
[  510.813819][ T8616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  510.840439][ T8616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  511.876389][ T8616] hsr_slave_0: entered promiscuous mode
[  511.925286][ T8616] hsr_slave_1: entered promiscuous mode
[  511.961695][ T8616] debugfs: 'hsr0' already exists in 'hsr'
[  511.967989][ T8616] Cannot create hsr debugfs directory
[  513.256085][ T8504] 8021q: adding VLAN 0 to HW filter on device bond0
[  513.523642][ T8504] 8021q: adding VLAN 0 to HW filter on device team0
[  513.661046][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  513.668614][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  513.870637][ T8616] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  513.936174][ T7832] bridge0: port 2(bridge_slave_1) entered blocking state
[  513.943781][ T7832] bridge0: port 2(bridge_slave_1) entered forwarding state
[  514.004597][ T8616] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  514.056616][ T8616] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  514.128930][ T8616] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  515.574384][ T8616] 8021q: adding VLAN 0 to HW filter on device bond0
[  515.838705][ T8616] 8021q: adding VLAN 0 to HW filter on device team0
[  515.926773][ T3439] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.934531][ T3439] bridge0: port 1(bridge_slave_0) entered forwarding state
[  516.156199][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[  516.163739][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  516.470188][ T8504] 8021q: adding VLAN 0 to HW filter on device batadv0
[  516.650454][ T8746] loop3: detected capacity change from 0 to 256
[  517.275304][ T8746] FAT-fs (loop3): Directory bread(block 64) failed
[  517.282693][ T8746] FAT-fs (loop3): Directory bread(block 65) failed
[  517.290103][ T8746] FAT-fs (loop3): Directory bread(block 66) failed
[  517.296897][ T8746] FAT-fs (loop3): Directory bread(block 67) failed
[  517.304049][ T8746] FAT-fs (loop3): Directory bread(block 68) failed
[  517.310933][ T8746] FAT-fs (loop3): Directory bread(block 69) failed
[  517.318370][ T8746] FAT-fs (loop3): Directory bread(block 70) failed
[  517.325210][ T8746] FAT-fs (loop3): Directory bread(block 71) failed
[  517.332512][ T8746] FAT-fs (loop3): Directory bread(block 72) failed
[  517.339588][ T8746] FAT-fs (loop3): Directory bread(block 73) failed
[  521.717739][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  521.943347][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  521.954708][   T24] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  521.964144][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.223225][   T24] usb 2-1: config 0 descriptor??
[  522.788876][   T24] keytouch 0003:0926:3333.0010: fixing up Keytouch IEC report descriptor
[  522.811269][ T8777] fuse: Bad value for 'fd'
[  522.969380][   T24] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0010/input/input19
[  523.346172][ T8504] veth0_vlan: entered promiscuous mode
[  523.404968][   T24] keytouch 0003:0926:3333.0010: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  523.750072][ T8504] veth1_vlan: entered promiscuous mode
[  523.768596][   T24] usb 2-1: USB disconnect, device number 16
[  524.356049][ T8781] fido_id[8781]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  524.406090][ T8504] veth0_macvtap: entered promiscuous mode
[  524.654959][ T8504] veth1_macvtap: entered promiscuous mode
[  524.848798][ T8616] 8021q: adding VLAN 0 to HW filter on device batadv0
[  525.065177][ T8504] batman_adv: batadv0: Interface activated: batadv_slave_0
[  525.203488][ T8504] batman_adv: batadv0: Interface activated: batadv_slave_1
[  525.323222][ T6604] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  525.358817][ T6604] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  525.392497][ T6604] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  525.433197][ T6604] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  528.033095][ T8818] loop1: detected capacity change from 0 to 512
[  528.183022][ T8616] veth0_vlan: entered promiscuous mode
[  528.310130][ T8818] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  528.379238][ T8818] ext4 filesystem being mounted at /195/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  528.411326][ T8616] veth1_vlan: entered promiscuous mode
[  528.936082][ T8616] veth0_macvtap: entered promiscuous mode
[  529.940279][ T8616] veth1_macvtap: entered promiscuous mode
[  530.552097][ T8616] batman_adv: batadv0: Interface activated: batadv_slave_0
[  530.770686][ T8616] batman_adv: batadv0: Interface activated: batadv_slave_1
[  531.172442][ T6604] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  531.189585][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.303328][ T6604] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  531.358706][ T6604] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  531.389089][   T63] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  531.697184][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  531.706284][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  535.221113][ T8875] loop1: detected capacity change from 0 to 128
[  535.398198][ T8875] EXT4-fs (loop1): Test dummy encryption mode enabled
[  535.588597][ T8875] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  535.713951][ T8875] ext4 filesystem being mounted at /199/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  539.181355][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  542.060664][ T8925] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  542.073282][ T8925] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  542.085358][ T8925] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  542.139721][ T8925] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  542.153713][ T8925] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  542.808332][ T8933] loop1: detected capacity change from 0 to 512
[  542.820830][ T8933] EXT4-fs: Ignoring removed nobh option
[  542.971332][ T8933] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e118, mo2=0002]
[  542.980682][ T8933] System zones: 1-12
[  542.986776][ T8933] EXT4-fs (loop1): orphan cleanup on readonly fs
[  543.015944][ T8933] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  543.031173][ T8933] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #15: comm syz.1.850: corrupted inode contents
[  543.066297][ T8933] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #15: comm syz.1.850: mark_inode_dirty error
[  543.098139][ T8933] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #15: comm syz.1.850: corrupted inode contents
[  543.142884][ T8933] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3001: inode #15: comm syz.1.850: mark_inode_dirty error
[  543.161170][ T8933] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3004: inode #15: comm syz.1.850: mark inode dirty (error -117)
[  543.183532][ T8933] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -117)
[  543.199095][ T8933] EXT4-fs (loop1): 1 orphan inode deleted
[  543.216388][ T8933] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  544.229691][ T8925] Bluetooth: hci4: command tx timeout
[  544.900380][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.092640][ T8939] loop3: detected capacity change from 0 to 4096
[  545.163333][ T8939] EXT4-fs: Ignoring removed mblk_io_submit option
[  545.362045][ T8939] EXT4-fs (loop3): Test dummy encryption mode enabled
[  545.502409][ T8939] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  545.955746][ T8185] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.061293][ T8923] chnl_net:caif_netlink_parms(): no params data found
[  546.243588][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  546.310240][ T8925] Bluetooth: hci4: command tx timeout
[  546.339073][ T8185] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.616159][ T8185] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.901344][ T8185] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  547.526047][ T8968] bridge0: port 2(bridge_slave_1) entered disabled state
[  547.534653][ T8968] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.078600][ T8968] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  548.184958][ T8968] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  548.389702][ T8925] Bluetooth: hci4: command tx timeout
[  548.743896][ T1130] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  548.836286][ T1130] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  548.966469][ T1130] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  549.080139][ T1130] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  549.110060][ T3439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.118445][ T3439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.480537][ T8185] bridge_slave_1: left allmulticast mode
[  549.486389][ T8185] bridge_slave_1: left promiscuous mode
[  549.493536][ T8185] bridge0: port 2(bridge_slave_1) entered disabled state
[  549.510914][ T8185] bridge_slave_0: left allmulticast mode
[  549.516869][ T8185] bridge_slave_0: left promiscuous mode
[  549.527185][ T8185] bridge0: port 1(bridge_slave_0) entered disabled state
[  550.138998][ T8185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  550.163353][ T8185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  550.188390][ T8185] bond0 (unregistering): Released all slaves
[  550.218155][ T1130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  550.226158][ T1130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  550.468063][ T8925] Bluetooth: hci4: command tx timeout
[  550.605841][ T8185] hsr_slave_0: left promiscuous mode
[  550.628395][ T8185] hsr_slave_1: left promiscuous mode
[  550.649360][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  550.657031][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_0
[  550.683403][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  550.691411][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_1
[  550.767801][ T8185] veth1_macvtap: left promiscuous mode
[  550.773526][ T8185] veth0_macvtap: left promiscuous mode
[  551.730934][ T8185] veth1_vlan: left promiscuous mode
[  551.736475][ T8185] veth0_vlan: left promiscuous mode
[  551.948068][    T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  552.168006][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  552.178383][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  552.259141][    T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  552.268733][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  552.276932][    T9] usb 4-1: SerialNumber: syz
[  552.625668][    T9] usb 4-1: 0:2 : does not exist
[  552.818608][    T9] usb 4-1: USB disconnect, device number 16
[  553.154303][ T8951] udevd[8951]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  553.711215][ T9002] loop1: detected capacity change from 0 to 512
[  553.780400][ T9002] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  553.891803][ T9002] EXT4-fs (loop1): 1 truncate cleaned up
[  553.949311][ T9002] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  555.390486][ T9002] EXT4-fs (loop1): shut down requested (2)
[  555.444021][ T9002] overlayfs: failed to get metacopy (-5)
[  556.302970][ T8185] team0 (unregistering): Port device team_slave_1 removed
[  556.332849][ T8185] team0 (unregistering): Port device team_slave_0 removed
[  557.126646][ T8923] bridge0: port 1(bridge_slave_0) entered blocking state
[  557.135277][ T8923] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.143883][ T8923] bridge_slave_0: entered allmulticast mode
[  557.153229][ T8923] bridge_slave_0: entered promiscuous mode
[  557.522228][ T8923] bridge0: port 2(bridge_slave_1) entered blocking state
[  557.532254][ T8923] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.588125][ T8923] bridge_slave_1: entered allmulticast mode
[  557.615233][ T8923] bridge_slave_1: entered promiscuous mode
[  557.864335][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  558.247621][ T8923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  558.284522][ T8923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  558.480887][ T8923] team0: Port device team_slave_0 added
[  558.526358][ T8923] team0: Port device team_slave_1 added
[  558.699585][ T8923] batman_adv: batadv0: Adding interface: batadv_slave_0
[  558.706822][ T8923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  558.733539][ T8923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  558.851748][ T8923] batman_adv: batadv0: Adding interface: batadv_slave_1
[  558.859647][ T8923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  558.889111][ T8923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  559.240943][ T8923] hsr_slave_0: entered promiscuous mode
[  559.260861][ T8923] hsr_slave_1: entered promiscuous mode
[  559.289642][ T8923] debugfs: 'hsr0' already exists in 'hsr'
[  559.295553][ T8923] Cannot create hsr debugfs directory
[  560.912041][ T9057] netlink: 104 bytes leftover after parsing attributes in process `syz.3.878'.
