last executing test programs:

2m35.775606273s ago: executing program 0 (id=635):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000fc0)={0x34, &(0x7f0000000e00)={0x0, 0x7, 0x1, "e8"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000580)={0x34, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)

2m32.628050722s ago: executing program 0 (id=642):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000280)={0x40, 0x19, 0x1, "ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000001480)={0x44, &(0x7f0000001240)={0x0, 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000740)={0x1c, &(0x7f0000000140)={0x0, 0x12}, 0x0, 0x0})

2m27.588199441s ago: executing program 0 (id=650):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000280), 0xff, 0x25e, &(0x7f0000000e80)="$eJzs3U1IHGcYB/BnZndr1aXY9lIo/YBSSiuIvRV6sZcWhCJSSqEtWErppUULVulNe8olh+QYkuApFwm5xeQYvEguCYGcTOLBXAKJ5BDJIQnZsDsr+JVo3HUnZH4/WOfDd97nHWb+74g4GEBh9UXEUESUIqI/IioRkWxu8HH26WtuznUvjUXUaj/cTxrtsu3MxnG9ETEbEV9FxGKaxF/liOmFX1YfLn/32dGpyqdnFn7u7uhJNq2trny/fnrkyPnhL6evXr87ksRQVLecV/slu+wrJxHvHEaxV0RSznsE7Mfof+du1HP/bkR80sh/JdLILt6xyTcWK/HFqecde/zetfc7OVag/Wq1Sv0ZOFsDCieNiGok6UBEZOtpOjCQ/Qx/s9ST/j0x+W//nxNT43/kPVMB7VKNWPn2YteF3m35v1PK8g+8prJfSq38ODp/q76yXsp7QEBHfJAt6s///t9mPg/5h8KRfygu+Yfikn8oLvmH4pJ/KC75h4J42vxjv0275B+KS/6huA6c/xNPDm9QQEdszj8AUCy1rgO9Ndzel5CBXOQ9/wAAAAAAAAAAAAAAAAAAADvNdS+NbXza02N5zxaXT0asfZM13Vm/1Ph/xBFvNr72PEi29Jjsq8KL/fpRix206GzOb1+/dTvf+lc+zLf+zHjE7P8RMVgu77z/kub9d3Bv7/H9yu8tFnhJybbtr3/qbP3tHs/nW394OeJSff4Z3G3+SeO9xnL3+adav34t1v/nUYsdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0DHPAgAA///B2nXP")
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0xb2)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103b42, 0x1b4)
write$P9_RREADDIR(r2, &(0x7f00000002c0)={0xb, 0x29, 0x1, {0x6}}, 0xb)
fallocate(r0, 0x10, 0xbf5, 0x8)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x1000, 0x6})

2m25.587811178s ago: executing program 0 (id=656):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000400)={[{@fat=@quiet}, {@shortname_winnt}, {@numtail}, {@shortname_mixed}, {@fat=@dos1xfloppy}, {@rodir}, {@shortname_lower}, {@fat=@flush}, {@shortname_winnt}, {@fat=@sys_immutable}, {@rodir}, {@utf8no}, {@fat=@tz_utc}]}, 0x0, 0x2ad, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhYsH3ehmaOMnCNKCGFBqI+pCmNqJhoxJyMRIRGx3bv0cxaUrBfULdOPOvbgpguCmC3GkyUybpgHTapza/H9Q5u05886c4cyEdwYy2b75/EG56FlFu6FY0igmbWhHyuxGgbFgGWvHk+q2oQvTXz/8f/3W7Su5fH5x2Zil3MrFrDFm9sybR09enH3XmL7xcvZ1QluZO9tfsh+3/tn6d/v7Srj1qmSb1Wq1Ya+6jlkreWXLmGuuY3uOKVU8p94wXf1Ft1qrtYxdWZtJ1eqO5xm70jJlp2UaVdOot4x9zy5VjGVZZialURM/ckZhc3nZzg1lMIjCVL/Gej1nx/t2Fjb/xKAAAMDJElX9f7/kmZJnKtUD9f3h+j+mI9T/0kjX/8dVi3oAGKrd+j8VXL8HUf8DAAAAAAAAAAAAAAAAAAAAAPA32PH9tO/76XAZ/iUkJSWF/0c9TgwH8z/aur64l5TcZ81Cs9BZdvpzRZXkytH8hPStfT4EOvHS5fzivGnL6K27HuSvNwtxJcL8UKZ//kIn33Tnr2tCqe79Z5XWXP/8bJ/8ZmFS58/5iWDPjiyl9f6uqnK11j6v9/OfLhhz6Wq+J3+qvR4AAAAAAKeBZfYcun9v91smfG1IT3+ncf/5gNI/eT7Qc389rv/GoztuAAAAAABGiTepsu26Tt1rPT7tQfj7B79lg1LUh5McdOVxSUHLq5MyF4MEMUm9XROHWvoH8V+b5c/SwetiLvLpPnbgx/fO1U8PO1fAIOlRfioBAAAAGIaw6B+LeiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIywQd8iFq5/nJeQde0uHs1RAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfDjwAAAP//5JwTUw==")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x11480, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000000840)={0x2020}, 0x2020)

2m23.565003956s ago: executing program 0 (id=660):
syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp\x00')
close(0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000380)={0x29e9c931, 0x3, 0x0, 0x4}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c0000800800", @ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x200c0801}, 0x0)

2m18.319365005s ago: executing program 0 (id=669):
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file0\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119], 0x5, 0x4451, &(0x7f0000008900)="$eJzs3T9sVPcdAPDfe3aLTYHalIFKlXpSUVu1lWUz0RqpxhiMDS4VLQxdjrN9gJuzD9nnKAODoyxImSJliDKgRMrmCXnLRJZIGbNkJDNSMmSJFAnlort7Z99758MX4sMBfT4S/t37/be/9373e8PxixOVO0truaW1XGElV164tXY693q5tL5cDHHWp205+6Lr8TlQvYiT2B+cq+cv/ufG6RA+WfziSbVarYaa/rCrsZbX335zb6E1bYpbL95q9Lt7b/vlfyGEE23zqukLIQwkr88l6WSSDoYQjoUQohDCjXtv38zt02wePi6ezT+du781fmp288FW5989CuH90m//dnv5qz/0jX/5l30aHgAAAAAAAAAAAAAAAACAl9z0tavX/z06Fh5FoX8zav++7nSSdvp+bHXf/L73vywAAAAAAAAAAAAAAAAAAAD8TO18/z8XHd/l+/9TSTrRoX31n92N88efOE96Y+ZfV6cujI4l579HbeVnkqyvz/WF4eb56p91Pv/9XKb97ue/t4/zvJrza447FKJ4JHUdxyMjIXyYHPx+Mjocl8prlb/eKq+vLO7bNF5a6fg3Tu9PRSc50D8V/2ec/z+Z6b/35///pu3dVLu+uX9vsVdaOv59Het99Gb0jPj/crve+Uy7FxF/nl86/v31vMHWChONBaAW/3f6977/pzL99yr+x0IIuag211xqBajtYWr5nfYrpKXj/4t6XmrpTP6Qne7/7zLxv5Dp/6DW/43sBxG7Sse/sY4PpGrs3P/D8d73/8VM/wcR/9r8N3z+dyUd/0ONzP5Ulfpfstv1fzrTf6/ifz1O5nksSr0DNqNGfqf/r460dPwH2sp3nv/irvb/lzLtX9TzX3Pc5vNfc/n/c9R4/mN32/HfCk+q1cGO9bq9/2cy7Xq9/k/U939tzpzo5aCvkPT9f7iel947D9V/dop/NRP/2Uz/zxH/jzs/he6o70oGmvHfWU++P9TI/8D+ryvp+P+qkRm31tio/6zv/6K99/+XM/0fxP6vNv+NuLejvirS8T/SsV4t/p938fl/JdOu9/EPYbT5BmjfvrCHdPyPdqxXv/8H9o7/XKZdr+P/p152DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPASmEzSoRDFI6nrOB4ZCeF8cn0yHI7mC4v5+VJ54bW1EKaS/Fw4Ht0ulecLpfzSSnmxmC+USuWFEC4k5SfCQLRWKlfyy4W7F7f7GozuFAurlflioRJCmE7yfxeONvuaX6osF+6GEC5tl/06Lq/evVNYyS8urf5jdHR0NMxsz2E4Kr5RKa5UGqM3SkOY3W47FLVMrl58eXsuR6L/l9dXVwqlev6Vljal8kKh1NJmLil7NwxHldX1lYVCpZgvlW83xztIE0k6NXPtv9eujLWV34wa6eSLnRYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9Kj8b+/F0Lob1zFIYRclLyIkn8pDx8Xz+afzt3fGj81u/lg68ludQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4gR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs0j9KA0EUB+A3Y6Glx7BadjvbFUW0cEXwBHoMD6NH8RLewSJF2hQhkMxC2D+wTVJ9X/Ngfsy8B/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3jqJvAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//9HQIRk=")
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x4, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

2m16.473904167s ago: executing program 32 (id=669):
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file0\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119], 0x5, 0x4451, &(0x7f0000008900)="$eJzs3T9sVPcdAPDfe3aLTYHalIFKlXpSUVu1lWUz0RqpxhiMDS4VLQxdjrN9gJuzD9nnKAODoyxImSJliDKgRMrmCXnLRJZIGbNkJDNSMmSJFAnlort7Z99758MX4sMBfT4S/t37/be/9373e8PxixOVO0truaW1XGElV164tXY693q5tL5cDHHWp205+6Lr8TlQvYiT2B+cq+cv/ufG6RA+WfziSbVarYaa/rCrsZbX335zb6E1bYpbL95q9Lt7b/vlfyGEE23zqukLIQwkr88l6WSSDoYQjoUQohDCjXtv38zt02wePi6ezT+du781fmp288FW5989CuH90m//dnv5qz/0jX/5l30aHgAAAAAAAAAAAAAAAACAl9z0tavX/z06Fh5FoX8zav++7nSSdvp+bHXf/L73vywAAAAAAAAAAAAAAAAAAAD8TO18/z8XHd/l+/9TSTrRoX31n92N88efOE96Y+ZfV6cujI4l579HbeVnkqyvz/WF4eb56p91Pv/9XKb97ue/t4/zvJrza447FKJ4JHUdxyMjIXyYHPx+Mjocl8prlb/eKq+vLO7bNF5a6fg3Tu9PRSc50D8V/2ec/z+Z6b/35///pu3dVLu+uX9vsVdaOv59Het99Gb0jPj/crve+Uy7FxF/nl86/v31vMHWChONBaAW/3f6977/pzL99yr+x0IIuag211xqBajtYWr5nfYrpKXj/4t6XmrpTP6Qne7/7zLxv5Dp/6DW/43sBxG7Sse/sY4PpGrs3P/D8d73/8VM/wcR/9r8N3z+dyUd/0ONzP5Ulfpfstv1fzrTf6/ifz1O5nksSr0DNqNGfqf/r460dPwH2sp3nv/irvb/lzLtX9TzX3Pc5vNfc/n/c9R4/mN32/HfCk+q1cGO9bq9/2cy7Xq9/k/U939tzpzo5aCvkPT9f7iel947D9V/dop/NRP/2Uz/zxH/jzs/he6o70oGmvHfWU++P9TI/8D+ryvp+P+qkRm31tio/6zv/6K99/+XM/0fxP6vNv+NuLejvirS8T/SsV4t/p938fl/JdOu9/EPYbT5BmjfvrCHdPyPdqxXv/8H9o7/XKZdr+P/p152DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPASmEzSoRDFI6nrOB4ZCeF8cn0yHI7mC4v5+VJ54bW1EKaS/Fw4Ht0ulecLpfzSSnmxmC+USuWFEC4k5SfCQLRWKlfyy4W7F7f7GozuFAurlflioRJCmE7yfxeONvuaX6osF+6GEC5tl/06Lq/evVNYyS8urf5jdHR0NMxsz2E4Kr5RKa5UGqM3SkOY3W47FLVMrl58eXsuR6L/l9dXVwqlev6Vljal8kKh1NJmLil7NwxHldX1lYVCpZgvlW83xztIE0k6NXPtv9eujLWV34wa6eSLnRYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9Kj8b+/F0Lob1zFIYRclLyIkn8pDx8Xz+afzt3fGj81u/lg68ludQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4gR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs0j9KA0EUB+A3Y6Glx7BadjvbFUW0cEXwBHoMD6NH8RLewSJF2hQhkMxC2D+wTVJ9X/Ngfsy8B/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3jqJvAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//9HQIRk=")
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x4, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

10.937207091s ago: executing program 1 (id=973):
connect$x25(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4d11d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c628b9b90195024ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd4c9a6e94acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x27, 0x558d, &(0x7f00000014c0)="$eJzs3L1vG2UYAPDnnKbflAgxsPWkCimRaqtOPwQTBVrxIVpVfAxM4Niu5db2RbHrhi50YEQM/CcIJCZG/gYGGGFDDCA2pCLfXaBpGwiN45T295POz93j18+978mK9NxFDuCJtZD+/msSx+JQRMxFxNEk8v2k3CJuR5wvxj4XEccjonLXlpT5vxL7I+JwRBybFC9qJuVbn58cnzj7y5u/ffPdgX1Hvvj6+z1dOLCnno+I/mqxf7NfxKxTxGtlvjHu5rF/ZlzG1U01+lmRv9leySvcbGyMa+TxdKcYn63eGE7i1V6jOYmd7tU8vzooTjgcdzbqTD6QXmus5cet9koeu8Msj51bxXnXbxV/224NR0WdVlnvo7x8jEYbsci319vFelav57E5GJX5om7Waq9P4riM5emimfVa+TxWHvIi/w+81R3cWE/H7bVhNxukZ2v1F2r1c9X6WtZqj9pnqo1+69yZdLHTmwyrjtqN/vlOlnV67Voz6y+li51ms1qvp4sX2ivdxiCt12una6eqZ5fKvZPpa5ffS3utdHESX+kOboy6vWF6NVtLi08spcu10y8upSfq6TuXrqRX3r548dKVdz+48P7lly+98Wo56L5ppYvLp5aXq/VT1eX60hO0/k/KSf+H9ScPTv/4w84uGxS2+IIBsLX7+v+4t/8P/T8wdTvp//vXy+Pd6f9jO/1/TLP/n7RU+v9/738re9D/zof+fxfXDzvycP3//qnPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftp/svX852F4vhImX+qTD1THicRUYmIOw8wF/s31Zwr68xvMX7+njl8m0ReYXKOA+V2OCLOl9sfT+/2VQAAAIDH11e3j39WdOvFy8JeT4hZKm7aVI5+OKV6SUTML/w8pWqVycuzUyqWf7/3xfqUquU3sA5OqVhxy23ftKpty9ymcPCukBShMtPpAAAAM7G5E5htFwIAAMAsffqP7740s3kwY0lsPMrceBac/+f93w8ED216DwAAAHhE3Pl4+2OT3ZwIAAAA8EjI+3+//wcAAACPt+L3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/ZuZvbxIEwDMCfDYb91aLV3reG7WBvUMaWsMc9LhSQJiiBtJAGqIFIOaSECCJsg+IEpEiMcYKeR/LPjNHrGeDyjSUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAm26LxeT6/8+rU3PWm9OkmQ0AAABwyKpYTMqTUdX+XPd/rbu+1+0sIvKIOFS792LQyOzVOcWRzxfPxnATUSZs+4f19ikiftfbw7e2vwUAAAC4WL+enG9L9t0SwF1H4+G8qkWb/MufRHlZRBSj+0Rp+Xb3I1FY+f/ux79EaeUC1odEYdWSW//wtUGqmzT1GofdTKblj1i28nbuCwAAdKlZCRypQgAAALgAf7seAOfwsrTP9rv9c8ZhdagfCH5stAAAAIB3KOt6AAAAAEDryvr/Lb3/L/P+PwAAAEhuOZuPux4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADApVsVi8lyNh8fuz59Zc56c5p0MwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB7Zn3cUCIEwCIO96zuTuf9hpUFDY5MqED7+xmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB487u//J+YGmeSudfG0vNIsnZqbJ0ae+fG0R/G168BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GJ/XlIgBIIgCuaM/530/Q8rCXoGESKg4VFFLRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7od7/8n5gaZ5K508bS8UiydtXYumrsPWgcPRhv/wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GLffnqjKMMAgD+7010oaqzVNLFqMOGgFykLglyN0TQe/AgmTdlidRGFHoQ0Yi/eTM9cjB6NMdHUW78DZ5pwwRuHHmriyUPN/Cuz7QoNykyhv1/y7vvs7PD+2wnpM+8sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGnz3Xi1XcRJ+jKRx+Wx21vL82m9satOra/emU5LGrdqHvcT4LXqm+NTzQ0EAACAwyMp8/uIuNtZm03r9kSW/3fKc9Kc/4fn8rjM53fn/Rtby0eLj6bL/P/33+69tNPRRJL1kza6sDjon9o7lLHHNMUD7/mHnjGWrXx27yXJvpD2hysvbnay9Wx9d+vW+90sPFLHaAGAR3GyrIug/HsorXtNDgyAQ2OskniX+X8y0eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuRLPlHErIqbH7sepja3l+VH1N6t3pteLcu7mzdVqm2kTnYhYWBz0T9U4l4OrXM3rn80NBv0rV6/VHRyPiBEf3djfP0+K4f/rOd2IGDpy4uUR7Xy8j752tbMnKC7PqHcNx9P5PfTk1tCR1p4Ff28718QFUFfQLr6fx9HFeO3f+3BQXnv/f8s1/3cEAMBTr1OUNBO921mbTY+1JiO2fxzO/9+oxDGU92/fyI/k79cr+f+9T87drvZVzf97Nc3vSTCzdOmLmavXrr+1eGnuYv9i//O3T/fe6Z05f/bs+ZnsXsnMQrTdMQEAAOA/6Balmv+3J/fu/x+rxPGA/f98SzjP/7/8vvd1ta9E/j/S/U2/pkcCAABwGHV3ohde/+vP1ogzWt1ufDW3tHSll7/uvD+dv9Y63Ed0pCjV/D+ZbHpUAAAAQB02V1pD+/8XKnE8YP+/+vz/sz+98ku1zSQixiMuR0T/5PzlwYX6pnOg1fFD5ayjbtMzBQAAoCnjRanu/3ey5//bO488tCPizRMRfxe/4Y995v/JB9/+XO2r+vz/mVpnefC0p/L1yOqpiLGppkcEAADA0+xoUdJk/4/O2uynvx77qOv5fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6/RMAAP//gBsrfQ==")
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
io_uring_setup(0x6858, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)

10.894541807s ago: executing program 4 (id=974):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0xc000)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
ioperm(0x0, 0x2, 0x7e)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r1, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
connect$bt_l2cap(r1, &(0x7f00000000c0)={0x1f, 0x80}, 0xe)

10.509407518s ago: executing program 4 (id=975):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000003c0)={0x73622a85, 0x0, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x50, 0x0, &(0x7f0000007180)=[@exit_looper, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f00000070c0)={@fda={0x66646185, 0x6, 0x2, 0x21}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x38}, @fda={0x66646185, 0x0, 0x0, 0x20}}, &(0x7f0000007140)={0x0, 0x20, 0x48}}}], 0x0, 0x0, 0x0})

