last executing test programs:

2m31.673585133s ago: executing program 1 (id=2276):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3)
readv(r0, &(0x7f0000001f40)=[{0x0}, {&(0x7f0000000140)=""/36, 0x24}], 0x2)

2m31.596980226s ago: executing program 1 (id=2281):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1f, 0x4, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfffffffb}, [@call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc)

2m31.46005s ago: executing program 1 (id=2285):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000a80)=[{0x48, 0x40}, {0x20, 0x1, 0x0, 0x686d}, {0x16, 0x7, 0x2, 0x6}]}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x2000400c)

2m31.411092782s ago: executing program 1 (id=2288):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000000)={[{@test_dummy_encryption}, {@init_itable}, {@norecovery}]}, 0x3, 0x470, &(0x7f0000000dc0)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2m31.111924641s ago: executing program 1 (id=2298):
unshare(0x22020400)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f00000000c0)=0x5, 0x4)

2m30.944539076s ago: executing program 1 (id=2301):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000001ff0), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x5, 0xe01, 0x80000001, {}, {}, {0x2, 0x1, 0x1}, 0x1, @canfd={{0x4, 0x1, 0x1, 0x1}, 0x3, 0x2, 0x0, 0x0, "b61190f50d1dfabfda2c5e83b2f8b46f6ef2c9388f07d7b6cb8f74ab4337fdc62919c530d5a1d1c9f1ef11770d8f23adc7c623b4b8354ad34186c4d32781b064"}}, 0x80}, 0x1, 0x0, 0x0, 0x40000c0}, 0x4004080)

2m30.865123589s ago: executing program 32 (id=2301):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000001ff0), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x5, 0xe01, 0x80000001, {}, {}, {0x2, 0x1, 0x1}, 0x1, @canfd={{0x4, 0x1, 0x1, 0x1}, 0x3, 0x2, 0x0, 0x0, "b61190f50d1dfabfda2c5e83b2f8b46f6ef2c9388f07d7b6cb8f74ab4337fdc62919c530d5a1d1c9f1ef11770d8f23adc7c623b4b8354ad34186c4d32781b064"}}, 0x80}, 0x1, 0x0, 0x0, 0x40000c0}, 0x4004080)

2m12.132550873s ago: executing program 2 (id=2810):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575963f", 0x10}, {&(0x7f0000000240)="31020702", 0x4}, {0x0}], 0x3)

2m12.103476563s ago: executing program 2 (id=2811):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={0x8c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}]}, 0x8c}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="54010000100001"], 0x154}}, 0x20004000)

2m12.008216736s ago: executing program 2 (id=2813):
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0xf8, 0x0, 0x1, 0x70bd28, 0x25dfdbf9, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x79c}, {0x6, 0x16, 0x8}, {0x2, 0x12, 0x1}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0x40}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0xfffffffd}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x5}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0xfffd}, {0x8, 0xb, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0x7}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0xfffb}, {0x8, 0xb, 0x1}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x8000}, 0x44)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="702300001d"], 0x2370}, 0x1, 0x0, 0x0, 0x8000}, 0x4000)

2m11.880539921s ago: executing program 2 (id=2816):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@dioread_nolock}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0xfe, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

2m11.691759086s ago: executing program 2 (id=2817):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000002200010a0000000000000000800001"], 0x26}}, 0x0)

2m11.25754078s ago: executing program 2 (id=2820):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={@fallback=r0, 0x8, 0x1, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

2m11.125065014s ago: executing program 33 (id=2820):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={@fallback=r0, 0x8, 0x1, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

1m17.282576452s ago: executing program 4 (id=3919):
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000140)={"0023f800", 0x0, 0x0, {0x6, 0x1}, {0x805, 0x3}, 0x80, [0x3ff, 0x1000002004, 0xfffffffffdfffc00, 0x800000000000e, 0x9, 0x7, 0x36, 0x1, 0x10000, 0x9, 0x8, 0xfc, 0x8001, 0x9, 0x200000000c, 0x8000008]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001000010700000000000000000a000000060001001300000008000a"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)

1m17.167883425s ago: executing program 4 (id=3920):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x0, @host}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @local}, 0x10)

1m16.984826131s ago: executing program 4 (id=3921):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r1, r0, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20)

1m16.935043662s ago: executing program 4 (id=3923):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000040), 0x7, 0x4c1, &(0x7f0000000c00)="$eJzs3E9sVNUeAODfnba0/HvM4/F4D0QtorHR2EJBYeEGo4kLTYy40GXTFoIUamhNhBAZEoNLQ+LeuHTrwq26M65M3OLSxJAQwwZwNebO3DudTu8MTDswwnxfMsw5954755x77rlz7jkdAhhY4+k/ScS2iLgeETsiotSaYLz+dufWpdm7ty7NRqVaPfFnkh4Wt9N4Jsnet2aRiVJE6bNkZUeTpQsXz8wsLMyfz+JTy2c/mlq6cPGl02dnTs2fmj83fezYkcOHjr4y/XL3lSrIL63X7b2fLu7b8+YH196eHc63j2XvzfXolfEYLypKzXO9zqzPtjeFk+E+FoSupNd/2lwjtf6/I4ZC48GgqFar1dH2uyvVVlfWbAEeWUn0uwRAf+Rf9Onzb/4qGghsejDDj767ebz+AJTW+072ini6tjGfBxlpeb7tpfGIeL/y11fpKx7QPAQAQLMfjucjwZbxXzlid1O6f2VrKOWI+HdE7IyI/0TEroj4b9TT/i8i/t/y+UMRUe2Q/3hLfO34p3RjYzXsLB3/vZqtba2M/6J5Faw8lMW2R+QD5vmD2TmZiJHRk6cX5g91yOPH13/9ot2+5vFf+krzz8eCWTluDLdM0M3NLM+su8Itbl6J2DvcWv9kOCJprAQkEbEnIvZ28bnlpvDpF77Z14iMrE537/rXVAvX0XqwVFH9OuL5evtXYlX7r+SYdF6fnBqLhfmDU+lVcLAwj59/ufpOu/zvWf/vfm895I2j35/IetbGpe2/pen6j3z9dqX+5SQiaazXLnWfx9XfPm/7TLPe639T8l4tnD+XfjKzvHz+UMSm5K18+5XG9umVY/N4+h6Vev0nDhT3/53ZMemZeCIi0ov4yYh4KupPiGnZ90fEMxFxoEP9f3rt2Q8bkcvd1v/BSus/V3j/W9X+K+v17QJJpZ66YNfQmf3X77a5edxf+x+phSayLcX3v2TVLaJDSVcFNnr+AAAA4FFQiohtTXNJ26JUmpyszwHtii2lhcWl5RdPLn58bq7+G4FyjJTyma76fPBIks9/lpvi0y3xw9m88ZdDm2vxydnFhbm+1hzYWuvzSWmycS+o9//UH72ZYgb+ydauo/kREAyKe/X23dceUkGAh863PQyupv5faZOk4i9l4PHk+x8GV1H/v7yOY4BHS1VfhoHWTf93r4DHy3C82wiX7ic58NjQoWEg3deP5NcdqI4W7xqLtYljrPMHDsX6irG5IK++BNKRVV9y37yeo/L/TaFtmih194Gj0Zs2Pbnx03Jqd88v/mr2t/K9bsFvH0o/LQr05XYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQc38HAAD//7pV23k=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1m16.623109922s ago: executing program 4 (id=3929):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x1a1080, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCL_PASTESEL(r0, 0x541c, 0x0)

1m16.408254409s ago: executing program 4 (id=3935):
prctl$PR_SET_SECUREBITS(0x1c, 0x15)
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x2a0202, 0x0)
faccessat2(r0, &(0x7f0000000080)='\x00', 0x2, 0x1000)

1m16.205985735s ago: executing program 34 (id=3935):
prctl$PR_SET_SECUREBITS(0x1c, 0x15)
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x2a0202, 0x0)
faccessat2(r0, &(0x7f0000000080)='\x00', 0x2, 0x1000)

42.33967015s ago: executing program 0 (id=4902):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)
utime(&(0x7f00000000c0)='./file0\x00', 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0xb)

42.291055632s ago: executing program 0 (id=4905):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
close(r0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000013c0)={r0, 0xfe, 0xfffffffffffffffc}, 0x10)

42.232695704s ago: executing program 0 (id=4908):
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cgroup.max.descendants\x00', 0x2, 0x0)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)

42.173620056s ago: executing program 0 (id=4910):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000240)={[{@auto_da_alloc}, {@resgid}, {@orlov}, {@acl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@errors_remount}, {@noinit_itable}, {@orlov}]}, 0xfc, 0x57b, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9//3WwRjqhQx24WQuXVv/TBCclyLDgd7P0GZlNF1Gk461Dtwu3I03MgQRB+IL8N7L4RvwVQx0MGQUvRChcpKTNuuSpu2yJS6fD5z2eXLO6XO+fc734TnnJCSAkXU8/ZGLeDkivk4iDrety0e28nhzu9VHN2bSJYm1tU/+SCLJXmttn2S/D2aVlyLily8jTuWebLe2vDJfqlTKi1l9or5wdaK2vHL68kJprjxXvjI1PX32rempd995u2+xvn7hr+8+vvfh2a9OrH7704Mjd5I4F4eyde1xPIWb7ZXjpX+yUiHObdpwsg+NDZNk0AfAroxleV6IdAw4HGNZ1gMvvi8iYg0YUYn8hxHVmge0ru03XwefHMis5Pl5+EHzAqgR+572+PPNeyOxr3FtdGA1eezKKL3eHe9D+2kbP/9+9066xNb3Ifb3qAPsyM1bEXEmn39y/E+y8W/3zjRuHm9tcxt9ug8LbMO9dP7zRqf5X259/hMd5j8HO+TubvTO/9yDPjTTVTr/e6/j/Hd96Bofy2r/a8z5Csmly5XymYj4f2N+XNib1rd6nnN29f5at3Xt8790SdtvzQWz43iQ3/v4PrOleiki9jxN3C0Pb0W8ku8Uf7Le/8l6/xc2jioiLmyzjWPlu6+uVzZNmnvH/2yt/RjxWsf+33iilWz9fHKicT5MtM6KJ/15+9iv3dofdPxp/x/YOv7xpP15bW3nbfyw7+9yt3W7Pf/3JJ82yq0kuF6q1xcnN/rssdenNvZt1ZvbN+M/eWLr8S/pMP6lF1+fbTP+20dvd910GPp/dkf9v/PC/Y8+/75b+9vr/zcbpda9iGz86yw7V7Z7gE/7/wMAAAAAAIBhkouIQ5HkiuvlXK5YbL6/42gcyFWqtfqpS9WlK7PR+KzseBRyrSfdh9veDzGZPdpv1ac21acj4khEfDO2v1EvzlQrs4MOHgAAAAAAAAAAAAAAAAAAAIbEwS6f/0/9NjboowOeucYXG+wd9FEAg9DzK//78U1PwFDqmf/AC0v+w+iS/zC65D+MLvkPo0v+w+iS/zC65D8AAAAAAAAAAAAAAAAAAAAAAAAAAAD01YXz59NlbfXRjZm0PntteWm+eu30bLk2X1xYminOVBevFueq1blKuThTXej19yrV6tXJqVi6PlEv1+oTteWViwvVpSv1i5cXSnPli+XCc4kKAAAAAAAAAAAAAAAAAAAA/ltqyyvzpUqlvKjQtfB+DMVhPMsAm3a1e35YolDoUriVde/O9hrgoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm/wbAAD//0B/MmI=")
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x820f8, &(0x7f0000000240)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mount$incfs(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)

41.890359575s ago: executing program 0 (id=4920):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x1e, 0x1, 0x0)
close_range(r0, r0, 0x2)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ff9c, 0x0)

41.696463581s ago: executing program 0 (id=4926):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd502000000090001"], 0x7c}, 0x1, 0x0, 0x0, 0xc}, 0x40004)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414000800080004"], 0x2c}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

41.615439133s ago: executing program 35 (id=4926):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd502000000090001"], 0x7c}, 0x1, 0x0, 0x0, 0xc}, 0x40004)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414000800080004"], 0x2c}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

24.356168061s ago: executing program 7 (id=5360):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a)
recvmmsg$unix(r0, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000200)=""/120, 0x78}], 0x1}}], 0x1, 0x40012061, 0x0)

23.859447887s ago: executing program 7 (id=5375):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00U\x00=\t\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="20000280", @ANYRES32=r0, @ANYBLOB="0000000000000000000000000a000000000000000000001420000100", @ANYRESOCT], 0x58}}, 0x0)

23.796150419s ago: executing program 7 (id=5378):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), r0)
connect$tipc(r0, &(0x7f0000000400)=@id={0x1e, 0x3, 0x0, {0x4e23, 0x1}}, 0x10)

23.76042667s ago: executing program 7 (id=5380):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x200000, &(0x7f0000000000)={[{@errors_remount}]}, 0x2, 0x5bc, &(0x7f00000004c0)="$eJzs3dFrU9cfAPDvTZvaWn9aQeT3+zFGwYc5xNS2c3OwB/e8yYTt3ZU2FjE10qZiO2H6MJ+HDMaYMPYH7H1PY+wf2N+wB8cmyJAyB+4h46Y3mrZJTGpsOvv5QPScnJN7zrnnntNzcxISwJ41nv6Ti/hfRHyeRBxqSBuMLHF8Pd/awxuz6SOJavXDP5JIsufq+ZPs/9Es8t+I+OmziBO5reUuraxenimViotZfKKycHViaWX15KWFmfnifPHK1PT0mdPTU2+/9WbP2vr6+UdffTAcEcfWvvzu/uE7SZyNA1laYzva2tc29WZjZDzGs3OSj7ObMk52U/F/gaTfFWBbBrJxno90DjgUA9moB15+n0ZEtXuPt/EaYNdJtjP+a0Z6WxFgh9XXAfV7+47vg18SD95dvwHa2v5k/b2RGK7dG+1fSzbcGaX3u2M9KD8t4/vf795JH9HN+xAAz+nmrYg4NTjYev7b5O9qx8c+1UGeehn1t1XNf7BzfkzXPz+MRGwZ/7kn659osv4ZbRi7z2PzMbaO/9z99U2oBkM9KDiTrv/eabr+fVLk2EAW+09tzZdPLl4qFdO57WBEHI/8vjTebj/nzNq9lpNm4/ovfaTl19eCWT3uD27ac5qbqcw8T5sbPbgV8f9nrH+TJv2fno/zHZZxtHj31VZpz27/i1X9NuK1pv3/dEcrab8/OVG7HibqV8VWf94++nOr8vvd/rT/97dv/1jSuF+71H0Z3ww/LrZKG0+yTdMur/+h5KPazFSfCq7PVCqLkxFDyfu1+Ibnp56+th6v50/bf/xY8/Hf7vofiYiPO2z/7SO3W2at9f+h/vb/XFf93z7w6PT6ixqT7r33ydetyn/29Z+e6TdqoePZM53Mfy0rOLTxmW2fOAAAAAAAANiFckMRByLJFbI9/QORyxUK65/vOBL7c6XyUuXExfLylbmofVd2LPK5+k73aMPnISaz1481fAV2rCF9OiIOR8QXAyO1eGG2XJrra8sBAAAAAAAAAAAAAAAAAABg9xiN5t//T/020O/aAS9c1z/5nX8x9QB23obxv69Jhl780hOwK3X99x94aRj/sHcZ/7B3Gf+wdxn/sHcZ/7B3bW/8v3Kw5xUBdpy//wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dSx/VtYc3ZiNiOK6tLF8uXzs5V8xHYWF5tjBbXrxamC+X50vFwmx5oe3BfokolctXJ6di+fpEpbhUmVhaWb2wUF6+UrlwaWFmvnih6JfDAQAAAAAAAAAAAAAAAAAAYKulldXLM6VScbGDwGBEdJy5N4F8jw/4605WfmMgyc54X0of2UZ3dxgY7MfJFEgDuaxXn/ZyD4vYOE/8Va1Wd3JeAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBG/wQAAP//nkIl1w==")
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x28, 0x4, 0x0, {0x1, 0x8}}, 0x28)

23.618104974s ago: executing program 7 (id=5384):
unshare(0x22020600)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000005c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x0, @any, 0xfff9, 0x2}, 0xe)

23.377242811s ago: executing program 7 (id=5393):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

23.281681994s ago: executing program 36 (id=5393):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

5.922225996s ago: executing program 8 (id=5812):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x1100, &(0x7f0000000100)={0x4}, 0x5b)

5.864525587s ago: executing program 8 (id=5816):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x2, 0x20009, 0x9})
fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x11, 0x5})
fcntl$lock(r0, 0x7, &(0x7f0000000200)={0x0, 0x2, 0x8, 0x73ec})