[  561.358991][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  561.390164][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  561.409515][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  561.430045][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  561.446512][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  561.499320][ T9063] fuse: Bad value for 'fd'
[  561.613635][ T8923] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  561.698501][ T8923] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  561.778362][ T8923] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  561.869680][ T8923] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  562.367980][ T5843] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  562.547893][ T5843] usb 9-1: Using ep0 maxpacket: 16
[  562.562505][ T5843] usb 9-1: config 1 has an invalid interface number: 105 but max is 0
[  562.571892][ T5843] usb 9-1: config 1 has no interface number 0
[  562.599025][ T5843] usb 9-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  562.609487][ T5843] usb 9-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  562.620009][ T5843] usb 9-1: config 1 interface 105 has no altsetting 0
[  562.634934][ T5843] usb 9-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  562.644970][ T5843] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.653245][ T5843] usb 9-1: Product: syz
[  562.657777][ T5843] usb 9-1: Manufacturer: syz
[  562.663343][ T5843] usb 9-1: SerialNumber: syz
[  562.704715][ T9073] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  562.718384][ T9073] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  563.229251][ T9073] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  563.286755][ T9073] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  563.513486][ T5787] Bluetooth: hci2: command tx timeout
[  563.757490][ T8923] 8021q: adding VLAN 0 to HW filter on device bond0
[  564.042728][ T8923] 8021q: adding VLAN 0 to HW filter on device team0
[  564.189868][ T8185] bridge0: port 1(bridge_slave_0) entered blocking state
[  564.197638][ T8185] bridge0: port 1(bridge_slave_0) entered forwarding state
[  564.245979][ T5843] aqc111 9-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  564.415035][ T9060] chnl_net:caif_netlink_parms(): no params data found
[  564.549995][ T5843] aqc111 9-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  564.864875][ T6606] bridge0: port 2(bridge_slave_1) entered blocking state
[  564.872574][ T6606] bridge0: port 2(bridge_slave_1) entered forwarding state
[  564.998683][ T5843] aqc111 9-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.8-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 72:b0:41:b8:df:f2
[  565.066227][ T5843] usb 9-1: USB disconnect, device number 2
[  565.109843][ T5843] aqc111 9-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.8-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  565.369086][ T5843] aqc111 9-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  565.417893][ T5843] aqc111 9-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  565.468069][ T5843] aqc111 9-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  565.589663][ T5787] Bluetooth: hci2: command tx timeout
[  566.500555][ T9106] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  566.678177][ T9060] bridge0: port 1(bridge_slave_0) entered blocking state
[  566.685755][ T9060] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.728096][ T9060] bridge_slave_0: entered allmulticast mode
[  566.758588][ T9060] bridge_slave_0: entered promiscuous mode
[  566.792609][ T9060] bridge0: port 2(bridge_slave_1) entered blocking state
[  566.800330][ T9060] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.829546][ T9060] bridge_slave_1: entered allmulticast mode
[  566.850131][ T9060] bridge_slave_1: entered promiscuous mode
[  567.142475][ T9060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  567.234558][ T9060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  567.459729][ T9060] team0: Port device team_slave_0 added
[  567.490780][ T9060] team0: Port device team_slave_1 added
[  567.669661][ T5787] Bluetooth: hci2: command tx timeout
[  567.734986][ T9060] batman_adv: batadv0: Adding interface: batadv_slave_0
[  567.742804][ T9060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  567.769219][ T9060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  567.855036][ T9060] batman_adv: batadv0: Adding interface: batadv_slave_1
[  567.862401][ T9060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  567.889651][ T9060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  568.473070][ T9060] hsr_slave_0: entered promiscuous mode
[  568.510909][ T9060] hsr_slave_1: entered promiscuous mode
[  568.564570][ T9060] debugfs: 'hsr0' already exists in 'hsr'
[  568.570836][ T9060] Cannot create hsr debugfs directory
[  568.702109][ T8923] 8021q: adding VLAN 0 to HW filter on device batadv0
[  569.918595][ T5787] Bluetooth: hci2: command tx timeout
[  573.266018][   T30] audit: type=1326 audit(1770460233.865:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7901b9aeb9 code=0x7ffc0000
[  573.519047][   T30] audit: type=1326 audit(1770460233.945:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f7901b9aeb9 code=0x7ffc0000
[  573.541672][   T30] audit: type=1326 audit(1770460233.945:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7901b9aeb9 code=0x7ffc0000
[  573.564420][   T30] audit: type=1326 audit(1770460233.955:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7901b5b78e code=0x7ffc0000
[  573.586881][   T30] audit: type=1326 audit(1770460233.955:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7901b9aeb9 code=0x7ffc0000
[  573.609449][   T30] audit: type=1326 audit(1770460233.995:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7901b5b78e code=0x7ffc0000
[  573.632612][   T30] audit: type=1326 audit(1770460233.995:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7901b9aeb9 code=0x7ffc0000
[  573.655359][   T30] audit: type=1326 audit(1770460234.045:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7901b9ab4b code=0x7ffc0000
[  573.677934][   T30] audit: type=1326 audit(1770460234.045:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7901b9aeb9 code=0x7ffc0000
[  573.700486][   T30] audit: type=1326 audit(1770460234.045:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.5.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7901b9ab4b code=0x7ffc0000
[  574.632380][ T9060] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  574.865610][ T9060] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  575.160867][ T9060] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  575.342622][ T9060] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  576.876585][ T8923] veth0_vlan: entered promiscuous mode
[  577.110571][ T8923] veth1_vlan: entered promiscuous mode
[  578.014597][ T9171] loop8: detected capacity change from 0 to 128
[  580.059332][ T8923] veth0_macvtap: entered promiscuous mode
[  580.176977][ T9060] 8021q: adding VLAN 0 to HW filter on device bond0
[  580.226024][ T8923] veth1_macvtap: entered promiscuous mode
[  580.477002][ T9060] 8021q: adding VLAN 0 to HW filter on device team0
[  580.541605][ T8923] batman_adv: batadv0: Interface activated: batadv_slave_0
[  580.656437][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  580.664038][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  580.805746][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  580.813597][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  580.922320][ T8923] batman_adv: batadv0: Interface activated: batadv_slave_1
[  581.156732][ T8185] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  581.218837][   T54] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  581.295264][   T54] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  581.455029][   T63] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  582.784353][ T9208] loop3: detected capacity change from 0 to 512
[  582.970464][ T9208] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  583.078080][ T9208] ext4 filesystem being mounted at /201/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  583.257863][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  583.257940][   T30] audit: type=1800 audit(1770460243.855:106): pid=9208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.914" name="file1" dev="loop3" ino=15 res=0 errno=0
[  583.505031][   T30] audit: type=1804 audit(1770460243.945:107): pid=9208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.914" name="/newroot/201/file2/file1" dev="loop3" ino=15 res=1 errno=0
[  583.527451][   T30] audit: type=1800 audit(1770460243.945:108): pid=9208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.914" name="file1" dev="loop3" ino=15 res=0 errno=0
[  583.904115][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.362371][ T9060] 8021q: adding VLAN 0 to HW filter on device batadv0
[  586.096524][ T9260] netlink: 8 bytes leftover after parsing attributes in process `syz.5.925'.
