last executing test programs:

8.620022944s ago: executing program 0 (id=1129):
r0 = socket$kcm(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'dh\x00', 0x1, 0x80005, 0x6f}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'sh\x00', 0x5, 0x9, 0x77}, {@remote, 0x4e20, 0x2000, 0xcd}}, 0x44)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

7.433000362s ago: executing program 0 (id=1135):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, 0x0)
unshare(0x20020600)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071114200000000008510000002000000850000000500000095000d00000000009500"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='hybla', 0x5)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r3, &(0x7f0000000000)='D', 0x1, 0x2c0000f4, &(0x7f0000000140)={0xa, 0x4001, 0xfffc, @empty, 0xfffffffd}, 0x1c)

7.363505404s ago: executing program 3 (id=1136):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x7fffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
shutdown(r3, 0x1)
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r3, r4, 0x0, 0xfffa83)

7.363238955s ago: executing program 1 (id=1137):
syz_open_dev$sndctrl(&(0x7f0000000240), 0x5000, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0)
syz_open_procfs(0x0, &(0x7f0000000680)='stat\x00')
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
r3 = socket(0xa, 0x3, 0x87)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bond_slave_1\x00', <r5=>0x0})
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000480)={@private2, 0x65, r5})

7.001617076s ago: executing program 1 (id=1138):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x84c18000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r3 = fsopen(&(0x7f0000000080)='hfsplus\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000100)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@barrier_val={'barrier', 0x3d, 0xde2}}]}, 0xfd, 0x269, &(0x7f0000000a00)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=")
lsetxattr$system_posix_acl(&(0x7f0000001700)='./file0\x00', &(0x7f0000001740)='system.posix_acl_default\x00', &(0x7f00000037c0)={{}, {0x1, 0x6}, [], {}, [], {0x10, 0x4}}, 0x24, 0x0)
llistxattr(&(0x7f0000003880)='./file0\x00', &(0x7f00000038c0)=""/210, 0xd2)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000240)='sourceK\xe0\xd5b.\xda\xd7n\xaf\xa0\x13\x96_z\xeb0\x9cE:\xd0o\xb0\aI\xba,\n\xfc\x8bu\xe4\xea\xcdt}\x03\xbe\xaf\x1c\xf5\xce\xb0p}\vw\xe6\xd8=\x0e\xaa5\xcc`\x98^\xd1&o\x10;D\xc8\x8bE?\x95\b\xda9\xb7>\x8d\x82\xb1iYv\x01\xb5\xd5\x9a\x12\x16\xa9\xde{\xefU\x1e\xdeh:ke\xa7\x82\xc9\x0e1\x9b\xdb\x90\xbae\"\xee\xc2p\xcaS\x05G6\xbbc\a\xc0\'\xcf-\x14Y\\uQ;\xcf+s\xd5\x15\xd4\xd1\v.k(\xc2\x1f\xcc[\xd3\vq\x92Z\xa4\xbe\x98I\xe4/\x8eQ\x0f.\x9d\"\xb9Y\xd9\xac6\xa09\xf8\xc7B^\xf4!\x89\xd0\xc7\x9ba\x91g#\x1d\xdf\a[\xb9\xa9\xc3\xdaZ\xd1\xb6\xb5\x97_\x8bK6\xfd\xd0`AF', &(0x7f0000000180)='\xc7\xda\xca\x93b\xd5I\xaf\xd5\x03\xf1\xa2@/1\xb8\xcfD\xbf\xfd$\x80\xa60\xc0v\x11\xcb\x8d\xedr\xdb\x8ah\xeb{myn\x89, +y\xc2\x1d\xefO;\xeb\x85\xb5:{\x06\xd0l\xd8`wv\xae\n\x02\xdba\x82\x10\xe1@\xde\xfeGh\xa5\xe4,\xca`\xb4\x9a\x02\xc2\xde:\xcat\xf0\xce\xf0\xccNT\xb7i', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)

6.123656774s ago: executing program 0 (id=1140):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x2, 0x300)
socket$unix(0x1, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000010000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f0000000280)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2}, 0x14)
syz_emit_ethernet(0x12, &(0x7f0000000440)={@remote, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @val={@void, {0x8100, 0x1, 0x0, 0x8b1}}, {@mpls_uc}}, 0x0)

6.104080515s ago: executing program 3 (id=1141):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000080)="100c0601000000baf775aa1b71da", 0xe, 0xfffffffffffffffe)
setfsgid(0xee00)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, 0x0, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(r4, &(0x7f0000000b00), 0x91)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