10.168546412s ago: executing program 4 (id=976):
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x201c448, &(0x7f0000000080)=ANY=[@ANYBLOB="6d61703d61636f726e2c757466382c73657373696f6e3d3078301030303030303030303030303030342c73657373696f6e3d3078303030303030303030303030303035362c6d61703d6e6f726d616c2c73657373696f6e3d3078303030303030303030303030303033642c756e686964652c6e6f726f636b2c626c6f636b3d3078303030303030303030303030303430302c6d61703d6f66662c73657373696f6e3d3078303030303030303030303030303030312c7569643d", @ANYRESDEC=0x0, @ANYBLOB=',gid=', @ANYRESDEC=0x0, @ANYRESOCT=0x0], 0x0, 0xa78, &(0x7f0000000fc0)="$eJzs3c1vHGf9APDvbGzHdqs2bfNr+4vaZpIqrdsGZ23TRFEPNLHXyRa/INuRGgnUVI2DolgUNSC1EVJTCXGiokIICZAQ6pFTpXKgF5QTcOTEAQn6H6CKU4qAQTO7a+86+5K4azstn0+03pl5vs/bzOw88Xp3nuDzLMuy4rHF9XO/3snGcvc5PfPx+x+8mz/euR5DsSeeT34bMRwRacTAv4tzZXB6ZmlxvkdBVyIuRMSNiCQi9kbtuYORlrULkfwo7t1YvxHJL+LRNtmG77Bz9JTxP223zz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgrTc+UyxNJzFUXzr2cdlZMAd4lvVHcR8Ws38lHvapNIpL8EcPDjam+H92/kfxw/uNwPFZbe6w28/dwXLvn4X0vPDRQauTv0qAdcfWta1deXVtbfaO+vjdNB3tm2rvtzbpzQ1vLdqayUF1erM6fOlNJq8uL6cnjx8vHzs4up7PVqCyfX16pzKfTS5VTK4tL6dj0M+nEyZNTaWX8/OK5hTMz43OVxsYTX5osl4+nL41/rXJqaXlx4dhL48vTZ6tzc9WFM0VMnpzHnMhPxK9WV9KVyqn5NL10eW11qlcj86CJtilJa9Bkr5Imy5OTExOTI3H8+ZPPnyiXB+obJicaG8qbxC0Ru3/S0m+/vO3I3/T9+g2fQak+/sdcVGMhzsXLkbb9Nx0zsRSLMd8mLdkorzH+HzlW6Vpv8/jfGOUf3Ug+EMX4/0Rt7YlO43+Htvb+l2W1kreav/HvarwV1+JKvBprsRar8cZnLjGN37euf7o5/V9Zlm2h3DTv7cHmfdCHtp6JSixENZZjMaoxH6eKLWl9Sxon43gcj3K8EmdjNpYjjdmoxlxUYjnOx3KsRKU4o6ZjKSppxEosxlKkMRbT8UykMREnYySmIo1KjMf5WIxzsRBnYiZOFaVcisvFfp/q0sb1oInbCZrsEnTLYP7Zxv/sbvyfINutz1dw2LqsPv4PdQzIGktj0zvWKgAAAKCf/v+Pcd/+B//w14jBeLx4X362Olcp73azAAAAgD4qPq73WP40mEXE45G0+f2/tEuNAwAAAPoiKb5jl0TEaBysLdW+CbUnfAgAAAAAviCKv/8/kT+N5ksHI1m/E8qF3W4bAAAA0B+977HfMyIZjvo9LdOLteeL9Yj6fX5HZ6tzlfHpxbkXJuKp4i4DxTcNbiltT0QyWHz94Nk4VIs6NFp7Hm0tcTiPmhh/YSKejcP1jow9mT89OdYmcrIW+XQt8ukukVN5JAB80R2+dTz+NLvD8f/ZOFqLOHpgYCgiBg60GVnLGyPrwG50FABY13uOndaIt+v5msf/L2/8/j9YT24Z/x+MS//JN67GeLwWr8daXIyjxbcNik8ctNT79ffq7xmsfwyhHEd7vBvQiP3TiVIc7fF+wGjTRC9He7wjUIuNb0RMbe9BAIAddrjDONxp/C8iovHBwdr4f7Tp9/+49ff/9amFVn2lEADuCusz2Pd1IdvTvGW3+wgAtDJKAwAAAAAAAAAAAAAAAAAAAAAAAAAAQP/19bb/w1vM/rf6vH61LVn/5yNovzBS3weNLW/f0d545+pb134cEc1JpbwT29PmoqX9LbnUh3KyiNip47VzC7EvYst7NdolDUXEtjd+pB9VfFpfqL02St0uHue6pgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA5kETsabe9FLE3IsoRcWznW7V9ru92A3beV5pXkptxM96M+3avOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX0z1+/+XovZ8T21TDJQijkTEhYjIdruN/XRztxvQJyNbzNd0///8mEeWxEDtsEcyOD2ztDifH/5i7ofSx+9/8O4jrdn33m49RWBp0+QS9Ro2x/7q3sbSA0Wu0ZnVq1e+8/q305nTUYqhOL0yOzczf2bpxY0sDycfRqRRezTk7c0f3zvyu/fa9PzDvKftba53ttg5M7fW+0i73N3r7eby2upkXtNK5eWV737r8ptNSQ/GoYgnxyLGWmv6Zv7oUNOhGOxWW/JJ8oPkvvhpXCiOf743kizJD9H9Rf9HLl1eWx1/7fW1ix3atC8ORsTFiOGebVrf1QeL60lbxVlXGsxrLRdB+Y/9PfrYXvMcF7USJzr04YHilBmt92GopQ+lDnWmnftQ7PCm/V5qLCTJ5hZN1Vs0FK0teiieanOks70RnffCU92PdHvJJ8lfkrPx5/h+0/wfpfz4H4nOr87WIorIpjOlY2SpFln0fLI54ZXNkX//2W21vu00NdypH7a8eEtN1//6serT9ShLul6Pmmqc6lBj+9fFpho3nxWljh0vRqT9m3LUrz4dM9Xaub8W1aGd/xfPRQwc6HZVvGW0fq7zFaU1/4vtk7f6+v95Mhb/iOvm/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO5+ScSedttLEUciYl9jPY3I7qDYvZ0SSqPJnTaxr66v//ic21/8LLVse6d3tuRm3Mze3q5GAQAAAAAAALDTTs98/P4H7+aP4u/xe25mWf3v+2nEQETsS34yEjNLi/M9ChqMuBARN/Ll4U5B/8xqWrfm+eLejfUbEdn9W+8SANDDfwMAAP//zlFyiw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x4, 0x127d, &(0x7f00000011c0)="$eJzs3U1rJMUfB/DfJJPH/SeTv66ruyAWelGEcZODJy9BdkEMKNEsqKdeM9EhkwcyQyAi7njyJPgyRD16E8Q3kIsXz4IgkovHPYgtyUw085BsYjIJyOdz6aK6vlXV6U5DD1303itfrK2u1MsrWSOGCoUobo5E8WGKFEMxHC3NeOHeTz8//dY7774+v7BwZzGlu/Nvz76cUpp+5vv3Pv7m2R8a1+59O/3dWOzODO39PvfL7o3dm3t/fh3VeqrW0/pGI2Xp/sZGI7tfq6Tlan21nNKbtUpWr6Tqer2y1bF/pbaxubmTsvXlqcnNrUq9nrL1nbRa2UmNQmps7aTsg6y6nsrlcpqaDM5j6auHeZ5H5PlIjEae5/lETMa1+F9MxXSUYib+H4/F43E9nogb8WQ8FTcPWl31vAEAAAAAAAAAAAAAAAAAAOC/5RHr/wvW/wMAAAAAAAAAAAAAAAAAAMDgda//L0b4/j8AAAAAAAAAAAAAAAAAAABcskd8/79r/f+L1v8DAAAAAAAAAAAAAAAAAADAIIy3NospjUesfba9tL3U2rbq51eiGrWoxO0oxR9xsPq/pVW++9rCndvpwEy8tPagnX+wvTTcmZ8dKcVMoW9+diIiUkqd+bGYPJqfi1Jc7z/+XGv8rvx4PP/cfv7TVr4cpfjx/diIWixHFNpHf5D/ZDalV99YmOjM39pvd6zhAZ8WAAAAuEjl9Lfe5/dmu1Hf/a1d7efz1G5ZOOH3ga7n82LcKl7VUXOovvPRalarVbb+ZWH0+H5Gz9dzT6EQEVkcrZme/HVxf/BT9nN4uV3QfI4Uhi+6wxMLIye3Occ5jeKp/5gDKkSzuyYvRZy1n9++PFIzfub4+QpD7cssqzVPfbFFM88HOrG+/4xjJ6WOv2cUBnxP4vL8c9KveiYAAAAAAAAAAACcRd+3/yYioud9wA97ag5fD++M9/Z8/OifX8IRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sQPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//w+Ty90=")
syz_mount_image$iso9660(&(0x7f00000002c0), &(0x7f0000000000)='./file1\x00', 0x1010004, &(0x7f0000000180)=ANY=[@ANYBLOB='map=acorn,block50x0000000000000200\x00sbsector=0x0000000000000009,nocompress,session=0x000000000000003b,block=0x0000000000000200Ashowassoc,map=off,\x00'], 0x0, 0x645, &(0x7f0000001000)="$eJzs3U1v28gdx/EfZdlWXCAo2mIRBNlkNukCDpoqkrxxYKSHshQlcyuJAkkXNlBgkW7shRE52yYp0Piy8KUPwPYN9FLspYdeey/Qc99FjwUW7a1AD2VBUrJk69GJbLeb78dwOCL/nPkPqXBASyQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkOdVSqWyp4bW2ts14TjXwmxOWZ7Ut6m5WuDu1XclKflUo6Fo269q3+ovfSf65rRvZqxsqJJOCDr/2ztcffTOf660/IaHXobNW+OLV4dPHnc7u8zkncsEea7jnys2wYt1teaHvNe26a7zQNxvr66X7m7XQ1LyGG+6Ekds0TuDmIj8wq85dU97YWDNuccffatWrdsOVspkPv1spldbNh8vd3X//w2LobHqNhteqpysmi5OYh+bzH2chrt00Zm+/s7s2LckkqDxLUGVaUKVUqZTLlUp5/cHGg4elUn5oRukUDUXM/U2L/zPzO3gDbyiXjP9/s6SGCmppS9syI38cVRXIV3PM8q7e+P/+fXdiu4Pjf2+Uv9ZffF3p+H8ze3Vz3Pg/Jhcjk64waok1Zv7r/bzQKx3qqR6ro4529Xw+9d6aX4bn+JOT6lJe8hTKl6embNXlynTnGG1oXesq6SNtqqZQRjV5ashVqB2FiuSqme6TQK5sRfIVyGhVju7KqKwNbWhNRq6K2pGvLbVUV1W2/hXH8Z72k+0+6Z0gdYNUniWoMiFo3Pj/k8+y9ynj/9uud/yaJQa4dHH3/P+Mbp1PNgAAAAAA4DxY6V/frfSz+3clxap5Dbd02WkBAAAAAIA5Sj/5v5FMFpPSu7LGnP/HF58bAAAAAACYDyu9xs6StLLYnbWnff0n3tUsXwJYOOf0AAAAAADAHKSf/99ckuL03mu3ZB3fCYWLAAAAAAAA+Ir49cA99vO9e+zGvY/1c5LC9rL1538sK1i0jtrb37YO7GSJfdCNGfoGQFS7bl3t3qg3nSxJSl857qLVfzCAlf4Wshdf7k27178VnEpgaaH354uhBP4kaSCB9Xy3Ln2u97KY97rtPjnMKV2StbJS8xpu0fEbj8qy7au5yN2Ofv5s/xdScNzPvf3ObvHjTztP0lyOkllHB0ken51IJzd6Y/RzeZnebyG95mJUj6+o1mvyN63mipW2W+r1f0H2QW6woUk7oN/mL3U7i7m9kk1XDnt7IO1/Iel/uZjusn7v07tDWP0syqd7PmpHjMmikGZxJ4u5s3onm/Ty62bxnQWpUhzeB8FgFpXBLKZvC+ufQ9tiShbJtlhLsvhLUtGYLNbOlsXQHgGAy7LXH4XSm5gP32P/9Lj7Oke56aP790+28vJ3cXbB4YKU7342MbGVgpIj+moWs6T0wJq/PuKIXuqOKwWNOaKX3mB0S9r6Y/8ZSN20h7L4dxzHj8ppu789Nap+kazwxdh2w0ZlIdmE918e/DS9AX7ik91Pdp9VKmvrpQ9KpQcVLabd6E4YewAAI0x/xs7UCOuD47PqJ39/PyudGPG+cfyVgqI+1qfq6Inu9R4hcGt0rSsDX0O4N3zWmsRekU7F/n5R98ae1aVj6UC9lePY3oUPp88A+7Fr57wXAAC4WLenjMOzjP/3eufdq9dHnnefHMtPPyF4XGz5grcEAABvDzf40lqJfmUFgdf+qLyxUbajTdcEvvNDE3jVumu8VuQGzqbdqrumHfiR7/gN0w607FXd0IRb7bYfRKbmB6bth952+uR30330e+g27VbkOWG74dqhaxy/FdlOZKpe6Jj21g8aXrjpBunKYdt1vJrn2JHnt0zobwWOWzQmdN2BQK/qtiKv5iXFlmkHXtMOdsyP/MZW0zVVN3QCrx35WYW9trxWzQ+aabVFxWd+0CEAAF9FL14dPn3c6ew+n1A40vSYbmFpVIWX3UcAAHASozQAAAAAAAAAAAAAAAAAAAAAAP/7Zrn+70yFxVEXC0rHc352daZ6LM07sbMUcq+/+l8nxFw5ntPb/IMxR5fQU2WF/PxrviLNftnoHArf28u26NiYZOHIRcvH+yI///8OSeHZH8YsiuM4nrz68sltuDSpgycLeUnPl95gF1zO8QjAxflvAAAA///xwUUi")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)

8.062238521s ago: executing program 3 (id=982):
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x51}, 0x48005)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x8008, &(0x7f0000000000)={[{@noload}, {@stripe={'stripe', 0x3d, 0xdc}}, {@oldalloc}, {@grpid}, {@data_err_ignore}, {@nodiscard}]}, 0xff, 0x451, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpq5rp3Hj1KX+fKRNZrzj7Hw9O/bsjDcBDKyx7EcSsTkifouIkUb2xgJjjV/Xrpyb+evKuZkk6vU3/kzyclevnJspi5bP29TI1OtFfl2b4154O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TVbfzcX+5jh6ZMNY49Vt66keH6zftjSlk2ofK0JXKhGRNddQ3v9HohIblvaNxMuf9rVywJqq1+v1dp/PhfN14B6WRL9rAPRH+UGfXf+W2x0aetwVLh+OeP9gI/5rxdbYU420KDPUcn3bS2MRceT8319mW6zNPAQAwA2+OxwRz7Ub/6XxYFO5/xVrKKMR8f+IuC8i7o+IrRHxQERe9qGIeLjL47eukNw8/kkv3VZgK5SN/14o1raWxn//1PP4C6OVIrclj38oOXq8NreneE12x9C6LD+5zDG+f+nXzzvtax7/ZVt2/HIs2JBeqrZM0M1OL06vMuwllz+J2F5tiT+XRLmMk0TEtojY3tVfvn6FcfyZr3d0KnXr+JfRg3Wm+lcRTzfa/3y0xF9KOq5PTh48MLV/Yn3U5vZMlGfFzX7+5cLrnY6/qvh7IGv/ja3nf24p/tFkfcTCmbMn8vXahWhdIb6lC79/1vGa5nbP/+HkzTw9XDz24fTi4unJiOHk1Zsfn7r+3CJfbY5/96528af5e1wZ7SMRkZ3EOyPi0Yh4rKj74xHxRETsWib+H1988t3u419mVr6Hsvhnb9X+0dz+3ScqJ374tvv4S1n778tTu4tHVvL+t9IKrua1AwAAgP+KNP8OfJKOL6XTdHy88R3+rbExrc0vLD57dP6DU7ON78qPxlBaznSNNM2HThZzw2V+qiW/t5g3/qKyIc+Pz8zXZvsdPAy4TR36f+aPSr9rB6w592vB4NL/YXDp/zC49H8YXPo/DK52/f/jPtQDuPN8/sPg0v9hcOn/MLj0fxhIHe+NT1d1y7/EPZ+ItPtnVaOvdU66+McQd08iXes6r2u7q9/vTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//HWbqJg==")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7.504392467s ago: executing program 4 (id=983):
kexec_load(0x3, 0x7, &(0x7f00000005c0)=[{&(0x7f0000000000)="6509534a17aa723cba21a9d63c6a556b30b910a580cb50d65e9fab1ed59a7eb00a7109e4a355bed417bce60d6a5baab4bbecc5b2faaf2eba28c331345b612f1f4cbfdfa7bcb9bd2a0fbc8d7786bb68cff61167b98ef0adfbb79545bbb2c409be3adb3b54846920f1b194db5258279e8d06b863d51c0f90cd79ecb1f5ed3c44eb6353c0b451fe3f9b118422addd3f936d8cd5562d6ce55bf378", 0x99, 0x5, 0xff}, {&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327af12eaab8ac918c201b7f932e124796f1aba03e031312bd7e67403651abac282b310f420dbcdea31d52854783d6952a2a7b10f3e45715203107f8ce516d99c8c7db918e0989ef123cc524fa8ae0af5c952de542a268179439f62e20fb410df0a4c2e54ec355436d7cf9", 0xdf, 0x5, 0xffffffff}, {0x0, 0x0, 0x5, 0x4}, {0x0, 0x0, 0x100, 0x9}, {0x0, 0x0, 0x7, 0x2}, {0x0, 0x0, 0x2, 0xfffffffffffffffa}, {&(0x7f00000004c0)="fd7cd1d51fb9987e67d12dded82fd30b5e7675f10da30291367bede16a4fe296961baf3caee5bd5c0d76b25c3de77c56ddefc936fa712ec3d7e51f4b16e682d3ee59b2abf6c05927c1edb91d54f66cf99928f710cf98acec87a3d75a6388bab3c5a1474d29cae1f0fd92cde6f444bf490f27f37e198aa55b403df846ce1732f7cf4c12d92aece1289b4b10b7d84532a07762548e3f3915b6575e8ef8130395476b9a721a7668c608c4d2f70aee2be4ae96ff0e5925b138fec99f91f19d8618037fe2842d248c8d44f425e54da4a668059f5124222cb4955f073d318b2f0dcecec611448d4ec0fd", 0xe7, 0x5, 0x6}], 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="4274aa814c8f6ea8d8db43", 0xb}, {&(0x7f0000000280)="da3b7d7035cdbd35bccc23a2f8164fe26ad17c1668bf60cc412d60d7b02fe70f0d4c385a653d469c0888c116c5e9393ca029e477f71c7707c0e59c992ef8bb0993", 0x41}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d62", 0x9b}], 0x3}, 0x41)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348", 0xf}], 0x2, 0x0, 0x0, 0x10}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x5, 0x12)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f", 0xcd}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

5.864278815s ago: executing program 4 (id=985):
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
tkill(r0, 0x2a)
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000040)=r0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_SET(r3, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x3c, 0x3e9, 0x0, 0x70bd28, 0x25dfdbff, {0x2, 0x1, 0x2, r0, 0xff, 0x7, 0x3, 0xe, 0x0, 0xffffffff, 0x3}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000001}, 0x40020)

5.583943832s ago: executing program 2 (id=986):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)

5.096375061s ago: executing program 1 (id=987):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b0000000e000000cc0002000600000005"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
close(0x3)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000002100)={r1, r0, 0x26, 0x0, @void}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00')
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r3=>0x0}, 0x8)
r4 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000380)=r3, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r4, 0x4)
read$FUSE(r2, &(0x7f00000040c0)={0x2020}, 0x2020)

5.094771172s ago: executing program 2 (id=988):
ioctl$XFS_IOC_START_COMMIT(0xffffffffffffffff, 0x80585882, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="120100004107f540f30c7593de1a000000010902240001000000000904000002bee4f900090503000000000000090504", @ANYBLOB="031c"], 0x0)
ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(0xffffffffffffffff, 0xc0186445, &(0x7f0000000000)={0x8000000000000000, 0x1})
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0a63cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @remote, @remote, @remote, @remote}}}}, 0x0)
sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14)