[  587.357316][ T9060] veth0_vlan: entered promiscuous mode
[  587.471685][ T9060] veth1_vlan: entered promiscuous mode
[  587.836865][ T9060] veth0_macvtap: entered promiscuous mode
[  587.940688][ T9060] veth1_macvtap: entered promiscuous mode
[  588.226828][ T9060] batman_adv: batadv0: Interface activated: batadv_slave_0
[  588.327993][ T9060] batman_adv: batadv0: Interface activated: batadv_slave_1
[  588.419261][   T12] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  588.451659][   T12] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  588.533123][   T12] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  588.647716][   T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  589.130458][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.140025][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.381688][ T8185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.391706][ T8185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.918139][ T9311] 9p: Bad value for 'rfdno'
[  591.018753][ T9314] netlink: 'syz.8.932': attribute type 4 has an invalid length.
[  591.136837][ T9316] netlink: 'syz.8.932': attribute type 4 has an invalid length.
[  591.839456][ T9314] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.848855][ T9314] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.301942][ T9314] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  592.371530][ T9314] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  593.035845][ T8185] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  593.094364][   T54] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  593.170291][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  593.177856][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  593.208690][   T54] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  593.227992][   T54] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  599.645391][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  599.653746][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.356793][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.364957][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.826498][ T9386] loop3: detected capacity change from 0 to 256
[  600.906342][ T9386] exfat: Deprecated parameter 'utf8'
[  600.984098][ T9386] exfat: Deprecated parameter 'namecase'
[  601.142297][ T9386] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  601.741324][ T9395] loop9: detected capacity change from 0 to 256
[  602.186282][ T9395] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  609.756111][ T9456] loop9: detected capacity change from 0 to 16
[  609.798647][ T9456] erofs (device loop9): mounted with root inode @ nid 36.
[  611.567196][ T9469] loop9: detected capacity change from 0 to 256
[  611.806671][ T9470] vlan2: entered promiscuous mode
[  611.812468][ T9470] ip6gretap0: entered promiscuous mode
[  611.892182][ T9469] exFAT-fs (loop9): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d)
[  615.405427][ T9490] loop9: detected capacity change from 0 to 512
[  615.418261][ T9490] EXT4-fs: Ignoring removed nobh option
[  618.282280][ T9490] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e118, mo2=0002]
[  618.293678][ T9490] System zones: 1-12
[  618.298684][ T9490] EXT4-fs (loop9): orphan cleanup on readonly fs
[  618.310568][ T9490] EXT4-fs error (device loop9): ext4_do_update_inode:5617: inode #15: comm syz.9.984: corrupted inode contents
[  618.324714][ T9490] EXT4-fs error (device loop9): ext4_dirty_inode:6502: inode #15: comm syz.9.984: mark_inode_dirty error
[  618.337477][ T9490] EXT4-fs error (device loop9): ext4_do_update_inode:5617: inode #15: comm syz.9.984: corrupted inode contents
[  618.390996][ T9490] EXT4-fs error (device loop9): ext4_xattr_delete_inode:3001: inode #15: comm syz.9.984: mark_inode_dirty error
[  618.410038][ T9490] EXT4-fs error (device loop9): ext4_xattr_delete_inode:3004: inode #15: comm syz.9.984: mark inode dirty (error -117)
[  618.428202][ T9490] EXT4-fs warning (device loop9): ext4_evict_inode:273: xattr delete (err -117)
[  618.437709][ T9490] EXT4-fs (loop9): 1 orphan inode deleted
[  618.445455][ T9490] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  618.753775][ T9060] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  625.123042][ T9527] loop3: detected capacity change from 0 to 512
[  625.136656][ T9527] EXT4-fs: Ignoring removed nobh option
[  625.907577][ T8925] Bluetooth: hci1: command 0x0406 tx timeout
[  625.999271][ T9527] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e118, mo2=0002]
[  626.007841][ T9527] System zones: 1-12
[  626.013884][ T9527] EXT4-fs (loop3): orphan cleanup on readonly fs
[  626.060113][ T9527] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.997: corrupted inode contents
[  626.102531][ T9527] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #15: comm syz.3.997: mark_inode_dirty error
[  626.134741][ T9527] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.997: corrupted inode contents
[  626.156558][ T9527] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3001: inode #15: comm syz.3.997: mark_inode_dirty error
[  626.173442][ T9527] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3004: inode #15: comm syz.3.997: mark inode dirty (error -117)
[  626.193028][ T9527] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -117)
[  626.202917][ T9527] EXT4-fs (loop3): 1 orphan inode deleted
[  626.217518][ T9527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  627.416270][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  627.493301][ T9532] loop7: detected capacity change from 0 to 512
[  627.566225][ T9532] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  627.716110][ T9532] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  627.820818][ T9532] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 3: comm syz.7.999: path (unknown): bad entry in directory: directory entry overrun - offset=12, inode=514, rec_len=2048, size=2048 fake=0
[  627.937825][ T9532] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 12: comm syz.7.999: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0
[  628.046763][ T9532] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 13: comm syz.7.999: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=3653246737, rec_len=65536, size=2048 fake=0
[  628.431108][ T8923] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  628.495274][ T8923] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  628.822611][ T9550] loop3: detected capacity change from 0 to 512
[  628.886677][ T9550] EXT4-fs (loop3): blocks per group (255) and clusters per group (8192) inconsistent
[  629.602761][ T9560] loop7: detected capacity change from 0 to 512
[  629.627765][ T9560] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  629.710964][ T9563] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  631.721573][ T9560] EXT4-fs (loop7): 1 truncate cleaned up
[  632.028823][ T9560] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  633.621084][   T30] audit: type=1800 audit(1770460294.225:109): pid=9560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.1010" name="file1" dev="overlay" ino=15 res=0 errno=0
[  635.745420][ T8923] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  635.774034][ T6606] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  635.962237][ T6606] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.143660][ T6606] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.314748][ T6606] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.767971][ T6606] bridge_slave_1: left allmulticast mode
[  636.773814][ T6606] bridge_slave_1: left promiscuous mode
[  636.780615][ T6606] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.825346][ T6606] bridge_slave_0: left allmulticast mode
[  636.831405][ T6606] bridge_slave_0: left promiscuous mode
[  636.838515][ T6606] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.298370][ T6606] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.336208][ T6606] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  637.381494][ T6606] bond0 (unregistering): Released all slaves
[  638.305153][ T6606] hsr_slave_0: left promiscuous mode
[  638.350902][ T6606] hsr_slave_1: left promiscuous mode
[  638.385802][ T6606] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  638.396177][ T6606] batman_adv: batadv0: Removing interface: batadv_slave_0
[  638.472333][ T6606] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  638.480077][ T6606] batman_adv: batadv0: Removing interface: batadv_slave_1
[  638.483260][ T5787] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  638.509740][ T5787] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  638.521518][ T5787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  638.537994][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  638.572139][ T5787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  638.600448][ T6606] veth1_macvtap: left promiscuous mode
[  638.606160][ T6606] veth0_macvtap: left promiscuous mode
[  638.614189][ T6606] veth1_vlan: left promiscuous mode
[  638.640112][ T6606] veth0_vlan: left promiscuous mode
[  640.399582][ T6606] team0 (unregistering): Port device team_slave_1 removed
[  640.526967][ T6606] team0 (unregistering): Port device team_slave_0 removed
[  640.634619][ T5787] Bluetooth: hci3: command tx timeout
[  641.300616][ T9660] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  642.708983][ T5787] Bluetooth: hci3: command tx timeout
[  643.299868][ T9624] chnl_net:caif_netlink_parms(): no params data found