5.844272148s ago: executing program 8 (id=5817):
unshare(0x62040200)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file2\x00', 0x94d12, &(0x7f0000000b40)=ANY=[], 0x9, 0x120d, &(0x7f0000001280)="$eJzs3M+LG2UYB/Bnd2u3bt0faq22IL7oRS9Ddw9e9BJkC9KA0jZCKwhTN9GwYxIyYSEiVk+eBP8OEUTwJog3vezF/0DwthdvVhBHNqlto6k0omYpn88lDzzzTZ43IYEJ78zBi5+8s9sqs1Y+iMWFhVjsRaQbKVIsxh8+iOde+Pa7Jy9duXqhVq9vX0zpfO3y5vMppbWnvn79vc+e/mZw8rUv175ajv2NNw5+2vpx//T+mYPfLr/dLlO7TJ3uIOXpWrc7yK8VzbTTLnezlF4tmnnZTO1O2exP9FtFt9cbpryzs7rS6zfLMuWdpZuTpEF/mPK38nYnZVmWVleC2R27VTU+vVFVVURVPRDHo6qq6sFYiZPxUKzGWqzHRjwcj8SjcSoei9PxeDwRX/zw+fAwAQAAAAAAAAAAAAAAAAAAAPx7Zr3+/8zoqHlPDQAAAAAAAAAAAAAAAAAAAPeXS1euXqjV69sXUzoRUXy019hrjB/H/Vor2lFEM87Fevwao6v/x8b1+Zfr2+fSyEZ8WFy/mb++11iazG+ObicwNb85zqfJ/HKs3JnfivU4NT2/NTV/Ip595o58Fuvx/ZvRjSJ24jB7O//+ZkovvVL/U/7s6DgAAAC4H2Tplqnn71l2t/44P8P/AxPn14fZs8fmunQiohy+u5sXRbOvOPLF8fmO8UtVVf/VSywdgbf3b4u7f1OWI+Jenufnaa2FiDgaC/xLMe9fJv4Ptz/0eU8CAAAAAAAAAADALP7pDsGPx9vD72nn47zXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Ds7cCwAAAAAIMzfOo2ODQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACArwIAAP//GgHNcg==")
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000080)={'mangle\x00', 0x4, "d1a2d6e7"}, &(0x7f0000000180)=0x2c)

5.654079744s ago: executing program 8 (id=5822):
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000000140)='./file1\x00', 0x800080, &(0x7f0000000540)=ANY=[], 0x1, 0x105ea, &(0x7f000000d000)="$eJzs3E9vG0UUAPBx0pS2lBIhDty6EkJKpNqqk7SCW4BUgESqiD8HTuDYjuXW/xQ7iSlCBM6IY78InLhz50twQxyQuBWBvDOGprQipcZJmt9PWr+d8e7bN1aU6O1GDsCpNZ/99mshXArnQwizIYSLIeT7hbTlVmN4KYRwOYQwc99WSPN/TZwNIVwIIVwaJY85C+mtz+/ur98brl9IWa8czYqBSak8wbmvhBDavbi/146x24jxVpqv7Dbz2F7ZTTG+0b6dxt0Y9+qbeYa9yvi4WNlyIx7f7e30R3GrVamOYqO5lc/3OvGC/d3GOE9+wq3Kdj6u1TfH5e7n592Jg2GKd/qDuJN+WfY+zdOHwWAc43Xqw3pcT+92HqudQZrvxvpq9eEo7qbYj9Oh2m3V8jo2/9NHfCK82+zsDLPd+na/2e1k10rlV0vl68XydrdWH9RXipV27fpKttBojQ4rDuqV9mqj22206qVqt72YLTSq1WK5nC2s1TeblU5WLpeWS1eL1xbT3pXsrZsfZq1atjCKbzQ7O4Nmq59tdbezeMZitlRafm0xe7mcvb++kW28d+PG+sYHH699dPP19XfeTAf9o6xsYenq0lKxfLW4VF58zAX/fizXP/oTPZ31P+Dck53OaVc46gIATp68/z8fptn/f/b93V/Wvqr8qP+HU+wk9f/N1JA/qv/v1VI+/f9jOyb97/T6/0Os/8vjuP4zqWD9P8eJ/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NT6ae7bt/Od+Th+Ns0/l6ZeSONCCGEmhPDHQ8yGswdyzqY8c484fu6BGn4ohDzD6BrPpO1CCGE1bfeef3jtZyb6SQAAAMDT6bv9y9/Ebj2+zB91QUxTvGkzc/GTCeUrhBDm5n+eULaZ0cuLE0qW/3yfCcMJZctvYJ2bULJ0U+yLCaU7lNkD4dx9oRDDzDSrAQAApuNgJ+CJOgAAwNPr66MugMk7zPO7Qhg/yhw/C87/8/7vB4LnD4wAAACAE6hw1AUAAAAA/7u8/z/J3/8HAAAA/Lv4/X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8yc793KgNRHEAfrZxAvmjoCjHSGklNygjJeSYI6KANEEJpIU0QA3sbUtY4RW20WK0aNEyGC36PskejzE/nhGXmUEGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4pLtyOf03+/H3yMvFqTmb6jzp7ggAAAA4tC6X0/pg3PQ/tuc/t6e+tv0sIvKIeG7sXsS7TmbR5pRHri8PavgfUSdsP+N9u32IiJ/t9vDl0t8CAAAA3K7VfDFpl/jr3fjaBdGnZtIm//QrUV4WEeX4PlFavt19SxRW/74H8SdRWj2BNUwU1ky5DVKlnaToNMO9JmuavNdyAACAXnRHAv2OQgAAAOjT773j2RXroGdZ7JYyd2vB9T/vnxYER50eAAAA8AZl1y4AAAAAONPoxSvq8b/n/wEAAMBta57/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCWty+V0NV9Mzs3ZVK/wfdi8uaqqBLcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj+/OOAjAIBmHwj3l3wfsfNizEMrXNTCEfLhYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7YRS442Yk08394Se657VR2ZEmemxJU5cedBn/gbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF725yUFQiAIomDO+N9J3/+wkqBnECECGh5V1KIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC527t9FjioOAPib3Z3ND5CspxzExohKRDF3G38h2KQQDgvBSiyXy15Y3agkV5hwhddYCP4HNtqmEQ4EiUX+ghRWpoxNBLkiioXVypsfySR76kS92d3L5wNv3jezL/O+bw6O+86bOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDS7plwoozb8dDLjqFVnPvx9tZ67G/c10e3BleOxxbjpOG8F00n3qPlWWcBAADAQdcu6/sQws10Zy32rV5W/z9bjok1/9YjeVzW8/fX/WVf1v6xXf3+63fuTNTL50lDCN/2xsPVxlY4165NJpNaA4/91Qe9u2H2LCF/QtPOvmytt7Yf202zu558cf36m90sPPR/JA4A/Denyr4INpJPs5+PNkbjYX+WiQGwuDr//HE5pKz/270G8gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYsd3t8EIZJyGEJzp34+jG7a31vfpbgyvHy3bsvcc/q14zXiINIWyMxsPDDa5lnj1Tc9zFS5c/GIzHwwsPFDz5r/6XQCBYlGCfv0EBAHCgpEWLdf3NdGctnkuWQph8dW/9f7ISh5r1/7XR1ZPVuar1f7+xFc63uvX/yub5j1cuXrr84uj84Nzw3PDD0/2X+6+tvv5K/9WVeD9X8+M+ZwsAAMCi6hatWv+3lqb3/49W4lCz/v/h53d/qc7VVv9PefD9/31OCAAA4CH26Inff032OJ90u+GTwebmhX5+vPPv0/lxBqn+vSPTpw4VrVr/t5dmkBsAAADQuN3t5J79/7OVONTc///u+T++rF6zXTyC2BiNh6fWPxqfbW45c2t6/7+357gmfp24geUCAAAwI0eKVt3/T7P3/1tPxfi3EEIrhPDc0/n44s8A1qr/3+h8fqY6V/X9/5eaXebcaS3n96PO+//Z2OUQOssNJAYAAMCBdLhosf7/Kd1Ze/+bo293vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sj/3tgkDYRyHX18SJW6TEdJbfMxAQ4VgBUBCsuQZGICFaKhoLRaBFUCCc01nKJ6n+f+KK+4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAt3d9+uIjIopIXaZI0+3f+TMiviLt2nbyfc9ifzk1P49cHI6znL8x/y8jooyij3MAAHpXdZtjvalXg7zDvKO847xV2dTLV34aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAGztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WaXRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBYAQAA//8zXFtT")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
write$FUSE_IOCTL(r0, &(0x7f0000000180)={0x20, 0x0, 0x0, {0x9, 0x0, 0x1479e8e9, 0x1000}}, 0x20)

3.131800213s ago: executing program 8 (id=5854):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
fsopen(0x0, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x1810040, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

2.656301147s ago: executing program 8 (id=5868):
r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x1, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x9}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x81}}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_read(r0, 0x3, 0x4000, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

1.837679243s ago: executing program 3 (id=5905):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
r1 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r1, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbff, 0x6da24b7ebfdfaf83}, 0xc)
read$FUSE(r0, &(0x7f0000000ac0)={0x2020}, 0x2020)

1.837315193s ago: executing program 3 (id=5906):
socket(0x10, 0x803, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0)

1.804857054s ago: executing program 9 (id=5909):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x51, 0x0, &(0x7f0000000000)="b24b79dfffb9eb82264c50eed1f6e6de232278e44ac8f7243469855365bd4cb646caa9ef883de2528a2a8d14d23d2474be3188592b0a5272703fe5ee946add9c64ebe101842541806b6c3f7fa4056ffb06", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc5ef}, 0x50)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590)
syz_emit_ethernet(0x52, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "8b0f00", 0x1c, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x7, 0x10, 0x1, 0x0, 0xffd, {[@exp_smc={0xfe, 0x6}]}}}}}}}}, 0x0)

1.397602587s ago: executing program 9 (id=5921):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {0x0, 0x10, 0x2, 0x9}, 0x3, [0x0, 0x0, 0x0, 0x40000, 0x1, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x20, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x9, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x5f1, 0x6], [0x0, 0x0, 0x8, 0x2, 0x0, 0x5, 0x0, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7, 0xfffffffc, 0x768, 0x0, 0x7, 0x2, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe, 0x400, 0x0, 0x200, 0x0, 0x2, 0x0, 0x3, 0x5, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1000, 0x80, 0x0, 0x200, 0x0, 0xffffffff, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0xffffffff, 0x0, 0x0, 0x9fa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x921, 0x0, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0xbda6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x800, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x6, 0x10, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x635, 0x0, 0x8000000, 0x3, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x2, 0x40, 0x9, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffd, 0x6, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15)
ioctl$UI_DEV_CREATE(r0, 0x5501)

1.352519738s ago: executing program 9 (id=5924):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)

1.352170718s ago: executing program 9 (id=5926):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x6, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r1, 0x2000000, 0x10, 0x0, &(0x7f0000000000)="c9f7b986000000000b0000dae0793739", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.223721422s ago: executing program 9 (id=5931):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002f20702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200020095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.179739833s ago: executing program 9 (id=5932):
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000006c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1770, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x43, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0xfe, 0x1, {0x22, 0x29}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000000180)={0x20, 0x27, 0x59, "be9301e176d474e9b2592e4e8d0ccf659c85606d6c4713bb7908a97adcda2f8c633217003e3b0cd4ea2475e69198d947b939721c8a7217480cb981ce09aeb052e59a0bd4538ae9c09a726d692481c27b5ad401b67512d6b787"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x3}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0})

796.621305ms ago: executing program 5 (id=5945):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x11, r0, 0x800000000000)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xb)
syz_clone3(&(0x7f0000000080)={0x101083480, 0x0, 0x0, 0x0, {0x33}, 0x0, 0x0, 0x0, 0x0}, 0x58)

751.286687ms ago: executing program 5 (id=5946):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x84)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@map=r1, 0xc, 0x0, 0x50d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

737.526517ms ago: executing program 5 (id=5947):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x458, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x388, 0xffffffff, 0xffffffff, 0x388, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x108, 0x128, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0x4}, {0x4}], 0x1, 0x1}}, @common=@mh={{0x28}, {"2498"}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0x0, 0x0, 0xffffff00], [], 'erspan0\x00', 'netdevsim0\x00', {0xff}, {}, 0x1d, 0x0, 0x3, 0x4b}, 0x0, 0x230, 0x260, 0x0, {}, [@common=@inet=@esp={{0x30}, {[0x4d2, 0x4d3], 0x1}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x1, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0xf9}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4b8)

566.520202ms ago: executing program 3 (id=5950):
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}}, 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001200000008000800000002000800090000000100180001801400020076657468305f746f5f626f6e640000000800090000000000080006"], 0x4c}, 0x1, 0x0, 0x0, 0x10000000}, 0x0)

522.444824ms ago: executing program 3 (id=5951):
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000200), 0x82, 0x0)
mount$incfs(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)

521.836314ms ago: executing program 6 (id=5952):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000006c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x4703d2d, 0xfffffffd, {0x60, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x2, 0x6}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000040}, 0x44080)

417.487937ms ago: executing program 6 (id=5953):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x10a900, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1)
ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000580)=0x1)

417.361747ms ago: executing program 3 (id=5954):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x2)

370.184689ms ago: executing program 6 (id=5955):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x7542d000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000279000/0x4000)=nil, 0x4000}})

295.878411ms ago: executing program 6 (id=5956):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4)
recvmmsg(r0, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001e40)=""/174, 0xae}], 0x1, &(0x7f0000001fc0)=""/65, 0x41}, 0x1}], 0x1, 0x40002122, 0x0)
sendmsg$tipc(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000000c0)="e8", 0x1}], 0x1}, 0x4800)

160.289365ms ago: executing program 5 (id=5957):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000200000000000000000000008500000087000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000800)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="5300000007000046009d", @ANYRESHEX, @ANYRES16], 0x53)

107.202336ms ago: executing program 6 (id=5958):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x5}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="180000001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340)={r1}, 0xc)

55.026709ms ago: executing program 5 (id=5959):
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000001580)={0x2020}, 0x2020)

52.564299ms ago: executing program 6 (id=5960):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400))

160.52µs ago: executing program 3 (id=5961):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x3, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x61800, 0x4, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2, r1}, 0xc)

0s ago: executing program 5 (id=5962):
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
pipe2(0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
syz_emit_ethernet(0x8e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaac437bf8cb64c86dd6bcce16400000000000000000001000000000000000000000000000000002c02000000000000050200090502000005020006c204"], 0x0)

kernel console output (not intermixed with test programs):