4.995609418s ago: executing program 3 (id=989):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_IMPORTANCE(r2, 0x10f, 0x8a, &(0x7f0000001100)=0x5, 0x4)

4.359349815s ago: executing program 1 (id=990):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x20008810)
socket$unix(0x1, 0x1, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x488, 0x2c, 0xd3f, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0xfff3, 0xffea}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x45c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x4}]}}, @TCA_BPF_POLICE={0x444, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x4, 0x7, 0xd988, 0xfffffff7, 0x3, 0xa089, 0x1, 0x3ff, 0x5, 0x5, 0x6, 0x4, 0x3, 0x92c, 0x1007, 0xffffffb2, 0xeaac, 0x2, 0x5, 0x1, 0x10000, 0xded, 0x8, 0x10000000, 0x9, 0x10001, 0xc6d, 0x88000001, 0x8, 0x7, 0x7, 0x7, 0x5, 0x7, 0x800, 0x9, 0x100, 0x8, 0x9, 0x8, 0x3, 0x5, 0x6, 0xffffff9a, 0x3, 0xd, 0xbc, 0x5, 0x13f6, 0x81, 0x53, 0x17, 0x4, 0x1000001, 0x6, 0x4, 0x8, 0x800, 0x86e1, 0x8, 0xfffffff9, 0xd, 0x1, 0x3, 0x5, 0x9, 0x80000000, 0xf3, 0xd, 0x8, 0xfffffff9, 0x800, 0x2726a3ed, 0x6, 0x8, 0x6, 0x6, 0x8, 0x6, 0x7ff, 0x100, 0x1ff, 0x6, 0x3, 0x8, 0x8, 0x5, 0x2, 0x5, 0x0, 0xeed9, 0x3, 0x16, 0xff, 0x1, 0x5, 0x9, 0xb, 0x5, 0x8000, 0x5, 0x6, 0x6, 0xfa, 0x3, 0x3, 0x10, 0x1ff, 0x3, 0x6, 0x60000000, 0x8, 0x2, 0x5, 0x3, 0x2, 0x401, 0xa955, 0x5000, 0x1, 0xe6, 0x2, 0x3, 0x6e4, 0x1, 0x5, 0x7, 0xb, 0x6, 0x4, 0x7ffffffd, 0x3, 0x99b, 0x9c4, 0x7f, 0x800003, 0x70, 0xff800, 0xfffffffd, 0x7, 0x5, 0xff, 0x7, 0x26, 0xfff, 0x800, 0xa3, 0x10000, 0xff, 0x80000000, 0xc, 0x7, 0x8, 0xff, 0x0, 0x5, 0x8, 0x6, 0xe2f3, 0x4, 0x4, 0x9, 0x1, 0xffff, 0x3, 0x9, 0x9, 0x9, 0x7, 0xfffffc00, 0x0, 0x10000, 0x480, 0x64c, 0x8, 0x7, 0x8, 0x6, 0x5, 0x6, 0x5, 0x7ff, 0xc7, 0x7, 0xf30, 0x800, 0x0, 0xee3, 0x2005, 0x4, 0x8, 0x8, 0x1000, 0x5, 0x7, 0xa37f, 0x8, 0x9, 0x3, 0x1, 0xff, 0x8, 0x10000, 0xb, 0xcf9, 0x8, 0x0, 0x40, 0x3, 0x1731, 0x3b, 0xff, 0x6, 0x6ad880, 0x266d, 0x4007, 0xc28, 0x2, 0x400, 0x2, 0x52, 0xd3, 0x8, 0x2, 0x4, 0xfffffff8, 0x200, 0x6, 0x6, 0x8, 0xe, 0xe459, 0x7ff, 0xc7, 0x81, 0x40, 0x0, 0x2, 0x3feb, 0x7, 0x100, 0x100, 0x7, 0xfffffb98, 0xfffffffb, 0x4, 0x20001, 0x1003, 0x8, 0x1, 0x15b9, 0x7, 0x100, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x5, 0x5, 0x92, 0x240, {0x7, 0x2, 0x1, 0x80, 0x6572, 0x2}, {0x2, 0x1, 0x400, 0x8, 0x8}, 0x3, 0x4, 0x7fffffff}}]}]}}]}, 0x488}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

4.237270881s ago: executing program 2 (id=991):
openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x185042, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000cea000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000257000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4004005)
r0 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

3.875831734s ago: executing program 2 (id=992):
shmctl$SHM_UNLOCK(0x0, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x28, 0x1, 0x0)
getsockname$packet(r0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
sched_setscheduler(0x0, 0x5, 0x0)
socket$inet6(0xa, 0x3, 0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001c40)=ANY=[@ANYBLOB="200000006800e97800000000000000000a000000000000000800", @ANYRES64=r1], 0x20}}, 0x0)

3.571062968s ago: executing program 1 (id=993):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb31e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = socket$packet(0x11, 0x2, 0x300)
recvmsg(r4, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x9000, &(0x7f0000000000)={0x0, 0xa}, 0x20)

3.569396958s ago: executing program 2 (id=994):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x845c5000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000100)=ANY=[@ANYBLOB='4'], 0x34}], 0x1, 0x0, 0x0, 0x4050}, 0xc000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000f80)={0x60001, 0x0, {[0x1, 0xc5d, 0x9, 0xa25, 0x1ff, 0x101, 0x4, 0x3ff]}})

2.73027522s ago: executing program 1 (id=995):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmmsg$inet6(r0, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141414}}, 0x1c, 0x0}}], 0x1, 0x20004855)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff30}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045)
r1 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0x1a4})
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1)
io_uring_enter(r1, 0x2219, 0xcf74, 0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)

2.236340386s ago: executing program 3 (id=996):
socket$alg(0x26, 0x5, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000001d40), 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00006e3000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x2400c051)
r0 = io_uring_setup(0x7f9, &(0x7f0000000040)={0x0, 0xc8df, 0xfc00, 0x1, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x300, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xfff1, 0x6}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x20040000)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2.098289483s ago: executing program 4 (id=997):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000980)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0)
epoll_wait(r3, &(0x7f00000003c0)=[{}], 0x1, 0xffffffff)

1.984928068s ago: executing program 3 (id=998):
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r0 = getpid()
r1 = gettid()
rt_tgsigqueueinfo(r0, r1, 0x7, &(0x7f0000000040)={0x7, 0x0, 0x4})
r2 = getpgrp(0x0)
r3 = gettid()
r4 = getpgid(r3)
rt_tgsigqueueinfo(r4, r3, 0x5, &(0x7f0000000200)={0x5, 0x8})
rt_tgsigqueueinfo(r2, r3, 0x2c, &(0x7f0000000100)={0x11, 0x905, 0x4})
ppoll(0x0, 0x0, 0x0, &(0x7f0000002d40)={[0x100000001]}, 0x8)

1.572681375s ago: executing program 3 (id=999):
r0 = socket(0x1, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f670600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1b172191d359645fae2d074ea5724ab77ea04fe507938b1213cdd4a92860e59808689382734d24b3123dd40c6d612c8a19948cd257748b1e7324adddbe61d51013f7d6b313c6df7b7b29678d70fc94dcc3e99e2472e78968ed94e7a54988656e8fff6b1d9b9993c71edd5cc10a2bea8d94d751b77fa7c48c712af35a9ffe670e8fa451942f48741119496bc30137e1202aed6bb5cd5c2d0256d049e4a335e2ea5545e5624be2391c37c0a2ae3bbb5b58778b85424bcdb84358359b2cb2782fc0e82f17b12d641ce6a72ab0ac794f878140897703bebe4420115d26675f27598841965fa91088252"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r0}, 0x20)
bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/65, 0x41}], 0x1}}], 0x2, 0x0, 0x0)
r3 = socket(0x1, 0x2, 0x0)
sendmmsg$unix(r3, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)

1.570451555s ago: executing program 1 (id=1000):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
syz_mount_image$f2fs(&(0x7f0000010580), &(0x7f00000105c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='active_logs=4,jqfmt=vfsv0,prjjquota=f2fs\x00,mode=adaptive,heap,norecovery,fsync_mode=posix,user_xattr,disable_roll_forward,\x00\x00\x00'], 0x1, 0x105c9, &(0x7f0000020bc0)="$eJzs3M1uG1UUAODjpClNKCVCLNh1JISUSLUVJ2kFuwCpAIlUET8LVuDYjuXWP1HsJKYIEVgjln0RWLFnz0uwQyyQ2BWBPDOGphQRqHGS5vuk8Zl7PXN8rlWpOnMjB3BuzSe//FyIKzEbEdMRcTkiPS/kR2otCy9ExNWImHrgKOTzf0xcjIi5iLgyTJ7lLORvfXrvcOP+YGMuz3rtZFYMnAYvRUR7Jzs/aGex28ji7Xy+st9MY3t1P4/ZG+07+bibxYP6VprhoDK6rpLGlUZ2fXdnrzeM261KdRgbze10fqeTfWBvvzHKk95wu7Kbjmv1rVG5h+l9d7PBII93e/0sTy3P93GaPvr9Uczm64N6tp6dO2msdvr5fDerr1YfDON+HnvZdFS7rVpax9Z//JLPgLebnb1Bsl/f7TW7neR6qfxyqXyjWN7t1ur9+mqx0q7dWE0WGq3hZcV+vdJea3S7jVa9VO22F5OFRrVaLJeThfX6VrPSScrl0kppqXh9MT+7lrxx6/2kVUsWhvG1Zmev32z1ku3ubpLdsZgsl1ZeWUxeLCfvbmwmm+/cvLmx+d6H6x/cenXjrdfzi/5SVrKwvLS8XCwvFZfLi/9ywb+eyvUP/4uezPofcunxbue8K5x0AQBnT9r/z8Yk+/9Pvr330/oXle/1/3COnaX+v5k35Pr/8Tsl/e/k+v9jrP/zc7R+/T+PRf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBu/TDz9ZvpyXw2fjqffyafei4fFyJiKiJ+e4TpuHgk53SeZ+Zvrp95qIbvCpFmGH7GU/kxFxFr+XH/2UfXfmGs3wQAAAA8mb45vPpV1q1nL/MnXRCTlD20mbr80ZjyFSJiZv7HMWWbGr48P6Zk6b/vCzEYU7b0AdalMSXLH4p9NqZ0xzJ9JFx6IBSyMDXJagAAgMk42gnYUQcAAHhyfXnSBTB+x9m/K8RoK3O0F5z+5f2fG4KzR0YAAADAGVQ46QIAAACA/13a/5/l3/8DAAAA/ln2+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRHMCfDW7pl4qqLiv1Kt3BMXqELrtEHKCX4Aj0CrkAZyC7HCHCER6j4IhIURgbBf1+kj/Ggj/PiM2bQQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgT7fVev5/8fPfuTm7+jx57gYAAAA4ZVut583JNI0/tde/tJe+teMiIsqIONW7j+JdJ3PU5lTPvL56UsNNRJOw/4z37fYxIn612/3Xvr8FAAAAuF6b5WqWuvW0m166IIaUJm3Kz78z5RURUU3vMqWV+933TGHN73scfzOlNRNYk0xhacptnCvtRUadw+ToUKRDOWg5AADAILqdwLBdCAAAAEP6c3S+uGAdDKyIw1LmYS24+ef944Lgh84IAAAAeIOKSxcAAAAA9K7p/z3/DwAAAK5bev4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfdpW6/lmuZqdm7OrX+HHJL25rusMtwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MD+vKNACIRBGOxd35nM/Q8rDRobmlSB8PE3BgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw4nd/+T8xNc4kc6+NpeeRZO3U2Do19s6Noz+Mr18DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/vzkgIhEARRMGf876Tvf1hJ0DOIEAENjypq0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzR7375PzE1ziRzp42l45Fk7aqxddXYe9A4ejDe/g0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzv37xpJFQcA/M3uzt4PkFujLJyNJ56cKF6y5y8EmyuEYCFYieWS2z1W91TuUnhHCtNYCP4HNtpeIwQEOQv/giusvDI2EWSLCBZWyvyKk2zQiZrZ3dznA2/eN5OXed83gZDvvEkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMLkarhQxM3k0MniRn7ux92NtaR/cKBP7PTvnk9aEkf1pr1wWsk96s46CwAAAE66ZlHfhxC2463VpG900vr/mWJMUvNvPJLFRT1/sO4v+qL2T9q97756e2+iTjZPHEL4pjMerNS2wvl2seK4cxXGpM8Ssic0zfTb1nhz87FJnN716PP7999op+Gp/5YxAPB/uFz0eTCMPkl/PxqOxoPeLBMDYHG1/vnTxZCi/m92asgLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMYmm+H5Io5CCE+0/ooTD3Y31g7rd/p3zxft3LuPf1q+ZnKJOIQwHI0Hp2tcyzy7WHHcrdt33u+Px4ObRwqe/FdfJRAIFiU45h9QAACcKHHekrp+O95aTc5FSyH88eX++v9SKQ4V6//vR/culecq1/+92lY436rW/8vrNz5avnX7zgujG/3rg+uDD670Xuq9uvLay71XlpP7uZIdjzlbAAAAFlU7b+X6v7E0vf9/thSHivX/Dz+/80t5rqb6f8rR9/+POSEAAICH2KMXfvs1OuR81G6Hj/vr6zd72XHv4yvZcQap/r0z06dO5a1c/zeXZpAbAAAAULvJZrRv//9aKQ4V9/+/fe73L8rXbOaPIIaj8eDy2ofja/UtZ25N7/93Dh1Xx58T17BcAAAAZuRM3sr7/3H6/n/jqWJMI4Tw7NNZnP8bwEr1/+utz66W5yq///9ifUucS41udj+qvP+fju2G0OrWkBgAAAAn0um8JfX/T/HW6ntfn32r7f1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5kf+5tEwbCOA6/viRK3CYjpLf4mIGGCsEKgIRkyTMwAAvRUNFaLAIrgATnms5QPE/z/xVX3AsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvL3r0xcfEVFE6jJFmm7/zp8R8RVp17aT73sW+8up+Xnk4nCc5fyN+X8ZEWUUfZwDANC7qtsc6029GuQd5h3lHeetyqZevvLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGCgAA//9fbFmx")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0xc042, 0x0)
sendfile(r2, r1, 0x0, 0xe3aa6e6)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)

304.734765ms ago: executing program 2 (id=1001):
syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xe, &(0x7f00000003c0)=0xb, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508ab", 0x24}], 0x1}, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x1, @empty, @local, {[], {{0x400, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4, 0xec22}]}}}}}}}}, 0x0)

0s ago: executing program 3 (id=1002):
syz_usb_connect(0x4, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x5a, 0x19, 0x86, 0x8, 0x4d03, 0x3a39, 0xefde, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xb, 0x7f, 0x0, 0x5, "", [{{0x9, 0x4, 0x9, 0x73, 0x0, 0x2, 0xc, 0x7, 0xc}}]}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
socket$inet6(0xa, 0x3, 0x6)
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x108)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x34048097}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48)
fcntl$setpipe(r0, 0x407, 0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f00000006c0)='./bus\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

kernel console output (not intermixed with test programs):