[  643.311119][ T9693] kvm: kvm [9692]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0xffffffff
[  643.479423][ T9693] kvm: kvm [9692]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0xbffffffffffffffd
[  643.618154][ T9695] kvm: kvm [9692]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x400003
[  644.787554][ T5787] Bluetooth: hci3: command tx timeout
[  644.955075][ T9624] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.963065][ T9624] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.022135][ T9624] bridge_slave_0: entered allmulticast mode
[  645.054504][ T9624] bridge_slave_0: entered promiscuous mode
[  645.136289][ T9624] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.144415][ T9624] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.178215][ T9624] bridge_slave_1: entered allmulticast mode
[  645.205496][ T9624] bridge_slave_1: entered promiscuous mode
[  645.547148][ T9624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  645.663757][ T9624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  646.017130][ T9624] team0: Port device team_slave_0 added
[  646.071859][ T9624] team0: Port device team_slave_1 added
[  646.381912][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_0
[  646.389442][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  646.418684][ T9624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  646.635252][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_1
[  646.642486][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  646.669113][ T9624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  646.868338][ T5787] Bluetooth: hci3: command tx timeout
[  647.249026][ T9624] hsr_slave_0: entered promiscuous mode
[  647.264626][ T9624] hsr_slave_1: entered promiscuous mode
[  647.299361][ T9624] debugfs: 'hsr0' already exists in 'hsr'
[  647.305402][ T9624] Cannot create hsr debugfs directory
[  648.729953][ T9796] syzkaller0: entered promiscuous mode
[  648.735635][ T9796] syzkaller0: entered allmulticast mode
[  648.853462][ T9791] fuse: Unknown parameter '€'
[  648.969978][ T9787] tipc: Started in network mode
[  648.975129][ T9787] tipc: Node identity f6a5a00ee561, cluster identity 4711
[  648.983598][ T9787] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  649.263072][ T9784] tipc: Resetting bearer <eth:syzkaller0>
[  649.330375][ T9784] tipc: Disabling bearer <eth:syzkaller0>
[  649.964937][ T9624] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  650.080304][ T9624] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  650.174289][ T9624] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  650.287478][ T9624] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  651.552746][ T9624] 8021q: adding VLAN 0 to HW filter on device bond0
[  651.722308][ T9850] syzkaller0: entered promiscuous mode
[  651.728899][ T9850] syzkaller0: entered allmulticast mode
[  651.923254][ T9852] fuse: Unknown parameter '€'
[  651.930459][ T9624] 8021q: adding VLAN 0 to HW filter on device team0
[  651.951028][ T9850] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  652.071204][ T5909] bridge0: port 1(bridge_slave_0) entered blocking state
[  652.078805][ T5909] bridge0: port 1(bridge_slave_0) entered forwarding state
[  652.146007][ T5909] bridge0: port 2(bridge_slave_1) entered blocking state
[  652.153566][ T5909] bridge0: port 2(bridge_slave_1) entered forwarding state
[  652.246240][ T9849] tipc: Resetting bearer <eth:syzkaller0>
[  652.295870][ T9849] tipc: Disabling bearer <eth:syzkaller0>
[  653.229679][ T9878] kvm: faulting far call emulation tainted memory
[  654.571919][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  654.578960][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  654.637905][ T9624] 8021q: adding VLAN 0 to HW filter on device batadv0
[  655.034314][ T9909] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  655.100414][ T9912] fuse: Unknown parameter '€'
[  655.298032][ T9624] veth0_vlan: entered promiscuous mode
[  655.471560][ T9624] veth1_vlan: entered promiscuous mode
[  655.893729][ T9624] veth0_macvtap: entered promiscuous mode
[  655.994733][ T9624] veth1_macvtap: entered promiscuous mode
[  656.272387][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_0
[  656.449107][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_1
[  656.607814][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  656.734561][ T6604] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  656.777661][ T6604] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  656.790114][ T7832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  657.490265][ T9953] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  657.908403][ T9961] delete_channel: no stack
[  657.913246][ T9961] delete_channel: no stack
[  657.971546][ T9963] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1140'.
[  658.073675][ T9961] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1140'.
[  658.359490][ T9971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1142'.
[  658.990964][ T9985] netlink: 9275 bytes leftover after parsing attributes in process `syz.5.1147'.
[  661.179076][T10019] netlink: 'syz.9.1157': attribute type 46 has an invalid length.
[  663.815622][T10059] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1168'.
[  664.419139][ T6604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  664.427144][ T6604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  664.776642][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  664.785030][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.228880][T10082] tipc: Started in network mode
[  665.234014][T10082] tipc: Node identity 369bfe303e28, cluster identity 4711
[  665.242330][T10082] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  665.352097][T10082] fuse: Unknown parameter '€'
[  666.229537][T10104] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  666.592129][   T10] tipc: Node number set to 146013744
[  667.902600][T10136] kvm: pic: single mode not supported
[  667.904111][T10136] kvm: pic: single mode not supported
[  668.011801][T10136] kvm: pic: single mode not supported
[  668.076511][T10136] kvm: pic: single mode not supported
[  668.082418][T10136] kvm: pic: level sensitive irq not supported
[  668.219386][T10136] kvm: pic: level sensitive irq not supported
[  668.358464][T10136] kvm: pic: single mode not supported
[  668.365351][T10136] kvm: pic: single mode not supported
[  673.035125][T10265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1205'.
[  673.105812][T10267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1205'.
[  676.134726][T10309] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1224'.
[  676.228252][T10309] netlink: 'syz.5.1224': attribute type 1 has an invalid length.
[  676.236336][T10309] netlink: 212400 bytes leftover after parsing attributes in process `syz.5.1224'.
[  677.800476][T10335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1229'.
[  677.818775][T10335] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1229'.
[  683.171678][T10391] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1253'.
[  683.193131][T10391] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1253'.
[  684.761551][T10396] warning: `syz.3.1255' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  685.569270][T10413] loop3: detected capacity change from 0 to 512
[  685.581674][T10413] EXT4-fs: Ignoring removed nobh option
[  685.638236][T10413] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e118, mo2=0002]
[  685.649238][T10413] System zones: 1-12
[  685.655840][T10413] EXT4-fs (loop3): orphan cleanup on readonly fs
[  685.721374][T10413] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.1260: corrupted inode contents
[  685.762108][T10413] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #15: comm syz.3.1260: mark_inode_dirty error
[  685.799482][T10413] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.1260: corrupted inode contents
[  685.831963][T10413] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3001: inode #15: comm syz.3.1260: mark_inode_dirty error
[  685.882853][T10413] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3004: inode #15: comm syz.3.1260: mark inode dirty (error -117)
[  685.910469][T10413] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -117)
[  685.920432][T10413] EXT4-fs (loop3): 1 orphan inode deleted
[  685.934768][T10413] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  686.559325][T10418] IPv6: NLM_F_CREATE should be specified when creating new route
[  687.348365][ T8925] Bluetooth: hci2: command 0x0406 tx timeout
[  687.509165][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  688.263041][T10436] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1266'.
[  693.225364][T10457] macvtap1: entered promiscuous mode
[  693.231115][T10457] macvtap1: entered allmulticast mode
[  693.240059][T10457] dummy0: entered promiscuous mode
[  693.245501][T10457] dummy0: entered allmulticast mode
[  693.259650][T10457] team0: Device macvtap1 failed to register rx_handler
[  693.288397][T10457] dummy0: left allmulticast mode
[  693.294770][T10457] dummy0: left promiscuous mode
[  693.966167][T10454] loop9: detected capacity change from 0 to 2048
[  694.044775][T10454] EXT4-fs: Ignoring removed bh option
[  694.168433][T10454] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  697.239974][ T9060] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  698.999573][T10487] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1281'.