 128
[  217.368792][   T28] audit: type=1326 audit(1781529883.678:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10783 comm="syz.0.4503" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  217.406903][T10788] overlayfs: conflicting options: userxattr,redirect_dir=on
[  217.417904][   T28] audit: type=1326 audit(1781529883.678:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10783 comm="syz.0.4503" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  217.501259][T10798] loop5: detected capacity change from 0 to 512
[  217.542005][T10807] loop3: detected capacity change from 0 to 512
[  217.550054][T10802] device ip6_vti0 entered promiscuous mode
[  217.571017][T10807] EXT4-fs: Ignoring removed mblk_io_submit option
[  217.579766][T10807] EXT4-fs: Ignoring removed mblk_io_submit option
[  217.589339][T10807] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  217.608341][T10798] ext4 filesystem being mounted at /399/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.624967][T10807] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8856c128, mo2=0106]
[  217.639684][T10807] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.4515: Invalid inode bitmap blk 4 in block_group 0
[  217.646477][T10798] EXT4-fs error (device loop5): ext4_get_first_dir_block:3583: inode #12: comm syz.5.4508: Attempting to read directory block (0) that is past i_size (3)
[  217.669234][T10807] EXT4-fs (loop3): Remounting filesystem read-only
[  217.748228][T10826] loop0: detected capacity change from 0 to 4096
[  217.756152][T10826] EXT4-fs (loop0): Test dummy encryption mode enabled
[  217.771634][T10826] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8842c018, mo2=0003]
[  217.933714][T10850] netlink: 'syz.6.4532': attribute type 1 has an invalid length.
[  218.146849][T10876] netlink: 236 bytes leftover after parsing attributes in process `syz.7.4545'.
[  218.245329][T10882] loop7: detected capacity change from 0 to 512
[  218.278291][T10882] EXT4-fs: Ignoring removed oldalloc option
[  218.304329][T10882] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  218.342041][T10882] ext4 filesystem being mounted at /92/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  218.396837][T10852] loop3: detected capacity change from 0 to 40427
[  218.429065][T10852] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(3584) blocks(83968)
[  218.484125][T10852] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  218.512710][T10852] F2FS-fs (loop3): Fix alignment : done, start(4096) end(16896) block(12288)
[  218.532394][T10852] F2FS-fs (loop3): invalid crc value
[  218.552427][T10852] F2FS-fs (loop3): Found nat_bits in checkpoint
[  218.653225][T10877] loop0: detected capacity change from 0 to 40427
[  218.675995][T10877] F2FS-fs (loop0): heap/no_heap options were deprecated
[  218.700200][T10852] F2FS-fs (loop3): Start checkpoint disabled!
[  218.709824][T10901] xt_hashlimit: size too large, truncated to 1048576
[  218.716771][T10902] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4554'.
[  218.729357][T10852] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  218.738304][T10877] F2FS-fs (loop0): Found nat_bits in checkpoint
[  218.751127][T10852] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  218.772635][T10852] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  218.885589][T10877] F2FS-fs (loop0): Start checkpoint disabled!
[  218.893606][  T320] kworker/u4:4: attempt to access beyond end of device
[  218.893606][  T320] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  218.910453][T10877] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  218.923318][T10877] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  219.232058][T10935] F2FS-fs (loop0): f2fs_enable_checkpoint() starts, meta: 0, node: 0, data: 0
[  219.271463][T10935] F2FS-fs (loop0): sync_inode_sb done, dirty_data: 0, 0, skipped write: 0, 0, retry: 3
[  219.290417][T10935] F2FS-fs (loop0): f2fs_enable_checkpoint() finishes, writeback:34, sync:4
[  219.457742][T10961] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  219.469169][T10961] EXT4-fs (loop5): warning: maximal mount count reached, running e2fsck is recommended
[  219.480395][T10961] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.4581: inode #15: comm syz.5.4581: iget: illegal inode #
[  219.494406][T10961] EXT4-fs (loop5): Remounting filesystem read-only
[  219.506549][T10961] EXT4-fs error (device loop5): ext4_orphan_get:1410: comm syz.5.4581: couldn't read orphan inode 15 (err -117)
[  219.522730][T10961] EXT4-fs (loop5): Remounting filesystem read-only
[  219.533867][T10961] EXT4-fs error (device loop5): ext4_lookup:1858: comm syz.5.4581: inode #15: comm syz.5.4581: iget: illegal inode #
[  219.551212][T10961] EXT4-fs (loop5): Remounting filesystem read-only
[  219.741665][  T309] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  219.828356][T10994] bridge: RTM_DELNEIGH with unconfigured vlan 4 on bridge_slave_0
[  219.849516][T10992] FAT-fs (loop0): error, clusters badly computed (0 != 128)
[  219.874440][T10992] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  219.951737][  T309] usb 4-1: Using ep0 maxpacket: 8
[  219.959620][  T309] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  219.983698][  T309] usb 4-1: config 0 has no interface number 0
[  220.001178][  T309] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  220.026348][T11006] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4602'.
[  220.031718][  T309] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.068677][  T309] usb 4-1: Product: syz
[  220.084125][  T309] usb 4-1: Manufacturer: syz
[  220.090515][  T309] usb 4-1: SerialNumber: syz
[  220.105910][  T309] usb 4-1: config 0 descriptor??
[  220.222568][T11032] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4614'.
[  220.309573][T11039] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  220.324406][  T309] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  220.331260][  T309] uvcvideo 4-1:0.31: Entity type for entity à ¬ was not initialized!
[  220.347424][T11039] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.4617: bg 0: block 393: padding at end of block bitmap is not set
[  220.365814][T11039] EXT4-fs (loop5): Remounting filesystem read-only
[  220.378604][T11039] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  220.387937][T11039] EXT4-fs (loop5): Remounting filesystem read-only
[  220.394956][T11039] EXT4-fs (loop5): 2 truncates cleaned up
[  220.415336][T11039] EXT4-fs error (device loop5): ext4_inlinedir_to_tree:1450: inode #12: block 7: comm syz.5.4617: path /420/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0
[  220.437685][T11039] EXT4-fs (loop5): Remounting filesystem read-only
[  220.518308][T11044] can0: slcan on ptm0.
[  220.527004][  T309] usb 4-1: USB disconnect, device number 22
[  220.536918][T11046] xt_hashlimit: size too large, truncated to 1048576
[  220.551809][T11042] can0 (unregistered): slcan off ptm0.
[  220.982860][T11082] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  220.994431][T11082] exFAT-fs (loop7): Medium has reported failures. Some data may be lost.
[  221.004942][T11082] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  221.023374][T11084] FAT-fs (loop0): Directory bread(block 199916) failed
[  221.030497][T11084] FAT-fs (loop0): Directory bread(block 199917) failed
[  221.053891][T11084] FAT-fs (loop0): Directory bread(block 199918) failed
[  221.068865][T11084] FAT-fs (loop0): Directory bread(block 199919) failed
[  221.103219][T11084] FAT-fs (loop0): Directory bread(block 199920) failed
[  221.127277][T11084] FAT-fs (loop0): Directory bread(block 199921) failed
[  221.143025][T11092] netlink: 68 bytes leftover after parsing attributes in process `syz.7.4641'.
[  221.155198][T11084] FAT-fs (loop0): Directory bread(block 199922) failed
[  221.173884][T11084] FAT-fs (loop0): Directory bread(block 199923) failed
[  221.287128][T11103] netlink: 457 bytes leftover after parsing attributes in process `syz.6.4645'.
[  221.318468][T11107] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4648'.
[  221.358783][T11109] EXT4-fs error (device loop7): ext4_expand_extra_isize_ea:2750: inode #11: comm syz.7.4649: corrupted xattr block 95
[  221.372213][T11109] EXT4-fs error (device loop7): ext4_validate_block_bitmap:429: comm syz.7.4649: bg 0: block 7: invalid block bitmap
[  221.385140][T11109] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  221.394311][T11109] EXT4-fs error (device loop7): ext4_xattr_delete_inode:2916: inode #11: comm syz.7.4649: corrupted xattr block 95
[  221.406890][T11109] EXT4-fs warning (device loop7): ext4_evict_inode:301: xattr delete (err -117)
[  221.411621][  T309] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  221.418718][T11109] EXT4-fs (loop7): 1 orphan inode deleted
[  221.436450][T11109] EXT4-fs error (device loop7): ext4_search_dir:1549: inode #12: block 7: comm syz.7.4649: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=3, size=56 fake=0
[  221.622947][  T309] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  221.644065][  T309] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  221.661144][  T309] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.679367][  T309] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  221.705258][  T309] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.724683][  T309] usb 4-1: config 0 descriptor??
[  221.743416][T11136] tipc: Started in network mode
[  221.756326][T11136] tipc: Node identity 10001, cluster identity 127
[  221.769610][T11136] tipc: Node number set to 65537
[  222.012433][T11160] set_capacity_and_notify: 8 callbacks suppressed
[  222.012457][T11160] loop5: detected capacity change from 0 to 256
[  222.111797][T11162] loop5: detected capacity change from 0 to 256
[  222.139193][T11162] FAT-fs (loop5): Directory bread(block 64) failed
[  222.151498][T11162] FAT-fs (loop5): Directory bread(block 65) failed
[  222.158162][T11162] FAT-fs (loop5): Directory bread(block 66) failed
[  222.171125][T11162] FAT-fs (loop5): Directory bread(block 67) failed
[  222.199068][T11162] FAT-fs (loop5): Directory bread(block 68) failed
[  222.211714][T11162] FAT-fs (loop5): Directory bread(block 69) failed
[  222.214490][  T309] hid-picolcd 0003:04D8:F002.003F: No report with id 0xf3 found
[  222.229088][T11162] FAT-fs (loop5): Directory bread(block 70) failed
[  222.236301][  T309] hid-picolcd 0003:04D8:F002.003F: No report with id 0xf4 found
[  222.249343][T11162] FAT-fs (loop5): Directory bread(block 71) failed
[  222.289840][T11162] FAT-fs (loop5): Directory bread(block 72) failed
[  222.298937][T11162] FAT-fs (loop5): Directory bread(block 73) failed
[  222.359438][  T309] usb 4-1: USB disconnect, device number 23
[  222.519392][T11184] device bridge0 entered promiscuous mode
[  222.577489][T11192] loop5: detected capacity change from 0 to 128
[  222.623008][T11192] syz.5.4690: attempt to access beyond end of device
[  222.623008][T11192] loop5: rw=2051, sector=104, nr_sectors = 937 limit=128
[  222.663711][T11198] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4693'.
[  222.673569][T11198] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4693'.
[  222.787361][T11212] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4700'.
[  222.847851][T11216] loop5: detected capacity change from 0 to 1024
[  222.939357][T11216] EXT4-fs mount: 15 callbacks suppressed
[  222.939379][T11216] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  222.996013][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  223.027402][T11235] loop3: detected capacity change from 0 to 512
[  223.064527][T11235] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  223.124905][T11235] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters
[  223.150669][T11242] loop0: detected capacity change from 0 to 512
[  223.173487][T11235] EXT4-fs (loop3): 1 truncate cleaned up
[  223.179301][T11235] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  223.204480][   T28] kauditd_printk_skb: 7 callbacks suppressed
[  223.204496][   T28] audit: type=1326 audit(1781529889.528:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11234 comm="syz.3.4708" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb4839ce59 code=0x7ffc0000
[  223.222087][T11242] EXT4-fs error (device loop0): ext4_iget_extra_inode:4765: inode #15: comm syz.0.4713: corrupted in-inode xattr
[  223.235944][   T28] audit: type=1326 audit(1781529889.528:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11234 comm="syz.3.4708" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7ffb4839ce59 code=0x7ffc0000
[  223.277221][   T28] audit: type=1326 audit(1781529889.528:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11234 comm="syz.3.4708" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb4839ce59 code=0x7ffc0000
[  223.304753][T11242] EXT4-fs (loop0): Remounting filesystem read-only
[  223.313675][T11242] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.4713: couldn't read orphan inode 15 (err -117)
[  223.328853][T11242] EXT4-fs (loop0): Remounting filesystem read-only
[  223.336771][T11242] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  223.347995][T10368] EXT4-fs (loop3): unmounting filesystem.
[  223.368844][  T288] EXT4-fs (loop0): unmounting filesystem.
[  223.400351][T11256] netlink: 95 bytes leftover after parsing attributes in process `syz.5.4721'.
[  223.691517][T11116] loop7: detected capacity change from 0 to 262144
[  223.762647][T11116] F2FS-fs (loop7): Found nat_bits in checkpoint
[  223.880840][T11311] loop5: detected capacity change from 0 to 512
[  223.887688][T11116] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  223.961517][T11311] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  224.004188][T11311] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters
[  224.018785][T11116] F2FS-fs (loop7): Inconsistent error blkaddr:6149, sit bitmap:0
[  224.040883][T11116] CPU: 0 PID: 11116 Comm: syz.7.4653 Tainted: G        W          syzkaller #0
[  224.050168][T11116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  224.060384][T11116] Call Trace:
[  224.063895][T11116]  <TASK>
[  224.066946][T11116]  __dump_stack+0x21/0x24
[  224.071336][T11116]  dump_stack_lvl+0x110/0x170
[  224.076050][T11116]  ? __cfi_dump_stack_lvl+0x8/0x8
[  224.081220][T11116]  dump_stack+0x15/0x24
[  224.085435][T11116]  __f2fs_is_valid_blkaddr+0xcd2/0x1400
[  224.091203][T11116]  f2fs_is_valid_blkaddr+0x23/0x30
[  224.096376][T11116]  f2fs_get_node_info+0x7fb/0x11e0
[  224.101560][T11116]  ? __cfi_f2fs_get_node_info+0x10/0x10
[  224.107270][T11116]  read_node_page+0x2e4/0x500
[  224.112017][T11116]  ? f2fs_ra_node_page+0x270/0x270
[  224.117280][T11116]  ? __kasan_check_write+0x14/0x20
[  224.123034][T11116]  ? __kasan_check_read+0x11/0x20
[  224.128535][T11116]  __get_node_page+0x14a/0xaf0
[  224.133440][T11116]  f2fs_get_node_page+0x21/0x30
[  224.138369][T11116]  f2fs_iget+0x7e1/0x4fb0
[  224.142791][T11116]  ? __cfi___f2fs_find_entry+0x10/0x10
[  224.148567][T11116]  ? d_alloc_parallel+0x112b/0x1280
[  224.153932][T11116]  f2fs_lookup+0x3a9/0xab0
[  224.158421][T11116]  ? __cfi_f2fs_lookup+0x10/0x10
[  224.163410][T11116]  ? __cfi_d_alloc_parallel+0x10/0x10
[  224.169020][T11116]  ? lookup_fast+0x195/0x520
[  224.174037][T11116]  ? __cfi_f2fs_lookup+0x10/0x10
[  224.179052][T11116]  path_openat+0x13fe/0x2f30
[  224.183812][T11116]  ? do_filp_open+0x420/0x420
[  224.188590][T11116]  do_filp_open+0x1ee/0x420
[  224.193185][T11116]  ? __cfi_do_filp_open+0x10/0x10
[  224.198313][T11116]  ? alloc_fd+0x4c1/0x570
[  224.204013][T11116]  do_sys_openat2+0x15e/0x820
[  224.209029][T11116]  ? __se_sys_futex+0x136/0x310
[  224.214479][T11116]  ? do_sys_open+0xe0/0xe0
[  224.218943][T11116]  ? __this_cpu_preempt_check+0x13/0x20
[  224.224526][T11116]  ? xfd_validate_state+0x70/0x150
[  224.229723][T11116]  __x64_sys_openat+0x136/0x160
[  224.235932][T11116]  x64_sys_call+0x783/0x9a0
[  224.241069][T11116]  do_syscall_64+0x4c/0xa0
[  224.246559][T11116]  ? clear_bhb_loop+0x30/0x80
[  224.252166][T11116]  ? clear_bhb_loop+0x30/0x80
[  224.257364][T11116]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  224.263515][T11116] RIP: 0033:0x7f8e5039ce59
[  224.268678][T11116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.296126][T11116] RSP: 002b:00007f8e4edf7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  224.304974][T11116] RAX: ffffffffffffffda RBX: 00007f8e50615fa0 RCX: 00007f8e5039ce59
[  224.313007][T11116] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  224.321417][T11116] RBP: 00007f8e50432d6f R08: 0000000000000000 R09: 0000000000000000
[  224.329429][T11116] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[  224.337542][T11116] R13: 00007f8e50616038 R14: 00007f8e50615fa0 R15: 00007ffc84409c58
[  224.345758][T11116]  </TASK>
[  224.350756][T11311] EXT4-fs (loop5): 1 truncate cleaned up
[  224.369344][T11311] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  224.400845][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  224.868983][T11333] loop5: detected capacity change from 0 to 40427
[  224.903258][T11333] F2FS-fs (loop5): invalid crc value
[  224.934629][T11333] F2FS-fs (loop5): Found nat_bits in checkpoint
[  224.983037][T11276] loop0: detected capacity change from 0 to 131072
[  225.004276][T11276] F2FS-fs (loop0): Wrong NAT boundary, start(2560) end(3584) blocks(0)
[  225.017635][T11276] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  225.037282][T11276] F2FS-fs (loop0): invalid crc value
[  225.067117][T11276] F2FS-fs (loop0): Found nat_bits in checkpoint
[  225.095391][T11333] F2FS-fs (loop5): Start checkpoint disabled!
[  225.131940][T11333] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  225.168925][T11276] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  225.182541][T11333] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  225.189144][T11276] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  225.297670][ T7036] kworker/u4:6: attempt to access beyond end of device
[  225.297670][ T7036] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  225.579188][T11353] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  225.591501][T11353] ext4 filesystem being mounted at /459/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.652902][T11358] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4763'.
[  225.692186][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  225.892934][T11331] F2FS-fs (loop3): Test dummy encryption mode enabled
[  225.927070][T11331] F2FS-fs (loop3): invalid crc value
[  225.962499][T11331] F2FS-fs (loop3): Found nat_bits in checkpoint
[  225.996231][T11380] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  226.010369][T11380] EXT4-fs (loop7): Test dummy encryption mode enabled
[  226.041188][T11380] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0002]
[  226.052451][T11380] System zones: 0-5
[  226.057382][T11380] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  226.080351][T11380] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  226.119651][ T9477] EXT4-fs (loop7): unmounting filesystem.
[  226.132743][T11331] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  226.251027][T11393] input: syz1 as /devices/virtual/input/input59
[  226.475074][T11387] F2FS-fs (loop5): Found nat_bits in checkpoint
[  226.504009][T11405] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  226.571532][T11387] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  226.636053][T11395] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  226.651967][ T5698] syz-executor: attempt to access beyond end of device
[  226.651967][ T5698] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  226.661581][T11395] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  226.732267][T11395] F2FS-fs (loop7): invalid crc value
[  226.743209][T11395] F2FS-fs (loop7): Ignore s_resuid=0, s_resgid=65535 w/o reserve_root and reserve_node
[  226.781005][T11418] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  226.797406][T11395] F2FS-fs (loop7): Found nat_bits in checkpoint