][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.777273][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.811046][ T5623] Bluetooth: hci3: command tx timeout
[   94.832896][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.864736][ T1330] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.864901][ T1330] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.883384][ T5623] Bluetooth: hci4: command tx timeout
[   94.883422][ T5623] Bluetooth: hci2: command tx timeout
[   94.959850][ T5623] Bluetooth: hci1: command tx timeout
[   94.959906][ T5629] Bluetooth: hci0: command tx timeout
[   95.008685][ T5615] 8021q: adding VLAN 0 to HW filter on device team0
[   95.073086][ T5618] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.100286][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.100452][ T3313] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.165824][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.165982][ T3313] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.291812][ T5618] 8021q: adding VLAN 0 to HW filter on device team0
[   95.356537][ T5614] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.387056][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.387353][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.538653][  T199] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.538832][  T199] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.657175][ T5614] 8021q: adding VLAN 0 to HW filter on device team0
[   95.791149][  T199] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.791688][  T199] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.953165][ T1126] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.955141][ T1126] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.381138][ T5617] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.827768][ T5616] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.085084][ T5617] veth0_vlan: entered promiscuous mode
[   97.194903][ T5617] veth1_vlan: entered promiscuous mode
[   97.404211][ T5616] veth0_vlan: entered promiscuous mode
[   97.505578][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.587059][ T5618] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.603073][ T5616] veth1_vlan: entered promiscuous mode
[   97.697782][ T5617] veth0_macvtap: entered promiscuous mode
[   97.774004][ T5617] veth1_macvtap: entered promiscuous mode
[   97.950253][ T5614] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.018680][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.064793][ T5616] veth0_macvtap: entered promiscuous mode
[   98.106547][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.148492][ T5616] veth1_macvtap: entered promiscuous mode
[   98.158802][ T5615] veth0_vlan: entered promiscuous mode
[   98.186534][ T1006] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.205956][ T1006] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.214130][ T1006] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.248963][ T1006] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.283317][ T5615] veth1_vlan: entered promiscuous mode
[   98.371371][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.505614][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.701995][   T70] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.725777][ T5614] veth0_vlan: entered promiscuous mode
[   98.735349][   T70] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.771755][   T70] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.803246][   T70] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.814707][ T5618] veth0_vlan: entered promiscuous mode
[   98.853333][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.853348][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.920840][ T5614] veth1_vlan: entered promiscuous mode
[   98.958054][ T5615] veth0_macvtap: entered promiscuous mode
[   99.025508][ T5618] veth1_vlan: entered promiscuous mode
[   99.092021][ T5615] veth1_macvtap: entered promiscuous mode
[   99.101792][   T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.101814][   T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.501137][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.502663][ T1033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.502683][ T1033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.630671][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.664635][ T5614] veth0_macvtap: entered promiscuous mode
[   99.704850][ T5618] veth0_macvtap: entered promiscuous mode
[   99.707573][   T70] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.734876][ T5614] veth1_macvtap: entered promiscuous mode
[   99.742549][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.742567][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.747008][   T70] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.838175][   T70] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.861457][   T70] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.864067][ T5618] veth1_macvtap: entered promiscuous mode
[   99.959928][ T5810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'.
[  100.303650][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.599393][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.608039][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.713794][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.764294][   T44] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.764374][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.764387][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.812673][  T199] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.821559][  T199] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.853703][  T199] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.907866][  T199] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.941770][ T5822] Illegal XDP return value 4294967274 on prog  (id 2) dev N/A, expect packet loss!
[  101.111838][  T199] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.115816][  T199] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.186249][  T199] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.369587][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.369609][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.146060][ T5826] loop3: detected capacity change from 0 to 32768
[  102.834388][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.834412][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.489008][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.489031][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.747956][ T1260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.747978][ T1260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.092760][ T5836] loop1: detected capacity change from 0 to 4096
[  104.130084][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.130107][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.645219][ T5836] NILFS (loop1): invalid segment: Checksum error in segment payload
[  104.645251][ T5836] NILFS (loop1): trying rollback from an earlier position
[  105.271834][ T5836] NILFS (loop1): recovery complete
[  105.538174][ T5844] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  105.716586][ T5846] process 'syz.0.17' launched './file0' with NULL argv: empty string added
[  106.832136][ T5854] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  108.174879][ T5867] loop1: detected capacity change from 0 to 64
[  108.614653][ T5867] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  108.916060][ T5851] loop0: detected capacity change from 0 to 32768
[  109.288850][ T5851] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/loop0": -EINTR
[  109.990992][ T5887] loop2: detected capacity change from 0 to 512
[  110.302225][ T5892] netlink: 'syz.1.29': attribute type 11 has an invalid length.
[  110.554106][ T5887] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.554359][ T5887] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.372634][ T5614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.316052][ T5914] loop0: detected capacity change from 0 to 2048
[  112.707323][ T5914] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.899618][ T5914] EXT4-fs error (device loop0): ext4_ext_precache:631: inode #2: comm syz.0.38: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  112.922538][ T5914] EXT4-fs (loop0): Remounting filesystem read-only
[  113.321656][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.806430][ T5941] netlink: 'syz.0.45': attribute type 11 has an invalid length.
[  113.914001][ T5939] loop4: detected capacity change from 0 to 4096
[  113.925588][ T5939] EXT4-fs: Ignoring removed orlov option
[  114.222853][ T5947] usb usb9: usbfs: process 5947 (syz.2.51) did not claim interface 38 before use
[  114.278745][ T5939] EXT4-fs (loop4): Test dummy encryption mode enabled
[  114.448184][ T5939] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.007184][ T5939] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  115.674576][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.622912][ T5966] loop0: detected capacity change from 0 to 32768
[  116.658019][ T5966] =======================================================
[  116.658019][ T5966] WARNING: The mand mount option has been deprecated and
[  116.658019][ T5966]          and is ignored by this kernel. Remove the mand
[  116.658019][ T5966]          option from the mount to silence this warning.
[  116.658019][ T5966] =======================================================
[  117.718896][ T5966] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  118.932094][ T6010] loop4: detected capacity change from 0 to 40427
[  118.933131][ T6010] F2FS-fs: heap/no_heap options were deprecated
[  118.968757][ T6010] F2FS-fs (loop4): build fault injection rate: 19
[  118.968785][ T6010] F2FS-fs (loop4): build fault injection type: 0x77e8c
[  118.999250][ T6010] F2FS-fs (loop4): invalid crc value
[  119.033498][ T6010] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21c/0xd60
[  119.051706][ T6010] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x18f/0xb00
[  119.063076][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  119.194846][ T6010] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  119.216816][ T6010] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  119.238644][ T6010] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of write_normal_summaries+0x120/0x3f0
[  119.337865][ T6010] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x5e2/0x24f0
[  119.337916][ T6010] F2FS-fs (loop4): invalid blkaddr: 513, type: 10, run fsck to fix.
[  119.380362][ T6010] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x681/0x24f0
[  119.380411][ T6010] F2FS-fs (loop4): invalid blkaddr: 1027, type: 10, run fsck to fix.
[  119.577677][ T6015] loop2: detected capacity change from 0 to 4096
[  119.883709][ T6015] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.315051][ T5614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.553278][ T5617] ocfs2: Unmounting device (7,0) on (node local)
[  122.225617][ T5745] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  122.230896][ T5827] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  122.532398][ T5745] usb 4-1: Using ep0 maxpacket: 16
[  122.563808][ T5827] usb 1-1: unable to get BOS descriptor or descriptor too short
[  122.603382][ T5745] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.603417][ T5745] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.603439][ T5745] usb 4-1: config 0 interface 0 has no altsetting 0
[  122.603487][ T5745] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  122.603511][ T5745] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.608362][ T5827] usb 1-1: not running at top speed; connect to a high speed hub
[  122.666434][ T5827] usb 1-1: config 10 has an invalid interface number: 3 but max is 0
[  122.666463][ T5827] usb 1-1: config 10 has no interface number 0
[  122.666495][ T5827] usb 1-1: config 10 interface 3 has no altsetting 0
[  122.722444][ T5827] usb 1-1: New USB device found, idVendor=11ba, idProduct=1003, bcdDevice=14.c2
[  122.722475][ T5827] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.722495][ T5827] usb 1-1: Product: syz
[  122.722509][ T5827] usb 1-1: Manufacturer: syz
[  122.722523][ T5827] usb 1-1: SerialNumber: syz
[  122.893369][ T5745] usb 4-1: config 0 descriptor??
[  123.496276][ T6072] loop4: detected capacity change from 0 to 256
[  123.767647][ T5745] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  123.767697][ T5745] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  123.767725][ T5745] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  123.767751][ T5745] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  123.767777][ T5745] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  123.790094][ T5827] pvrusb2: Hardware description: OnAir Creator Hybrid USB tuner
[  123.790734][ T5827] usb 1-1: selecting invalid altsetting 0
[  123.801727][ T2386] pvrusb2: Invalid write control endpoint
[  124.221260][ T5745] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  124.288796][ T5827] usb 1-1: USB disconnect, device number 2
[  124.392036][ T6072] FAT-fs (loop4): Directory bread(block 64) failed
[  124.392074][ T6072] FAT-fs (loop4): Directory bread(block 65) failed
[  124.393989][ T6072] FAT-fs (loop4): Directory bread(block 66) failed
[  124.394026][ T6072] FAT-fs (loop4): Directory bread(block 67) failed
[  124.394149][ T6072] FAT-fs (loop4): Directory bread(block 68) failed
[  124.394171][ T6072] FAT-fs (loop4): Directory bread(block 69) failed
[  124.394278][ T6072] FAT-fs (loop4): Directory bread(block 70) failed
[  124.394302][ T6072] FAT-fs (loop4): Directory bread(block 71) failed
[  124.394484][ T6072] FAT-fs (loop4): Directory bread(block 72) failed
[  124.394508][ T6072] FAT-fs (loop4): Directory bread(block 73) failed
[  125.083188][ T6072] syz.4.93: attempt to access beyond end of device
[  125.083188][ T6072] loop4: rw=0, sector=1192, nr_sectors = 4 limit=256
[  125.104099][ T5745] usb 4-1: USB disconnect, device number 2
[  125.170866][ T6091] syz.4.93: attempt to access beyond end of device
[  125.170866][ T6091] loop4: rw=0, sector=1192, nr_sectors = 4 limit=256
[  125.171067][ T6091] Buffer I/O error on dev loop4, logical block 298, async page read
[  125.213514][   T38] audit: type=1800 audit(1779925267.501:2): pid=6091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.93" name="file1" dev="loop4" ino=1048605 res=0 errno=0
[  125.288480][ T2386] pvrusb2: Invalid write control endpoint
[  125.288512][ T2386] pvrusb2: Invalid write control endpoint
[  125.288529][ T2386] pvrusb2: Invalid write control endpoint
[  125.288545][ T2386] pvrusb2: Invalid write control endpoint
[  125.288560][ T2386] pvrusb2: Invalid write control endpoint
[  125.288575][ T2386] pvrusb2: Invalid write control endpoint
[  125.288590][ T2386] pvrusb2: Invalid write control endpoint
[  125.288606][ T2386] pvrusb2: Invalid write control endpoint
[  125.288619][ T2386] pvrusb2: Invalid write control endpoint
[  125.288632][ T2386] pvrusb2: Invalid write control endpoint
[  125.288645][ T2386] pvrusb2: Invalid write control endpoint
[  125.288661][ T2386] pvrusb2: Invalid write control endpoint
[  125.288675][ T2386] pvrusb2: Invalid write control endpoint
[  125.288697][ T2386] pvrusb2: Invalid write control endpoint
[  125.288713][ T2386] pvrusb2: Invalid write control endpoint
[  125.288728][ T2386] pvrusb2: Invalid write control endpoint
[  125.288743][ T2386] pvrusb2: Invalid write control endpoint
[  125.288758][ T2386] pvrusb2: Invalid write control endpoint
[  125.288773][ T2386] pvrusb2: Invalid write control endpoint
[  125.288789][ T2386] pvrusb2: Invalid write control endpoint
[  125.288803][ T2386] pvrusb2: Invalid write control endpoint
[  125.288818][ T2386] pvrusb2: Invalid write control endpoint
[  125.288833][ T2386] pvrusb2: Invalid write control endpoint
[  125.288848][ T2386] pvrusb2: Invalid write control endpoint
[  125.288863][ T2386] pvrusb2: Invalid write control endpoint
[  125.288878][ T2386] pvrusb2: Invalid write control endpoint
[  125.288893][ T2386] pvrusb2: Invalid write control endpoint
[  125.288909][ T2386] pvrusb2: Invalid write control endpoint
[  125.288924][ T2386] pvrusb2: Invalid write control endpoint
[  125.288939][ T2386] pvrusb2: Invalid write control endpoint
[  125.288953][ T2386] pvrusb2: Invalid write control endpoint
[  125.288967][ T2386] pvrusb2: Invalid write control endpoint
[  126.068821][ T2386] pvrusb2: Module ID 3 (saa7115) for device OnAir Creator Hybrid USB tuner failed to load.  Possible missing sub-device kernel module or initialization failure within module.
[  126.266515][ T2386] cs53l32a 1-0011: chip found @ 0x22 (pvrusb2_a)
[  126.266602][ T2386] pvrusb2: Invalid write control endpoint
[  126.266621][ T2386] pvrusb2: Invalid write control endpoint
[  126.266638][ T2386] pvrusb2: Invalid write control endpoint
[  126.266655][ T2386] pvrusb2: Invalid write control endpoint
[  126.266670][ T2386] pvrusb2: Invalid write control endpoint
[  126.266686][ T2386] pvrusb2: Invalid write control endpoint
[  126.266701][ T2386] pvrusb2: Invalid write control endpoint
[  126.351716][ T2386] pvrusb2: Invalid write control endpoint
[  126.351741][ T2386] pvrusb2: Invalid write control endpoint
[  126.351755][ T2386] pvrusb2: Invalid write control endpoint
[  126.351769][ T2386] pvrusb2: Invalid write control endpoint
[  126.351781][ T2386] pvrusb2: Invalid write control endpoint
[  126.351796][ T2386] pvrusb2: Invalid write control endpoint
[  126.351809][ T2386] pvrusb2: Invalid write control endpoint
[  126.351823][ T2386] pvrusb2: Invalid write control endpoint
[  126.351836][ T2386] pvrusb2: Invalid write control endpoint
[  126.351848][ T2386] pvrusb2: Invalid write control endpoint
[  126.351859][ T2386] pvrusb2: Invalid write control endpoint
[  126.351871][ T2386] pvrusb2: Invalid write control endpoint
[  126.351882][ T2386] pvrusb2: Invalid write control endpoint
[  126.351893][ T2386] pvrusb2: Invalid write control endpoint
[  126.423862][ T2386] pvrusb2: Attached sub-driver cs53l32a
[  126.745810][ T2386] pvrusb2: Invalid write control endpoint
[  126.745847][ T2386] pvrusb2: Invalid write control endpoint
[  126.745872][ T2386] pvrusb2: Invalid write control endpoint
[  126.745894][ T2386] pvrusb2: Invalid write control endpoint
[  126.745904][ T2386] pvrusb2: Module ID 4 (tuner) for device OnAir Creator Hybrid USB tuner failed to load.  Possible missing sub-device kernel module or initialization failure within module.
[  126.745923][ T2386] pvrusb2: Device being rendered inoperable
[  126.751346][ T2386] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules.
[  126.751363][ T2386] pvrusb2: You need to resolve the failing condition before this driver can function.  There should be some earlier messages giving more information about the problem.
[  128.396152][ T6139] loop8: detected capacity change from 0 to 1
[  128.491781][ T6139] Dev loop8: unable to read RDB block 1
[  128.491831][ T6139]  loop8: unable to read partition table
[  128.492111][ T6139] loop8: partition table beyond EOD, truncated
[  128.492156][ T6139] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  128.541613][ T6145] loop0: detected capacity change from 0 to 64
[  128.802759][ T5629] Bluetooth: hci0: command tx timeout
[  129.002509][   T32] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  129.229923][   T32] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.229977][   T32] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  129.230003][   T32] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1058, setting to 1024
[  129.279014][   T32] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  129.279253][   T32] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.279276][   T32] usb 4-1: Product: syz
[  129.279292][   T32] usb 4-1: Manufacturer: syz
[  129.279308][   T32] usb 4-1: SerialNumber: syz
[  129.784798][ T6167] Zero length message leads to an empty skb
[  130.460094][   T32] cdc_ncm 4-1:1.0: bind() failure
[  130.645671][ T6182] netlink: 264 bytes leftover after parsing attributes in process `syz.0.129'.
[  130.645700][ T6182] netlink: 264 bytes leftover after parsing attributes in process `syz.0.129'.
[  130.708262][   T32] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71
[  130.722457][   T32] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71
[  130.762366][   T32] usbtest 4-1:1.1: probe with driver usbtest failed with error -71
[  130.804750][   T32] usb 4-1: USB disconnect, device number 3
[  130.952002][ T6186] loop0: detected capacity change from 0 to 512
[  131.265348][ T6186] EXT4-fs error (device loop0): __ext4_iget:5481: inode #11: block 1: comm syz.0.131: invalid block
[  131.265550][ T6186] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  131.273900][    C0] EXT4-fs (loop0): initial error at time 1779925273: __ext4_iget:5481: inode 11: block 1
[  131.273944][    C0] EXT4-fs (loop0): last error at time 1779925273: __ext4_iget:5481: inode 11: block 1
[  131.327965][ T6189] loop4: detected capacity change from 0 to 2048
[  131.344919][ T6186] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.131: couldn't read orphan inode 11 (err -117)
[  131.345061][ T6186] loop0: lost filesystem error report for type 5 error -117
[  131.420482][ T6186] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.528937][ T6186] EXT4-fs error (device loop0): __ext4_add_entry:2412: inode #2: comm syz.0.131: Directory hole found for htree leaf block 0
[  131.776019][ T6189] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  131.874427][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.023556][   T38] audit: type=1800 audit(1779925274.351:3): pid=6189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.132" name="bus" dev="loop4" ino=1367 res=0 errno=0
[  132.727220][ T6210] loop1: detected capacity change from 0 to 256
[  132.943389][ T6210] FAT-fs (loop1): Directory bread(block 64) failed
[  132.943425][ T6210] FAT-fs (loop1): Directory bread(block 65) failed
[  132.943539][ T6210] FAT-fs (loop1): Directory bread(block 66) failed
[  132.943571][ T6210] FAT-fs (loop1): Directory bread(block 67) failed
[  132.943683][ T6210] FAT-fs (loop1): Directory bread(block 68) failed
[  132.943707][ T6210] FAT-fs (loop1): Directory bread(block 69) failed
[  132.943895][ T6210] FAT-fs (loop1): Directory bread(block 70) failed
[  132.943918][ T6210] FAT-fs (loop1): Directory bread(block 71) failed
[  132.944028][ T6210] FAT-fs (loop1): Directory bread(block 72) failed
[  132.944051][ T6210] FAT-fs (loop1): Directory bread(block 73) failed
[  133.056228][ T1344] ieee802154 phy0 wpan0: encryption failed: -22
[  133.056332][ T1344] ieee802154 phy1 wpan1: encryption failed: -22
[  133.646455][ T6226] loop3: detected capacity change from 0 to 128
[  133.756857][ T6226] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  133.828404][ T6226] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  133.876981][ T6230] loop1: detected capacity change from 0 to 128
[  133.898265][ T6230] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  133.985684][ T1033] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  134.362262][ T1006] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  135.194853][ T6264] netlink: 8 bytes leftover after parsing attributes in process `syz.1.159'.
[  135.196432][ T6264] netlink: 'syz.1.159': attribute type 30 has an invalid length.
[  135.372621][ T5827] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  135.555157][ T5827] usb 3-1: Using ep0 maxpacket: 8
[  135.557972][ T5827] usb 3-1: config 11 has an invalid interface number: 120 but max is 0
[  135.557999][ T5827] usb 3-1: config 11 has no interface number 0
[  135.558042][ T5827] usb 3-1: config 11 interface 120 altsetting 200 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  135.558067][ T5827] usb 3-1: config 11 interface 120 altsetting 200 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  135.558091][ T5827] usb 3-1: config 11 interface 120 has no altsetting 0
[  135.561282][ T5827] usb 3-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=1a.14