5.903500911s ago: executing program 1 (id=1142):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

5.170150885s ago: executing program 2 (id=1143):
socket$nl_generic(0x10, 0x3, 0x10)
timerfd_create(0x9, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x400, &(0x7f0000000100)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54dabaa5206d4a2a060b5ccc774b3ec4c81a1a9852327ff871d16d0d9344e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9aeb8576d329be6e4bb168f1434000000", @ANYRESHEX], 0x0, 0x296, &(0x7f0000001080)="$eJzs3M1qE1EUwPFj0o80tU0WIiiIB92oi6GNL2CQFsSAUhtRF8LUTjRkTMrMWImI7c6tz1FcuhPUF+jGnQt30k0XCm66UCOdjzatQ6u2yYTm/4Myp3Pvydz5CmcGctfvvHpcq7hGxfQklVFJiSzLhkh+MwodC5cpPx6SdstycfT7pzO37t67XiyVpmZUp4uzlwuqOn723dPnr8998EZvvxl/Oyyr+fvr3wpfVk+unlr/NRt9esNTU+caDc+csy2dr7o1Q/WmbZmupdW6azk72it2Y2GhqWZ9fiy74Fiuq2a9qTWrqV5DPaep5kOzWlfDMHQsK/0m/c8Z5ZWZGbPYkcEgCSNxKx2naKZjG8sr3RgUAADoLUnV/4+qrlZdre9X/6eE+r9zqP+PkuNrEvsUuFn/Z8P7d8uln10cGQAAAAAAAAAAAAAAAAAAAAAAOIiNVivXarVy0TL6GxaRjIhE/yc9TnTGQc7/cPeHi0PW9sO9jIj9crG8WA6WQXuxIlWxxZKJQZEf/vUQCuLpa6WpCfXl5b29FOYvLZbT/vXh50fy8fmTQb7uzB+UbPv2C5KTE/I5Lr8Qmz8kF8635RuSk48PpCG2zPvX9Xb+i0nVqzdKu/JH/H4AAAAAABwFhm754/ndbzc0mjZkV3uwcvv9gOT2eT+w6/l6QE4PJLffAAAAAAD0E7f5rGbatuUQ7AiuiMiefZI+dCM9cqA6GKQ2z0HXt/41ujV64yAcarD2JNi1v+mc4JcSAAAAgI7YLvqTHgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1rj2nAMmEXf03U/3/mHmvbXLr7ewgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0jt8BAAD//ysQG/U=")
socket(0xa, 0x1, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x341080, 0x0)
openat(r0, &(0x7f0000001740)='.\x00', 0x80, 0x488)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e21, @loopback}, {0x2, 0x0, @remote}, {0x2, 0x4e23, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x6})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x24018807)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)

4.68499703s ago: executing program 4 (id=1144):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x1, 0x403, 0x8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f00000004c0)={r6, 0x0, 0x4, 0x0, 0x2, [<r7=>0x0], [0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0xfffffffc], [0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000440)={0x7, 0x3, 0x7})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r7, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x8, 0x9, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

4.351188181s ago: executing program 3 (id=1145):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={r0}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x1f, 0x19, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xa26}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

4.350964481s ago: executing program 2 (id=1146):
syz_open_dev$tty20(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0xc400941b, 0x0)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x110, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x100, 0x0, 0x0, 0x1, [@typed={0xc, 0x2, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82"]}]}, 0x110}], 0x1, 0x0, 0x0, 0x1}, 0x0)

4.350771831s ago: executing program 0 (id=1147):
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3)
mlockall(0x7)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000100), 0x4)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x1, 0x0, 0x0)

4.026195662s ago: executing program 4 (id=1148):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$IPC_STAT(0x0, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000002000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000043000000", 0xfe60)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

3.77155216s ago: executing program 1 (id=1149):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x7fffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000140)=':', 0x1}], 0x1}}, {{&(0x7f0000000440)={0xa, 0x4e23, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000080)='@', 0x1}], 0x1}}], 0x2, 0x0)
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r3, r4, 0x0, 0xfffa83)