[  226.883107][T11395] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  226.890208][T11395] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  226.908955][T11422] netlink: 'syz.5.4783': attribute type 11 has an invalid length.
[  226.917646][T11422] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4783'.
[  227.438952][   T28] audit: type=1400 audit(1781529893.758:1641): avc:  denied  { watch watch_reads } for  pid=11449 comm="syz.7.4798" path="/124/file0" dev="tmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  227.716721][T11420] set_capacity_and_notify: 6 callbacks suppressed
[  227.716742][T11420] loop3: detected capacity change from 0 to 131072
[  227.743312][T11420] F2FS-fs (loop3): invalid crc value
[  227.775735][T11420] F2FS-fs (loop3): Found nat_bits in checkpoint
[  227.850885][T11479] loop5: detected capacity change from 0 to 4096
[  227.862838][T11420] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  227.900616][T11479] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  227.962808][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  228.129825][T11486] loop5: detected capacity change from 0 to 256
[  228.158524][T11486] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF
[  228.178648][T11486] FAT-fs (loop5): Filesystem has been set read-only
[  228.285183][T11492] overlayfs: upper fs does not support file handles, falling back to index=off.
[  228.988213][T11522] tap0: tun_chr_ioctl cmd 1074025677
[  228.996204][T11522] tap0: linktype set to 271
[  229.015900][T11525] loop5: detected capacity change from 0 to 1024
[  229.028334][T11525] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #3: block 2: comm syz.5.4830: lblock 2 mapped to illegal pblock 2 (length 1)
[  229.042633][T11525] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  229.050854][T11525] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #3: block 48: comm syz.5.4830: lblock 0 mapped to illegal pblock 48 (length 1)
[  229.066020][T11525] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  229.075929][T11525] EXT4-fs error (device loop5): ext4_acquire_dquot:6828: comm syz.5.4830: Failed to acquire dquot type 0
[  229.093634][T11525] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5954: Corrupt filesystem
[  229.103646][T11525] EXT4-fs error (device loop5): ext4_evict_inode:281: inode #11: comm syz.5.4830: mark_inode_dirty error
[  229.120976][T11525] EXT4-fs warning (device loop5): ext4_evict_inode:284: couldn't mark inode dirty (err -117)
[  229.131951][T11525] EXT4-fs (loop5): 1 orphan inode deleted
[  229.137743][T11525] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  229.160769][   T37] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  229.185782][   T37] Quota error (device loop5): remove_tree: Can't read quota data block 1
[  229.209761][   T37] EXT4-fs error (device loop5): ext4_release_dquot:6864: comm kworker/u4:2: Failed to release dquot type 0
[  229.252144][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  229.263009][ T5698] EXT4-fs error (device loop5): __ext4_get_inode_loc:4522: comm syz-executor: Invalid inode table block 1 in block_group 0
[  229.293629][   T28] audit: type=1326 audit(1781529895.618:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11546 comm="syz.0.4841" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  229.318898][ T5698] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5954: Corrupt filesystem
[  229.331263][   T28] audit: type=1326 audit(1781529895.618:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11546 comm="syz.0.4841" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  229.332482][ T5698] EXT4-fs error (device loop5): ext4_quota_off:7134: inode #3: comm syz-executor: mark_inode_dirty error
[  229.357851][   T28] audit: type=1326 audit(1781529895.618:1644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11546 comm="syz.0.4841" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  229.392802][   T28] audit: type=1326 audit(1781529895.618:1645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11546 comm="syz.0.4841" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  229.421800][   T28] audit: type=1326 audit(1781529895.618:1646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11546 comm="syz.0.4841" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  229.462308][   T28] audit: type=1326 audit(1781529895.618:1647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11546 comm="syz.0.4841" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc98b79ce59 code=0x7ffc0000
[  229.471194][T11551] loop0: detected capacity change from 0 to 2048
[  229.488323][   T28] audit: type=1326 audit(1781529895.618:1648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11546 comm="syz.0.4841" exe="/root/ci2-android-6-1/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc98b79ce59 code=0x0
[  229.537616][T11551] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  229.571093][   T37] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  229.587197][   T37] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  229.599959][   T37] EXT4-fs (loop0): This should not happen!! Data will be lost
[  229.599959][   T37] 
[  229.610058][   T37] EXT4-fs (loop0): Total free blocks count 0
[  229.616843][   T37] EXT4-fs (loop0): Free/Dirty block details
[  229.623062][   T37] EXT4-fs (loop0): free_blocks=4096
[  229.628422][   T37] EXT4-fs (loop0): dirty_blocks=32
[  229.633879][   T37] EXT4-fs (loop0): Block reservation details
[  229.639984][   T37] EXT4-fs (loop0): i_reserved_data_blocks=2
[  229.646663][   T37] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2 with error 28
[  229.709338][T11565] loop5: detected capacity change from 0 to 256
[  229.733177][T11565] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[  229.981114][T11597] tmpfs: Bad value for 'gid'
[  230.147598][T11620] tipc: Started in network mode
[  230.152759][T11620] tipc: Node identity ac14140f, cluster identity 16
[  230.159648][T11620] tipc: New replicast peer: 255.255.255.255
[  230.179206][T11620] tipc: Enabled bearer <udp:syz2>, priority 10
[  230.253574][T11629] loop3: detected capacity change from 0 to 512
[  230.272982][T11629] EXT4-fs: Ignoring removed i_version option
[  230.307335][T11629] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  230.325574][T11629] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.398760][T10368] EXT4-fs (loop3): unmounting filesystem.
[  231.291507][   T60] tipc: Node number set to 2886997007
[  231.355329][T11711] loop0: detected capacity change from 0 to 1024
[  231.411534][T11711] EXT4-fs: Ignoring removed orlov option
[  231.447371][T11711] EXT4-fs: Ignoring removed orlov option
[  231.496711][T11711] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  231.569709][T11711] EXT4-fs: Ignoring removed orlov option
[  231.576345][T11711] EXT4-fs: Ignoring removed orlov option
[  231.586331][T11711] EXT4-fs (loop0): re-mounted. Quota mode: none.
[  231.615204][T11731] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4918'.
[  231.627841][  T288] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  231.646267][  T288] EXT4-fs (loop0): Remounting filesystem read-only
[  231.653413][  T288] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  231.672245][  T288] EXT4-fs (loop0): Remounting filesystem read-only
[  231.705553][T11201] EXT4-fs (loop0): unmounting filesystem.
[  231.715607][    T6] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=6 comm=kworker/0:0
[  231.792107][   T37] tipc: Left network mode
[  232.203349][T11753] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.226922][T11753] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.252271][T11753] device bridge_slave_0 entered promiscuous mode
[  232.274390][T11753] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.281604][T11753] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.289824][T11753] device bridge_slave_1 entered promiscuous mode
[  232.304422][   T37] device bridge_slave_1 left promiscuous mode
[  232.310740][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.318775][   T37] device bridge_slave_0 left promiscuous mode
[  232.325039][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.344681][   T37] device veth1_macvtap left promiscuous mode
[  232.361445][   T37] device veth0_vlan left promiscuous mode
[  232.755285][T11753] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.762643][T11753] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.770036][T11753] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.777136][T11753] bridge0: port 1(bridge_slave_0) entered forwarding state
[  232.842386][  T308] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.860116][  T308] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.949492][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  232.971818][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  232.999967][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  233.022155][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  233.042853][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.050539][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  233.088803][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  233.121829][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  233.130571][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.137740][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  233.171293][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  233.199783][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  233.208383][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  233.218551][T11747] loop3: detected capacity change from 0 to 131072
[  233.227264][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  233.242863][T11747] F2FS-fs (loop3): invalid crc value
[  233.268729][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  233.282924][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  233.302886][T11747] F2FS-fs (loop3): Found nat_bits in checkpoint
[  233.330461][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  233.345243][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  233.366050][T11753] device veth0_vlan entered promiscuous mode
[  233.381895][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  233.397040][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  233.418866][T11747] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  233.456561][T11753] device veth1_macvtap entered promiscuous mode
[  233.474376][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  233.491439][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.505050][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  233.519475][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.523291][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  233.548898][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.558931][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  233.580171][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.591313][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  233.600999][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.613511][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  233.621939][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.632835][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  233.641786][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.650697][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.661928][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.672270][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.682197][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.692079][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.701039][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.712825][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.725160][T10368] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  233.762149][T11815] input: syz1 as /devices/virtual/input/input60
[  233.877878][T11824] loop5: detected capacity change from 0 to 1024
[  233.911494][T11824] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  233.931634][T11827] netlink: 'syz.6.4959': attribute type 34 has an invalid length.
[  233.952152][T11824] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  233.982097][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  234.156988][T11839] loop5: detected capacity change from 0 to 128
[  234.179649][T11839] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  234.205218][T11839] ext4 filesystem being mounted at /523/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  234.253929][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  234.426907][T11867] loop5: detected capacity change from 0 to 256
[  234.474922][T11867] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f1c, chksum : 0x850fc7e5, utbl_chksum : 0xe619d30d)
[  234.523792][T11872] loop7: detected capacity change from 0 to 256
[  234.576361][T11872] exfat: Deprecated parameter 'utf8'
[  234.587663][T11872] exfat: Deprecated parameter 'namecase'
[  234.601594][T11872] exfat: Deprecated parameter 'namecase'
[  234.610118][T11874] loop5: detected capacity change from 0 to 512
[  234.628625][T11872] exFAT-fs (loop7): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc232f927, utbl_chksum : 0xe619d30d)
[  234.704257][T11874] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  234.746247][T11874] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.4980: invalid indirect mapped block 8 (level 2)
[  234.812246][T11874] EXT4-fs (loop5): Remounting filesystem read-only
[  234.821580][T11874] EXT4-fs (loop5): 1 truncate cleaned up
[  234.827289][T11874] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  234.872131][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  234.916863][T11892] syz.7.4987 (11892) used greatest stack depth: 20704 bytes left
[  234.982994][T11896] tap0: tun_chr_ioctl cmd 1074025677
[  234.984025][T11898] loop8: detected capacity change from 0 to 256
[  235.000594][T11896] tap0: linktype set to 6
[  235.011246][T11900] loop5: detected capacity change from 0 to 128
[  235.053316][T11898] exFAT-fs (loop8): failed to load upcase table (idx : 0x0001fe89, chksum : 0xeb34f926, utbl_chksum : 0xe619d30d)
[  235.178598][T11884] loop3: detected capacity change from 0 to 40427
[  235.201730][T11884] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  235.229822][T11884] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  235.239850][T11918] loop7: detected capacity change from 0 to 256
[  235.260364][T11884] F2FS-fs (loop3): invalid crc value
[  235.285530][T11918] exfat: Deprecated parameter 'namecase'
[  235.304644][T11918] exfat: Deprecated parameter 'namecase'
[  235.315316][T11884] F2FS-fs (loop3): Found nat_bits in checkpoint
[  235.327902][T11918] exFAT-fs (loop7): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc232f927, utbl_chksum : 0xe619d30d)
[  235.422303][T11884] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  235.439184][T11884] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  235.493771][T11938] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  235.528473][T11938] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869)
[  235.561898][T11938] EXT4-fs (loop7): invalid journal inode
[  235.568391][T11938] EXT4-fs (loop7): can't get journal size
[  235.643326][T11938] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  235.703869][T11970] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5013'.
[  235.714876][T11963] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  235.753946][ T9477] EXT4-fs (loop7): unmounting filesystem.
[  235.782565][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  235.864702][T11992] bridge_slave_0: default FDB implementation only supports local addresses
[  236.905309][T12002] exfat: Deprecated parameter 'namecase'
[  236.912711][T12002] exfat: Deprecated parameter 'utf8'
[  236.932400][T12002] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x544194fd, utbl_chksum : 0xe619d30d)
[  237.016761][T12014] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  237.033794][T12018] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  237.054159][T12018] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  237.064020][T12014] EXT4-fs error (device loop8): ext4_orphan_get:1431: comm syz.8.5044: bad orphan inode 131083
[  237.100223][   T37] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  237.113303][T12014] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  237.132163][T12024] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.158796][T12014] EXT4-fs (loop8): shut down requested (1)
[  237.178900][T12014] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop8 ino=12
[  237.189880][   T28] kauditd_printk_skb: 15 callbacks suppressed
[  237.189898][   T28] audit: type=1400 audit(1781529903.518:1664): avc:  denied  { read } for  pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  237.192266][T12014] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop8 ino=12
[  237.197476][T12028] exfat: Deprecated parameter 'utf8'
[  237.233865][   T28] audit: type=1400 audit(1781529903.518:1665): avc:  denied  { search } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  237.291618][   T28] audit: type=1400 audit(1781529903.518:1666): avc:  denied  { write } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  237.313628][T12028] exfat: Deprecated parameter 'utf8'
[  237.317966][T11753] EXT4-fs (loop8): unmounting filesystem.
[  237.320285][T12028] exfat: Deprecated parameter 'utf8'
[  237.330105][   T28] audit: type=1400 audit(1781529903.518:1667): avc:  denied  { add_name } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  237.354503][T12028] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  237.367377][   T28] audit: type=1400 audit(1781529903.518:1668): avc:  denied  { create } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  237.442083][   T28] audit: type=1400 audit(1781529903.518:1669): avc:  denied  { append open } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  237.465577][   T28] audit: type=1400 audit(1781529903.518:1670): avc:  denied  { getattr } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  237.599260][T12043] EXT4-fs: Ignoring removed orlov option
[  237.640483][T12043] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  237.666472][T12043] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  237.740595][T12043] EXT4-fs error (device loop7): ext4_get_verity_descriptor_location:337: inode #15: comm syz.7.5055: verity file corrupted; can't find descriptor
[  237.792482][T12043] EXT4-fs (loop7): Remounting filesystem read-only
[  237.800208][T12043] fs-verity (loop7, inode 15): Error -117 getting verity descriptor size
[  237.876129][T12051] exfat: Deprecated parameter 'utf8'
[  237.890528][ T9477] EXT4-fs (loop7): unmounting filesystem.
[  237.904656][T12051] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  238.124008][T12067] EXT4-fs (loop5): Test dummy encryption mode enabled
[  238.158910][T12067] EXT4-fs error (device loop5): ext4_orphan_get:1405: inode #15: comm syz.5.5066: inode has both inline data and extents flags
[  238.159797][T12073] bridge0: port 3(vlan2) entered blocking state
[  238.178769][T12073] bridge0: port 3(vlan2) entered disabled state
[  238.189665][T12067] EXT4-fs error (device loop5): ext4_orphan_get:1410: comm syz.5.5066: couldn't read orphan inode 15 (err -117)
[  238.203983][T12067] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  238.304196][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  238.428485][T12102] netlink: 76 bytes leftover after parsing attributes in process `syz.5.5083'.
[  238.438055][T12102] netlink: 13 bytes leftover after parsing attributes in process `syz.5.5083'.
[  238.791472][ T4031] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  238.818390][T12137] netlink: 'syz.3.5099': attribute type 21 has an invalid length.
[  238.826469][T12137] netlink: 'syz.3.5099': attribute type 21 has an invalid length.
[  238.834985][T12137] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5099'.
[  238.971439][ T4031] usb 6-1: Using ep0 maxpacket: 32