[  135.561308][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.561325][ T5827] usb 3-1: Product: syz
[  135.561338][ T5827] usb 3-1: Manufacturer: syz
[  135.561351][ T5827] usb 3-1: SerialNumber: syz
[  135.813809][ T6270] loop4: detected capacity change from 0 to 512
[  135.816131][ T6270] ext4: Unknown parameter 'noacl'
[  136.034439][ T3294] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  136.035415][ T3294] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  136.035462][ T3294] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  136.035499][ T3294] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  136.078790][ T6259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.156995][ T6259] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.232676][ T5827] legousbtower 3-1:11.120: interrupt endpoints not found
[  136.343516][ T5827] usb 3-1: USB disconnect, device number 2
[  137.167806][ T6289] loop3: detected capacity change from 0 to 64
[  137.324317][ T6273] loop4: detected capacity change from 0 to 32768
[  137.510613][ T6273] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  137.891652][ T6273] XFS (loop4): Ending clean mount
[  138.221036][ T5618] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  138.281017][ T6313] loop3: detected capacity change from 0 to 512
[  138.365099][ T6313] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  138.365124][ T6313] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it
[  138.365134][ T6313] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.174: Corrupt directory, running e2fsck is recommended
[  138.771175][ T6313] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[  138.771343][ T6313] EXT4-fs error (device loop3): ext4_iget_extra_inode:5128: inode #15: comm syz.3.174: corrupted in-inode xattr: e_name out of bounds
[  138.771372][ T6313] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  138.773614][ T6313] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.174: couldn't read orphan inode 15 (err -117)
[  138.773648][ T6313] loop3: lost filesystem error report for type 5 error -117
[  138.779716][    C0] EXT4-fs (loop3): error count since last fsck: 2
[  138.779736][    C0] EXT4-fs (loop3): initial error at time 1779925281: ext4_iget_extra_inode:5128: inode 15
[  138.779760][    C0] EXT4-fs (loop3): last error at time 1779925281: ext4_orphan_get:1402
[  138.823521][ T6323] loop1: detected capacity change from 0 to 128
[  138.824975][ T6323] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  138.834856][ T6323] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  138.860549][ T1006] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  139.030459][ T6313] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.156575][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.672833][ T6352] loop0: detected capacity change from 0 to 1024
[  141.830007][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.3.196'.
[  141.885197][ T6372] netlink: 16 bytes leftover after parsing attributes in process `syz.3.196'.
[  142.619636][ T6396] syz.2.204 uses obsolete (PF_INET,SOCK_PACKET)
[  142.872250][ T6395] loop3: detected capacity change from 0 to 32768
[  143.034227][ T6395] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  143.902631][ T5616] ocfs2: Unmounting device (7,3) on (node local)
[  144.660154][ T6429] loop3: detected capacity change from 0 to 4096
[  144.672562][ T6429] EXT4-fs (loop3): Test dummy encryption mode enabled
[  144.697235][ T6429] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103]
[  144.697393][ T6429] System zones: 0-5
[  144.706008][ T6429] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.843271][ T6434] netlink: 16 bytes leftover after parsing attributes in process `syz.0.215'.
[  145.007618][ T6434] ipvlan0: entered promiscuous mode
[  145.045079][ T6434] ipvlan0: left promiscuous mode
[  145.388578][ T6429] EXT4-fs error (device loop3): __ext4_remount:6837: comm syz.3.208: Abort forced by user
[  145.456837][ T6429] EXT4-fs (loop3): Remounting filesystem read-only
[  145.456855][ T6429] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  145.668043][ T6438] loop4: detected capacity change from 0 to 1024
[  145.925618][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.941900][ T6438] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  145.974856][ T6438] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.549240][   T32] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  146.662318][ T6448] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.217: bg 0: block 112: padding at end of block bitmap is not set
[  146.711335][ T6448] EXT4-fs (loop4): Remounting filesystem read-only
[  146.729189][   T32] usb 3-1: Using ep0 maxpacket: 32
[  146.731540][   T32] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  146.731569][   T32] usb 3-1: config 0 has no interface number 0
[  146.731715][   T32] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  146.731743][   T32] usb 3-1: config 0 interface 85 has no altsetting 0
[  146.738506][   T32] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  146.738538][   T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.738558][   T32] usb 3-1: Product: syz
[  146.738572][   T32] usb 3-1: Manufacturer: syz
[  146.738587][   T32] usb 3-1: SerialNumber: syz
[  146.833077][   T32] usb 3-1: config 0 descriptor??
[  147.497520][   T32] appletouch 3-1:0.85: Geyser mode initialized.
[  147.533192][ T6464] loop3: detected capacity change from 0 to 4096
[  147.590079][   T32] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input5
[  147.611201][ T6464] EXT4-fs (loop3): Test dummy encryption mode enabled
[  147.625736][ T6464] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103]
[  147.625888][ T6464] System zones: 0-5
[  147.738293][ T6464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.063509][ T6465] syz.1.225 (6465) used greatest stack depth: 18088 bytes left
[  148.110076][   T32] usb 3-1: USB disconnect, device number 3
[  148.283727][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.325172][ T5629] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  148.325364][ T5629] Bluetooth: hci4: Injecting HCI hardware error event
[  148.344299][ T5623] Bluetooth: hci4: hardware error 0x00
[  148.971492][  T823] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  149.131303][ T5827] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  149.156827][  T823] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  149.156860][  T823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.156880][  T823] usb 2-1: Product: syz
[  149.156895][  T823] usb 2-1: Manufacturer: syz
[  149.156910][  T823] usb 2-1: SerialNumber: syz
[  149.285758][   T32] appletouch 3-1:0.85: input: appletouch disconnected
[  149.300728][  T823] usb 2-1: config 0 descriptor??
[  149.309285][ T5827] usb 4-1: Using ep0 maxpacket: 16
[  149.311799][ T5827] usb 4-1: config index 0 descriptor too short (expected 52, got 36)
[  149.311824][ T5827] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  149.311842][ T5827] usb 4-1: config 0 has no interface number 0
[  149.311884][ T5827] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  149.311908][ T5827] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  149.378034][ T5827] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  149.378067][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.378087][ T5827] usb 4-1: Product: syz
[  149.378103][ T5827] usb 4-1: Manufacturer: syz
[  149.378117][ T5827] usb 4-1: SerialNumber: syz
[  149.484800][  T823] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 002
[  149.699909][ T5827] usb 4-1: config 0 descriptor??
[  149.700883][ T6477] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  149.701079][ T6477] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  149.781641][  T823]  (null): failure reading functionality
[  149.961899][ T6477] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  149.972285][ T6477] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  150.003737][  T823] i2c i2c-1: connected i2c-tiny-usb device
[  150.070466][  T823] usb 2-1: USB disconnect, device number 2
[  150.130470][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  150.404899][ T5827] asix 4-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[  150.405259][ T5827] asix 4-1:0.251: probe with driver asix failed with error -524
[  150.704298][ T5827] usb 4-1: USB disconnect, device number 4
[  150.886499][ T5623] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  151.039620][ T4996] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  151.240583][ T4996] usb 3-1: config 0 has no interfaces?
[  151.245792][ T4996] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  151.245825][ T4996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.245845][ T4996] usb 3-1: Product: syz
[  151.245860][ T4996] usb 3-1: Manufacturer: syz
[  151.245874][ T4996] usb 3-1: SerialNumber: syz
[  151.334556][ T4996] usb 3-1: config 0 descriptor??
[  151.552177][  T823] usb 3-1: USB disconnect, device number 4
[  151.680880][ T5623] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  151.684584][ T5623] Bluetooth: hci3: Injecting HCI hardware error event
[  151.687494][ T5629] Bluetooth: hci3: hardware error 0x00
[  151.911365][ T6508] loop1: detected capacity change from 0 to 1024
[  152.488396][ T6519] loop4: detected capacity change from 0 to 1024
[  152.724244][ T6519] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  152.724416][ T6519] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.050084][ T6542] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.244: bg 0: block 112: padding at end of block bitmap is not set
[  154.226078][ T5629] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  154.401067][ T6542] EXT4-fs (loop4): Remounting filesystem read-only
[  154.752528][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  154.773048][ T6546] loop1: detected capacity change from 0 to 4096
[  155.089232][ T6551] mmap: syz.2.254 (6551) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  155.524522][ T6557] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  156.944729][ T6572] loop3: detected capacity change from 0 to 1024
[  157.201153][ T6572] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  157.210347][ T6572] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.309325][ T5827] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  157.464502][ T5827] usb 5-1: Using ep0 maxpacket: 16
[  157.468068][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.468104][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.468127][ T5827] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  157.468173][ T5827] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  157.468197][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.546393][ T5827] usb 5-1: config 0 descriptor??
[  157.578048][ T6563] loop2: detected capacity change from 0 to 32768
[  158.055477][ T6563] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  158.055477][ T6563] 
[  158.055524][ T6563] xtLookup: xtSearch returned -5
[  158.055534][ T6563] add_index: get/read_metapage failed!
[  158.055544][ T6563] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  158.055544][ T6563] 
[  158.055572][ T6563] xtLookup: xtSearch returned -5
[  158.055580][ T6563] free_index: error reading directory table
[  158.055589][ T6563] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  158.055589][ T6563] 
[  158.055617][ T6563] xtLookup: xtSearch returned -5
[  158.055626][ T6563] free_index: error reading directory table
[  158.055634][ T6563] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  158.055634][ T6563] 
[  158.055661][ T6563] xtLookup: xtSearch returned -5
[  158.055668][ T6563] free_index: error reading directory table
[  158.055676][ T6563] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  158.055676][ T6563] 
[  158.055701][ T6563] xtLookup: xtSearch returned -5
[  158.055709][ T6563] free_index: error reading directory table
[  158.055717][ T6563] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  158.055717][ T6563] 
[  158.055745][ T6563] xtLookup: xtSearch returned -5
[  158.055752][ T6563] free_index: error reading directory table
[  158.222008][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.222048][ T5827] microsoft 0003:045E:07DA.0002: ignoring exceeding usage max
[  158.224390][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224432][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224459][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224484][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224510][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224536][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224563][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224589][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.224613][ T5827] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  158.227374][ T5827] microsoft 0003:045E:07DA.0002: implement() called with n (123) > 32! (kworker/0:6)
[  158.344906][ T5827] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  158.344941][ T5827] microsoft 0003:045E:07DA.0002: no inputs found
[  158.344955][ T5827] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway
[  158.378330][ T5827] usb 5-1: USB disconnect, device number 2
[  158.876581][ T6592] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.261: bg 0: block 112: padding at end of block bitmap is not set
[  158.903243][ T6592] EXT4-fs (loop3): Remounting filesystem read-only
[  159.301882][ T6588] fido_id[6588]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  159.403384][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  159.488961][ T6597] loop1: detected capacity change from 0 to 1024
[  159.741736][ T6597] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.225717][ T6607] loop3: detected capacity change from 0 to 1024
[  160.243823][ T6607] EXT4-fs: Ignoring removed nobh option
[  160.243849][ T6607] EXT4-fs: Ignoring removed bh option
[  160.288663][ T6607] EXT4-fs (loop3): bad geometry: bigalloc file system with non-zero first_data_block
[  160.288663][ T6607] 
[  160.415025][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.679229][ T4996] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  160.829233][ T4996] usb 1-1: Using ep0 maxpacket: 8
[  160.833294][ T4996] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.833353][ T4996] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  160.833389][ T4996] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  160.833416][ T4996] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  160.833439][ T4996] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  160.839920][ T4996] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  160.839949][ T4996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  160.839968][ T4996] usb 1-1: Product: syz
[  160.839981][ T4996] usb 1-1: Manufacturer: syz
[  160.839994][ T4996] usb 1-1: SerialNumber: syz
[  160.944884][ T4996] usb 1-1: config 0 descriptor??
[  161.127481][ T6618] loop4: detected capacity change from 0 to 164
[  161.246650][ T4996] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  161.246679][ T4996] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  161.451264][ T4996] radio-si470x 1-1:0.0: software version 0, hardware version 0
[  161.451292][ T4996] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  161.451313][ T4996] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  161.650745][ T4996] radio-si470x 1-1:0.0: submitting int urb failed (-90)
[  162.054327][ T4996] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[  162.054727][ T4996] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22
[  162.148424][ T4996] usb 1-1: USB disconnect, device number 3
[  162.193423][ T6492] udevd[6492]: setting mode of /dev/bus/usb/001/003 to 020664 failed: No such file or directory
[  162.193602][ T6492] udevd[6492]: setting owner of /dev/bus/usb/001/003 to uid=0, gid=0 failed: No such file or directory
[  162.334686][ T6618] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  162.457588][ T6618] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  162.597634][ T6618] rock: directory entry would overflow storage
[  162.597652][ T6618] rock: sig=0x4f50, size=4, remaining=3
[  162.597668][ T6618] iso9660: Corrupted directory entry in block 4 of inode 1792
[  162.630929][ T6618] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  162.630987][ T6618] rock: directory entry would overflow storage
[  162.630996][ T6618] rock: sig=0x4f50, size=4, remaining=3
[  162.631009][ T6618] iso9660: Corrupted directory entry in block 4 of inode 1792
[  163.075646][ T6614] loop1: detected capacity change from 0 to 32768
[  163.315587][ T6614] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.273 (6614)
[  163.826538][ T6642] loop3: detected capacity change from 0 to 512
[  163.837981][ T6642] EXT4-fs: Ignoring removed oldalloc option
[  163.890576][ T6642] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8840c01c, mo2=0002]
[  163.893343][ T6642] EXT4-fs (loop3): orphan cleanup on readonly fs
[  163.905166][ T6642] EXT4-fs warning (device loop3): ext4_enable_quotas:7269: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  164.122660][ T6642] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  164.139633][ T6642] EXT4-fs error (device loop3): ext4_ext_check_inode:521: inode #13: comm syz.3.285: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  164.139683][ T6642] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  164.143590][ T6642] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.285: couldn't read orphan inode 13 (err -117)
[  164.143624][ T6642] loop3: lost filesystem error report for type 5 error -117
[  164.255001][ T6642] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  164.289163][ T4996] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  164.289463][    C0] raw-gadget.0 gadget.0: ignoring, device is not running
[  164.419577][ T4996] usb 1-1: device descriptor read/64, error -32
[  164.809198][ T4996] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  164.841415][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.920443][ T6614] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  164.920471][ T6614] BTRFS info (device loop1): using crc32c checksum algorithm
[  165.115018][ T4996] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  165.115048][ T4996] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  165.115068][ T4996] usb 1-1: config 1 has no interface number 0
[  165.115117][ T4996] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  165.115145][ T4996] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  165.115173][ T4996] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  165.125054][ T4996] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  165.125084][ T4996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.125102][ T4996] usb 1-1: Product: syz
[  165.125116][ T4996] usb 1-1: Manufacturer: syz
[  165.125128][ T4996] usb 1-1: SerialNumber: syz
[  165.194809][ T6614] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  165.240629][ T6645] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  165.329445][ T6614] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  165.329917][ T6614] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  165.330357][ T6614] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  165.451243][ T6614] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  165.561866][ T6614] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  165.562277][ T6614] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  165.604551][ T6665] loop4: detected capacity change from 0 to 128
[  165.803123][ T6645] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  165.946121][ T6614] BTRFS error (device loop1): open_ctree failed: -12
[  166.215009][ T4996] cdc_ncm 1-1:1.1: bind() failure
[  166.454284][ T4996] usb 1-1: USB disconnect, device number 5
[  166.809570][ T6665] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  166.809952][ T6665] hpfs: filesystem error: improperly stopped
[  166.809970][ T6665] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  166.809985][ T6665] hpfs: You really don't want any checks? You are crazy...
[  166.810505][ T6665] hpfs: hpfs_map_sector(): read error
[  166.810516][ T6665] hpfs: code page support is disabled
[  166.933372][ T6665] hpfs: hpfs_map_4sectors(): unaligned read
[  166.936706][ T6665] hpfs: hpfs_map_4sectors(): unaligned read
[  166.936724][ T6665] hpfs: filesystem error: unable to find root dir
[  167.205934][ T6665] hpfs: hpfs_map_4sectors(): unaligned read
[  167.305175][ T6665] hpfs: hpfs_map_sector(): read error
[  167.449402][ T6680] hpfs: hpfs_map_4sectors(): unaligned read
[  167.898677][ T6678] loop3: detected capacity change from 0 to 131072
[  167.985437][ T6678] F2FS-fs (loop3): invalid crc value
[  167.995431][ T6687] netlink: 12 bytes leftover after parsing attributes in process `syz.0.298'.
[  168.251883][ T6678] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  168.294965][ T6678] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  169.785624][ T6715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.306'.
[  169.785662][ T6715] netlink: 'syz.1.306': attribute type 30 has an invalid length.
[  169.859552][ T6716] netlink: 8 bytes leftover after parsing attributes in process `syz.1.306'.
[  169.859607][ T6716] netlink: 'syz.1.306': attribute type 30 has an invalid length.
[  170.780939][ T6720] 9p: Unknown uid 00000000004294967295
[  171.914106][ T6731] netlink: 'syz.0.313': attribute type 1 has an invalid length.
[  173.863522][ T6723] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  173.883550][ T6723] bond1: (slave lo): Enslaving as an active interface with an up link
[  173.908805][ T6723] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  174.021648][ T6731] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  174.899911][ T6744] warning: `syz.2.316' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  175.567060][ T6763] loop1: detected capacity change from 0 to 1024
[  175.656635][ T6763] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  175.656802][ T6763] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.284678][ T6782] netlink: 'syz.3.302': attribute type 1 has an invalid length.
[  176.639466][ T6772] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  176.681974][ T6772] EXT4-fs (loop1): Remounting filesystem read-only
[  176.893730][ T5719] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  177.042837][ T5719] usb 4-1: Using ep0 maxpacket: 8
[  177.048010][ T5719] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 15
[  177.048069][ T5719] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  177.048094][ T5719] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  177.048125][ T5719] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  177.051378][ T5719] usb 4-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  177.051404][ T5719] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.051423][ T5719] usb 4-1: Product: syz
[  177.051436][ T5719] usb 4-1: Manufacturer: syz
[  177.051449][ T5719] usb 4-1: SerialNumber: syz
[  177.166587][ T5719] usb 4-1: config 0 descriptor??
[  177.270546][ T6799] netlink: 92 bytes leftover after parsing attributes in process `syz.0.331'.
[  177.452876][ T5719] powermate: Expected payload of 3--6 bytes, found 0 bytes!
[  177.453153][ T5719] powermate 4-1:0.0: probe with driver powermate failed with error -5
[  177.616208][ T5719] usb 4-1: USB disconnect, device number 5
[  180.004547][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  181.052679][ T6825] syz.3.340 (6825) used greatest stack depth: 17952 bytes left
[  181.351688][ T6852] loop4: detected capacity change from 0 to 136
[  181.465682][ T6856] loop1: detected capacity change from 0 to 1024
[  181.613268][ T6856] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  181.613426][ T6856] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.049700][ T6852] iso9660: Corrupted directory entry in block 2 of inode 1472