[  708.421529][T10531] loop3: detected capacity change from 0 to 8192
[  709.727669][T10535] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1295'.
[  716.082273][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  716.089323][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  716.852106][T10567] loop2: detected capacity change from 0 to 256
[  716.963307][T10567] FAT-fs (loop2): Directory bread(block 64) failed
[  716.970261][T10567] FAT-fs (loop2): Directory bread(block 65) failed
[  716.976978][T10567] FAT-fs (loop2): Directory bread(block 66) failed
[  716.985244][T10567] FAT-fs (loop2): Directory bread(block 67) failed
[  716.992138][T10567] FAT-fs (loop2): Directory bread(block 68) failed
[  716.998809][T10567] FAT-fs (loop2): Directory bread(block 69) failed
[  717.005504][T10567] FAT-fs (loop2): Directory bread(block 70) failed
[  717.012211][T10567] FAT-fs (loop2): Directory bread(block 71) failed
[  717.018959][T10567] FAT-fs (loop2): Directory bread(block 72) failed
[  717.025549][T10567] FAT-fs (loop2): Directory bread(block 73) failed
[  717.444692][T10572] loop9: detected capacity change from 0 to 512
[  717.458276][T10572] EXT4-fs: Ignoring removed nobh option
[  718.545889][T10572] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e118, mo2=0002]
[  718.556915][T10572] System zones: 1-12
[  718.564095][T10572] EXT4-fs (loop9): orphan cleanup on readonly fs
[  719.312088][T10572] EXT4-fs error (device loop9): ext4_do_update_inode:5617: inode #15: comm syz.9.1308: corrupted inode contents
[  720.313308][T10572] EXT4-fs error (device loop9): ext4_dirty_inode:6502: inode #15: comm syz.9.1308: mark_inode_dirty error
[  720.332824][T10572] EXT4-fs error (device loop9): ext4_do_update_inode:5617: inode #15: comm syz.9.1308: corrupted inode contents
[  720.353227][T10572] EXT4-fs error (device loop9): ext4_xattr_delete_inode:3001: inode #15: comm syz.9.1308: mark_inode_dirty error
[  720.379307][T10572] EXT4-fs error (device loop9): ext4_xattr_delete_inode:3004: inode #15: comm syz.9.1308: mark inode dirty (error -117)
[  720.402898][T10572] EXT4-fs warning (device loop9): ext4_evict_inode:273: xattr delete (err -117)
[  720.413111][T10572] EXT4-fs (loop9): 1 orphan inode deleted
[  720.421221][T10572] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  720.673274][T10577] loop3: detected capacity change from 0 to 8
[  720.711818][ T9060] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  720.812550][T10577] squashfs: Unknown parameter ''
[  721.173269][T10577] loop3: detected capacity change from 0 to 2048
[  721.226524][T10584] loop9: detected capacity change from 0 to 16
[  721.291686][T10584] erofs (device loop9): mounted with root inode @ nid 36.
[  721.357662][T10577] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  721.477061][   T30] audit: type=1800 audit(1770460382.085:110): pid=10577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1310" name="file1" dev="loop3" ino=1346 res=0 errno=0
[  721.577587][   T30] audit: type=1800 audit(1770460382.165:111): pid=10577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1310" name="file3" dev="loop3" ino=1347 res=0 errno=0
[  721.611220][T10577] ntfs3(nbd3): try to read out of volume at offset 0x0
[  721.691260][T10594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1310'.
[  724.853694][T10617] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1323'.
[  724.942410][T10617] netlink: 'syz.9.1323': attribute type 1 has an invalid length.
[  724.950674][T10617] netlink: 212400 bytes leftover after parsing attributes in process `syz.9.1323'.
[  725.113103][   T30] audit: type=1800 audit(1770460385.715:112): pid=10622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1325" name="nullb0" dev="tmpfs" ino=1449 res=0 errno=0
[  725.385140][T10626] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  725.400371][T10629] loop2: detected capacity change from 0 to 256
[  725.459107][T10629] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  725.525870][T10629] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  725.535976][T10629] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  725.543987][T10629] UDF-fs: Scanning with blocksize 512 failed
[  725.676512][T10629] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  725.817648][T10629] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  728.109667][ T9624] INFO: The task syz-executor:9624 has been waiting for writeback completion for more than 1 seconds.
[  730.356545][T10653] netlink: 128 bytes leftover after parsing attributes in process `syz.8.1333'.
[  730.377692][T10653] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  730.688549][T10658] loop3: detected capacity change from 0 to 256
[  730.856140][T10658] FAT-fs (loop3): Directory bread(block 64) failed
[  730.862997][T10658] FAT-fs (loop3): Directory bread(block 65) failed
[  730.871942][T10658] FAT-fs (loop3): Directory bread(block 66) failed
[  730.878816][T10658] FAT-fs (loop3): Directory bread(block 67) failed
[  730.885554][T10658] FAT-fs (loop3): Directory bread(block 68) failed
[  730.892323][T10658] FAT-fs (loop3): Directory bread(block 69) failed
[  730.899210][T10658] FAT-fs (loop3): Directory bread(block 70) failed
[  730.907670][T10658] FAT-fs (loop3): Directory bread(block 71) failed
[  730.914464][T10658] FAT-fs (loop3): Directory bread(block 72) failed
[  730.921182][T10658] FAT-fs (loop3): Directory bread(block 73) failed
[  732.001298][T10671] netlink: 'syz.2.1338': attribute type 1 has an invalid length.
[  732.009776][T10671] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1338'.
[  741.354581][T10687] loop2: detected capacity change from 0 to 2048
[  741.483200][T10687] EXT4-fs: Ignoring removed bh option
[  741.801164][T10687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  744.715784][ T6604] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  744.918318][ T6604] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  744.931002][ T6604] EXT4-fs (loop2): This should not happen!! Data will be lost
[  744.931002][ T6604] 
[  744.942650][ T6604] EXT4-fs (loop2): Total free blocks count 0
[  744.949455][ T6604] EXT4-fs (loop2): Free/Dirty block details
[  744.955509][ T6604] EXT4-fs (loop2): free_blocks=2415919104
[  744.961794][ T6604] EXT4-fs (loop2): dirty_blocks=16
[  744.967071][ T6604] EXT4-fs (loop2): Block reservation details
[  744.973424][ T6604] EXT4-fs (loop2): i_reserved_data_blocks=1
[  753.696589][ T9624] INFO: The task syz-executor:9624 has been waiting for writeback completion for more than 8 seconds.
[  753.765518][ T9624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  754.581162][ T8925] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  754.594281][ T8925] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  754.614767][ T8925] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  754.637010][ T8925] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  754.667626][ T8925] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  756.829680][ T8925] Bluetooth: hci4: command tx timeout
[  758.867631][ T8925] Bluetooth: hci4: command tx timeout
[  760.291627][T10760] loop3: detected capacity change from 0 to 256
[  760.568771][T10760] FAT-fs (loop3): Directory bread(block 64) failed
[  760.575488][T10760] FAT-fs (loop3): Directory bread(block 65) failed
[  760.582528][T10760] FAT-fs (loop3): Directory bread(block 66) failed
[  760.590929][T10760] FAT-fs (loop3): Directory bread(block 67) failed
[  760.597846][T10760] FAT-fs (loop3): Directory bread(block 68) failed
[  760.605692][T10760] FAT-fs (loop3): Directory bread(block 69) failed
[  760.612503][T10760] FAT-fs (loop3): Directory bread(block 70) failed
[  760.619185][T10760] FAT-fs (loop3): Directory bread(block 71) failed
[  760.625934][T10760] FAT-fs (loop3): Directory bread(block 72) failed
[  760.632699][T10760] FAT-fs (loop3): Directory bread(block 73) failed
[  760.947834][ T8925] Bluetooth: hci4: command tx timeout
[  763.027506][ T5787] Bluetooth: hci4: command tx timeout
[  763.488795][T10720] chnl_net:caif_netlink_parms(): no params data found
[  764.237536][ T8925] Bluetooth: hci3: command 0x0406 tx timeout
[  766.695239][T10803] syz.3.1371 uses obsolete (PF_INET,SOCK_PACKET)
[  769.770808][T10812] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1374'.