[  238.977849][ T4031] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.989393][ T4031] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  238.999842][ T4031] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  239.009185][ T4031] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.021927][ T4031] usb 6-1: config 0 descriptor??
[  239.035466][ T4031] hub 6-1:0.0: USB hub found
[  239.068572][T12145] set_capacity_and_notify: 10 callbacks suppressed
[  239.068591][T12145] loop3: detected capacity change from 0 to 40427
[  239.086531][T12145] F2FS-fs (loop3): Invalid log_blocksize (64), supports only 12
[  239.095351][T12145] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  239.111651][T12145] F2FS-fs (loop3): invalid crc value
[  239.118273][T12145] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  239.153517][T12145] F2FS-fs (loop3): Start checkpoint disabled!
[  239.160350][T12145] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  239.168355][T12145] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  239.175514][T12145] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  239.207670][   T28] audit: type=1400 audit(1781529905.528:1671): avc:  denied  { unmount } for  pid=11753 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  239.235969][ T4031] hub 6-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  239.256105][T12156] input: syz0 as /devices/virtual/input/input62
[  239.282977][   T28] audit: type=1400 audit(1781529905.608:1672): avc:  denied  { lock } for  pid=12157 comm="syz.8.5108" path="socket:[57490]" dev="sockfs" ino=57490 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  239.321511][T12160] loop8: detected capacity change from 0 to 16
[  239.341103][T12160] erofs: (device loop8): mounted with root inode @ nid 36.
[  239.349802][T12162] loop7: detected capacity change from 0 to 256
[  239.358061][T12160] erofs: (device loop8): erofs_find_target_block: corrupted dir block 0 @ nid 36
[  239.368254][T12162] exfat: Deprecated parameter 'utf8'
[  239.374733][T12160] erofs: (device loop8): erofs_map_blocks_flatmode: internal error @ nid: 36 (size 18446462598732841076), m_la 0x1000
[  239.390523][T12162] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  239.436689][ T4031] usbhid 6-1:0.0: can't add hid device: -71
[  239.443113][ T4031] usbhid: probe of 6-1:0.0 failed with error -71
[  239.481728][ T4031] usb 6-1: USB disconnect, device number 6
[  239.549813][T12173] loop3: detected capacity change from 0 to 1024
[  239.568121][T12173] EXT4-fs: Ignoring removed nobh option
[  239.593414][T12176] loop7: detected capacity change from 0 to 256
[  239.596887][T12173] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  239.613869][   T28] audit: type=1400 audit(1781529905.938:1673): avc:  denied  { read } for  pid=12172 comm="syz.3.5114" name="file1" dev="loop3" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  239.640704][T12173] EXT4-fs (loop3): re-mounted. Quota mode: none.
[  239.648343][T12176] FAT-fs (loop7): Directory bread(block 64) failed
[  239.656199][T12176] FAT-fs (loop7): Directory bread(block 65) failed
[  239.663063][T12176] FAT-fs (loop7): Directory bread(block 66) failed
[  239.669670][T12176] FAT-fs (loop7): Directory bread(block 67) failed
[  239.672006][T10368] EXT4-fs (loop3): unmounting filesystem.
[  239.677644][T12176] FAT-fs (loop7): Directory bread(block 68) failed
[  239.688648][T12176] FAT-fs (loop7): Directory bread(block 69) failed
[  239.695593][T12176] FAT-fs (loop7): Directory bread(block 70) failed
[  239.702455][T12176] FAT-fs (loop7): Directory bread(block 71) failed
[  239.709105][T12176] FAT-fs (loop7): Directory bread(block 72) failed
[  239.716378][T12176] FAT-fs (loop7): Directory bread(block 73) failed
[  239.753288][T12182] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5117'.
[  239.785963][T12186] loop7: detected capacity change from 0 to 256
[  239.801430][  T301] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  239.814461][T12186] FAT-fs (loop7): Directory bread(block 64) failed
[  239.821112][T12186] FAT-fs (loop7): Directory bread(block 65) failed
[  239.828490][T12186] FAT-fs (loop7): Directory bread(block 66) failed
[  239.835292][T12186] FAT-fs (loop7): Directory bread(block 67) failed
[  239.842249][T12186] FAT-fs (loop7): Directory bread(block 68) failed
[  239.848806][T12186] FAT-fs (loop7): Directory bread(block 69) failed
[  239.855627][T12186] FAT-fs (loop7): Directory bread(block 70) failed
[  239.862441][T12186] FAT-fs (loop7): Directory bread(block 71) failed
[  239.869042][T12186] FAT-fs (loop7): Directory bread(block 72) failed
[  239.875757][T12186] FAT-fs (loop7): Directory bread(block 73) failed
[  239.982505][  T301] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  240.008901][  T301] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  240.042021][  T301] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  240.062771][T12204] loop5: detected capacity change from 0 to 1024
[  240.078944][T12204] EXT4-fs: Ignoring removed bh option
[  240.081659][  T301] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  240.099602][  T301] usb 9-1: SerialNumber: syz
[  240.122545][T12204] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  240.165942][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  240.241457][T12212] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5131'.
[  240.294548][T12201] loop7: detected capacity change from 0 to 40427
[  240.304828][T12201] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  240.316693][  T301] usb 9-1: 0:2 : does not exist
[  240.324925][T12201] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  240.335988][T12201] F2FS-fs (loop7): invalid crc value
[  240.344192][  T301] usb 9-1: 5:0: failed to get current value for ch 1 (-22)
[  240.353491][T12201] F2FS-fs (loop7): Found nat_bits in checkpoint
[  240.366680][  T301] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[  240.385539][  T301] usb 9-1: 5:0: cannot get min/max values for control 2 (id 5)
[  240.406037][  T301] usb 9-1: USB disconnect, device number 2
[  240.456132][T12201] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  240.463408][T12201] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  240.594022][T12220] syz.7.5125: attempt to access beyond end of device
[  240.594022][T12220] loop7: rw=2049, sector=53248, nr_sectors = 4096 limit=40427
[  240.632108][  T467] udevd[467]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  240.633870][T12220] syz.7.5125: attempt to access beyond end of device
[  240.633870][T12220] loop7: rw=2049, sector=49152, nr_sectors = 4096 limit=40427
[  240.675278][T12220] syz.7.5125: attempt to access beyond end of device
[  240.675278][T12220] loop7: rw=2049, sector=57344, nr_sectors = 1696 limit=40427
[  240.917085][ T9477] syz-executor: attempt to access beyond end of device
[  240.917085][ T9477] loop7: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  241.021016][T12239] loop3: detected capacity change from 0 to 1024
[  241.046338][T12239] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  241.083848][T12239] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  241.104955][T12239] EXT4-fs warning (device loop3): empty_inline_dir:1884: bad inline directory (dir #12) - no `..'
[  241.157823][T12250] netem: incorrect ge model size
[  241.162907][T12250] netem: change failed
[  241.190235][T10368] EXT4-fs (loop3): unmounting filesystem.
[  241.243365][T12254] loop5: detected capacity change from 0 to 256
[  241.292545][T12254] exfat: Deprecated parameter 'utf8'
[  241.316807][T12254] exfat: Deprecated parameter 'utf8'
[  241.332895][T12260] EXT4-fs: Ignoring removed orlov option
[  241.349713][T12254] exfat: Deprecated parameter 'utf8'
[  241.374362][T12254] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  241.419766][T12260] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  241.432812][T12260] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.461430][T12260] EXT4-fs error (device loop8): ext4_get_verity_descriptor_location:337: inode #15: comm syz.8.5151: verity file corrupted; can't find descriptor
[  241.497568][T12260] EXT4-fs (loop8): Remounting filesystem read-only
[  241.509598][T12260] fs-verity (loop8, inode 15): Error -117 getting verity descriptor size
[  241.560961][T11753] EXT4-fs (loop8): unmounting filesystem.
[  241.649677][T12287] device erspan0 entered promiscuous mode
[  241.724990][T12297] EXT4-fs (loop5): invalid journal inode
[  241.730738][T12297] EXT4-fs (loop5): can't get journal size
[  241.751561][T12297] EXT4-fs (loop5): 1 truncate cleaned up
[  241.761444][T12297] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  241.879011][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  241.879338][T12291] F2FS-fs (loop8): invalid crc value
[  241.919548][T12291] F2FS-fs (loop8): Found nat_bits in checkpoint
[  242.023986][T12291] F2FS-fs (loop8): Start checkpoint disabled!
[  242.036729][T12291] F2FS-fs (loop8): f2fs_disable_checkpoint() finish, err:0
[  242.077853][T12291] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  242.345505][ T7036] kworker/u4:6: attempt to access beyond end of device
[  242.345505][ T7036] loop8: rw=1, sector=77824, nr_sectors = 8 limit=40427
[  242.369315][ T7036] kworker/u4:6: attempt to access beyond end of device
[  242.369315][ T7036] loop8: rw=1, sector=77832, nr_sectors = 2144 limit=40427
[  242.390423][ T7036] kworker/u4:6: attempt to access beyond end of device
[  242.390423][ T7036] loop8: rw=1, sector=79976, nr_sectors = 1944 limit=40427
[  242.410456][   T28] kauditd_printk_skb: 24 callbacks suppressed
[  242.410475][   T28] audit: type=1400 audit(1781529908.728:1698): avc:  denied  { execute_no_trans } for  pid=12345 comm="syz.5.5187" path="/577/file0" dev="tmpfs" ino=3020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  242.422957][ T7036] kworker/u4:6: attempt to access beyond end of device
[  242.422957][ T7036] loop8: rw=1, sector=49152, nr_sectors = 8 limit=40427
[  242.469494][T12350] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  242.484272][   T28] audit: type=1400 audit(1781529908.768:1699): avc:  denied  { module_request } for  pid=12345 comm="syz.5.5187" kmod="binfmt-464c" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  242.507971][T12350] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  242.528527][ T7036] kworker/u4:6: attempt to access beyond end of device
[  242.528527][ T7036] loop8: rw=1, sector=49160, nr_sectors = 4088 limit=40427
[  242.571971][ T7036] kworker/u4:6: attempt to access beyond end of device
[  242.571971][ T7036] loop8: rw=1, sector=57344, nr_sectors = 8 limit=40427
[  242.658956][  T309] kernel read not supported for file /vcs (pid: 309 comm: kworker/1:3)
[  242.988222][T12389] exfat: Deprecated parameter 'utf8'
[  243.031397][T12389] exfat: Deprecated parameter 'utf8'
[  243.052540][T12389] exfat: Deprecated parameter 'namecase'
[  243.083980][T12389] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  243.193556][T12408] binder: BC_ACQUIRE_RESULT not supported
[  243.215758][T12408] binder: 12407:12408 ioctl c0306201 200000000640 returned -22
[  243.331427][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  243.521513][    T6] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  243.536741][T12404] F2FS-fs (loop7): invalid crc value
[  243.542955][T12348] F2FS-fs (loop3): invalid crc value
[  243.555795][T12404] F2FS-fs (loop7): Found nat_bits in checkpoint
[  243.573810][T12430] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  243.619602][T12430] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  243.632680][T12404] F2FS-fs (loop7): Start checkpoint disabled!
[  243.640101][T12348] F2FS-fs (loop3): Found nat_bits in checkpoint
[  243.644326][T12404] F2FS-fs (loop7): f2fs_disable_checkpoint() finish, err:0
[  243.663071][T12404] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  243.698420][T12430] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters
[  243.713070][    T6] usb 9-1: Using ep0 maxpacket: 8
[  243.720985][    T6] usb 9-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  243.762403][    T6] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.787891][T12348] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  243.815771][    T6] usb 9-1: Product: syz
[  243.820008][    T6] usb 9-1: Manufacturer: syz
[  243.861420][    T6] usb 9-1: SerialNumber: syz
[  243.901483][T12430] Quota error (device loop5): write_blk: dquota write failed
[  243.947012][T12430] Quota error (device loop5): find_free_dqentry: Can't write quota data block 5
[  243.977703][T12430] Quota error (device loop5): write_blk: dquota write failed
[  244.019724][T12430] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  244.061440][T12430] EXT4-fs error (device loop5): ext4_acquire_dquot:6828: comm syz.5.5226: Failed to acquire dquot type 1
[  244.104607][T12430] EXT4-fs (loop5): 1 truncate cleaned up
[  244.127033][T12430] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  244.179695][T12430] Quota error (device loop5): write_blk: dquota write failed
[  244.217879][T12430] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  244.244783][T12430] EXT4-fs error (device loop5): ext4_acquire_dquot:6828: comm syz.5.5226: Failed to acquire dquot type 1
[  244.397314][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  244.458298][   T28] audit: type=1400 audit(1781529910.778:1700): avc:  denied  { ioctl } for  pid=12475 comm="syz.5.5241" path="socket:[59233]" dev="sockfs" ino=59233 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  244.501784][    T6] usb 9-1: clock source 0 is not valid, cannot use
[  244.701450][  T309] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  244.703887][    T6] usb 9-1: 1:1: cannot get freq (v2/v3): err -71
[  244.725439][    T6] usb 9-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  244.741627][    T6] usb 9-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  244.750286][    T6] usb 9-1: clock source 0 is not valid, cannot use
[  244.757394][    T6] usb 9-1: 2:1: cannot get freq (v2/v3): err -71
[  244.771444][    T6] usb 9-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  244.799210][    T6] usb 9-1: USB disconnect, device number 3
[  244.854090][   T28] audit: type=1400 audit(1781529911.178:1701): avc:  denied  { getopt } for  pid=12506 comm="syz.6.5258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  244.901418][  T309] usb 4-1: Using ep0 maxpacket: 16
[  244.911188][  T309] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  244.926398][  T309] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  244.937409][  T309] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  244.946860][  T309] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.966931][  T309] usb 4-1: config 0 descriptor??
[  245.001484][ T4031] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  245.182644][ T4031] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.195173][ T4031] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.197307][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.206452][ T4031] usb 6-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  245.221851][ T4031] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.230088][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.238185][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.245998][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.249296][ T4031] usb 6-1: config 0 descriptor??
[  245.266760][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.275031][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.282920][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.290646][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.298657][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.306313][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.313759][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.321199][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.328656][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.336111][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.343579][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.351016][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.358578][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.366042][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.373510][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.379876][  T309] apple 0003:05AC:024B.0041: unknown global tag 0xe
[  245.380934][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.389597][  T309] apple 0003:05AC:024B.0041: item 0 1 1 14 parsing failed
[  245.395357][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.403420][  T309] apple 0003:05AC:024B.0041: parse failed
[  245.410206][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.416453][  T309] apple: probe of 0003:05AC:024B.0041 failed with error -22
[  245.423521][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.437840][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.445385][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.452961][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.460518][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.467983][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.475435][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.482910][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.490336][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.497797][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.505499][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.512977][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.520579][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.528044][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.535758][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.546394][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.554954][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.562708][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.570764][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.578267][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.581596][  T309] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  245.586200][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.601083][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.608918][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.613932][ T6908] usb 4-1: USB disconnect, device number 24
[  245.616536][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.629752][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.637270][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.644855][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.652520][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.660400][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.668432][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.677461][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.679012][ T4031] playstation 0003:054C:0DF2.0042: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.5-1/input0
[  245.685485][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.704714][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.712291][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.719859][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.727540][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.735245][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.743168][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.750588][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.758049][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.765526][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.773172][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.780612][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.788094][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.795661][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.803136][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.810651][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.813398][  T309] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.818327][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.836645][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.851071][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.858656][  T309] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.859730][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.872859][  T309] usb 9-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01