[  182.509748][ T6876] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  182.613263][   T10] IPVS: starting estimator thread 0...
[  182.733943][ T6878] IPVS: using max 7 ests per chain, 16800 per kthread
[  183.094647][ T6891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.365'.
[  183.588954][ T6899] loop2: detected capacity change from 0 to 256
[  183.869425][ T6902] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.354: bg 0: block 112: padding at end of block bitmap is not set
[  183.960665][ T6902] EXT4-fs (loop1): Remounting filesystem read-only
[  184.146328][ T6899] FAT-fs (loop2): Directory bread(block 64) failed
[  184.146363][ T6899] FAT-fs (loop2): Directory bread(block 65) failed
[  184.146473][ T6899] FAT-fs (loop2): Directory bread(block 66) failed
[  184.146518][ T6899] FAT-fs (loop2): Directory bread(block 67) failed
[  184.146639][ T6899] FAT-fs (loop2): Directory bread(block 68) failed
[  184.146663][ T6899] FAT-fs (loop2): Directory bread(block 69) failed
[  184.146772][ T6899] FAT-fs (loop2): Directory bread(block 70) failed
[  184.146796][ T6899] FAT-fs (loop2): Directory bread(block 71) failed
[  184.146906][ T6899] FAT-fs (loop2): Directory bread(block 72) failed
[  184.146929][ T6899] FAT-fs (loop2): Directory bread(block 73) failed
[  184.849955][ T6908] netlink: 276 bytes leftover after parsing attributes in process `syz.4.371'.
[  185.217788][ T6915] loop2: detected capacity change from 0 to 64
[  185.734342][   T38] audit: type=1800 audit(1779925328.061:4): pid=6915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.372" name="file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  186.212399][ T5614] hfs: node 4:3 still has 1 user(s)!
[  186.353178][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  187.844142][ T6957] loop4: detected capacity change from 0 to 1024
[  187.892493][ T6957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  187.892668][ T6957] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.029341][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  188.212583][    T9] usb 3-1: Using ep0 maxpacket: 8
[  188.218777][    T9] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  188.218827][    T9] usb 3-1: config 0 has no interface number 0
[  188.218877][    T9] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  188.218902][    T9] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  188.218927][    T9] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  188.218952][    T9] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  188.218996][    T9] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  188.221970][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.466218][ T6966] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.390: bg 0: block 112: padding at end of block bitmap is not set
[  188.804246][ T6966] EXT4-fs (loop4): Remounting filesystem read-only
[  188.932981][    T9] usb 3-1: config 0 descriptor??
[  189.140104][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  189.345604][    T9] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  189.373939][    T9] usb 3-1: USB disconnect, device number 5
[  189.400240][    T9] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  189.790743][ T6978] loop4: detected capacity change from 0 to 2048
[  189.817141][ T6978] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  189.940386][ T6978] mmap: syz.4.394 (6978): VmData 41652224 exceed data ulimit 33554432. Update limits or use boot option ignore_rlimit_data.
[  190.212521][ T6985] Bluetooth: MGMT ver 1.23
[  190.232293][ T6986] loop2: detected capacity change from 0 to 128
[  190.368939][ T6986] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  190.566490][ T6989] loop4: detected capacity change from 0 to 2048
[  190.770524][ T6989] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.871181][ T6989] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  191.208055][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.329910][ T6986] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  191.456840][ T6986] ext2 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  192.273255][ T7009] netlink: 'syz.4.407': attribute type 1 has an invalid length.
[  192.439952][ T5614] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  192.595871][ T7009] bond2: entered promiscuous mode
[  192.602031][ T7009] bond2: entered allmulticast mode
[  192.603396][ T7009] 8021q: adding VLAN 0 to HW filter on device bond2
[  193.024811][ T7025] netlink: 8 bytes leftover after parsing attributes in process `syz.3.411'.
[  193.353954][ T7036] loop1: detected capacity change from 0 to 512
[  193.589820][ T7036] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.591181][ T7036] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  193.595442][ T7041] loop2: detected capacity change from 0 to 128
[  193.725493][ T7041] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  193.726038][ T7041] ext4 filesystem being mounted at /91/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.927058][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.717902][ T7049] loop4: detected capacity change from 0 to 32768
[  194.738064][ T1344] ieee802154 phy0 wpan0: encryption failed: -22
[  194.738186][ T1344] ieee802154 phy1 wpan1: encryption failed: -22
[  194.999987][ T7049] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  195.307250][ T7049] XFS (loop4): Ending clean mount
[  196.230967][ T5614] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  196.375199][   T67] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 
[  196.375255][   T67] XFS (loop4): Unmount and run xfs_repair
[  196.375268][   T67] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  196.375285][   T67] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  196.375300][   T67] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10  ................
[  196.375412][   T67] 00000020: ed 37 bf 6e 74 ea 4e 01 f8 ba 5f ee 27 4b 0f 3a  .7.nt.N..._.'K.:
[  196.375428][   T67] 00000030: 00 00 00 00 f6 3b 25 b5 00 00 00 07 00 00 00 01  .....;%.........
[  196.375442][   T67] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  196.375456][   T67] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  196.375470][   T67] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  196.375483][   T67] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  196.375681][   T67] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74
[  196.568143][ T7064] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.423'.
[  196.568740][   T67] XFS (loop4): page discard on page ffffea0001112080, inode 0x1809, pos 0.
[  196.755271][ T5618] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  197.085511][ T7069] loop2: detected capacity change from 0 to 128
[  197.356155][ T5618] XFS (loop4): Uncorrected metadata errors detected; please run xfs_repair.
[  199.746323][ T7099] loop1: detected capacity change from 0 to 256
[  199.749399][ T7099] vfat: Unknown parameter 'fsuuid'
[  200.390285][ T7105] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size.
[  201.225466][ T7119] netlink: 'syz.0.442': attribute type 8 has an invalid length.
[  201.225491][ T7119] netlink: 4 bytes leftover after parsing attributes in process `syz.0.442'.
[  201.346173][ T7119] bond0: entered promiscuous mode
[  201.346196][ T7119] bond_slave_0: entered promiscuous mode
[  201.346582][ T7119] bond_slave_1: entered promiscuous mode
[  201.573316][ T7119] batadv0: entered promiscuous mode
[  201.593576][ T7119] team0: entered promiscuous mode
[  201.593600][ T7119] team_slave_0: entered promiscuous mode
[  201.593897][ T7119] team_slave_1: entered promiscuous mode
[  201.867262][ T7126] loop2: detected capacity change from 0 to 256
[  201.879616][ T7119] hsr1: entered promiscuous mode
[  201.950483][ T7119] 8021q: adding VLAN 0 to HW filter on device hsr1
[  202.762501][ T7126] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  202.841301][ T5732] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  203.018173][ T5732] usb 2-1: Using ep0 maxpacket: 32
[  203.025958][ T5732] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  203.025986][ T5732] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  203.026007][ T5732] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  203.026058][ T5732] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  203.026080][ T5732] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  203.026105][ T5732] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  203.026146][ T5732] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  203.026170][ T5732] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.245732][ T5732] usb 2-1: config 0 descriptor??
[  204.328118][ T5732] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  204.535143][ T5732] usb 2-1: USB disconnect, device number 3
[  204.787253][ T5628] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  204.836720][ T5732] usblp0: removed
[  205.383898][ T7147] loop4: detected capacity change from 0 to 32768
[  205.425496][ T7147] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.454 (7147)
[  205.894363][ T7147] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  205.894403][ T7147] BTRFS info (device loop4): using sha256 checksum algorithm
[  205.955333][ T5628] usb 1-1: Using ep0 maxpacket: 32
[  206.276463][ T7147] BTRFS info (device loop4): rebuilding free space tree
[  206.780110][ T7151] ceph: No mds server is up or the cluster is laggy
[  207.045694][ T5628] usb 1-1: unable to read config index 0 descriptor/all
[  207.045751][ T5628] usb 1-1: can't read configurations, error -71
[  207.104074][ T7147] BTRFS info (device loop4): setting nodatasum
[  207.104103][ T7147] BTRFS info (device loop4): setting nodatacow
[  207.104120][ T7147] BTRFS info (device loop4): turning off barriers
[  207.104137][ T7147] BTRFS info (device loop4): turning on sync discard
[  207.104153][ T7147] BTRFS info (device loop4): enabling free space tree
[  207.104169][ T7147] BTRFS info (device loop4): force clearing of disk cache
[  208.459847][ T5732] libceph: connect (1)[c::]:6789 error -101
[  208.588151][ T5732] libceph: mon0 (1)[c::]:6789 connect error
[  208.657010][ T7153] ceph: No mds server is up or the cluster is laggy
[  208.766515][ T5732] libceph: connect (1)[c::]:6789 error -101
[  208.766763][ T5732] libceph: mon0 (1)[c::]:6789 connect error
[  209.083558][  T823] libceph: connect (1)[c::]:6789 error -101
[  209.083788][  T823] libceph: mon0 (1)[c::]:6789 connect error
[  209.592787][ T5732] libceph: connect (1)[c::]:6789 error -101
[  209.669280][ T5732] libceph: mon0 (1)[c::]:6789 connect error
[  211.095601][  T823] libceph: connect (1)[c::]:6789 error -101
[  211.135570][  T823] libceph: mon0 (1)[c::]:6789 connect error
[  211.922789][   T60] Bluetooth: hci2: command 0x0406 tx timeout
[  211.999745][   T60] Bluetooth: hci1: command 0x0406 tx timeout
[  212.352403][ T7210] loop3: detected capacity change from 0 to 128
[  213.670243][ T7213] loop1: detected capacity change from 0 to 256
[  214.859319][ T5618] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  214.863374][ T7217] netlink: 'syz.2.472': attribute type 1 has an invalid length.
[  215.213268][ T7217] 8021q: adding VLAN 0 to HW filter on device bond1
[  215.214814][ T7219] bond1: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-alb(6)
[  215.248855][ T7221] loop0: detected capacity change from 0 to 1024
[  215.438522][ T7221] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  215.438703][ T7221] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  216.082061][ T7228] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.474: bg 0: block 112: padding at end of block bitmap is not set
[  216.978663][ T7228] EXT4-fs (loop0): Remounting filesystem read-only
[  217.256517][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  217.763519][ T7234] loop2: detected capacity change from 0 to 128
[  221.616372][ T7279] netlink: 25 bytes leftover after parsing attributes in process `syz.3.490'.
[  222.991137][ T7296] loop3: detected capacity change from 0 to 1024
[  223.017160][ T7296] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  223.263577][ T7296] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.448449][ T7304] loop4: detected capacity change from 0 to 64
[  224.002085][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.044996][ T7304] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  225.411782][ T7321] netlink: 'syz.0.506': attribute type 3 has an invalid length.
[  226.039448][ T7326] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  228.087246][ T7331] loop3: detected capacity change from 0 to 32768
[  229.885234][   T32] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  230.050309][   T32] usb 3-1: Using ep0 maxpacket: 8
[  230.159715][   T32] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  230.159743][   T32] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  230.162767][   T32] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.40
[  230.162791][   T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.162811][   T32] usb 3-1: Product: syz
[  230.162826][   T32] usb 3-1: Manufacturer: syz
[  230.162841][   T32] usb 3-1: SerialNumber: syz
[  231.088688][   T32] usb 3-1: USB disconnect, device number 6
[  232.038976][ T7382] loop4: detected capacity change from 0 to 8192
[  232.062508][ T7382] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  233.524325][ T7386] loop1: detected capacity change from 0 to 4096
[  233.832111][ T7386] EXT4-fs (loop1): Test dummy encryption mode enabled
[  233.875913][ T7386] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103]
[  233.876065][ T7386] System zones: 0-5
[  234.064804][ T7386] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.582938][ T7386] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  236.390883][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.591858][ T7412] loop2: detected capacity change from 0 to 1024
[  236.750452][ T7412] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  236.750613][ T7412] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  237.128707][   T38] audit: type=1800 audit(1779925379.451:5): pid=7418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.535" name="file1" dev="loop2" ino=15 res=0 errno=0
[  237.764274][ T5614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  239.284754][ T7433] loop2: detected capacity change from 0 to 512
[  239.391192][ T7433] EXT4-fs error (device loop2): ext4_iget_extra_inode:5128: inode #15: comm syz.2.539: corrupted in-inode xattr: invalid ea_ino
[  239.391230][ T7433] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  239.391813][ T7433] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.539: couldn't read orphan inode 15 (err -117)
[  239.391844][ T7433] loop2: lost filesystem error report for type 5 error -117
[  239.399124][    C1] EXT4-fs (loop2): error count since last fsck: 2
[  239.399148][    C1] EXT4-fs (loop2): initial error at time 1779925381: ext4_iget_extra_inode:5128: inode 15
[  239.399178][    C1] EXT4-fs (loop2): last error at time 1779925381: ext4_orphan_get:1402
[  239.500636][ T7433] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.032003][ T7452] netlink: 'syz.1.548': attribute type 2 has an invalid length.
[  242.032028][ T7452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.548'.
[  242.329872][ T5614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.396837][ T7467] input: syz1 as /devices/virtual/input/input7
[  246.046060][ T7484] FAULT_FLAG_ALLOW_RETRY missing 801
[  246.046089][ T7484] CPU: 1 UID: 0 PID: 7484 Comm: syz.4.560 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  246.046119][ T7484] Tainted: [L]=SOFTLOCKUP
[  246.046127][ T7484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  246.046138][ T7484] Call Trace:
[  246.046147][ T7484]  <TASK>
[  246.046157][ T7484]  dump_stack_lvl+0xe8/0x150
[  246.046192][ T7484]  handle_userfault+0x152f/0x17e0
[  246.046236][ T7484]  ? __folio_put+0x2eb/0x3a0
[  246.046273][ T7484]  ? __pfx___folio_put+0x10/0x10
[  246.046311][ T7484]  ? __pfx_handle_userfault+0x10/0x10
[  246.046352][ T7484]  ? do_pte_missing+0x26eb/0x2940
[  246.046402][ T7484]  handle_mm_fault+0xdc2/0x14d0
[  246.046435][ T7484]  ? handle_mm_fault+0xed/0x14d0
[  246.046470][ T7484]  ? __pfx_handle_mm_fault+0x10/0x10
[  246.046499][ T7484]  ? follow_page_pte+0xbe2/0xe60
[  246.046537][ T7484]  ? __pfx_follow_page_pte+0x10/0x10
[  246.046575][ T7484]  __get_user_pages+0x16d4/0x2620
[  246.046634][ T7484]  populate_vma_page_range+0x2be/0x3c0
[  246.046664][ T7484]  ? __pfx_populate_vma_page_range+0x10/0x10
[  246.046687][ T7484]  ? vma_wants_writenotify+0xba/0x340
[  246.046714][ T7484]  ? vma_set_page_prot+0xc3/0x100
[  246.046743][ T7484]  mprotect_fixup+0x9e5/0xb60
[  246.046781][ T7484]  ? __pfx_mprotect_fixup+0x10/0x10
[  246.046835][ T7484]  ? apparmor_file_mprotect+0x1d0/0x400
[  246.046856][ T7484]  ? security_file_mprotect+0x1a/0x290
[  246.046895][ T7484]  do_mprotect_pkey+0x8d5/0xd20
[  246.046932][ T7484]  ? __pfx_do_mprotect_pkey+0x10/0x10
[  246.046984][ T7484]  ? rcu_is_watching+0x15/0xb0
[  246.047022][ T7484]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.047048][ T7484]  __x64_sys_mprotect+0x80/0x90
[  246.047081][ T7484]  do_syscall_64+0x174/0x580
[  246.047101][ T7484]  ? trace_irq_disable+0x3b/0x140
[  246.047128][ T7484]  ? clear_bhb_loop+0x40/0x90
[  246.047154][ T7484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.047176][ T7484] RIP: 0033:0x7f4b0bb3ce59
[  246.047197][ T7484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  246.047214][ T7484] RSP: 002b:00007f4b09d8e028 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
[  246.047238][ T7484] RAX: ffffffffffffffda RBX: 00007f4b0bdb5fa0 RCX: 00007f4b0bb3ce59
[  246.047253][ T7484] RDX: 000000000000000f RSI: 0000000000004000 RDI: 0000200000ffc000
[  246.047267][ T7484] RBP: 00007f4b0bbd2d6f R08: 0000000000000000 R09: 0000000000000000
[  246.047279][ T7484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  246.047291][ T7484] R13: 00007f4b0bdb6038 R14: 00007f4b0bdb5fa0 R15: 00007ffdae1de858
[  246.047327][ T7484]  </TASK>
[  246.781810][ T7490] loop4: detected capacity change from 0 to 128
[  246.973135][ T5623] Bluetooth: hci1: unexpected event for opcode 0x0000
[  247.235700][ T7490] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  247.258363][ T7490] ext4 filesystem being mounted at /108/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  248.048370][ T5618] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  251.040077][ T5623] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  251.040282][ T5623] Bluetooth: hci1: Injecting HCI hardware error event
[  251.051132][ T5623] Bluetooth: hci1: hardware error 0x00
[  252.886485][   T60] Bluetooth: hci0: command 0x0406 tx timeout
[  253.999362][ T5623] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  254.288932][ T7569] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  255.935632][ T1344] ieee802154 phy0 wpan0: encryption failed: -22
[  255.935752][ T1344] ieee802154 phy1 wpan1: encryption failed: -22
[  255.966586][ T7593] loop4: detected capacity change from 0 to 4096
[  256.045669][ T7593] EXT4-fs (loop4): Test dummy encryption mode enabled
[  256.065843][ T7593] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103]
[  256.065994][ T7593] System zones: 0-5
[  256.362294][ T7593] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.490940][ T7593] EXT4-fs error (device loop4): __ext4_remount:6837: comm syz.4.594: Abort forced by user
[  257.491428][ T7593] EXT4-fs (loop4): Remounting filesystem read-only
[  257.491444][ T7593] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  257.923347][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.117681][ T7629] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  259.201370][ T5732] IPVS: starting estimator thread 0...
[  259.203000][ T7642] IPVS: wlc: FWM 3 0x00000003 - no destination available
[  259.309785][ T7643] IPVS: using max 7 ests per chain, 16800 per kthread
[  260.193280][ T7652] loop2: detected capacity change from 0 to 7
[  260.258119][ T7652] Dev loop2: unable to read RDB block 7
[  260.258155][ T7652]  loop2: AHDI p1 p2 p3
[  260.258190][ T7652] loop2: partition table partially beyond EOD, truncated
[  260.308118][ T7652] loop2: p1 start 1818582900 is beyond EOD, truncated
[  260.308151][ T7652] loop2: p3 start 335544320 is beyond EOD, truncated
[  264.664219][ T7686] loop3: detected capacity change from 0 to 512
[  266.058378][ T7686] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  266.058414][ T7686] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it
[  266.058432][ T7686] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.621: Corrupt directory, running e2fsck is recommended
[  267.464638][ T7686] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[  267.665054][ T7686] EXT4-fs error (device loop3): ext4_iget_extra_inode:5128: inode #15: comm syz.3.621: corrupted in-inode xattr: e_name out of bounds
[  267.665092][ T7686] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  267.669203][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  267.669227][    C1] EXT4-fs (loop3): initial error at time 1779925409: ext4_iget_extra_inode:5128: inode 15
[  267.669258][    C1] EXT4-fs (loop3): last error at time 1779925409: ext4_iget_extra_inode:5128: inode 15
[  267.943037][ T7686] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.621: couldn't read orphan inode 15 (err -117)
[  267.943076][ T7686] loop3: lost filesystem error report for type 5 error -117
[  268.041395][ T7686] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.479144][ T7704] capability: warning: `syz.0.627' uses 32-bit capabilities (legacy support in use)
[  268.643536][ T7707] loop4: detected capacity change from 0 to 128
[  268.705056][ T7707] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  268.839809][ T7707] ext4 filesystem being mounted at /120/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  268.890445][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.846925][ T5618] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  270.089203][ T5732] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  270.249246][ T5732] usb 1-1: Using ep0 maxpacket: 16
[  270.272150][ T5732] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  270.272186][ T5732] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  270.311557][ T5732] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  270.311589][ T5732] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.311609][ T5732] usb 1-1: Product: syz
[  270.311623][ T5732] usb 1-1: Manufacturer: syz
[  270.311638][ T5732] usb 1-1: SerialNumber: syz
[  270.416395][ T5732] usb 1-1: config 0 descriptor??
[  270.465945][ T5732] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  270.465983][ T5732] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  271.340174][ T5732] em28xx 1-1:0.0: unknown em28xx chip ID (232)
[  271.546527][ T5732] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  271.970239][ T5732] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  271.970262][ T5732] em28xx 1-1:0.0: No AC97 audio processor
[  272.038872][ T5732] usb 1-1: USB disconnect, device number 8
[  272.133886][ T5732] em28xx 1-1:0.0: Disconnecting em28xx
[  273.618961][ T7743] loop3: detected capacity change from 0 to 32768
[  273.855079][ T5732] em28xx 1-1:0.0: Freeing device
[  274.188431][ T7746] netlink: 76 bytes leftover after parsing attributes in process `syz.4.644'.
[  274.539348][ T5732] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  274.573342][ T7743] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  274.723549][ T5732] usb 1-1: Using ep0 maxpacket: 16
[  274.726650][ T5732] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  274.726691][ T5732] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  274.774123][ T5732] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  274.774156][ T5732] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.774176][ T5732] usb 1-1: Product: syz
[  274.774191][ T5732] usb 1-1: Manufacturer: syz
[  274.774205][ T5732] usb 1-1: SerialNumber: syz