[  771.114613][T10720] bridge0: port 1(bridge_slave_0) entered blocking state
[  771.122308][T10720] bridge0: port 1(bridge_slave_0) entered disabled state
[  771.143770][T10833] loop3: detected capacity change from 0 to 256
[  771.215808][T10720] bridge_slave_0: entered allmulticast mode
[  771.260948][T10720] bridge_slave_0: entered promiscuous mode
[  771.341366][T10833] tmpfs: Invalid uid '0x00000000ffffffff'
[  771.377687][T10720] bridge0: port 2(bridge_slave_1) entered blocking state
[  771.385148][T10720] bridge0: port 2(bridge_slave_1) entered disabled state
[  771.458310][T10720] bridge_slave_1: entered allmulticast mode
[  771.489254][T10838] loop2: detected capacity change from 0 to 512
[  771.498836][T10720] bridge_slave_1: entered promiscuous mode
[  771.544721][T10838] EXT4-fs: inline encryption not supported
[  771.854469][T10838] EXT4-fs (loop2): 1 orphan inode deleted
[  771.862948][T10838] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  771.914185][T10838] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  771.926223][ T6604] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  771.936710][ T6604] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:10: Failed to release dquot type 1
[  772.067764][T10720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  772.086476][   T30] audit: type=1800 audit(1770460432.695:113): pid=10838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1381" name="bus" dev="loop2" ino=16 res=0 errno=0
[  772.176474][T10838] EXT4-fs (loop2): shut down requested (1)
[  772.243340][T10720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  772.481412][T10848] loop3: detected capacity change from 0 to 2048
[  772.627019][T10848] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  772.637409][ T8185] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  772.661155][ T9624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  772.693489][T10848] ext4 filesystem being mounted at /292/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  772.957882][T10860] netlink: 'syz.8.1387': attribute type 1 has an invalid length.
[  772.965989][T10860] netlink: 'syz.8.1387': attribute type 2 has an invalid length.
[  772.990110][T10720] team0: Port device team_slave_0 added
[  773.022535][T10862] netlink: 'syz.8.1387': attribute type 1 has an invalid length.
[  773.030807][T10862] netlink: 'syz.8.1387': attribute type 2 has an invalid length.
[  773.061051][ T8185] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.239496][T10720] team0: Port device team_slave_1 added
[  773.322928][ T8185] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.518314][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  773.540614][ T8185] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  777.649239][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  777.655840][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  780.549857][T10720] batman_adv: batadv0: Adding interface: batadv_slave_0
[  780.557008][T10720] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  780.585548][T10720] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  780.953182][T10720] batman_adv: batadv0: Adding interface: batadv_slave_1
[  780.960460][T10720] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  780.988097][T10720] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  783.364545][T10720] hsr_slave_0: entered promiscuous mode
[  783.471412][T10720] hsr_slave_1: entered promiscuous mode
[  783.586910][T10720] debugfs: 'hsr0' already exists in 'hsr'
[  783.593274][T10720] Cannot create hsr debugfs directory
[  784.243815][ T8185] bridge_slave_1: left allmulticast mode
[  784.250088][ T8185] bridge_slave_1: left promiscuous mode
[  784.261056][ T8185] bridge0: port 2(bridge_slave_1) entered disabled state
[  784.785501][T10891] random: crng reseeded on system resumption
[  784.923716][ T8185] bridge_slave_0: left allmulticast mode
[  784.933237][ T8185] bridge_slave_0: left promiscuous mode
[  784.939945][ T8185] bridge0: port 1(bridge_slave_0) entered disabled state
[  786.657677][   T24] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  786.855891][   T24] usb 10-1: Using ep0 maxpacket: 32
[  786.933445][   T24] usb 10-1: config index 0 descriptor too short (expected 156, got 27)
[  786.967561][   T24] usb 10-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  787.000432][ T8185] tipc: Disabling bearer <eth:syzkaller0>
[  787.047434][   T24] usb 10-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  787.059227][   T24] usb 10-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  787.072906][   T24] usb 10-1: config 0 interface 0 has no altsetting 0
[  787.162642][ T8185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  787.186003][   T24] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  787.195527][   T24] usb 10-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  787.204433][   T24] usb 10-1: Product: syz
[  787.208998][   T24] usb 10-1: Manufacturer: syz
[  787.213769][   T24] usb 10-1: SerialNumber: syz
[  787.248507][ T8185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  787.304105][ T8185] bond0 (unregistering): Released all slaves
[  787.379536][   T24] usb 10-1: config 0 descriptor??
[  787.497770][   T24] ldusb 10-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  787.559961][   T24] ldusb 10-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  787.692769][   T24] usb 10-1: USB disconnect, device number 2
[  787.717711][ T8185] tipc: Left network mode
[  787.767649][   T24] ldusb 10-1:0.0: LD USB Device #0 now disconnected
[  790.265271][ T8185] hsr_slave_0: left promiscuous mode
[  790.322814][ T8185] hsr_slave_1: left promiscuous mode
[  790.343025][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  790.350760][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_0
[  790.457674][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  790.465348][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_1
[  790.603241][ T8185] veth1_macvtap: left promiscuous mode
[  790.637520][ T8185] veth0_macvtap: left promiscuous mode
[  790.673331][ T8185] veth1_vlan: left promiscuous mode
[  790.711343][ T8185] veth0_vlan: left promiscuous mode
[  791.110895][T10918] overlayfs: missing 'lowerdir'
[  792.742281][ T8185] team0 (unregistering): Port device team_slave_1 removed
[  793.000468][ T8185] team0 (unregistering): Port device team_slave_0 removed
[  793.976669][T10946] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  799.778317][T10720] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.023407][T10720] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.295153][T10720] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.525212][T10720] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.469136][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  809.518389][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  809.528754][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  809.560388][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  809.578344][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  809.909625][ T8925] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  809.922112][ T8925] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  809.931451][ T8925] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  809.953146][ T8925] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  809.972138][ T8925] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  811.677424][ T8925] Bluetooth: hci0: command tx timeout
[  812.145732][ T8925] Bluetooth: hci5: command tx timeout
[  813.748596][ T5787] Bluetooth: hci0: command tx timeout
[  814.242311][ T5787] Bluetooth: hci5: command tx timeout
[  815.204046][T11023] netlink: 'syz.2.1425': attribute type 1 has an invalid length.
[  815.665360][T11023] 8021q: adding VLAN 0 to HW filter on device bond1
[  815.712631][T10991] chnl_net:caif_netlink_parms(): no params data found
[  815.827775][ T5787] Bluetooth: hci0: command tx timeout
[  815.962646][T11027] bond1: (slave geneve2): making interface the new active one
[  816.032495][T11027] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  816.308506][ T5787] Bluetooth: hci5: command tx timeout
[  816.686685][T10996] chnl_net:caif_netlink_parms(): no params data found
[  816.852684][ T8185] bridge_slave_1: left allmulticast mode
[  816.858824][ T8185] bridge_slave_1: left promiscuous mode
[  816.865286][ T8185] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.988579][ T8185] bridge_slave_0: left allmulticast mode
[  816.994406][ T8185] bridge_slave_0: left promiscuous mode
[  817.001010][ T8185] bridge0: port 1(bridge_slave_0) entered disabled state
[  817.217734][T11037] netlink: 'syz.2.1428': attribute type 6 has an invalid length.