[  245.878831][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.889247][ T4031] playstation 0003:054C:0DF2.0042: Failed to retrieve feature with reportID 9: -71
[  245.896556][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.909661][ T4031] playstation 0003:054C:0DF2.0042: Failed to retrieve DualSense pairing info: -71
[  245.920364][  T309] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.929379][ T4031] playstation 0003:054C:0DF2.0042: Failed to get MAC address from DualSense
[  245.938795][  T309] usb 9-1: config 0 descriptor??
[  245.944325][ T4031] playstation 0003:054C:0DF2.0042: Failed to create dualsense.
[  245.951708][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.960310][ T4031] playstation: probe of 0003:054C:0DF2.0042 failed with error -71
[  245.970486][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  245.986020][ T4031] usb 6-1: USB disconnect, device number 7
[  245.992360][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  246.000762][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  246.009489][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  246.017450][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  246.027548][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  246.050912][   T19] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[  246.066855][T12526] fido_id[12526]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  246.092706][   T19] hid-generic 0000:0000:0000.0040: hidraw0: <UNKNOWN> HID v0.03 Device [syz1] on syz1
[  246.182044][T12532] fido_id[12532]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  246.357156][T12554] set_capacity_and_notify: 9 callbacks suppressed
[  246.357176][T12554] loop3: detected capacity change from 0 to 256
[  246.358063][  T309] arvo 0003:1E7D:30D4.0043: unknown main item tag 0x0
[  246.377737][  T309] arvo 0003:1E7D:30D4.0043: unbalanced collection at end of report description
[  246.387133][  T309] arvo 0003:1E7D:30D4.0043: parse failed
[  246.393323][  T309] arvo: probe of 0003:1E7D:30D4.0043 failed with error -22
[  246.482905][T12564] loop7: detected capacity change from 0 to 512
[  246.508645][T12564] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  246.537360][ T9477] EXT4-fs (loop7): unmounting filesystem.
[  246.557385][T12570] input: syz0 as /devices/virtual/input/input63
[  246.565410][T12567] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5283'.
[  246.580251][    T6] usb 9-1: USB disconnect, device number 4
[  246.640692][T12578] netlink: 3 bytes leftover after parsing attributes in process `syz.6.5289'.
[  246.684461][T12582] loop7: detected capacity change from 0 to 4096
[  246.708242][T12586] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  246.741738][T12582] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  246.778919][ T9477] EXT4-fs (loop7): unmounting filesystem.
[  246.818530][T12598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5299'.
[  246.829965][T12598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5299'.
[  246.875003][  T309] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=309 comm=kworker/1:3
[  246.933932][T12607] loop3: detected capacity change from 0 to 256
[  246.941033][T12607] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  246.952765][   T19] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  246.952774][T12607] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  246.970689][T12607] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  247.132592][   T19] usb 6-1: Using ep0 maxpacket: 32
[  247.140061][T12620] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.149388][   T19] usb 6-1: config 0 has no interfaces?
[  247.162841][   T19] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  247.183064][   T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.200992][   T19] usb 6-1: Product: syz
[  247.218008][   T19] usb 6-1: Manufacturer: syz
[  247.230356][   T19] usb 6-1: SerialNumber: syz
[  247.242884][   T19] usb 6-1: config 0 descriptor??
[  247.418198][T12626] loop3: detected capacity change from 0 to 40427
[  247.428564][T12626] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  247.437820][T12626] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  247.457165][   T19] usb 6-1: USB disconnect, device number 8
[  247.472739][T12626] F2FS-fs (loop3): Found nat_bits in checkpoint
[  247.547834][T12626] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  247.561928][T12626] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  247.570526][T12653] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  247.587111][   T28] kauditd_printk_skb: 4 callbacks suppressed
[  247.587131][   T28] audit: type=1400 audit(1781529913.908:1706): avc:  denied  { link } for  pid=12625 comm="syz.3.5311" name="file0" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  247.631822][T12653] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  247.825422][T12669] loop7: detected capacity change from 0 to 128
[  247.868421][T12669] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  247.877607][T12669] ext4 filesystem being mounted at /213/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  247.950314][T12673] loop8: detected capacity change from 0 to 8192
[  247.950836][ T9477] EXT4-fs (loop7): unmounting filesystem.
[  247.996499][T12676] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0101 with DS=0x5
[  248.019416][   T28] audit: type=1400 audit(1781529914.338:1707): avc:  denied  { nlmsg_write } for  pid=12677 comm="syz.5.5331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  248.063642][   T28] audit: type=1400 audit(1781529914.338:1708): avc:  denied  { audit_write } for  pid=12677 comm="syz.5.5331" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  248.064898][T11753] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  248.089724][   T28] audit: type=1107 audit(1781529914.338:1709): pid=12677 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  248.097307][   T19] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  248.201396][T11753] FAT-fs (loop8): Filesystem has been set read-only
[  248.216845][T12680] device bridge_slave_0 left promiscuous mode
[  248.223123][T12680] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.277992][   T28] audit: type=1400 audit(1781529914.598:1710): avc:  denied  { mount } for  pid=12684 comm="syz.8.5332" name="/" dev="ramfs" ino=60512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  248.350749][   T28] audit: type=1400 audit(1781529914.628:1711): avc:  denied  { unmount } for  pid=11753 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  248.421565][   T19] usb 4-1: Using ep0 maxpacket: 8
[  248.429379][   T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.450950][   T19] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  248.490592][   T19] usb 4-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  248.512462][T12702] loop8: detected capacity change from 0 to 256
[  248.521192][   T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.540545][T12702] exFAT-fs (loop8): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbd11d127, utbl_chksum : 0xe619d30d)
[  248.561825][   T19] usb 4-1: config 0 descriptor??
[  248.628427][T12706] loop8: detected capacity change from 0 to 1024
[  248.639373][T12706] EXT4-fs: Ignoring removed nomblk_io_submit option
[  248.662893][T12706] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a001c01c, mo2=0002]
[  248.678250][T12706] System zones: 0-1, 3-36
[  248.684816][T12706] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  248.704463][T11753] EXT4-fs (loop8): unmounting filesystem.
[  248.776393][T12717] pim6reg1: tun_chr_ioctl cmd 1074025677
[  248.787647][T12717] pim6reg1: linktype set to 768
[  248.811035][T12690] loop7: detected capacity change from 0 to 40427
[  248.828578][T12690] F2FS-fs (loop7): invalid crc value
[  248.849280][T12723] input: syz0 as /devices/virtual/input/input64
[  248.857107][T12690] F2FS-fs (loop7): Found nat_bits in checkpoint
[  248.965571][T12690] F2FS-fs (loop7): Start checkpoint disabled!
[  248.974917][   T19] input: HID 28bd:0909 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28BD:0909.0044/input/input65
[  248.987826][T12690] F2FS-fs (loop7): f2fs_disable_checkpoint() finish, err:0
[  248.997876][   T19] uclogic 0003:28BD:0909.0044: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.3-1/input0
[  249.010230][T12690] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  249.092267][T12737] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  249.144139][T12737] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  249.175859][   T19] usb 4-1: USB disconnect, device number 25
[  249.183217][T12737] EXT4-fs (loop8): 1 truncate cleaned up
[  249.189020][T12737] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  249.269225][T12726] F2FS-fs (loop5): Small segment_count (9 < 1 * 24)
[  249.285685][T12726] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  249.314868][T11753] EXT4-fs (loop8): unmounting filesystem.
[  249.338418][T12726] F2FS-fs (loop5): Found nat_bits in checkpoint
[  249.378742][  T309] kernel write not supported for file /vcs (pid: 309 comm: kworker/1:3)
[  249.469430][T12726] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  249.494885][T12726] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  249.551241][T12747] bio_check_eod: 4 callbacks suppressed
[  249.551263][T12747] f2fs_ckpt-7:5: attempt to access beyond end of device
[  249.551263][T12747] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  249.619286][T12772] device batadv_slave_1 entered promiscuous mode
[  249.636838][T12771] device batadv_slave_1 left promiscuous mode
[  249.681851][   T28] audit: type=1400 audit(1781529916.008:1712): avc:  denied  { read } for  pid=12777 comm="syz.6.5377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  249.717625][  T308] tipc: Subscription rejected, illegal request
[  249.836842][T12787] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  249.853206][T12790] Bluetooth: hci0: Frame reassembly failed (-84)
[  249.870160][T12799] netlink: 172 bytes leftover after parsing attributes in process `syz.3.5383'.
[  249.870203][T12799] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5383'.
[  249.888704][ T9477] EXT4-fs error (device loop7): ext4_readdir:263: inode #2: block 16: comm syz-executor: path /221/file1: bad entry in directory: inode out of bounds - offset=0, inode=1538, rec_len=12, size=1024 fake=1
[  249.889249][ T9477] EXT4-fs (loop7): Remounting filesystem read-only
[  249.929528][T12799] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5383'.
[  249.942559][ T9931] EXT4-fs (loop7): unmounting filesystem.
[  249.948606][T12796] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002]
[  249.969891][T12796] System zones: 0-2, 18-18, 34-35
[  249.984939][   T28] audit: type=1400 audit(1781529916.308:1713): avc:  denied  { write } for  pid=12802 comm="syz.6.5385" name="file0" dev="tmpfs" ino=2625 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  250.025766][T12796] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  250.035243][T12796] ext4 filesystem being mounted at /606/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  250.046645][   T28] audit: type=1400 audit(1781529916.338:1714): avc:  denied  { open } for  pid=12802 comm="syz.6.5385" path="/504/file0" dev="tmpfs" ino=2625 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  250.098787][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  250.155133][T12813] xt_hashlimit: size too large, truncated to 1048576
[  250.322716][T12828] serio: Serial port ttyS3
[  250.455300][T12836] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  250.475141][T12829] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.483895][T12829] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.501387][   T19] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  250.517839][T12829] device bridge_slave_0 entered promiscuous mode
[  250.538822][T12829] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.559305][T12829] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.572625][T12829] device bridge_slave_1 entered promiscuous mode
[  250.694096][  T308] device bridge_slave_1 left promiscuous mode
[  250.700899][   T19] usb 4-1: config 0 interface 0 altsetting 15 endpoint 0x81 has an invalid bInterval 176, changing to 11
[  250.714525][  T308] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.736048][   T19] usb 4-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid maxpacket 1056, setting to 1024
[  250.748189][T12857] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  250.763968][  T308] device bridge0 left promiscuous mode
[  250.769572][  T308] device veth1_macvtap left promiscuous mode
[  250.775976][T12857] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28
[  250.784339][   T19] usb 4-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[  250.798876][T12857] EXT4-fs (loop8): This should not happen!! Data will be lost
[  250.798876][T12857] 
[  250.803246][  T308] device veth0_vlan left promiscuous mode
[  250.811458][T12857] EXT4-fs (loop8): Total free blocks count 0
[  250.823147][T12857] EXT4-fs (loop8): Free/Dirty block details
[  250.829083][T12857] EXT4-fs (loop8): free_blocks=4096
[  250.834544][T12857] EXT4-fs (loop8): dirty_blocks=64
[  250.838831][   T19] usb 4-1: config 0 interface 0 has no altsetting 0
[  250.840083][T12857] EXT4-fs (loop8): Block reservation details
[  250.852500][T12857] EXT4-fs (loop8): i_reserved_data_blocks=4
[  250.864796][   T19] usb 4-1: New USB device found, idVendor=06cb, idProduct=2968, bcdDevice= 0.00
[  250.887352][   T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.917770][   T19] usb 4-1: config 0 descriptor??
[  250.928870][ T7036] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  250.946858][T12823] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  250.961011][ T7036] EXT4-fs (loop8): This should not happen!! Data will be lost
[  250.961011][ T7036] 
[  251.173780][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  251.182246][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  251.201738][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  251.211115][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  251.220565][ T7036] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.227710][ T7036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.236716][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  251.245837][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  251.254423][ T7036] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.261715][ T7036] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.284688][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  251.293704][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  251.303837][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  251.312256][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  251.321176][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  251.344926][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  251.354425][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  251.364553][   T19] itetech 0003:06CB:2968.0045: unknown main item tag 0x2
[  251.372249][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  251.380509][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  251.392895][T12829] device veth0_vlan entered promiscuous mode
[  251.402013][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  251.403471][   T19] itetech 0003:06CB:2968.0045: unknown main item tag 0x7
[  251.412525][T12851] overlayfs: statfs failed on './file0'
[  251.423986][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  251.432140][   T19] itetech 0003:06CB:2968.0045: unknown main item tag 0xe
[  251.439319][   T19] itetech 0003:06CB:2968.0045: item fetching failed at offset 39/40
[  251.448001][   T19] itetech: probe of 0003:06CB:2968.0045 failed with error -22
[  251.456955][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  251.469261][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  251.522695][T12829] device veth1_macvtap entered promiscuous mode
[  251.534355][T12871] set_capacity_and_notify: 7 callbacks suppressed
[  251.534377][T12871] loop8: detected capacity change from 0 to 40427
[  251.539903][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  251.559200][T12871] F2FS-fs (loop8): Invalid SB checksum offset: 0
[  251.567999][ T4031] usb 4-1: USB disconnect, device number 26
[  251.584788][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  251.601172][T12871] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock
[  251.614946][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  251.628478][ T7036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  251.642024][T12871] F2FS-fs (loop8): invalid crc value
[  251.679832][T12871] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  251.740546][T12871] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0
[  251.751380][T12871] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  251.813320][T11753] syz-executor: attempt to access beyond end of device
[  251.813320][T11753] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  252.310139][T12934] input: syz1 as /devices/virtual/input/input66
[  252.562926][T12943] loop5: detected capacity change from 0 to 40427
[  252.577844][T12943] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  252.595395][T12943] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  252.604366][T12943] F2FS-fs (loop5): invalid crc value
[  252.622352][T12943] F2FS-fs (loop5): Found nat_bits in checkpoint
[  252.721705][T12943] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  252.728804][T12943] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  252.883671][T12949] syz.5.5443: attempt to access beyond end of device
[  252.883671][T12949] loop5: rw=2049, sector=53248, nr_sectors = 2144 limit=40427
[  252.900878][T12914] loop8: detected capacity change from 0 to 131072
[  252.908659][T12914] F2FS-fs (loop8): Test dummy encryption mode enabled
[  252.916320][T12914] F2FS-fs (loop8): invalid crc value
[  252.927510][T12914] F2FS-fs (loop8): Found nat_bits in checkpoint
[  252.938110][T12949] syz.5.5443: attempt to access beyond end of device
[  252.938110][T12949] loop5: rw=2049, sector=55392, nr_sectors = 1952 limit=40427
[  252.989816][T12949] syz.5.5443: attempt to access beyond end of device
[  252.989816][T12949] loop5: rw=2049, sector=49152, nr_sectors = 2048 limit=40427
[  253.004146][T12914] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  253.029015][T12949] syz.5.5443: attempt to access beyond end of device
[  253.029015][T12949] loop5: rw=2049, sector=51200, nr_sectors = 2048 limit=40427
[  253.117948][T12949] syz.5.5443: attempt to access beyond end of device
[  253.117948][T12949] loop5: rw=2049, sector=57344, nr_sectors = 4120 limit=40427
[  253.154118][   T28] audit: type=1326 audit(1781529919.478:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12936 comm="syz.3.5440" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb4839ce59 code=0x7fc00000
[  253.198393][T12949] syz.5.5443: attempt to access beyond end of device
[  253.198393][T12949] loop5: rw=2049, sector=61464, nr_sectors = 536 limit=40427
[  253.437681][T12986] loop3: detected capacity change from 0 to 256
[  253.452764][   T28] audit: type=1400 audit(1781529919.778:1716): avc:  denied  { watch watch_reads } for  pid=12987 comm="syz.6.5459" path="/523/file0" dev="tmpfs" ino=2725 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  253.503667][T12986] exfat: Deprecated parameter 'utf8'
[  253.509061][T12986] exfat: Deprecated parameter 'utf8'
[  253.547759][ T5698] syz-executor: attempt to access beyond end of device
[  253.547759][ T5698] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  253.572613][T12986] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  253.628373][T12994] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  253.733563][T12998] loop3: detected capacity change from 0 to 2048