[  274.905740][ T7754] loop4: detected capacity change from 0 to 256
[  274.946304][ T7743] XFS (loop3): Ending clean mount
[  275.381033][ T5732] usb 1-1: config 0 descriptor??
[  275.492978][ T5732] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  275.493016][ T5732] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  276.193720][ T5732] em28xx 1-1:0.0: unknown em28xx chip ID (238)
[  276.397054][ T5732] em28xx 1-1:0.0: Config register raw data: 0xee
[  276.397082][ T5732] em28xx 1-1:0.0: I2S Audio (3 sample rate(s))
[  276.397098][ T5732] em28xx 1-1:0.0: No AC97 audio processor
[  277.052966][   T38] audit: type=1800 audit(1779925419.381:6): pid=7754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.645" name="file0" dev="loop4" ino=1048632 res=0 errno=0
[  277.152009][ T5732] usb 1-1: USB disconnect, device number 9
[  278.204116][ T7766] loop0: detected capacity change from 0 to 128
[  278.459895][ T7766] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  278.466553][ T7766] ext4 filesystem being mounted at /139/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  280.437150][ T5617] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  280.803459][ T7791] loop0: detected capacity change from 0 to 128
[  280.924625][ T5616] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  282.310523][ T5617] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  282.370565][ T5617] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  282.655213][ T7800] loop4: detected capacity change from 0 to 256
[  284.476901][ T7807] loop4: detected capacity change from 0 to 1024
[  290.661816][ T5732] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  290.705364][ T5629] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  290.784795][ T5629] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  290.812425][ T5629] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  290.842420][ T5629] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  290.843487][ T5629] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  290.862545][ T5732] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  290.862576][ T5732] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  290.862597][ T5732] usb 5-1: config 0 has no interface number 0
[  291.022844][ T5732] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  291.022876][ T5732] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.022896][ T5732] usb 5-1: Product: syz
[  291.023004][ T5732] usb 5-1: Manufacturer: syz
[  291.023020][ T5732] usb 5-1: SerialNumber: syz
[  291.345591][ T7861] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  291.372070][ T5732] usb 5-1: config 0 descriptor??
[  291.587297][ T5732] uvcvideo 5-1:0.64: probe with driver uvcvideo failed with error -22
[  291.733600][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.142919][ T7867] loop1: detected capacity change from 0 to 32768
[  292.330708][ T7867] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  293.362482][ T5623] Bluetooth: hci3: command tx timeout
[  293.911825][ T5732] usb 5-1: USB disconnect, device number 3
[  294.504188][ T5615] ocfs2: Unmounting device (7,1) on (node local)
[  295.443567][ T5623] Bluetooth: hci3: command tx timeout
[  295.566037][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.753734][ T7911] capability: warning: `syz.4.694' uses deprecated v2 capabilities in a way that may be insecure
[  297.427500][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.538553][ T5623] Bluetooth: hci3: command tx timeout
[  299.600874][ T5623] Bluetooth: hci3: command tx timeout
[  301.061883][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.638630][   T32] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  301.849240][   T32] usb 3-1: Using ep0 maxpacket: 16
[  301.851743][   T32] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  301.851768][   T32] usb 3-1: config 0 has no interface number 0
[  301.851815][   T32] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 7
[  301.851841][   T32] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  301.868284][   T32] usb 3-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c
[  301.868315][   T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.868336][   T32] usb 3-1: Product: syz
[  301.868351][   T32] usb 3-1: Manufacturer: syz
[  301.868364][   T32] usb 3-1: SerialNumber: syz
[  301.991033][   T32] usb 3-1: config 0 descriptor??
[  302.230853][ T7972] netlink: 24 bytes leftover after parsing attributes in process `syz.3.715'.
[  302.252431][   T32] cypress_m8 3-1:0.35: Nokia CA-42 V2 Adapter converter detected
[  302.822935][   T32] nokiaca42v2 ttyUSB0: probe with driver nokiaca42v2 failed with error -22
[  302.898309][   T32] usb 3-1: USB disconnect, device number 7
[  302.939082][  T823] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  303.129802][  T823] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  303.129833][  T823] usb 2-1: config 1 has no interface number 0
[  303.129899][  T823] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  303.129927][  T823] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  303.129954][  T823] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  303.130006][  T823] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  303.130032][  T823] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 120, setting to 64
[  303.215863][  T823] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  303.215896][  T823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.215917][  T823] usb 2-1: Product: syz
[  303.215931][  T823] usb 2-1: Manufacturer: syz
[  303.215946][  T823] usb 2-1: SerialNumber: syz
[  303.334419][   T32] cypress_m8 3-1:0.35: device disconnected
[  303.457964][ T7978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  303.668133][ T7978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  303.668477][ T7978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  303.895439][ T7978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  304.319677][ T7978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  304.320033][ T7978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  304.473504][  T823] cdc_ncm 2-1:1.1: bind() failure
[  304.651291][  T823] usb 2-1: USB disconnect, device number 5
[  304.815884][ T7986] io-wq is not configured for unbound workers
[  306.225524][ T7991] loop1: detected capacity change from 0 to 32768
[  306.437166][ T7991] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  306.674461][ T7991] XFS (loop1): Ending clean mount
[  308.220892][  T823] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  308.375386][  T823] usb 4-1: Using ep0 maxpacket: 8
[  308.390367][  T823] usb 4-1: unable to get BOS descriptor or descriptor too short
[  308.445747][  T823] usb 4-1: config 1 has an invalid interface number: 165 but max is 0
[  308.445777][  T823] usb 4-1: config 1 has no interface number 0
[  308.445826][  T823] usb 4-1: config 1 interface 165 altsetting 5 endpoint 0x2 has an invalid bInterval 172, changing to 11
[  308.445852][  T823] usb 4-1: config 1 interface 165 has no altsetting 0
[  308.493487][  T823] usb 4-1: New USB device found, idVendor=0403, idProduct=e009, bcdDevice=96.31
[  308.493519][  T823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.493539][  T823] usb 4-1: Product: syz
[  308.493553][  T823] usb 4-1: Manufacturer: syz
[  308.493569][  T823] usb 4-1: SerialNumber: syz
[  309.112553][  T823] rndis_host 4-1:1.165: rndis: master #0/0000000000000000 slave #1/0000000000000000
[  309.157667][  T823] ftdi_sio 4-1:1.165: FTDI USB Serial Device converter detected
[  309.193663][  T823] ftdi_sio ttyUSB0: unknown device type: 0x9631
[  309.240442][  T823] usb 4-1: USB disconnect, device number 6
[  309.677919][ T8013] loop4: detected capacity change from 0 to 32768
[  309.701665][ T8013] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.728 (8013)
[  309.725671][  T823] ftdi_sio 4-1:1.165: device disconnected
[  311.523605][ T5615] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  312.051946][ T8013] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  312.051985][ T8013] BTRFS info (device loop4): using sha256 checksum algorithm
[  312.093158][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  312.093638][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  312.094030][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  312.094396][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  312.094757][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  312.095099][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  312.095462][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  312.095830][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  312.096198][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  312.096536][ T8013] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  312.100377][ T8013] BTRFS error (device loop4): open_ctree failed: -12
[  313.634520][ T8053] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  314.339394][   T12] bridge_slave_1: left allmulticast mode
[  314.339746][   T12] bridge_slave_1: left promiscuous mode
[  314.613731][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.002677][ T8062] netlink: 7 bytes leftover after parsing attributes in process `syz.2.735'.
[  315.948628][   T12] bridge_slave_0: left allmulticast mode
[  315.948670][   T12] bridge_slave_0: left promiscuous mode
[  315.967245][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.376011][ T1344] ieee802154 phy0 wpan0: encryption failed: -22
[  317.376126][ T1344] ieee802154 phy1 wpan1: encryption failed: -22
[  327.139604][   T12] bond0 (unregistering): left promiscuous mode
[  327.139633][   T12] bond_slave_0: left promiscuous mode
[  327.139942][   T12] bond_slave_1: left promiscuous mode
[  327.210357][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  327.300180][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  327.344342][   T12] bond0 (unregistering): Released all slaves
[  327.643747][ T5276] 8021q: adding VLAN 0 to HW filter on device eth1
[  328.890487][ T8150] loop3: detected capacity change from 0 to 1024
[  328.919536][ T8150] EXT4-fs: Ignoring removed bh option
[  330.167773][ T8150] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.713825][ T8155] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  333.059306][ T8174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.769'.
[  333.059336][ T8174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.769'.
[  333.228023][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.269808][ T8169] loop2: detected capacity change from 0 to 2048
[  333.434213][ T8169]  loop2: p2 < > p4
[  333.434253][ T8169] loop2: partition table partially beyond EOD, truncated
[  333.966272][ T8169] loop2: p4 start 50331648 is beyond EOD, truncated
[  336.186687][ T8204] vivid-002: disconnect
[  336.540758][ T8198] vivid-002: reconnect
[  342.215493][ T5276] 8021q: adding VLAN 0 to HW filter on device eth2
[  342.507615][ T7855] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.507992][ T7855] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.508329][ T7855] bridge_slave_0: entered allmulticast mode
[  342.563892][ T7855] bridge_slave_0: entered promiscuous mode
[  342.816663][ T8260] loop1: detected capacity change from 0 to 4096
[  343.020829][ T8260] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  343.531227][ T7855] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.537239][ T7855] bridge0: port 2(bridge_slave_1) entered disabled state
[  343.537593][ T7855] bridge_slave_1: entered allmulticast mode
[  343.750743][ T7855] bridge_slave_1: entered promiscuous mode
[  344.912383][ T8276] loop3: detected capacity change from 0 to 512
[  344.998790][ T7855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  345.042689][ T7855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  345.552756][ T7855] team0: Port device team_slave_0 added
[  345.628057][ T7855] team0: Port device team_slave_1 added
[  345.775944][ T8276] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.794: iget: bad i_size value: 38620345925642
[  345.775984][ T8276] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  345.779099][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  345.779126][    C1] EXT4-fs (loop3): initial error at time 1779925488: ext4_orphan_get:1397: inode 15
[  345.779157][    C1] EXT4-fs (loop3): last error at time 1779925488: ext4_orphan_get:1397: inode 15
[  345.816288][ T8276] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.794: couldn't read orphan inode 15 (err -117)
[  345.816328][ T8276] loop3: lost filesystem error report for type 5 error -117
[  346.048678][ T8260] ntfs3(loop1): Failed to read $UpCase (-4).
[  346.151002][ T8276] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.385390][ T8284] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.794: bg 0: block 5: invalid block bitmap
[  347.032604][ T8284] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28
[  347.032640][ T8284] EXT4-fs (loop3): This should not happen!! Data will be lost
[  347.032640][ T8284] 
[  347.032657][ T8284] EXT4-fs (loop3): Total free blocks count 0
[  347.032670][ T8284] EXT4-fs (loop3): Free/Dirty block details
[  347.032719][ T8284] EXT4-fs (loop3): free_blocks=0
[  347.032759][ T8284] EXT4-fs (loop3): dirty_blocks=16
[  347.032772][ T8284] EXT4-fs (loop3): Block reservation details
[  347.032784][ T8284] EXT4-fs (loop3): i_reserved_data_blocks=16
[  348.245115][ T1126] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 8 with max blocks 8 with error 28
[  349.345007][ T5616] EXT4-fs warning (device loop3): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost
[  349.613198][ T8321] vcan0: tx drop: invalid da for name 0x0000000000000003
[  350.835767][ T5629] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  350.974644][ T7855] batman_adv: batadv0: Adding interface: batadv_slave_0
[  350.974666][ T7855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  350.974693][ T7855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  351.072520][ T5629] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  351.145214][ T5629] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  351.191070][ T5629] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  351.194019][ T5629] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  352.110655][ T5276] 8021q: adding VLAN 0 to HW filter on device eth3
[  353.279317][ T5623] Bluetooth: hci5: command tx timeout
[  353.983353][   T12] batadv0: left promiscuous mode
[  354.157628][   T12] team0: left promiscuous mode
[  354.157653][   T12] team_slave_0: left promiscuous mode
[  354.157945][   T12] team_slave_1: left promiscuous mode
[  355.359274][ T5629] Bluetooth: hci5: command tx timeout
[  355.487136][   T12] hsr_slave_0: left promiscuous mode
[  355.529429][   T12] hsr_slave_1: left promiscuous mode
[  355.530711][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  355.944251][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  356.739216][ T5629] Bluetooth: hci6: command 0x1003 tx timeout
[  356.739613][ T5623] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  357.444675][ T5623] Bluetooth: hci5: command tx timeout
[  357.488321][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  357.488352][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  357.623189][ T8371] EXT4-fs (nbd3): unable to read superblock
[  361.536927][ T5623] Bluetooth: hci5: command tx timeout
[  364.309884][   T12] veth1_macvtap: left promiscuous mode
[  364.310245][   T12] veth0_macvtap: left promiscuous mode
[  364.438182][   T12] veth1_vlan: left promiscuous mode
[  364.438552][   T12] veth0_vlan: left promiscuous mode
[  367.058919][ T8409] loop3: detected capacity change from 0 to 4096
[  367.122408][ T8409] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  367.246999][ T8409] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  367.398886][ T8409] ntfs3(loop3): Failed to load $Extend (-22).
[  367.398917][ T8409] ntfs3(loop3): Failed to initialize $Extend.
[  367.400552][   T12] team0 (unregistering): Port device team_slave_1 removed
[  367.574684][   T12] team0 (unregistering): Port device team_slave_0 removed
[  367.699847][ T8409] ntfs3(loop3): ino=0, attr_set_size_ex
[  367.870874][ T8411] ntfs3(loop3): ino=0, attr_set_size_ex
[  369.094764][ T5276] 8021q: adding VLAN 0 to HW filter on device eth4
[  369.284968][ T8404] bridge_slave_0: left allmulticast mode
[  369.285006][ T8404] bridge_slave_0: left promiscuous mode
[  369.372085][ T8404] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.711636][ T8404] bridge_slave_1: left allmulticast mode
[  369.712151][ T8404] bridge_slave_1: left promiscuous mode
[  369.712429][ T8404] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.158288][ T8404] bond0: (slave bond_slave_0): Releasing backup interface
[  370.520993][ T8404] bond0: (slave bond_slave_1): Releasing backup interface
[  370.781055][ T8404] team0: Port device team_slave_0 removed
[  370.841613][ T8404] team0: Port device team_slave_1 removed
[  370.842311][ T8404] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  370.842327][ T8404] batman_adv: batadv0: Removing interface: batadv_slave_0
[  370.954878][ T8404] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  370.954918][ T8404] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.295414][ T8440] loop4: detected capacity change from 0 to 32768
[  371.354880][ T8404] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  371.506487][ T8440] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  372.597883][ T8462] loop2: detected capacity change from 0 to 128
[  372.601881][ T8462] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  372.603125][ T8462] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  373.187298][ T5618] ocfs2: Unmounting device (7,4) on (node local)
[  374.019016][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  375.610594][ T5719] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  375.861758][ T5719] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=49.83
[  375.861793][ T5719] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.861824][ T5719] usb 2-1: Product: syz
[  375.861839][ T5719] usb 2-1: Manufacturer: syz
[  375.861853][ T5719] usb 2-1: SerialNumber: syz
[  375.918463][ T5719] usb 2-1: config 0 descriptor??
[  375.950328][ T5719] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[  376.280791][ T5719] gspca_m5602: Failed to find a sensor
[  376.280809][ T5719] ALi m5602 2-1:0.0: ALi m5602 webcam failed
[  376.304674][ T5719] usb 2-1: USB disconnect, device number 6
[  376.314447][ T8509] use of bytesused == 0 is deprecated and will be removed in the future,
[  376.314463][ T8509] use the actual size instead.
[  376.847332][   T38] audit: type=1326 audit(1779925519.171:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8516 comm="syz.3.856" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f258489ce59 code=0x0
[  376.939281][ T1033] bridge_slave_1: left allmulticast mode
[  376.939308][ T1033] bridge_slave_1: left promiscuous mode
[  376.939507][ T1033] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.999310][   T10] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  377.040583][ T1033] bridge_slave_0: left allmulticast mode
[  377.040610][ T1033] bridge_slave_0: left promiscuous mode
[  377.040842][ T1033] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.163648][   T10] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=49.83
[  377.163681][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.163701][   T10] usb 2-1: Product: syz
[  377.163714][   T10] usb 2-1: Manufacturer: syz
[  377.163728][   T10] usb 2-1: SerialNumber: syz
[  377.224323][   T10] usb 2-1: config 0 descriptor??
[  377.356329][   T10] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[  377.447777][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  377.448244][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  377.466480][   T10] gspca_m5602: Failed to find a sensor
[  377.466495][   T10] ALi m5602 2-1:0.0: ALi m5602 webcam failed
[  377.484723][ T8522] loop2: detected capacity change from 0 to 4096
[  377.624010][ T8522] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  377.626404][   T10] usb 2-1: USB disconnect, device number 7
[  377.997051][ T8527] netlink: 4 bytes leftover after parsing attributes in process `syz.4.860'.
[  378.033342][ T8522] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  378.050314][ T8522] ntfs3(loop2): Failed to load $Extend (-22).
[  378.050343][ T8522] ntfs3(loop2): Failed to initialize $Extend.
[  378.161907][ T8522] ntfs3(loop2): ino=0, attr_set_size_ex
[  378.335307][ T8530] ntfs3(loop2): ino=0, attr_set_size_ex
[  378.352728][ T1033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  378.489796][ T1033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  378.527152][ T8536] loop3: detected capacity change from 0 to 2048
[  378.540475][ T8536] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  378.584668][ T1033] bond0 (unregistering): Released all slaves
[  378.818276][ T1344] ieee802154 phy0 wpan0: encryption failed: -22
[  378.818383][ T1344] ieee802154 phy1 wpan1: encryption failed: -22
[  379.021128][ T8539] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  379.499565][ T8532] netlink: 8 bytes leftover after parsing attributes in process `syz.1.861'.
[  379.658588][ T8538] loop2: detected capacity change from 0 to 32768
[  379.667357][ T8329] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.667865][ T8329] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.668157][ T8329] bridge_slave_0: entered allmulticast mode
[  379.712743][ T8329] bridge_slave_0: entered promiscuous mode
[  379.754633][ T8329] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.759195][ T8329] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.759543][ T8329] bridge_slave_1: entered allmulticast mode
[  379.765934][   T38] audit: type=1800 audit(1779925522.091:8): pid=8536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.863" name="file1" dev="loop3" ino=15 res=0 errno=0
[  379.787837][ T8329] bridge_slave_1: entered promiscuous mode
[  380.010938][ T8538] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  380.115346][ T8538] XFS (loop2): Ending clean mount
[  380.121095][ T1033] batman_adv: batadv0: Removing interface: batadv_slave_0
[  380.231053][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.865'.
[  380.231080][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.865'.
[  380.674835][ T8559] loop1: detected capacity change from 0 to 256
[  380.678626][ T8559] exfat: Deprecated parameter 'utf8'
[  380.678815][ T8559] exfat: Deprecated parameter 'namecase'
[  380.810194][ T1033] team0 (unregistering): Port device team_slave_1 removed
[  380.835143][ T8559] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d)
[  381.112991][ T1033] team0 (unregistering): Port device team_slave_0 removed
[  381.665101][ T8538] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 
[  381.665160][ T8538] XFS (loop2): Unmount and run xfs_repair
[  381.665174][ T8538] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  381.665193][ T8538] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  381.665211][ T8538] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10  ................
[  381.665226][ T8538] 00000020: ed 37 bf 6e 74 ea 4e 01 f8 ba 5f ee 27 4b 0f 3a  .7.nt.N..._.'K.:
[  381.665241][ T8538] 00000030: 00 00 00 00 f6 3b 25 b5 00 00 00 07 00 00 00 01  .....;%.........
[  381.665257][ T8538] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  381.665272][ T8538] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  381.665287][ T8538] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  381.665303][ T8538] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  381.665320][ T8538] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74
[  381.675228][ T8538] XFS (loop2): page discard on page ffffea00010ecf80, inode 0x1809, pos 0.
[  382.363830][ T5614] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  382.469702][ T5614] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair.