[  817.374708][ T8925] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  817.392543][ T8925] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  817.407098][ T8925] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  817.432032][ T8925] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  817.452375][ T8925] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  817.584657][ T8185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  817.624244][ T8185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  817.643460][ T8185] bond0 (unregistering): Released all slaves
[  817.883390][ T8185] tipc: Left network mode
[  817.910980][ T8925] Bluetooth: hci0: command tx timeout
[  818.402183][ T8925] Bluetooth: hci5: command tx timeout
[  818.479125][ T8185] hsr_slave_0: left promiscuous mode
[  818.548802][ T8185] hsr_slave_1: left promiscuous mode
[  818.556450][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_0
[  818.619523][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_1
[  819.518339][T11049] xt_CT: No such helper "pptp"
[  819.538037][ T8925] Bluetooth: hci4: command tx timeout
[  821.267588][    T9] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  821.332496][ T8185] team0 (unregistering): Port device team_slave_1 removed
[  821.393999][ T8185] team0 (unregistering): Port device team_slave_0 removed
[  821.474627][    T9] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  821.491513][    T9] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  821.491652][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.491764][    T9] usb 10-1: Product: syz
[  821.491853][    T9] usb 10-1: Manufacturer: syz
[  821.491949][    T9] usb 10-1: SerialNumber: syz
[  821.597091][ T8925] Bluetooth: hci4: command tx timeout
[  821.854326][T11055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  821.929511][T11055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  821.993118][    T9] cdc_ether 10-1:1.0: skipping garbage
[  822.035815][    T9] cdc_ether 10-1:1.0: probe with driver cdc_ether failed with error -22
[  822.121855][    T9] usb 10-1: USB disconnect, device number 3
[  822.582278][    T9] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  822.689755][T10991] bridge0: port 1(bridge_slave_0) entered blocking state
[  822.697591][T10991] bridge0: port 1(bridge_slave_0) entered disabled state
[  822.717460][T10991] bridge_slave_0: entered allmulticast mode
[  822.748168][T10991] bridge_slave_0: entered promiscuous mode
[  822.790632][T10991] bridge0: port 2(bridge_slave_1) entered blocking state
[  822.798429][T10991] bridge0: port 2(bridge_slave_1) entered disabled state
[  822.805993][    T9] usb 10-1: Using ep0 maxpacket: 8
[  822.833029][    T9] usb 10-1: config index 0 descriptor too short (expected 301, got 72)
[  822.841801][    T9] usb 10-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  822.853238][T10991] bridge_slave_1: entered allmulticast mode
[  822.905627][T10991] bridge_slave_1: entered promiscuous mode
[  822.912905][    T9] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  822.923257][    T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  822.933542][    T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  822.944115][    T9] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  822.957536][    T9] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  822.967836][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.329366][    T9] usb 10-1: usb_control_msg returned -32
[  823.335304][    T9] usbtmc 10-1:16.0: can't read capabilities
[  823.669056][ T8925] Bluetooth: hci4: command tx timeout
[  825.050200][    T9] usb 10-1: USB disconnect, device number 4
[  825.768305][ T8925] Bluetooth: hci4: command tx timeout
[  826.085233][T10991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  826.297906][T10991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  826.308085][T10996] bridge0: port 1(bridge_slave_0) entered blocking state
[  826.315518][T10996] bridge0: port 1(bridge_slave_0) entered disabled state
[  826.362926][T10996] bridge_slave_0: entered allmulticast mode
[  826.820826][T10996] bridge_slave_0: entered promiscuous mode
[  826.935825][T11085] hugetlbfs: syz.9.1436 (11085): Using mlock ulimits for SHM_HUGETLB is obsolete
[  827.865585][T11080] loop2: detected capacity change from 0 to 2048
[  828.369765][T11080] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  828.382891][T10996] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.392944][T10996] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.448634][T10996] bridge_slave_1: entered allmulticast mode
[  828.464682][T11080] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  828.512024][T10996] bridge_slave_1: entered promiscuous mode
[  828.718988][T10991] team0: Port device team_slave_0 added
[  829.020637][ T9624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  829.062493][T10991] team0: Port device team_slave_1 added
[  837.178159][T10996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  837.485053][  T796] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[  837.551046][T10996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  837.576807][T10991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  837.584387][T10991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  837.612517][T10991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  837.655743][T10991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  837.663195][T10991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  837.689609][T10991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  837.740496][  T796] usb 10-1: config 0 has an invalid interface number: 128 but max is 0
[  837.749355][  T796] usb 10-1: config 0 has no interface number 0
[  837.805853][  T796] usb 10-1: New USB device found, idVendor=0403, idProduct=bca4, bcdDevice=d7.23
[  837.817716][  T796] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  837.826018][  T796] usb 10-1: Product: syz
[  837.831632][  T796] usb 10-1: Manufacturer: syz
[  837.836493][  T796] usb 10-1: SerialNumber: syz
[  837.922513][  T796] usb 10-1: config 0 descriptor??
[  837.973504][  T796] ftdi_sio 10-1:0.128: FTDI USB Serial Device converter detected
[  837.989091][  T796] ftdi_sio ttyUSB0: unknown device type: 0xd723
[  841.929918][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  841.936502][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  846.039344][T10996] team0: Port device team_slave_0 added
[  846.069036][T11038] chnl_net:caif_netlink_parms(): no params data found
[  846.079374][  T796] usb 10-1: USB disconnect, device number 5
[  846.112489][  T796] ftdi_sio 10-1:0.128: device disconnected
[  846.426618][T10996] team0: Port device team_slave_1 added
[  846.731066][T10991] hsr_slave_0: entered promiscuous mode
[  846.753584][T10991] hsr_slave_1: entered promiscuous mode
[  846.764422][T10991] debugfs: 'hsr0' already exists in 'hsr'
[  846.773596][T10991] Cannot create hsr debugfs directory
[  846.842076][T11116] loop2: detected capacity change from 0 to 2048
[  846.900550][T11116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  846.951622][T10996] batman_adv: batadv0: Adding interface: batadv_slave_0
[  846.958888][T10996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  846.964405][T11116] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  846.985520][T10996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  847.270147][T10996] batman_adv: batadv0: Adding interface: batadv_slave_1
[  847.277529][T10996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  847.304792][T10996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  847.329156][ T9624] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  852.437614][ T3439] bridge_slave_1: left allmulticast mode
[  852.443468][ T3439] bridge_slave_1: left promiscuous mode
[  852.450331][ T3439] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.558742][ T3439] bridge_slave_0: left allmulticast mode
[  852.564586][ T3439] bridge_slave_0: left promiscuous mode
[  852.571368][ T3439] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.899256][ T3439] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  852.931286][ T3439] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  852.950349][ T3439] bond0 (unregistering): Released all slaves
[  853.105826][T10996] hsr_slave_0: entered promiscuous mode
[  853.131173][T10996] hsr_slave_1: entered promiscuous mode
[  853.149812][T10996] debugfs: 'hsr0' already exists in 'hsr'
[  853.155716][T10996] Cannot create hsr debugfs directory
[  853.347621][ T3439] hsr_slave_0: left promiscuous mode
[  853.394262][ T3439] hsr_slave_1: left promiscuous mode
[  853.435319][ T3439] batman_adv: batadv0: Removing interface: batadv_slave_0