[  253.753491][T12998] EXT4-fs: Ignoring removed nobh option
[  253.801877][T12998] EXT4-fs mount: 2 callbacks suppressed
[  253.801899][T12998] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  253.862612][   T28] audit: type=1400 audit(1781529920.188:1717): avc:  denied  { map } for  pid=13009 comm="syz.9.5470" path="socket:[61428]" dev="sockfs" ino=61428 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  253.884158][T12998] ext4 filesystem being mounted at /179/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  253.982099][T12998] fs-verity (loop3, inode 13): Unknown hash algorithm number: 3
[  254.022563][T10368] EXT4-fs (loop3): unmounting filesystem.
[  254.440124][T13022] loop3: detected capacity change from 0 to 40427
[  254.464193][T13022] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  254.497354][T13022] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  254.542225][T13022] F2FS-fs (loop3): invalid crc value
[  254.562059][   T28] audit: type=1400 audit(1781529920.888:1718): avc:  denied  { listen } for  pid=13045 comm="syz.9.5485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  254.612069][T13022] F2FS-fs (loop3): Found nat_bits in checkpoint
[  254.633296][   T28] audit: type=1400 audit(1781529920.958:1719): avc:  denied  { mounton } for  pid=13054 comm="syz.5.5486" path="/634/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  254.718633][T13022] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  254.726077][T13022] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  254.911728][T13043] loop8: detected capacity change from 0 to 40427
[  254.936941][T13043] F2FS-fs (loop8): invalid crc value
[  254.957883][T13072] syz.3.5473: attempt to access beyond end of device
[  254.957883][T13072] loop3: rw=2049, sector=53248, nr_sectors = 2552 limit=40427
[  254.992646][T13043] F2FS-fs (loop8): Found nat_bits in checkpoint
[  255.065026][T13043] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  255.141040][T11753] syz-executor: attempt to access beyond end of device
[  255.141040][T11753] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  255.222544][T10368] syz-executor: attempt to access beyond end of device
[  255.222544][T10368] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  255.415386][T13095] netlink: 40 bytes leftover after parsing attributes in process `syz.8.5503'.
[  255.427224][T13095] netlink: 40 bytes leftover after parsing attributes in process `syz.8.5503'.
[  255.428729][T13097] loop5: detected capacity change from 0 to 256
[  255.636760][   T28] audit: type=1400 audit(1781529921.958:1720): avc:  denied  { map } for  pid=13109 comm="syz.5.5509" path="socket:[61730]" dev="sockfs" ino=61730 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  255.679697][T13120] loop5: detected capacity change from 0 to 128
[  255.786835][T13125] loop5: detected capacity change from 0 to 8192
[  255.940126][T13131] input: syz1 as /devices/virtual/input/input67
[  256.205490][   T28] audit: type=1400 audit(1781529922.528:1721): avc:  denied  { cmd } for  pid=13155 comm="syz.5.5530" path="/dev/ublk-control" dev="devtmpfs" ino=151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=io_uring permissive=1
[  256.398972][T13164] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  256.416232][T13164] ext4 filesystem being mounted at /658/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.520052][T13175] EXT4-fs error (device loop8): ext4_map_blocks:637: inode #2: block 3: comm syz.8.5535: lblock 0 mapped to illegal pblock 3 (length 1)
[  256.543223][T13175] EXT4-fs warning (device loop8): dx_probe:823: inode #2: lblock 0: comm syz.8.5535: error -117 reading directory block
[  256.556496][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  256.588929][T13175] EXT4-fs (loop8): Cannot turn on journaled quota: type 1: error -117
[  256.597661][T13175] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  256.620660][   T28] audit: type=1400 audit(1781529922.938:1722): avc:  denied  { quotaon } for  pid=13171 comm="syz.8.5535" name="/" dev="loop8" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  256.651884][T13174] set_capacity_and_notify: 2 callbacks suppressed
[  256.651904][T13174] loop9: detected capacity change from 0 to 8192
[  256.693720][T13174] FAT-fs (loop9): error, corrupted directory (invalid entries)
[  256.696429][T13182] loop5: detected capacity change from 0 to 1024
[  256.708905][T11753] EXT4-fs (loop8): unmounting filesystem.
[  256.721631][T13174] FAT-fs (loop9): Filesystem has been set read-only
[  256.759039][T13182] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  256.762644][T13174] FAT-fs (loop9): error, corrupted directory (invalid entries)
[  256.788026][T13182] EXT4-fs error (device loop5): ext4_find_inline_data_nolock:164: inode #12: comm syz.5.5538: inline data xattr refers to an external xattr inode
[  256.810866][T13193] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.818010][T13193] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.851085][ T5698] EXT4-fs (loop5): unmounting filesystem.
[  256.862929][   T28] audit: type=1400 audit(1781529923.188:1723): avc:  denied  { getopt } for  pid=13197 comm="syz.3.5546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  256.939928][T13202] loop8: detected capacity change from 0 to 1024
[  256.965223][T13202] EXT4-fs: Ignoring removed orlov option
[  256.992276][T13202] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  257.009889][T13202] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  257.017639][T13215] netlink: 116 bytes leftover after parsing attributes in process `syz.6.5553'.
[  257.035423][T13202] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.5548: bg 0: block 112: padding at end of block bitmap is not set
[  257.058388][T13215] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5553'.
[  257.103347][T13202] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 7 with error 28
[  257.131578][T13202] EXT4-fs (loop8): This should not happen!! Data will be lost
[  257.131578][T13202] 
[  257.161471][T13202] EXT4-fs (loop8): Total free blocks count 0
[  257.167652][T13202] EXT4-fs (loop8): Free/Dirty block details
[  257.174168][T13202] EXT4-fs (loop8): free_blocks=0
[  257.179233][T13202] EXT4-fs (loop8): dirty_blocks=16
[  257.184617][T13202] EXT4-fs (loop8): Block reservation details
[  257.190905][T13202] EXT4-fs (loop8): i_reserved_data_blocks=1
[  257.229291][T11753] EXT4-fs (loop8): unmounting filesystem.
[  257.261826][T13233] tipc: Started in network mode
[  257.271802][T13233] tipc: Node identity ac141444, cluster identity 4711
[  257.288864][T13233] tipc: New replicast peer: 255.255.255.255
[  257.301759][T13233] tipc: Enabled bearer <udp:syz2>, priority 10
[  257.351684][T13240] input: syz0 as /devices/virtual/input/input68
[  257.362625][T13242] loop9: detected capacity change from 0 to 128
[  257.379473][T13242] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  257.732050][   T19] kernel write not supported for file [eventfd] (pid: 19 comm: kworker/0:1)
[  257.940328][T13211] loop5: detected capacity change from 0 to 131072
[  257.957140][T13286] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5583'.
[  257.967185][T13211] F2FS-fs (loop5): invalid crc value
[  257.992112][T13211] F2FS-fs (loop5): Found nat_bits in checkpoint
[  258.054945][T13292] loop3: detected capacity change from 0 to 512
[  258.091535][T13292] EXT4-fs: Ignoring removed nobh option
[  258.103716][T13292] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  258.112302][T13292] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.5584: invalid indirect mapped block 256 (level 1)
[  258.126025][T13292] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.5584: invalid indirect mapped block 2683928664 (level 1)
[  258.141771][T13292] EXT4-fs (loop3): 1 truncate cleaned up
[  258.147475][T13292] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  258.181714][T13211] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  258.189729][T13292] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.5584: Invalid block bitmap block 3 in block_group 0
[  258.203551][T13292] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  258.212756][T13292] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.5584: invalid indirect mapped block 480848489 (level 1)
[  258.262080][T10368] EXT4-fs (loop3): unmounting filesystem.
[  258.287480][T13211] F2FS-fs (loop5): Corrupted max_depth of 3: 16842753
[  258.304634][T13211] F2FS-fs (loop5): sanity_check_inode: corrupted inode i_blocks i_ino=8 iblocks=0, run fsck to fix.
[  258.397017][   T28] audit: type=1400 audit(1781529924.718:1724): avc:  denied  { block_suspend } for  pid=19 comm="kworker/0:1" capability=36  scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=capability2 permissive=1
[  258.421836][   T19] tipc: Node number set to 2886997060
[  258.601124][T13332] loop9: detected capacity change from 0 to 512
[  258.608068][T13332] EXT4-fs: Ignoring removed bh option
[  258.615424][T13332] EXT4-fs (loop9): warning: mounting unchecked fs, running e2fsck is recommended
[  258.626242][T13332] EXT4-fs (loop9): 1 truncate cleaned up
[  258.632803][T13332] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  258.643895][T13332] EXT4-fs error (device loop9): ext4_validate_block_bitmap:438: comm syz.9.5600: bg 0: block 465: padding at end of block bitmap is not set
[  258.660251][T13332] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[  258.672702][T13332] EXT4-fs (loop9): This should not happen!! Data will be lost
[  258.672702][T13332] 
[  258.682511][T13332] EXT4-fs (loop9): Total free blocks count 0
[  258.688521][T13332] EXT4-fs (loop9): Free/Dirty block details
[  258.695143][T13332] EXT4-fs (loop9): free_blocks=0
[  258.700131][T13332] EXT4-fs (loop9): dirty_blocks=2
[  258.705298][T13332] EXT4-fs (loop9): Block reservation details
[  258.711302][T13332] EXT4-fs (loop9): i_reserved_data_blocks=2
[  258.724208][T12829] EXT4-fs (loop9): unmounting filesystem.
[  258.784529][T13342] loop9: detected capacity change from 0 to 256
[  259.258463][T13377] loop3: detected capacity change from 0 to 512
[  259.302168][T13377] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  259.319118][T13377] ext4 filesystem being mounted at /201/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.882286][T10368] EXT4-fs (loop3): unmounting filesystem.
[  260.956158][T13395] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5622'.
[  260.998929][T13399] loop8: detected capacity change from 0 to 512
[  261.052155][T13399] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  261.094980][T13399] EXT4-fs error (device loop8): ext4_orphan_get:1405: inode #15: comm syz.8.5628: inode has both inline data and extents flags
[  261.109686][T13399] EXT4-fs error (device loop8): ext4_orphan_get:1410: comm syz.8.5628: couldn't read orphan inode 15 (err -117)
[  261.121843][T13399] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  261.154183][T11753] EXT4-fs (loop8): unmounting filesystem.
[  261.317251][T13428] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  261.446484][T13435] FAT-fs (loop9): error, invalid FAT chain (i_pos 196, last_block 8200)
[  261.480607][T13435] FAT-fs (loop9): Filesystem has been set read-only
[  261.510631][T13447] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5649'.
[  261.585918][T13452] exfat: Unknown parameter 'ÿÿÿÿ'
[  261.666675][T13461] device veth0_vlan left promiscuous mode
[  261.788100][T13464] set_capacity_and_notify: 2 callbacks suppressed
[  261.788124][T13464] loop9: detected capacity change from 0 to 8192
[  261.926878][T13482] loop3: detected capacity change from 0 to 512
[  261.972167][T13482] EXT4-fs (loop3): 1 truncate cleaned up
[  261.983625][T13482] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  262.047120][T10368] EXT4-fs (loop3): unmounting filesystem.
[  262.228885][T13510] netlink: 277 bytes leftover after parsing attributes in process `syz.3.5675'.
[  262.329330][T13515] hub 9-0:1.0: USB hub found
[  262.334278][T13515] hub 9-0:1.0: 1 port detected
[  262.577017][   T28] audit: type=1400 audit(1781529928.898:1725): avc:  denied  { accept } for  pid=13531 comm="syz.3.5684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  262.619885][T13535] syz.3.5685[13535] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.619995][T13535] syz.3.5685[13535] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  263.133095][T13572] netlink: 'syz.8.5702': attribute type 12 has an invalid length.
[  263.181378][ T6302] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  263.189619][T13572] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5702'.
[  263.292294][T13576] loop8: detected capacity change from 0 to 512
[  263.307678][T13576] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  263.329418][T13576] EXT4-fs (loop8): 1 truncate cleaned up
[  263.346581][T13576] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  263.371368][ T6302] usb 10-1: Using ep0 maxpacket: 8
[  263.377863][ T6302] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  263.393777][ T6302] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  263.414894][ T6302] usb 10-1: config 0 has no interface number 0
[  263.422058][T11753] EXT4-fs (loop8): unmounting filesystem.
[  263.428079][ T6302] usb 10-1: config 0 interface 1 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.451814][ T6302] usb 10-1: config 0 interface 1 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.473418][ T6302] usb 10-1: config 0 interface 1 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  263.500165][ T6302] usb 10-1: config 0 interface 1 has no altsetting 0
[  263.514647][ T6302] usb 10-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00
[  263.530248][ T6302] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.548372][ T6302] usb 10-1: config 0 descriptor??
[  263.587680][T13591] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5711'.
[  263.617256][T13591] netlink: 3 bytes leftover after parsing attributes in process `syz.8.5711'.
[  263.774806][T13596] loop8: detected capacity change from 0 to 512
[  263.821418][T13596] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  263.870719][T13596] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  263.890085][T13596] ext4 filesystem being mounted at /142/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  263.955636][ T6302] hid (null): unknown global tag 0xa3
[  264.034385][T11753] EXT4-fs (loop8): unmounting filesystem.
[  264.095477][T13613] loop8: detected capacity change from 0 to 512
[  264.145730][T13613] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  264.155884][ T6302] uclogic 0003:28BD:0078.0046: pen parameters not found
[  264.170847][ T6302] uclogic 0003:28BD:0078.0046: interface is invalid, ignoring
[  264.188897][T13613] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0082]
[  264.223706][T13613] System zones: 1-12
[  264.238614][T13613] EXT4-fs (loop8): 1 truncate cleaned up
[  264.272080][T13613] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  264.326444][T13613] EXT4-fs warning (device loop8): ext4_group_add:1743: No reserved GDT blocks, can't resize
[  264.358431][   T19] usb 10-1: USB disconnect, device number 2
[  264.381739][T11753] EXT4-fs (loop8): unmounting filesystem.
[  264.901399][   T19] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  264.964715][   T28] audit: type=1326 audit(1781529931.288:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.055207][   T28] audit: type=1326 audit(1781529931.318:1727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.094416][   T19] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  265.122223][   T19] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255
[  265.143843][   T19] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  265.151580][   T28] audit: type=1326 audit(1781529931.318:1728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.162064][   T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.220781][   T19] usb 4-1: Product: syz
[  265.225234][   T28] audit: type=1326 audit(1781529931.318:1729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5e8c15d68e code=0x7ffc0000
[  265.236323][   T19] usb 4-1: Manufacturer: syz
[  265.260814][   T19] usb 4-1: SerialNumber: syz
[  265.269314][   T19] usb 4-1: config 0 descriptor??
[  265.275700][   T28] audit: type=1326 audit(1781529931.318:1730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.300812][T13636] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  265.315771][T13636] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  265.331231][   T28] audit: type=1326 audit(1781529931.318:1731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.356439][   T28] audit: type=1326 audit(1781529931.318:1732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.393447][   T28] audit: type=1326 audit(1781529931.318:1733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.419800][   T28] audit: type=1326 audit(1781529931.318:1734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.491305][   T28] audit: type=1326 audit(1781529931.318:1735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.6.5741" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8c19ce59 code=0x7ffc0000
[  265.533311][T13636] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  265.540703][T13636] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  265.767287][T13700] loop8: detected capacity change from 0 to 40427
[  265.777266][T13700] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  265.785489][T13700] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  265.816081][T13700] F2FS-fs (loop8): Found nat_bits in checkpoint
[  265.855956][T13700] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  265.863118][T13700] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  265.950354][   T19] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  266.150727][   T19] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  266.161050][   T19] usb 4-1: USB disconnect, device number 27
[  266.232581][T13720] loop8: detected capacity change from 0 to 256
[  266.249165][T13720] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[  266.561203][T13751] input: syz1 as /devices/virtual/input/input70
[  266.614607][T13762] syz.9.5787[13762] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  266.614725][T13762] syz.9.5787[13762] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  266.933259][T13801] loop8: detected capacity change from 0 to 256
[  266.960190][T13801] FAT-fs (loop8): Directory bread(block 64) failed
[  266.967034][ T4031] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  266.974856][T13801] FAT-fs (loop8): Directory bread(block 65) failed
[  266.982015][T13801] FAT-fs (loop8): Directory bread(block 66) failed
[  266.988920][T13801] FAT-fs (loop8): Directory bread(block 67) failed
[  266.995667][T13801] FAT-fs (loop8): Directory bread(block 68) failed
[  267.002252][T13801] FAT-fs (loop8): Directory bread(block 69) failed
[  267.008811][T13801] FAT-fs (loop8): Directory bread(block 70) failed
[  267.015608][T13801] FAT-fs (loop8): Directory bread(block 71) failed
[  267.022310][T13801] FAT-fs (loop8): Directory bread(block 72) failed
[  267.028939][T13801] FAT-fs (loop8): Directory bread(block 73) failed
[  267.096080][T13807] loop8: detected capacity change from 0 to 256
[  267.103427][T13807] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  267.161462][ T4031] usb 10-1: Using ep0 maxpacket: 32
[  267.168023][ T4031] usb 10-1: config 0 has an invalid interface number: 196 but max is 0
[  267.176472][ T4031] usb 10-1: config 0 has no interface number 0
[  267.182767][ T4031] usb 10-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  267.192946][ T4031] usb 10-1: config 0 interface 196 has no altsetting 0
[  267.201203][ T4031] usb 10-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  267.210414][ T4031] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.218644][ T4031] usb 10-1: Product: syz
[  267.228303][ T4031] usb 10-1: Manufacturer: syz