3.057475052s ago: executing program 2 (id=1150):
r0 = socket$kcm(0x10, 0x2, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000010600)='./file0\x00', 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c66617374626f6f742c746573745f64756d6d795f656e6372797074696f6e2c6673796e635f6d6f64653d7374726963742c00200da779e57c52e33a83fdbd563a5b7c6b958cb6e49387a5ba5a89b0887c0292eb888cc8efa81040100d83ba748033542625bc334eaf793332891541000f3c63c0a5f0af254a5bd1f4b81d0c5188ddcadf07eff7b49004e0b243a8a4d93632fbe9ab868d88310829d8e04a3c0572143a3d3d1472cc5da6f72bb097f5f7b95a09e442c0a1463aaa90db7dcbc542dc5bced278eda11583f810469b706968e793db32300c41ec42421e326f0f3d24478d7f472cf86b66accda698e56ae96dc33ced02f8e6601ed0a758a9f6b0712af45bc138adb9217e31e309a3039a15f4f323957b2824eb068440a8e9c31857f52472347e7560aa15cb70c902000000326a7321796b653e49bbde9213cfcd77871a61e6daf5deab0eea", @ANYRES32=0x0], 0x1, 0x105d6, &(0x7f0000010640)="$eJzs3E1rY1UYB/AnU+fVcRxkXnTlBREaMKFpO0VBpOoMOmCH4svClaZJGjKT5JYmfXHWuho/gltBxJ2fwY1fY3AhiAvB3YiSe29lqrNwOmlT298Pbv/nnpz75JxLNie3JIBj62Ly+2+luBBnI2IqIs5HZO1ScWQW83g+Il6MiBMPHaWi/++OUxFxLiIujIrnNUvFSwt/3H/w9Qs3X7/37f1y7edvvprcqoFJezkiemt5e6uXZ9rO83bRX9/sZNmb3ywyf6F3pzhP89xqrWQVtuo74+pZzrXz8enaxmCUq916Y5TtzmrWv9bP33Cw2d6pk11wu76enTdbK1l2BmmW7bv5vLaLvDsY5nWaRb3PsvIxHO5k3t/abuXrWbuTZaM/LPrzummztT3KzSKLt4tG2m1m81jZ820+9N7r9De2k83W+qCT9pNr1dqr1dpCpbaeNlvD1nyl3msuzCfT7e5oWGXYqvcW22na7raqjbRXTqbbjUalVkumr7dWOvV+UqtV56ozlWvlovVK8s6tj5JuM5ke5Vud/saw0x0kq+l6kl9RTmarc6+Vk5dqyQdLy8ny+zduLC1/+Mn1j2+9uXTz7WLQv6aVTM/OzM5WajOV2Vr5cK7/VFF/jOufin1Yf+nJLue48wECeGz2/8Ak2P8/zv4/2fN9PuyOyP7/13vHe/17ZvvGE/EBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4tn46+f27WeNifv500f9M0fVcRFyNiCsRcTki/nyEqTi1q+aliCgV7UeNP/mPOfxQiqzC6JrTxXEuIhaL48Gz+30XAAAA4Oj67sfPv4iYGjWzP29MekIcpOJLmzPjqpd95fPUuKpdyoptj6na5Z2SY3ElIk5e/GVM1a5GxInzn46p2n8ytSvOPBSlPE4c5GwAAICDsXsnMLbdGwAAAIfOl5OeAJORPa8t/he/eBZ8Oo/igeDZXWcAAADA/1Bp0hMAAAAA9l22//f7fwAAAHC05b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwF/s3E+uEjEcB/Af4Aj4JxLDn6uwMi5ZcAiP4NID6G3ccQYTwjlw5xEMGDqVAOLmTXlM3vt8kplOJ/Bth4RFWygAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAt/axWi++br9+a5uz2zZR5GgAAAOCabbVapItRXX+d77/Nt95HxCwiphExiYhrY/devDxJ7MQ4nWvXXl9d9OFHREo4vKefj1cR8TEfv9/d/nMAAACAp2qzni8jeofLdPpwvOIZyJM2g1J5acrnRam0cQr7Uiht8jeyiGlEVKNfhdJmEdF98ynX/vv9GxZq7qSRXAxOik5ddAs2BgAAtMT5SKDY6A0AAIDW+XzvDnAfab02/xY/rwX36yIvCA7PagAAAEB7Xf7b/qjzuP0AAAAA7iCN///Z/y/PCjx8/7+w/x8AAAC0SL3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALe0rVaLzXq+bJqz2zdT5mkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4w/68o0AIhEEY7F3fdxq8/7GkQVNTkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDe/+8v/ialxJpl7bSw9jyRrp8bWqbF3bhz9YXz9GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn/uTiAEgiAM9p3/OS3mH5Y0aAwiVMHCxwzzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX/S7X/5PTI0zydxpY+l4JFm7amxdNfYeNI4ejLd/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdife9uEgTCOw6+dRInbZIT0Fh8z0FAhGIEPCcmSZ2AAFqKhorVYBFYAAQctnSl4nub/0+mKOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgPZ2e3viIiOzzkXnkw9Xf4XLwFfm6aQbf18w2x339c8vJdjdK+Rvj/yIiisha+A0AQPvK+6ZYLKt5J203bS9tP205ravZKx8NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwZucOWqJ4wwCAv7s6699/p44qRNChLrmpWQZeOgjeg6BuoptIa4XuQcWLnyDqtNe+Qt7qK/QFgg4leOjgoaBLEMXuzuq7pKIEM4P7+8Ez8+jCzPvuwrDPPO8sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAuBzvhUjcvhRBGB4/ylo/ftheP279/+Wm0G1/vv7sSH7N1iCSE8GSlXruV4VyKbn1z6+lCvV5bk/RDMpR+7EUZj6SwSXyVKOVzcQIA4EJJ0mh9u/yS7M63/leaDeH3m976/3qUh1Pq//3mSBKaI2P7zZGxXxsfGvG54vp/IrMZFsbQSS9UG6svquubWzdXVheWa8u1Z1NTk9N3pm/fuztZbd8rqbpjAgAAwL+ppBHX/+XZv/v//0d5OL3+H+vGw7nHj+JzDfR3/X+io6Zf3iMBAADob5ev/vh+3OrLUqUSNhYajbWJzvbw78nONoehnttQGnH9PzCb96gAAACALBzslHr6/0tRHs7Y/x9/u70XH3MghDCc9v/HF5/Xl7KbTqFl8Thx3nMEAAAgX8NpxP3/pL3+v3y45KEcQrhxrZOnPwN4pvr/8+sHPQ+tx+v/p7KbYiGVZzrvR3s/E8LgTN4jAgAA4CL7L41Wsb+X7M6v/Xw1V7H+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4w44dozQQRGEA3uxmtRIDVmrlBUQvELEQxMZDiILgCUQQDyC2lt7B0jukVrCxsEzhDeTN7qikCVjsKvk+mLxHGDIvkyb/AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMNd0/7uv4mXU9GX73vPH1UnUl5ka3u/XN2NFP+hy6H9nr+8BAAAAWBBVzvdFUbzVj4dRy3HK/3XeE5n/YaXpc56fzf25Pt29buT8f328dfl10Kg5Jz707PzidKezb/j3rc7dMUw3n569VOkHKY9u1qZ1us/B7WRysJTa5S6mBQB+YzvXtsn/h6Lu9jkYAAtj2K7iR/6vxv3OBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCFzwAAAP//9JxdmQ==")
syz_open_dev$audion(&(0x7f0000000040), 0x1ff, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
msync(&(0x7f000073c000/0x1000)=nil, 0x1000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES64=0x0], 0x20)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00000009000100053582c137153e3702480180000c0000d1bd", 0x33fe0}], 0x1}, 0x0)