[  853.476328][ T3439] batman_adv: batadv0: Removing interface: batadv_slave_1
[  854.125720][ T3439] team0 (unregistering): Port device team_slave_1 removed
[  854.180842][ T3439] team0 (unregistering): Port device team_slave_0 removed
[  855.150494][T11038] bridge0: port 1(bridge_slave_0) entered blocking state
[  855.158111][T11038] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.170647][T11038] bridge_slave_0: entered allmulticast mode
[  855.181155][T11038] bridge_slave_0: entered promiscuous mode
[  855.336268][T11038] bridge0: port 2(bridge_slave_1) entered blocking state
[  855.344152][T11038] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.392059][T11038] bridge_slave_1: entered allmulticast mode
[  855.402136][T11038] bridge_slave_1: entered promiscuous mode
[  855.809042][T11038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  856.004646][T11038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  856.590327][T11038] team0: Port device team_slave_0 added
[  856.693292][T11038] team0: Port device team_slave_1 added
[  857.099011][T11038] batman_adv: batadv0: Adding interface: batadv_slave_0
[  857.106257][T11038] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  857.132754][T11038] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  857.275329][T11038] batman_adv: batadv0: Adding interface: batadv_slave_1
[  857.282753][T11038] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  857.309183][T11038] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  858.111705][ T3439] bridge_slave_1: left allmulticast mode
[  858.117672][ T3439] bridge_slave_1: left promiscuous mode
[  858.124179][ T3439] bridge0: port 2(bridge_slave_1) entered disabled state
[  858.231880][ T3439] bridge_slave_0: left allmulticast mode
[  858.238068][ T3439] bridge_slave_0: left promiscuous mode
[  858.244569][ T3439] bridge0: port 1(bridge_slave_0) entered disabled state
[  858.314303][T11156] loop2: detected capacity change from 0 to 2048
[  858.385513][T11156] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  858.509398][T11156] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  858.672757][T11163] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  858.682127][T11163] =====================================================
[  858.689518][T11163] BUG: KMSAN: uninit-value in dvbdmx_release_ts_feed+0x198/0x290
[  858.697530][T11163]  dvbdmx_release_ts_feed+0x198/0x290
[  858.704388][T11163]  dvb_dmxdev_filter_start+0x1187/0x1af0
[  858.710889][T11163]  dvb_dmxdev_pes_filter_set+0x810/0x860
[  858.716740][T11163]  dvb_demux_do_ioctl+0x9a3/0xc80
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  858.722074][T11163]  dvb_usercopy+0x263/0x500
[  858.727347][T11163]  dvb_demux_ioctl+0x46/0x70
[  858.732199][T11163]  __se_sys_ioctl+0x23c/0x400
[  858.737024][T11163]  __x64_sys_ioctl+0x97/0xe0
[  858.741892][T11163]  x64_sys_call+0x18a7/0x3e70
[  858.746747][T11163]  do_syscall_64+0xc9/0xf80
[  858.751613][T11163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.757746][T11163] 
[  858.760130][T11163] Uninit was created at:
[  858.764566][T11163]  __alloc_frozen_pages_noprof+0x6df/0xf50
[  858.770953][T11163]  alloc_pages_mpol+0x328/0x860
[  858.776003][T11163]  alloc_pages_noprof+0x101/0x280
[  858.782688][T11163]  __vmalloc_node_range_noprof+0xa97/0x2d80
[  858.788911][T11163]  __vmalloc_noprof+0x128/0x1f0
[  858.793915][T11163]  vmalloc_array_noprof+0x48/0x80
[  858.799322][T11163]  dvb_dmx_init+0x121/0x930
[  858.805264][T11163]  vidtv_bridge_probe+0x1b1f/0x2690
[  858.811257][T11163]  platform_probe+0x213/0x370
[  858.816093][T11163]  really_probe+0x4d5/0xe40
[  858.821019][T11163]  __driver_probe_device+0x25e/0x370
[  858.826579][T11163]  driver_probe_device+0x70/0x8f0
[  858.831918][T11163]  __driver_attach+0x53e/0xaa0
[  858.836867][T11163]  bus_for_each_dev+0x33b/0x580
[  858.842018][T11163]  driver_attach+0x51/0x70
[  858.846614][T11163]  bus_add_driver+0x54f/0xdb0
[  858.851569][T11163]  driver_register+0x42e/0x6a0
[  858.856521][T11163]  __platform_driver_register+0x65/0x80
[  858.862553][T11163]  vidtv_bridge_init+0x73/0x100
[  858.867663][T11163]  do_one_initcall+0x22b/0xad0
[  858.872592][T11163]  do_initcall_level+0x157/0x2e0
[  858.877790][T11163]  do_initcalls+0x176/0x310
[  858.882448][T11163]  do_basic_setup+0x1d/0x30
[  858.887295][T11163]  kernel_init_freeable+0x213/0x430
[  858.892674][T11163]  kernel_init+0x2f/0x5e0
[  858.897328][T11163]  ret_from_fork+0x207/0x6f0
[  858.902101][T11163]  ret_from_fork_asm+0x1a/0x30
[  858.908413][T11163] 
[  858.910843][T11163] CPU: 0 UID: 0 PID: 11163 Comm: syz.9.1455 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  858.921616][T11163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  858.931966][T11163] =====================================================
[  858.939119][T11163] Disabling lock debugging due to kernel taint
[  858.945413][T11163] Kernel panic - not syncing: kmsan.panic set ...
[  858.951946][T11163] CPU: 0 UID: 0 PID: 11163 Comm: syz.9.1455 Tainted: G    B               syzkaller #0 PREEMPT(voluntary) 
[  858.963502][T11163] Tainted: [B]=BAD_PAGE
[  858.967736][T11163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  858.977913][T11163] Call Trace:
[  858.981279][T11163]  <TASK>
[  858.984286][T11163]  __dump_stack+0x26/0x30
[  858.988881][T11163]  dump_stack_lvl+0x50/0x1c0
[  858.993645][T11163]  ? dump_stack+0x12/0x25
[  858.998141][T11163]  dump_stack+0x1e/0x25
[  859.002464][T11163]  vpanic+0x435/0xd40
[  859.006631][T11163]  panic+0x15d/0x160
[  859.010731][T11163]  kmsan_report+0x31a/0x320
[  859.015430][T11163]  ? __msan_warning+0x1b/0x30
[  859.020262][T11163]  ? dvbdmx_release_ts_feed+0x198/0x290
[  859.025965][T11163]  ? dvb_dmxdev_filter_start+0x1187/0x1af0
[  859.031926][T11163]  ? dvb_dmxdev_pes_filter_set+0x810/0x860
[  859.037885][T11163]  ? dvb_demux_do_ioctl+0x9a3/0xc80
[  859.043223][T11163]  ? dvb_usercopy+0x263/0x500
[  859.048024][T11163]  ? dvb_demux_ioctl+0x46/0x70
[  859.052916][T11163]  ? __se_sys_ioctl+0x23c/0x400
[  859.057905][T11163]  ? __x64_sys_ioctl+0x97/0xe0
[  859.062805][T11163]  ? x64_sys_call+0x18a7/0x3e70
[  859.067827][T11163]  ? do_syscall_64+0xc9/0xf80
[  859.072650][T11163]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.078864][T11163]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  859.085376][T11163]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  859.091624][T11163]  ? sysvec_apic_timer_interrupt+0x52/0x90
[  859.097603][T11163]  ? kmsan_get_metadata+0xf1/0x160
[  859.102891][T11163]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  859.109470][T11163]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  859.115715][T11163]  ? _raw_spin_unlock_irq+0x31/0x50
[  859.121056][T11163]  ? kmsan_get_metadata+0x146/0x160
[  859.126452][T11163]  __msan_warning+0x1b/0x30
[  859.131110][T11163]  dvbdmx_release_ts_feed+0x198/0x290
[  859.136748][T11163]  dvb_dmxdev_filter_start+0x1187/0x1af0
[  859.142561][T11163]  ? __pfx_dvbdmx_release_ts_feed+0x10/0x10
[  859.148637][T11163]  dvb_dmxdev_pes_filter_set+0x810/0x860
[  859.154425][T11163]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  859.160672][T11163]  dvb_demux_do_ioctl+0x9a3/0xc80
[  859.165838][T11163]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  859.171532][T11163]  dvb_usercopy+0x263/0x500
[  859.176155][T11163]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  859.181872][T11163]  ? kmsan_get_metadata+0xf1/0x160
[  859.187174][T11163]  dvb_demux_ioctl+0x46/0x70
[  859.191898][T11163]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[  859.197323][T11163]  __se_sys_ioctl+0x23c/0x400
[  859.202169][T11163]  __x64_sys_ioctl+0x97/0xe0
[  859.206911][T11163]  x64_sys_call+0x18a7/0x3e70
[  859.211756][T11163]  do_syscall_64+0xc9/0xf80
[  859.216408][T11163]  ? clear_bhb_loop+0x40/0x90
[  859.221225][T11163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.227274][T11163] RIP: 0033:0x7fea3ef9aeb9
[  859.231783][T11163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  859.251529][T11163] RSP: 002b:00007fea3feaa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  859.260085][T11163] RAX: ffffffffffffffda RBX: 00007fea3f215fa0 RCX: 00007fea3ef9aeb9
[  859.268186][T11163] RDX: 0000200000000000 RSI: 0000000040146f2c RDI: 0000000000000003
[  859.276256][T11163] RBP: 00007fea3f008c1f R08: 0000000000000000 R09: 0000000000000000
[  859.284334][T11163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  859.292487][T11163] R13: 00007fea3f216038 R14: 00007fea3f215fa0 R15: 00007ffced79a388
[  859.300598][T11163]  </TASK>
[  859.304080][T11163] Kernel Offset: disabled
[  859.308449][T11163] Rebooting in 86400 seconds..