[  382.852607][ T8329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.041917][ T8329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.182031][   T37] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  383.459198][   T37] usb 4-1: Using ep0 maxpacket: 32
[  383.464224][   T37] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  383.464259][   T37] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.464281][   T37] usb 4-1: Product: syz
[  383.464295][   T37] usb 4-1: Manufacturer: syz
[  383.464310][   T37] usb 4-1: SerialNumber: syz
[  383.476614][   T37] usb 4-1: config 0 descriptor??
[  383.487311][ T8329] team0: Port device team_slave_0 added
[  383.513986][ T8329] team0: Port device team_slave_1 added
[  383.534047][   T37] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  383.884087][ T8584] loop1: detected capacity change from 0 to 256
[  383.886568][ T8584] exfat: Deprecated parameter 'utf8'
[  384.036328][ T8584] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x47dfe6af, utbl_chksum : 0xe619d30d)
[  384.617463][ T8329] batman_adv: batadv0: Adding interface: batadv_slave_0
[  384.617483][ T8329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  384.617533][ T8329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  384.834196][ T8329] batman_adv: batadv0: Adding interface: batadv_slave_1
[  384.834217][ T8329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  384.834248][ T8329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  384.928587][   T37] gspca_ov534_9: reg_r err -71
[  385.283188][   T37] gspca_ov534_9: Unknown sensor 0000
[  385.283305][   T37] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  385.327930][   T37] usb 4-1: USB disconnect, device number 7
[  385.751047][ T8329] hsr_slave_0: entered promiscuous mode
[  385.754698][ T8329] hsr_slave_1: entered promiscuous mode
[  386.559645][    T9] libceph: connect (1)[c::]:6789 error -101
[  386.559860][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  386.561713][   T38] audit: type=1326 audit(1779925528.801:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8614 comm="syz.2.882" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd693bce59 code=0x0
[  386.583136][ T8606] ceph: No mds server is up or the cluster is laggy
[  386.725962][    T9] libceph: connect (1)[c::]:6789 error -101
[  386.822893][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  386.997594][ T8619] loop4: detected capacity change from 0 to 256
[  387.143651][ T7350] libceph: connect (1)[c::]:6789 error -101
[  387.145801][ T7350] libceph: mon0 (1)[c::]:6789 connect error
[  387.442952][ T8630] netlink: 12 bytes leftover after parsing attributes in process `syz.4.883'.
[  388.172291][ T8648] binder: BINDER_SET_CONTEXT_MGR already set
[  388.172308][ T8648] binder: 8646:8648 ioctl 4018620d 200000004a80 returned -16
[  388.173204][ T8645] loop4: detected capacity change from 0 to 2048
[  388.626784][ T8645] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  388.923665][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.314569][ T8707] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  391.938390][ T8329] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  392.329951][ T8329] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  392.337679][ T8329] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  393.886860][ T8739] loop3: detected capacity change from 0 to 131072
[  393.897195][ T8739] F2FS-fs (loop3): invalid crc value
[  394.061289][ T8329] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  394.255961][ T8329] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  394.342420][ T8739] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  394.377619][ T8739] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  395.000539][ T8329] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  395.006324][ T8329] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  395.281933][ T8329] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  396.076663][ T8783] loop1: detected capacity change from 0 to 512
[  396.437950][ T8783] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  396.437986][ T8783] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it
[  396.438006][ T8783] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.916: Corrupt directory, running e2fsck is recommended
[  396.619047][ T8783] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117
[  396.619200][ T8783] EXT4-fs error (device loop1): ext4_iget_extra_inode:5128: inode #15: comm syz.1.916: corrupted in-inode xattr: e_name out of bounds
[  396.619229][ T8783] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  396.641909][    C1] EXT4-fs (loop1): error count since last fsck: 1
[  396.641936][    C1] EXT4-fs (loop1): initial error at time 1779925538: ext4_iget_extra_inode:5128: inode 15
[  396.641967][    C1] EXT4-fs (loop1): last error at time 1779925538: ext4_iget_extra_inode:5128: inode 15
[  396.716004][ T8783] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.916: couldn't read orphan inode 15 (err -117)
[  396.716040][ T8783] loop1: lost filesystem error report for type 5 error -117
[  396.824153][ T8329] 8021q: adding VLAN 0 to HW filter on device bond0
[  396.836646][ T8783] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  396.850670][ T8783] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  396.850704][ T8783] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it
[  396.850730][ T8783] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.916: Corrupt directory, running e2fsck is recommended
[  396.855227][ T8783] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  396.855255][ T8783] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it
[  396.855271][ T8783] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.916: Corrupt directory, running e2fsck is recommended
[  397.220202][ T8796] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  397.220239][ T8796] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it
[  397.220259][ T8796] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.916: Corrupt directory, running e2fsck is recommended
[  397.288326][ T8783] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  397.288513][ T8783] EXT4-fs error (device loop1): ext4_readdir:265: inode #2: block 3: comm syz.1.916: path /191/file0: bad entry in directory: directory entry overrun - offset=0, inode=4294967295, rec_len=65552, size=1024 fake=0
[  397.342974][ T8329] 8021q: adding VLAN 0 to HW filter on device team0
[  397.675921][ T3379] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.676035][ T3379] bridge0: port 1(bridge_slave_0) entered forwarding state
[  397.750324][ T5615] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.890158][ T3294] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.890313][ T3294] bridge0: port 2(bridge_slave_1) entered forwarding state
[  400.507428][ T8833] loop1: detected capacity change from 0 to 32768
[  400.549860][ T8833] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.930 (8833)
[  400.585090][ T8833] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  400.585131][ T8833] BTRFS info (device loop1): using crc32c checksum algorithm
[  400.585380][ T8833] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  400.943968][ T8833] BTRFS info (device loop1): rebuilding free space tree
[  401.268428][ T8833] BTRFS info (device loop1): disabling free space tree
[  401.268592][ T8833] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  401.268622][ T8833] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  401.336542][ T8833] BTRFS info (device loop1): enabling ssd optimizations
[  401.336583][ T8833] BTRFS info (device loop1): turning on async discard
[  401.336599][ T8833] BTRFS info (device loop1): enabling disk space caching
[  401.336614][ T8833] BTRFS info (device loop1): force clearing of disk cache
[  401.336631][ T8833] BTRFS info (device loop1): use zstd compression, level 3
[  402.444008][ T8329] 8021q: adding VLAN 0 to HW filter on device batadv0
[  403.133101][ T5615] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  403.631681][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  403.753125][ T8885] loop4: detected capacity change from 0 to 512
[  403.858881][    T9] usb 3-1: Using ep0 maxpacket: 16
[  403.861825][    T9] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  403.883593][    T9] usb 3-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  403.883625][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.883646][    T9] usb 3-1: Product: syz
[  403.883655][    T9] usb 3-1: Manufacturer: syz
[  403.883672][    T9] usb 3-1: SerialNumber: syz
[  403.887588][    T9] usb 3-1: config 0 descriptor??
[  403.977616][ T8885] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  403.977749][ T8885] ext4 filesystem being mounted at /199/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  404.123634][   T10] usb 3-1: USB disconnect, device number 8
[  404.353596][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.249747][ T8329] veth0_vlan: entered promiscuous mode
[  405.745107][ T8329] veth1_vlan: entered promiscuous mode
[  406.406481][ T8329] veth0_macvtap: entered promiscuous mode
[  406.505593][ T8329] veth1_macvtap: entered promiscuous mode
[  406.573000][ T8329] batman_adv: batadv0: Interface activated: batadv_slave_0
[  406.591459][ T8329] batman_adv: batadv0: Interface activated: batadv_slave_1
[  407.171614][ T1033] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  407.247375][ T1033] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  407.254769][ T1033] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  407.255436][ T1033] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  409.886902][ T1033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  409.886926][ T1033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.164074][ T5629] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  411.251406][ T5629] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  411.256057][ T5629] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  411.370184][ T5629] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  411.439271][ T5629] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  411.657417][ T8957] loop2: detected capacity change from 0 to 4096
[  411.805169][ T8957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  412.588527][ T8976] loop3: detected capacity change from 0 to 512
[  412.752397][ T8976] EXT4-fs (loop3): orphan cleanup on readonly fs
[  412.754272][ T8976] EXT4-fs error (device loop3): ext4_iget_extra_inode:5128: inode #15: comm syz.3.963: corrupted in-inode xattr: invalid size in ea xattr
[  412.754312][ T8976] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  412.760024][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  412.760055][    C1] EXT4-fs (loop3): initial error at time 1779925555: ext4_iget_extra_inode:5128: inode 15
[  412.760087][    C1] EXT4-fs (loop3): last error at time 1779925555: ext4_iget_extra_inode:5128: inode 15
[  412.799220][ T8976] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.963: couldn't read orphan inode 15 (err -117)
[  412.799367][ T8976] loop3: lost filesystem error report for type 5 error -117
[  413.022429][ T8976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  413.775409][ T5614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.814570][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.919263][ T5623] Bluetooth: hci3: command tx timeout
[  413.973706][   T37] IPVS: starting estimator thread 0...
[  414.189271][ T8997] IPVS: using max 13 ests per chain, 31200 per kthread
[  415.532737][ T9016] loop4: detected capacity change from 0 to 1764
[  415.533960][ T9016] iso9660: Bad value for 'session'
[  416.001619][ T5623] Bluetooth: hci3: command tx timeout
[  416.020556][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.123152][ T9020] loop4: detected capacity change from 0 to 8192
[  416.910094][ T9005] loop1: detected capacity change from 0 to 40427
[  417.016974][ T9005] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  417.017005][ T9005] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  417.075102][ T9005] F2FS-fs (loop1): invalid crc value
[  417.869330][ T9034] loop3: detected capacity change from 0 to 512
[  417.870777][ T9034] EXT4-fs: Ignoring removed oldalloc option
[  417.988516][ T9034] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  418.096265][ T5623] Bluetooth: hci3: command tx timeout
[  418.616173][ T9005] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  419.201858][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.330551][ T9034] EXT4-fs (loop3): 1 truncate cleaned up
[  419.727434][ T9034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  420.199450][ T5623] Bluetooth: hci3: command tx timeout
[  421.299981][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  421.429798][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.908083][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.417940][ T8959] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.418426][ T8959] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.418799][ T8959] bridge_slave_0: entered allmulticast mode
[  424.464896][ T8959] bridge_slave_0: entered promiscuous mode
[  424.523239][ T8959] bridge0: port 2(bridge_slave_1) entered blocking state
[  424.525305][ T8959] bridge0: port 2(bridge_slave_1) entered disabled state
[  424.525699][ T8959] bridge_slave_1: entered allmulticast mode
[  424.570036][ T8959] bridge_slave_1: entered promiscuous mode
[  425.379719][ T9106] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  425.558834][ T9100] loop1: detected capacity change from 0 to 131072
[  425.627450][ T9100] F2FS-fs (loop1): invalid crc value
[  425.818050][ T9100] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  425.835804][ T9100] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  426.167808][ T9095] ==================================================================
[  426.167829][ T9095] BUG: KASAN: slab-use-afte[  426.167829][ T9095] BUG: KASAN: slab-use-after-free in reverse_path_check_proc+0x5b/0x240
[  426.167874][ T9095] Read of size 8 at addr ffff8880299fa3c0 by task syz.4.997/9095
[  426.167895][ T9095] 
[  426.167911][ T9095] CPU: 0 UID: 0 PID: 9095 Comm: syz.4.997 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  426.167942][ T9095] Tainted: [L]=SOFTLOCKUP
[  426.167951][ T9095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  426.167965][ T9095] Call Trace:
[  426.167975][ T9095]  <TASK>
[  426.167984][ T9095]  dump_stack_lvl+0xe8/0x150
[  426.168016][ T9095]  print_address_description+0x55/0x1e0
[  426.168045][ T9095]  ? reverse_path_check_proc+0x5b/0x240
[  426.168066][ T9095]  print_report+0x58/0x70
[  426.168093][ T9095]  kasan_report+0x117/0x150
[  426.168122][ T9095]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  426.168157][ T9095]  ? reverse_path_check_proc+0x5b/0x240
[  426.168182][ T9095]  ? ep_insert+0xbbb/0x1820
[  426.168212][ T9095]  reverse_path_check_proc+0x5b/0x240
[  426.168236][ T9095]  ? ep_insert+0xbbb/0x1820
[  426.168267][ T9095]  ep_insert+0xc6c/0x1820
[  426.168304][ T9095]  ? __pfx_ep_insert+0x10/0x10
[  426.168338][ T9095]  ? lockdep_hardirqs_on+0x7a/0x110
[  426.168372][ T9095]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  426.168406][ T9095]  ? mutex_lock_nested+0x152/0x1d0
[  426.168431][ T9095]  ? do_epoll_ctl_file+0xc69/0xed0
[  426.168464][ T9095]  do_epoll_ctl_file+0x8bb/0xed0
[  426.168496][ T9095]  ? do_epoll_ctl_file+0xac3/0xed0
[  426.168528][ T9095]  ? __pfx_do_epoll_ctl_file+0x10/0x10
[  426.168561][ T9095]  ? __fget_files+0x3a6/0x420
[  426.168589][ T9095]  ? __fget_files+0x2a/0x420
[  426.168618][ T9095]  __se_sys_epoll_ctl+0x14e/0x210
[  426.168652][ T9095]  ? __pfx___se_sys_epoll_ctl+0x10/0x10
[  426.168689][ T9095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.168712][ T9095]  do_syscall_64+0x174/0x580
[  426.168731][ T9095]  ? trace_irq_disable+0x3b/0x140
[  426.168759][ T9095]  ? clear_bhb_loop+0x40/0x90
[  426.168785][ T9095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.168807][ T9095] RIP: 0033:0x7f4b0bb3ce59
[  426.168827][ T9095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  426.168857][ T9095] RSP: 002b:00007f4b09929028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  426.168884][ T9095] RAX: ffffffffffffffda RBX: 00007f4b0bdb6270 RCX: 00007f4b0bb3ce59
[  426.168901][ T9095] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006
[  426.168920][ T9095] RBP: 00007f4b0bbd2d6f R08: 0000000000000000 R09: 0000000000000000
[  426.168933][ T9095] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  426.168946][ T9095] R13: 00007f4b0bdb6308 R14: 00007f4b0bdb6270 R15: 00007ffdae1de858
[  426.168969][ T9095]  </TASK>
[  426.168977][ T9095] 
[  426.168982][ T9095] Allocated by task 9091:
[  426.168992][ T9095]  kasan_save_track+0x3e/0x80
[  426.169015][ T9095]  __kasan_slab_alloc+0x6c/0x80
[  426.169037][ T9095]  kmem_cache_alloc_noprof+0x33b/0x680
[  426.169061][ T9095]  ep_insert+0x512/0x1820
[  426.169083][ T9095]  do_epoll_ctl_file+0x8bb/0xed0
[  426.169105][ T9095]  __se_sys_epoll_ctl+0x14e/0x210
[  426.169129][ T9095]  do_syscall_64+0x174/0x580
[  426.169143][ T9095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.169159][ T9095] 
[  426.169164][ T9095] Freed by task 9091:
[  426.169171][ T9095]  kasan_save_track+0x3e/0x80
[  426.169193][ T9095]  kasan_save_free_info+0x46/0x50
[  426.169208][ T9095]  __kasan_slab_free+0x5c/0x80
[  426.169228][ T9095]  kmem_cache_free+0x187/0x6c0
[  426.169250][ T9095]  eventpoll_release_file+0xc2/0x240
[  426.169273][ T9095]  __fput+0x83c/0xa70
[  426.169292][ T9095]  task_work_run+0x1d9/0x270
[  426.169315][ T9095]  get_signal+0x11eb/0x1330
[  426.169340][ T9095]  arch_do_signal_or_restart+0xbc/0x840
[  426.169359][ T9095]  exit_to_user_mode_loop+0xa9/0x680
[  426.169382][ T9095]  do_syscall_64+0x353/0x580
[  426.169397][ T9095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.169415][ T9095] 
[  426.169420][ T9095] The buggy address belongs to the object at ffff8880299fa3c0
[  426.169420][ T9095]  which belongs to the cache ep_head of size 16
[  426.169436][ T9095] The buggy address is located 0 bytes inside of
[  426.169436][ T9095]  freed 16-byte region [ffff8880299fa3c0, ffff8880299fa3d0)
[  426.169458][ T9095] 
[  426.169464][ T9095] The buggy address belongs to the physical page:
[  426.169476][ T9095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880299fa820 pfn:0x299fa
[  426.169496][ T9095] memcg:ffff8880650fe001
[  426.169505][ T9095] flags: 0x80000000000200(workingset|node=0|zone=1)
[  426.169522][ T9095] page_type: f5(slab)
[  426.169541][ T9095] raw: 0080000000000200 ffff88801fae3dc0 ffffea0000e9ec10 ffffea0000fe2450
[  426.169562][ T9095] raw: ffff8880299fa820 0000000800800042 00000000f5000000 ffff8880650fe001
[  426.169573][ T9095] page dumped because: kasan: bad access detected
[  426.169583][ T9095] page_owner tracks the page as allocated
[  426.169589][ T9095] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4980, tgid 4980 (udevd), ts 27945554580, free_ts 27516743296
[  426.169621][ T9095]  post_alloc_hook+0x1f9/0x250
[  426.169642][ T9095]  get_page_from_freelist+0x265c/0x26e0
[  426.169667][ T9095]  __alloc_frozen_pages_noprof+0x18d/0x380
[  426.169693][ T9095]  allocate_slab+0x74/0x5e0
[  426.169708][ T9095]  refill_objects+0x33c/0x3d0
[  426.169724][ T9095]  __pcs_replace_empty_main+0x373/0x720
[  426.169743][ T9095]  kmem_cache_alloc_noprof+0x433/0x680
[  426.169767][ T9095]  ep_insert+0x512/0x1820
[  426.169794][ T9095]  do_epoll_ctl_file+0x8bb/0xed0
[  426.169820][ T9095]  __se_sys_epoll_ctl+0x14e/0x210
[  426.169857][ T9095]  do_syscall_64+0x174/0x580
[  426.169874][ T9095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.169894][ T9095] page last free pid 1053 tgid 1053 stack trace:
[  426.169906][ T9095]  __free_frozen_pages+0x10af/0x1190
[  426.169932][ T9095]  mempool_free+0xf5/0x140
[  426.169953][ T9095]  scsi_end_request+0x31a/0x820
[  426.169981][ T9095]  scsi_io_completion+0x131/0x360
[  426.170009][ T9095]  blk_done_softirq+0x10a/0x160
[  426.170036][ T9095]  handle_softirqs+0x1de/0x6d0
[  426.170053][ T9095]  __local_bh_enable_ip+0x170/0x2b0
[  426.170070][ T9095]  irq_forced_thread_fn+0xe9/0x120
[  426.170096][ T9095]  irq_thread+0x47e/0x6e0
[  426.170120][ T9095]  kthread+0x388/0x470
[  426.170143][ T9095]  ret_from_fork+0x514/0xb70
[  426.170166][ T9095]  ret_from_fork_asm+0x1a/0x30
[  426.170194][ T9095] 
[  426.170200][ T9095] Memory state around the buggy address:
[  426.170211][ T9095]  ffff8880299fa280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  426.170226][ T9095]  ffff8880299fa300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  426.170239][ T9095] >ffff8880299fa380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  426.170250][ T9095]                                            ^
[  426.170261][ T9095]  ffff8880299fa400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  426.170274][ T9095]  ffff8880299fa480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  426.170285][ T9095] ==================================================================
[  426.181914][ T9095] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  426.181941][ T9095] CPU: 1 UID: 0 PID: 9095 Comm: syz.4.997 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  426.181972][ T9095] Tainted: [L]=SOFTLOCKUP
[  426.181979][ T9095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  426.181991][ T9095] Call Trace:
[  426.181999][ T9095]  <TASK>
[  426.182009][ T9095]  vpanic+0x56c/0xa60
[  426.182041][ T9095]  ? __pfx_vpanic+0x10/0x10
[  426.182071][ T9095]  panic+0xc5/0xd0
[  426.182096][ T9095]  ? __pfx_panic+0x10/0x10
[  426.182122][ T9095]  ? preempt_schedule_thunk+0x16/0x40
[  426.182145][ T9095]  ? preempt_schedule_thunk+0x16/0x40
[  426.182166][ T9095]  ? reverse_path_check_proc+0x5b/0x240
[  426.182185][ T9095]  check_panic_on_warn+0x89/0xb0
[  426.182211][ T9095]  ? reverse_path_check_proc+0x5b/0x240
[  426.182229][ T9095]  end_report+0x73/0x170
[  426.182254][ T9095]  ? reverse_path_check_proc+0x5b/0x240
[  426.182271][ T9095]  kasan_report+0x128/0x150
[  426.182295][ T9095]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  426.182325][ T9095]  ? reverse_path_check_proc+0x5b/0x240
[  426.182346][ T9095]  ? ep_insert+0xbbb/0x1820
[  426.182371][ T9095]  reverse_path_check_proc+0x5b/0x240
[  426.182400][ T9095]  ? ep_insert+0xbbb/0x1820
[  426.182425][ T9095]  ep_insert+0xc6c/0x1820
[  426.182457][ T9095]  ? __pfx_ep_insert+0x10/0x10
[  426.182487][ T9095]  ? lockdep_hardirqs_on+0x7a/0x110
[  426.182515][ T9095]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  426.182543][ T9095]  ? mutex_lock_nested+0x152/0x1d0
[  426.182565][ T9095]  ? do_epoll_ctl_file+0xc69/0xed0
[  426.182593][ T9095]  do_epoll_ctl_file+0x8bb/0xed0
[  426.182619][ T9095]  ? do_epoll_ctl_file+0xac3/0xed0
[  426.182647][ T9095]  ? __pfx_do_epoll_ctl_file+0x10/0x10
[  426.182675][ T9095]  ? __fget_files+0x3a6/0x420
[  426.182698][ T9095]  ? __fget_files+0x2a/0x420
[  426.182724][ T9095]  __se_sys_epoll_ctl+0x14e/0x210
[  426.182752][ T9095]  ? __pfx___se_sys_epoll_ctl+0x10/0x10
[  426.182783][ T9095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.182803][ T9095]  do_syscall_64+0x174/0x580
[  426.182819][ T9095]  ? trace_irq_disable+0x3b/0x140
[  426.182843][ T9095]  ? clear_bhb_loop+0x40/0x90
[  426.182873][ T9095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.182892][ T9095] RIP: 0033:0x7f4b0bb3ce59
[  426.182909][ T9095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  426.182926][ T9095] RSP: 002b:00007f4b09929028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  426.182949][ T9095] RAX: ffffffffffffffda RBX: 00007f4b0bdb6270 RCX: 00007f4b0bb3ce59
[  426.182964][ T9095] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006
[  426.182976][ T9095] RBP: 00007f4b0bbd2d6f R08: 0000000000000000 R09: 0000000000000000
[  426.182989][ T9095] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  426.183003][ T9095] R13: 00007f4b0bdb6308 R14: 00007f4b0bdb6270 R15: 00007ffdae1de858
[  426.183025][ T9095]  </TASK>
[  426.183188][ T9095] Kernel Offset: disabled