3.003382694s ago: executing program 3 (id=1151):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$UHID_CREATE2(r0, 0x0, 0x119)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000140)={[{@acl}, {@nodioread_nolock}, {@nodioread_nolock}, {@data_err_abort}, {@lazytime}, {@nodelalloc}, {@minixdf}, {@grpid}]}, 0x0, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
r1 = syz_clone(0x28020000, &(0x7f0000003240)="ac3527d4347c9f26b0ab9a3c16897cffb533d96dad628a4ec49031318ea2e7cb410296053a1b9e0914107df12035b45336d13a2955468752b4bd2126c49d9c22985094cf8ea91caa3aeb1691ad7808fe9360096b936e494f490d7674badbca3cac07b18ffc91c8f6f20ed7481371a52e0bf1390bd1acca2a481fbeb66f8846398e825ebc30768dea1d091608de829a7e00827a8c3c06c21eddb639b48d31aec060ab334b97a69ab74fcc74892ee4244f8c8e84622431186e878392457561de7381a70b87de8573b77849537011928bf8f97e924968423d41944096cdb34190b94cb760b953220694db83d2917ce644574d9c13b87e6a9cb029fced0decdc658214ddef4290d24bf6798c31ea3f1c344b2dbcec8a0631af2c7ff66f83e4015dc50f56b4a4c84f68cb91a2a060132adbb22fac7baac10f6a481b15aaa2d48ad3dc19d5b5d4de3abc731054d75dd879eabe481b2c29550065609380c1cdb65ea52add0e274b4ebd46262503756c4028552fc99d1517536a2bc109ac451035ebee26a33a4b4e19567c8d05b40456c0caeffee55f002e34ace66379327f7ae2d9ef9f5496a9f5ea98cf20581f1e35fff60e57d4943054d4189b57b7d95a47ba74525726923954ea6995286dfcbe8bd9d200d8f1fe8985cd9f3f73e983e3baedf1b1763f5e985bfc019419b7d8f347b94f9e8b645c865aeb5c1af05841e6d3e6482a6c5f0253313cab1e56a7002dcdb43be7719bd3f0e86ad87ea2d19dedaed13ea7e237d80126f77b67f48f7a1ff4eb649effa09bef74cccc3211724b73f58629a0b8de9c87220b785a3896b39cf807471175e596f850da799ef9183661e3b57c4396f470ef61a5f527150c2ebcd756335d5b5eb77bd4add90c0bb75734040f27f4973260a35033f27440d1879e6545ea3e25f8dd63a194a1a8304a27dbc8f35dec884e7a2f8fd75056214f90c32df3ebd883005e013c6334e8182dce93d910ca32ba5f86232ce59d0e8e658e226db95fa35d495f9d0b00b594dd472bb22e131f0c8e5b50babafc5a895c7cff8bc23c8770b2f8b9ead561be1f72cff18c8078670fff3797a71e00851469bccdcb14b70b98b6fbe36477635419a5d93a45a32f93af6918a75acf6edd90f7eb240efe415d37a060ca226a6834bcfb352547d3357b1eeab700554397d3600d9544dcf0dbcb81ee54f154068ca729843483c088d56dc92553d5d88823257017854a20a100e9c77053e0faf6925421a60b7cb2a1d9b3f96db2125b442316a49ead57b8472eeada2344ae0a645f9d3b8f557c2a72f019c757faadb242db5014b8852185b441dd1b35a37aa3858f3db1eaa1105e7a8b9915b69127a950faaa5b0d1ca33bd40166fafc58749e7796105e183aab9e5859a786469895aeb7627d4299924c8272f8031ef2ee5c7eef66e2be028ffc7a6e9c2c27c449a1afd56e30de7891ed268c7786bfe49367eb7b369bdccb43161585890a63bf4834374fe1f97d86a198c51f752f6ca067a22c276eae50797acfdefbf0f3d476fff9251e6cfd4d74d4286c0122d40782473e5a40a0b1c3b94f7b17c3390537e0f0a82391b1aafdd084615175c4bdde65f943be4361a1c841b473f8f2dfa7cbff485406f172f948b1202b719d0677b39908a2872710552816e9214c3e70cfa3b9bfccd015ddbad5d143f17431b9018eadedf2fe8cbb7a492defe6053a3085740fa593dc487ab652be195ee7b4ade8f5746d0dfb562906b5126450a74afcf5fe2c5cfcc5d16a0a51309fd910e44397cc7e24fc3643580aad8cc06d1575cfe48c6c6c1eeb563fbc040d9252296e5974b027224ade120956480c4725c73756a9411e6ab793d1194529425a6584cee52c68ac1ee640380475d6c4b253c6d93f82bec8f0225c2882f70bcd7906921b8360a6cc30eacf86dc8b701c6661a9e56932d43e1aee5c5ac6b41b7f861b90cfcfd1bb32c3551f86e6ca4fd70bca0480097326f70c53122d20f199b465c3723a4f17482cc96bbf6f252ff57dd668fea61924626a995ee51efb7163bd5bc611270af1bdf7ab14d25cbd063e0a55047a4a9f8327e183c67b21b22c91cf770f870524f8f5c7f0a0896e9c9c5c5e3acb00c168a755a786c8511e6dcda4626a1c98d535d71942db6660246fa59aa6acc94c01fd0aeec72cd73e12936cc333ad45215653eb1930e710a37a93f1a7a51ef0ccb4076f2a414ecb9ad8bd656464af82f9c99d50a59a93082e2ae2775d64edf9bedd756b730042cd9da2b5460f691035c6bedd5d74ad246f11c20b41f99ac9f4742e48aa25ef6edfc03eb6bb04010a8ced206c281667a5066a93f6a37f5f969ba11ad932900467fba4017f6351f06fd0e97ab076138d99387b80db716b148344bf632e238d4825ef892b6d73a3caa64369217b20a7a9a8f49e86d0be2bb239728a4a2c41d2ada0cea58406bbd7c36ba77a3f077de820254209dcc27b6d4643700167adf0f73e1cf691fb68e54d7d8aab6806391c405e490df0617495e48e84b65b09a5d890d90fab7c3edf4577de9821fb06028cb8dcb92a63fa8cdd9ab219b28052dcc7fabfc3c3581d31e6afc00406a57a9dfce3974e4922c4df7277c9b557cdf6bf9b7d029658da983533a8fd3dfedd017542e997fd7910f6ad63d2cfd625aa96a36ac9e0cb10c5507f0f4f8cecf362cea2f8d1473a4df2ca94ffc84b26d2c344caad47811e39d783d820e5dac51a69864641dfafeaa833a8765628044436aa28fc6e3f04aff561fe78e63fe41a156042c3d4f0be33f57566b7dd8f092b4f28d2534f5fc198054f653aec3db1cdc942591be8749502bf558b4f5692e28d702883b22d74f474376f2ace5c2fd309b6ab517ef51cc1a9db66b72a5d6323e68952812b9b87dabc2f2cebd3d7533f5495de66fb62d03cede10839441d4fcde2136c9a892a6e3ca2354b16261ead11c2a1b8a54ad18feb5f4c32f5ba8e45ea8b04c70e21f3a36a609f68909184d5e1e64e2d02cdd8de5868f77d4a3ed0da55c689ffdb0c6409166e3c8ba46270968015f87cfd81bc9ab1f06e8a594226b56d7db9a8693dcc3a1f13d526af2ff96478cd209b61956f47da8a4d64bafb3684d3d383f8dff1ba42217c884be9ee85c039390af48885711c6374c0b86d3f728009d98f43a8ece8c45e9df3332c21bbdf9a96186f94fb6ab705c702984508ba4bd34d6ee31c8bacecdb90a7c1d5efa14702b377ebd8fac6bb0d2df0b84a9c3970b318c919d9740c3e42b03307d32ace2709", 0x908, &(0x7f0000004240), &(0x7f0000004280), 0x0)
syz_open_procfs(r1, &(0x7f0000000080)='net/tcp6\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_tables_names\x00')
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
read$eventfd(r2, &(0x7f0000000000), 0x8)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000900))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r3, r5, 0x25, 0x0, @void}, 0x10)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000140)={'team_slave_0\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}})