[  267.233126][ T4031] usb 10-1: SerialNumber: syz
[  267.246172][ T4031] usb 10-1: config 0 descriptor??
[  267.251807][T13775] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  267.615608][T13822] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  267.629869][T13822] overlayfs: filesystem on './file0' not supported as upperdir
[  267.667116][ T4031] ipheth 10-1:0.196: Apple iPhone USB Ethernet device attached
[  267.805189][T13829] loop8: detected capacity change from 0 to 8192
[  267.828735][T13840] loop3: detected capacity change from 0 to 1024
[  267.860596][T13840] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  267.899688][T13840] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  267.932677][T13840] EXT4-fs error (device loop3): ext4_get_journal_inode:5749: inode #5: comm syz.3.5821: unexpected bad inode w/o EXT4_IGET_BAD
[  267.966339][T13840] EXT4-fs (loop3): no journal found
[  267.981682][T13840] EXT4-fs (loop3): can't get journal size
[  267.995765][T13840] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  268.060696][T10368] EXT4-fs (loop3): unmounting filesystem.
[  268.075460][ T4031] usb 10-1: USB disconnect, device number 3
[  268.122087][ T4031] ipheth 10-1:0.196: Apple iPhone USB Ethernet now disconnected
[  268.450183][T13870] loop3: detected capacity change from 0 to 40427
[  268.488315][T13870] F2FS-fs (loop3): invalid crc value
[  268.514017][T13870] F2FS-fs (loop3): Found nat_bits in checkpoint
[  268.572705][T13870] F2FS-fs (loop3): Start checkpoint disabled!
[  268.579354][T13870] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  268.596450][T13870] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  268.677174][T13910] device bridge0 entered promiscuous mode
[  268.692214][T13909] device bridge0 left promiscuous mode
[  269.926330][T13918] netlink: 104 bytes leftover after parsing attributes in process `syz.9.5845'.
[  269.960187][T13844] loop8: detected capacity change from 0 to 131072
[  269.978686][T13844] F2FS-fs (loop8): invalid crc value
[  270.019006][   T28] kauditd_printk_skb: 12 callbacks suppressed
[  270.019021][   T28] audit: type=1400 audit(1781529936.338:1748): avc:  denied  { read } for  pid=13922 comm="syz.9.5848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  270.054111][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.054111][  T320] loop3: rw=1, sector=77824, nr_sectors = 8 limit=40427
[  270.069950][   T28] audit: type=1400 audit(1781529936.388:1749): avc:  denied  { setopt } for  pid=13922 comm="syz.9.5848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  270.094357][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.094357][  T320] loop3: rw=1, sector=77832, nr_sectors = 2096 limit=40427
[  270.116231][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.116231][  T320] loop3: rw=1, sector=79928, nr_sectors = 1992 limit=40427
[  270.131293][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.131293][  T320] loop3: rw=1, sector=49152, nr_sectors = 8 limit=40427
[  270.152123][T13844] F2FS-fs (loop8): Found nat_bits in checkpoint
[  270.181940][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.181940][  T320] loop3: rw=1, sector=49160, nr_sectors = 2048 limit=40427
[  270.225347][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.225347][  T320] loop3: rw=1, sector=51208, nr_sectors = 2040 limit=40427
[  270.251417][T13844] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e4
[  270.260541][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.260541][  T320] loop3: rw=1, sector=57344, nr_sectors = 8 limit=40427
[  270.327184][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.327184][  T320] loop3: rw=1, sector=57352, nr_sectors = 4064 limit=40427
[  270.345578][  T320] kworker/u4:4: attempt to access beyond end of device
[  270.345578][  T320] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  270.500713][T13930] loop9: detected capacity change from 0 to 40427
[  270.531796][T13930] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  270.549412][T13930] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  270.568059][T13930] F2FS-fs (loop9): invalid crc value
[  270.606058][T13930] F2FS-fs (loop9): Found nat_bits in checkpoint
[  270.669298][T13930] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  270.686072][T13930] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  270.698334][T13960] loop3: detected capacity change from 0 to 256
[  270.726709][T13960] exfat: Deprecated parameter 'utf8'
[  270.732650][T13960] exfat: Deprecated parameter 'namecase'
[  270.753476][T13960] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe6e0c303, utbl_chksum : 0xe619d30d)
[  271.121426][ T4031] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  271.233959][   T28] audit: type=1400 audit(2000000000.290:1750): avc:  denied  { shutdown } for  pid=14009 comm="syz.9.5885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  271.298672][T14019] loop9: detected capacity change from 0 to 256
[  271.312685][ T4031] usb 9-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  271.327907][T14019] exfat: Deprecated parameter 'utf8'
[  271.339075][T14019] exfat: Deprecated parameter 'namecase'
[  271.350865][ T4031] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  271.371877][T14019] exfat: Deprecated parameter 'utf8'
[  271.384313][T14019] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x989923e7, utbl_chksum : 0xe619d30d)
[  271.390664][ T4031] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  271.414642][ T4031] usb 9-1: SerialNumber: syz
[  271.428890][T14019] syz.9.5889: attempt to access beyond end of device
[  271.428890][T14019] loop9: rw=0, sector=34359738488, nr_sectors = 8 limit=256
[  271.538624][T14034] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5897'.
[  271.710224][T14064] xt_hashlimit: size too large, truncated to 1048576
[  271.941431][  T309] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  271.998788][   T28] audit: type=1400 audit(2000000001.050:1751): avc:  denied  { name_bind } for  pid=14083 comm="syz.6.5918" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  272.082466][T14090] input: syz1 as /devices/virtual/input/input71
[  272.137642][  T309] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  272.157275][  T309] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  272.177743][  T309] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  272.198149][  T309] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  272.212755][  T309] usb 4-1: SerialNumber: syz
[  272.377204][T14119] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5934'.
[  272.388040][T14119] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5934'.
[  272.423905][  T309] usb 4-1: 0:2 : does not exist
[  272.433576][  T309] usb 4-1: USB disconnect, device number 28
[  272.591454][   T60] usb 10-1: new low-speed USB device number 4 using dummy_hcd
[  272.639904][T14137] overlayfs: unrecognized mount option "\}" or missing value
[  272.643444][  T467] udevd[467]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  272.773321][   T60] usb 10-1: config 0 interface 0 altsetting 67 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  272.787990][T14148] xt_hashlimit: size too large, truncated to 1048576
[  272.794957][   T60] usb 10-1: config 0 interface 0 altsetting 67 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.811404][   T60] usb 10-1: config 0 interface 0 altsetting 67 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  272.837050][T14151] xt_connbytes: Forcing CT accounting to be enabled
[  272.841630][   T60] usb 10-1: config 0 interface 0 has no altsetting 0
[  272.860807][   T60] usb 10-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  272.870228][   T60] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.888870][   T60] usb 10-1: config 0 descriptor??
[  272.981393][   T28] audit: type=1400 audit(2000000002.030:1752): avc:  denied  { mounton } for  pid=14157 comm="syz.3.5951" path="/248/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  273.004360][T14158] incfs: Can't find or create .index dir in ./file0
[  273.011108][T14158] incfs: mount failed -1
[  273.026342][T14158] incfs: Can't find or create .index dir in ./file0
[  273.041502][T14158] incfs: mount failed -1
[  273.079943][T14164] tap0: tun_chr_ioctl cmd 1074025692
[  273.098104][T14162] loop3: detected capacity change from 0 to 4096
[  273.147833][T14162] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  273.191576][T14162] EXT4-fs error (device loop3): ext4_do_update_inode:5281: inode #15: comm syz.3.5954: corrupted inode contents
[  273.223032][T14162] EXT4-fs error (device loop3): ext4_dirty_inode:6158: inode #15: comm syz.3.5954: mark_inode_dirty error
[  273.244729][T14162] EXT4-fs error (device loop3): ext4_do_update_inode:5281: inode #15: comm syz.3.5954: corrupted inode contents
[  273.257145][T14162] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #15: comm syz.3.5954: mark_inode_dirty error
[  273.269540][T14162] EXT4-fs error (device loop3): ext4_do_update_inode:5281: inode #15: comm syz.3.5954: corrupted inode contents
[  273.282046][T14162] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #15: comm syz.3.5954: mark_inode_dirty error
[  273.294196][T14162] EXT4-fs error (device loop3): ext4_do_update_inode:5281: inode #15: comm syz.3.5954: corrupted inode contents
[  273.307732][   T60] gt683r_led 0003:1770:FF00.0047: unknown main item tag 0x0
[  273.313890][T14162] EXT4-fs error (device loop3): ext4_truncate:4327: inode #15: comm syz.3.5954: mark_inode_dirty error
[  273.315337][   T60] gt683r_led 0003:1770:FF00.0047: unknown main item tag 0x0
[  273.333976][   T60] gt683r_led 0003:1770:FF00.0047: unknown main item tag 0x0
[  273.340027][T14162] EXT4-fs error (device loop3) in ext4_setattr:5697: Corrupt filesystem
[  273.343085][   T60] gt683r_led 0003:1770:FF00.0047: unknown main item tag 0x0
[  273.357676][   T60] gt683r_led 0003:1770:FF00.0047: unknown main item tag 0x0
[  273.365264][   T60] gt683r_led 0003:1770:FF00.0047: unknown main item tag 0x0
[  273.369026][T14171] EXT4-fs error (device loop3): ext4_do_update_inode:5281: inode #15: comm syz.3.5954: corrupted inode contents
[  273.373256][   T60] gt683r_led 0003:1770:FF00.0047: unknown main item tag 0x7
[  273.399075][   T60] gt683r_led 0003:1770:FF00.0047: unknown global tag 0xd
[  273.406550][   T60] gt683r_led 0003:1770:FF00.0047: item 0 2 1 13 parsing failed
[  273.415205][   T60] gt683r_led 0003:1770:FF00.0047: hid parsing failed
[  273.422654][   T60] gt683r_led: probe of 0003:1770:FF00.0047 failed with error -22
[  273.464006][T10368] EXT4-fs (loop3): unmounting filesystem.
[  273.471074][   T28] audit: type=1400 audit(2000000002.520:1753): avc:  denied  { view } for  pid=14177 comm="syz.5.5959" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  273.491097][T14179] ==================================================================
[  273.499205][T14179] BUG: KASAN: use-after-free in rcu_segcblist_enqueue+0x9c/0xb0
[  273.506964][T14179] Write of size 8 at addr ffff888128391590 by task syz.6.5960/14179
[  273.515030][T14179] 
[  273.517377][T14179] CPU: 1 PID: 14179 Comm: syz.6.5960 Tainted: G        W          syzkaller #0
[  273.526323][T14179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  273.536406][T14179] Call Trace:
[  273.539704][T14179]  <TASK>
[  273.542660][T14179]  __dump_stack+0x21/0x24
[  273.547311][T14179]  dump_stack_lvl+0x110/0x170
[  273.552005][T14179]  ? __cfi_dump_stack_lvl+0x8/0x8
[  273.557072][T14179]  ? rcu_segcblist_enqueue+0x9c/0xb0
[  273.562384][T14179]  print_address_description+0x71/0x200
[  273.568030][T14179]  print_report+0x4a/0x60
[  273.572400][T14179]  kasan_report+0x122/0x150
[  273.577165][T14179]  ? rcu_segcblist_enqueue+0x9c/0xb0
[  273.582469][T14179]  __asan_report_store8_noabort+0x17/0x20
[  273.588248][T14179]  rcu_segcblist_enqueue+0x9c/0xb0
[  273.593389][T14179]  call_rcu+0x554/0xf50
[  273.597568][T14179]  ? __cfi_call_rcu+0x10/0x10
[  273.602262][T14179]  ? __kasan_check_write+0x14/0x20
[  273.607388][T14179]  ? selinux_inode_free_security+0x21f/0x230
[  273.613472][T14179]  security_inode_free+0xc5/0xe0
[  273.618494][T14179]  __destroy_inode+0x175/0x500
[  273.623334][T14179]  evict+0x777/0x8c0
[  273.627317][T14179]  ? proc_nr_inodes+0x2f0/0x2f0
[  273.632203][T14179]  ? _raw_spin_lock+0x94/0xf0
[  273.636970][T14179]  ? __cfi__raw_spin_lock+0x10/0x10
[  273.642211][T14179]  ? __kasan_check_write+0x14/0x20
[  273.647426][T14179]  iput+0x633/0x690
[  273.651268][T14179]  dentry_unlink_inode+0x346/0x3f0
[  273.656397][T14179]  __dentry_kill+0x46c/0x680
[  273.661077][T14179]  dentry_kill+0xc0/0x2a0
[  273.665426][T14179]  dput+0x42/0x80
[  273.669084][T14179]  __fput+0x5c0/0x8f0
[  273.673252][T14179]  ____fput+0x15/0x20
[  273.677256][T14179]  task_work_run+0x1e1/0x250
[  273.681975][T14179]  ? __cfi_task_work_run+0x10/0x10
[  273.687138][T14179]  ? __cfi___close_range+0x10/0x10
[  273.692356][T14179]  ? do_user_addr_fault+0x9a5/0x1030
[  273.697667][T14179]  exit_to_user_mode_loop+0x9b/0xb0
[  273.702932][T14179]  exit_to_user_mode_prepare+0x87/0xd0
[  273.708405][T14179]  syscall_exit_to_user_mode+0x1a/0x30
[  273.713878][T14179]  do_syscall_64+0x58/0xa0
[  273.718316][T14179]  ? clear_bhb_loop+0x30/0x80
[  273.723004][T14179]  ? clear_bhb_loop+0x30/0x80
[  273.727698][T14179]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  273.733617][T14179] RIP: 0033:0x7f5e8c19ce59
[  273.738047][T14179] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  273.757663][T14179] RSP: 002b:00007ffeb83955f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  273.766157][T14179] RAX: 0000000000000000 RBX: 00007ffeb83956e0 RCX: 00007f5e8c19ce59
[  273.774142][T14179] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  273.782140][T14179] RBP: 0000000000042c1c R08: 0000000000000001 R09: 0000000000000000
[  273.790143][T14179] R10: 0000001b2f820000 R11: 0000000000000246 R12: 00007ffeb8395720
[  273.798147][T14179] R13: 00007f5e8c415fac R14: 0000000000042c65 R15: 00007f5e8c415fa0
[  273.806155][T14179]  </TASK>
[  273.809189][T14179] 
[  273.811525][T14179] Allocated by task 14180:
[  273.816040][T14179]  kasan_set_track+0x4b/0x70
[  273.820657][T14179]  kasan_save_alloc_info+0x1f/0x30
[  273.825782][T14179]  __kasan_kmalloc+0x95/0xb0
[  273.830392][T14179]  __kmalloc+0xb4/0x1e0
[  273.834621][T14179]  l2tp_session_create+0x38/0xbd0
[  273.839731][T14179]  pppol2tp_connect+0xbf5/0x1640
[  273.844687][T14179]  __sys_connect+0x3da/0x460
[  273.849370][T14179]  __x64_sys_connect+0x7a/0x90
[  273.854147][T14179]  x64_sys_call+0x88d/0x9a0
[  273.858671][T14179]  do_syscall_64+0x4c/0xa0
[  273.863103][T14179]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  273.869018][T14179] 
[  273.871348][T14179] Freed by task 308:
[  273.875259][T14179]  kasan_set_track+0x4b/0x70
[  273.879867][T14179]  kasan_save_free_info+0x2b/0x40
[  273.884902][T14179]  ____kasan_slab_free+0x132/0x180
[  273.890028][T14179]  __kasan_slab_free+0x11/0x20
[  273.894813][T14179]  slab_free_freelist_hook+0xc2/0x190
[  273.900201][T14179]  __kmem_cache_free+0xb7/0x1b0
[  273.905138][T14179]  kfree+0x6f/0xf0
[  273.908901][T14179]  l2tp_session_put+0xaf/0x1a0
[  273.913683][T14179]  l2tp_session_delete+0x3df/0x4d0
[  273.918868][T14179]  l2tp_tunnel_del_work+0x199/0x410
[  273.924082][T14179]  process_one_work+0x717/0xc30
[  273.928945][T14179]  worker_thread+0xa4d/0x11d0
[  273.933637][T14179]  kthread+0x281/0x320
[  273.937743][T14179]  ret_from_fork+0x1f/0x30
[  273.942179][T14179] 
[  273.944528][T14179] Last potentially related work creation:
[  273.950253][T14179]  kasan_save_stack+0x3a/0x60
[  273.954950][T14179]  __kasan_record_aux_stack+0xb6/0xc0
[  273.960335][T14179]  kasan_record_aux_stack_noalloc+0xb/0x10
[  273.966153][T14179]  call_rcu+0xcf/0xf50
[  273.970234][T14179]  pppol2tp_release+0x1e3/0x2b0
[  273.975096][T14179]  sock_close+0xc9/0x220
[  273.979356][T14179]  __fput+0x1fd/0x8f0
[  273.983379][T14179]  ____fput+0x15/0x20
[  273.987383][T14179]  task_work_run+0x1e1/0x250
[  273.991987][T14179]  exit_to_user_mode_loop+0x9b/0xb0
[  273.997198][T14179]  exit_to_user_mode_prepare+0x87/0xd0
[  274.002688][T14179]  syscall_exit_to_user_mode+0x1a/0x30
[  274.008158][T14179]  do_syscall_64+0x58/0xa0
[  274.012587][T14179]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  274.018523][T14179] 
[  274.020853][T14179] The buggy address belongs to the object at ffff888128391400
[  274.020853][T14179]  which belongs to the cache kmalloc-512 of size 512
[  274.034915][T14179] The buggy address is located 400 bytes inside of
[  274.034915][T14179]  512-byte region [ffff888128391400, ffff888128391600)
[  274.048232][T14179] 
[  274.050571][T14179] The buggy address belongs to the physical page:
[  274.056997][T14179] page:ffffea0004a0e400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888128390000 pfn:0x128390
[  274.068547][T14179] head:ffffea0004a0e400 order:2 compound_mapcount:0 compound_pincount:0
[  274.076883][T14179] flags: 0x4000000000010200(slab|head|zone=1)
[  274.082974][T14179] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100042f00
[  274.091574][T14179] raw: ffff888128390000 000000008010000f 00000001ffffffff 0000000000000000
[  274.100163][T14179] page dumped because: kasan: bad access detected
[  274.106582][T14179] page_owner tracks the page as allocated
[  274.112305][T14179] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13589, tgid 13588 (syz.5.5710), ts 263687375336, free_ts 259270725097
[  274.135260][T14179]  post_alloc_hook+0x1f5/0x210
[  274.140130][T14179]  prep_new_page+0x1c/0x110
[  274.144653][T14179]  get_page_from_freelist+0x2ca9/0x2d20
[  274.150227][T14179]  __alloc_pages+0x1fa/0x610
[  274.154939][T14179]  alloc_slab_page+0x6e/0xf0
[  274.159562][T14179]  new_slab+0x98/0x3e0
[  274.163647][T14179]  ___slab_alloc+0x70f/0xb70
[  274.168255][T14179]  __slab_alloc+0x5e/0xa0
[  274.172602][T14179]  __kmem_cache_alloc_node+0x204/0x2d0
[  274.178080][T14179]  __kmalloc_node_track_caller+0xa1/0x1e0
[  274.184011][T14179]  __alloc_skb+0x226/0x4a0
[  274.188725][T14179]  alloc_skb_with_frags+0xa8/0x620
[  274.193924][T14179]  sock_alloc_send_pskb+0x87f/0x9a0
[  274.199163][T14179]  __ip_append_data+0x230f/0x3520
[  274.204266][T14179]  ip_make_skb+0x1e5/0x400
[  274.208703][T14179]  udp_sendmsg+0x17b3/0x2170
[  274.213355][T14179] page last free stack trace:
[  274.218057][T14179]  free_unref_page_prepare+0x80c/0x820
[  274.223543][T14179]  free_unref_page+0x93/0x530
[  274.228241][T14179]  __free_pages+0x67/0x100
[  274.232674][T14179]  __vunmap+0xa3c/0xc00
[  274.236838][T14179]  vfree+0x61/0x90
[  274.240569][T14179]  htable_put+0x5fb/0x650
[  274.244982][T14179]  hashlimit_mt_destroy_v1+0x58/0x60
[  274.250288][T14179]  translate_table+0x1963/0x1f70
[  274.255376][T14179]  do_ipt_set_ctl+0x9e0/0xdf0
[  274.260067][T14179]  nf_setsockopt+0x284/0x2b0
[  274.264750][T14179]  ip_setsockopt+0xed/0x100
[  274.269275][T14179]  udp_setsockopt+0x8a/0xa0
[  274.273833][T14179]  sock_common_setsockopt+0xb1/0xc0
[  274.279092][T14179]  __sys_setsockopt+0x2ff/0x4e0
[  274.283980][T14179]  __x64_sys_setsockopt+0xbf/0xd0
[  274.289038][T14179]  x64_sys_call+0x124/0x9a0
[  274.293573][T14179] 
[  274.295909][T14179] Memory state around the buggy address:
[  274.301546][T14179]  ffff888128391480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  274.309620][T14179]  ffff888128391500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  274.317706][T14179] >ffff888128391580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  274.325842][T14179]                          ^
[  274.330441][T14179]  ffff888128391600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  274.338515][T14179]  ffff888128391680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  274.346583][T14179] ==================================================================
[  274.354759][T14179] Disabling lock debugging due to kernel taint
[  274.381136][ T4031] cdc_ether: probe of 9-1:1.0 failed with error -71
[  274.395223][ T6302] usb 10-1: USB disconnect, device number 4
[  274.403099][ T4031] usb 9-1: USB disconnect, device number 5