2.930329976s ago: executing program 0 (id=1152):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x7fffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000140)=':', 0x1}], 0x1}}, {{&(0x7f0000000440)={0xa, 0x4e23, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000080)='@', 0x1}], 0x1}}], 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0xfffa83)

2.927780557s ago: executing program 1 (id=1153):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000180)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0/file1\x00', 0x200810, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x10000000000030, 0x0, &(0x7f0000e5f000))
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2.841370109s ago: executing program 4 (id=1154):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r0, 0x3)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)
r2 = socket(0xa, 0x5, 0x0)
listen(r2, 0x100)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000f40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000500)='p', 0x1}], 0x1}}], 0x1, 0x20000004)
r4 = socket$inet(0xa, 0x801, 0x84)
listen(r4, 0x8)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r5, 0xfff)
r6 = socket$netlink(0x10, 0x3, 0x4)
r7 = socket$inet(0xa, 0x801, 0x84)
listen(r7, 0x8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r6)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

2.727452033s ago: executing program 4 (id=1155):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x7fffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000140)=':', 0x1}], 0x1}}, {{&(0x7f0000000440)={0xa, 0x4e23, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000080)='@', 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r3, 0x1)
sendfile(r3, 0xffffffffffffffff, 0x0, 0xfffa83)

2.202840549s ago: executing program 3 (id=1156):
openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x25000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha1\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="2c385ad49100dc6626c892b6", 0xc)

1.703961586s ago: executing program 4 (id=1157):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0xb8f7)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x30, 0x0, &(0x7f0000000100))
ioctl$sock_SIOCETHTOOL(r3, 0x8946, 0x0)

1.703262696s ago: executing program 2 (id=1158):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
shutdown(r0, 0x1)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)

1.686458266s ago: executing program 0 (id=1159):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

577.857832ms ago: executing program 2 (id=1160):
socket$netlink(0x10, 0x3, 0x9)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x208a00, 0x5f)
socket(0x10, 0x803, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e21, @loopback}, {0x2, 0x0, @remote}, {0x2, 0x4e23, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x6})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x24018807)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

575.710542ms ago: executing program 3 (id=1161):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000300000500000a44000000090a010400000000000000000a0000040900010073797a31000000fc08000540000000020900020073797a310000000008000a40fffffffc08000340000000"], 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

575.491802ms ago: executing program 4 (id=1162):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x48, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000028060001001a"], 0x1c}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3)
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001240)={0x38, r4, 0x1, 0x71bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0xf}, @val={0x8}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'veth1_to_team\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000050}, 0x4050)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4, &(0x7f0000000100)=ANY=[], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")

411.553137ms ago: executing program 2 (id=1163):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x7fffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
shutdown(r3, 0x1)
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r3, r4, 0x0, 0xfffa83)

0s ago: executing program 1 (id=1164):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000680)={'lo\x00', 0x0})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6a72c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000b80)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SIOCSIFHWADDR(r2, 0x8b26, &(0x7f0000000000)={'wlan1\x00'})

kernel console output (not intermixed with test programs):

adv_slave_1: link becomes ready
[   32.459303][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.461878][ T4333] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.463696][ T4333] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.465165][ T4333] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.466656][ T4333] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.469836][ T4327] device veth1_vlan entered promiscuous mode
[   32.476929][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   32.478468][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   32.479929][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   32.481095][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   32.488564][ T4335] device veth1_vlan entered promiscuous mode
[   32.491856][ T4338] 8021q: adding VLAN 0 to HW filter on device batadv0
[   32.507270][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   32.508810][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.510438][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.512148][ T4327] device veth0_macvtap entered promiscuous mode
[   32.538643][ T4328] device veth0_macvtap entered promiscuous mode
[   32.546659][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   32.548208][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   32.549746][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.551314][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.555790][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.557522][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.559034][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   32.561962][ T4328] device veth1_macvtap entered promiscuous mode
[   32.572486][ T4327] device veth1_macvtap entered promiscuous mode
[   32.577785][ T4335] device veth0_macvtap entered promiscuous mode
[   32.582515][ T4335] device veth1_macvtap entered promiscuous mode
[   32.589541][ T4327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.591465][ T4327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.597805][ T4327] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.603646][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.605451][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.606994][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   32.608433][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.609902][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.611391][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.622042][ T1576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   32.623426][ T1576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   32.626499][ T4328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.629211][ T4328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.630781][ T4328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.632345][ T4328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.634885][ T4328] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.636765][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   32.638353][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.640047][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.651188][ T4327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.653099][ T4327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.655318][ T4327] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.667577][ T4328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.669337][ T4328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.670875][ T4328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.672659][ T4328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.675963][ T4328] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.677269][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   32.679071][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   32.680673][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.682104][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.685260][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.686982][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.690792][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   32.692372][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   32.695066][ T4327] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.696539][ T4327] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.697888][ T4327] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.699327][ T4327] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.701506][ T4335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.705895][ T4335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.707421][ T4335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.709091][ T4335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.710657][ T4335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.712379][ T4335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.714932][ T4335] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.718270][ T4338] device veth0_vlan entered promiscuous mode
[   32.719787][ T4335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.721539][ T4335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.723951][ T4335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.725706][ T4335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.727253][ T4335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.728862][ T4335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.731083][ T4335] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.732385][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   32.733918][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   32.735361][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.736888][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.738547][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.740074][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.743899][ T4335] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.745367][ T4335] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.746826][ T4335] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.748177][ T4335] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.756289][ T4328] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.757748][ T4328] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.759211][ T4328] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.760715][ T4328] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.763068][ T1576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   32.764415][ T1576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   32.769802][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   32.772153][ T4338] device veth1_vlan entered promiscuous mode
[   32.841768][ T1576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   32.842183][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   32.843406][ T1576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   32.845352][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   32.846365][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   32.848369][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   32.858225][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   32.859857][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   32.866408][ T4338] device veth0_macvtap entered promiscuous mode
[   32.870384][ T4338] device veth1_macvtap entered promiscuous mode
[   32.879145][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.880979][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.885126][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.887030][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.888581][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.890275][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.891997][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.896397][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.898877][ T4338] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.900464][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.902301][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.905191][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.906813][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.910780][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.913603][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   32.928585][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.930422][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.932078][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.935121][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.936993][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.938935][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.940967][ T4338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.942667][ T4338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.948357][ T4338] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.951402][ T4338] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.952791][ T4338] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.955092][ T4338] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.956559][ T4338] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.962688][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.964790][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.970443][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   32.971711][ T4412] loop0: detected capacity change from 0 to 128
[   32.971721][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   32.971919][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   32.999180][ T4412] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.013779][   T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   33.015139][   T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   33.017086][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   33.021942][   T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   33.026673][   T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   33.028044][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   33.030972][   T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   33.032311][   T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   33.054552][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   33.087547][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   33.089229][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   33.092679][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   33.562107][ T1665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   33.564557][ T1665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   33.642494][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   33.763529][ T4342] Bluetooth: hci0: command 0x041b tx timeout
[   33.763552][ T4339] Bluetooth: hci2: command 0x041b tx timeout
[   33.765857][ T4339] Bluetooth: hci1: command 0x041b tx timeout
[   33.853573][ T4332] Bluetooth: hci4: command 0x041b tx timeout
[   33.853585][ T4342] Bluetooth: hci3: command 0x041b tx timeout
[   33.890928][ T4333] EXT4-fs (loop0): unmounting filesystem.
[   34.251631][ T4437] loop1: detected capacity change from 0 to 1024
[   34.252629][ T4431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.263554][ T4431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   34.287100][ T4439] Set syz0 is full, maxelem 0 reached
[   34.316029][ T4437] syz.1.8: attempt to access beyond end of device
[   34.316029][ T4437] loop1: rw=0, sector=393346, nr_sectors = 2 limit=1024
[   34.322644][ T4437] syz.1.8: attempt to access beyond end of device
[   34.322644][ T4437] loop1: rw=2049, sector=393220, nr_sectors = 2 limit=1024
[   34.326631][ T4441] device syzkaller0 entered promiscuous mode
[   34.331195][ T4437] Buffer I/O error on dev loop1, logical block 196610, lost async page write
[   34.336120][ T4437] syz.1.8: attempt to access beyond end of device
[   34.336120][ T4437] loop1: rw=2049, sector=393222, nr_sectors = 120 limit=1024
[   34.348330][ T4437] syz.1.8: attempt to access beyond end of device
[   34.348330][ T4437] loop1: rw=0, sector=5778, nr_sectors = 2 limit=1024
[   34.354864][ T4437] syz.1.8: attempt to access beyond end of device
[   34.354864][ T4437] loop1: rw=0, sector=5778, nr_sectors = 2 limit=1024
[   34.546204][ T4449] loop1: detected capacity change from 0 to 16
[   34.549448][ T4449] erofs: (device loop1): erofs_read_inode: unsupported i_format 31 of nid 36
[   34.565397][ T4449] netlink: 'syz.1.14': attribute type 1 has an invalid length.
[   34.574725][ T4449] bond0: (slave veth3): Enslaving as an active interface with an up link
[   34.591402][ T4449] device veth0_to_bond entered promiscuous mode
[   34.594164][ T4449] bond0: (slave vlan2): Enslaving as an active interface with an up link
[   34.630462][ T4451] loop1: detected capacity change from 0 to 256
[   35.987947][ T4342] Bluetooth: hci2: command 0x040f tx timeout
[   35.989042][ T4342] Bluetooth: hci4: command 0x040f tx timeout
[   35.991869][ T4342] Bluetooth: hci0: command 0x040f tx timeout
[   35.993055][ T4342] Bluetooth: hci1: command 0x040f tx timeout
[   35.994018][ T4342] Bluetooth: hci3: command 0x040f tx timeout
[   36.024089][ T4482] netlink: 'syz.4.24': attribute type 1 has an invalid length.
[   36.106200][ T4484] loop0: detected capacity change from 0 to 512
[   36.131638][ T4484] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   36.412058][ T4494] binder: 4493:4494 tried to acquire reference to desc 0, got 1 instead
[   36.416570][ T4494] binder_alloc: 4493: pid 4493 spamming oneway? 2 buffers allocated for a total size of 5120
[   36.421298][ T4380] binder: undelivered TRANSACTION_COMPLETE
[   36.422215][ T4380] binder: undelivered TRANSACTION_COMPLETE
[   36.437569][ T4497] loop1: detected capacity change from 0 to 2048
[   36.440864][   T22] binder: undelivered transaction 6, process died.
[   36.442181][   T22] binder: undelivered transaction 5, process died.
[   36.745929][ T4484] fuse: Invalid group_id
[   36.747099][ T4502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   36.750223][ T4502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   36.771084][ T4497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   36.774135][ T4497] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   36.854740][ T4505] overlayfs: unrecognized mount option "\']*=°¢°©ę[\1\" or missing value
[   36.887441][ T4507] netlink: 'syz.2.32': attribute type 2 has an invalid length.
[   37.747510][ T4333] EXT4-fs (loop0): unmounting filesystem.
[   38.041401][ T4344] Bluetooth: hci3: command 0x0419 tx timeout
[   38.042572][ T4344] Bluetooth: hci1: command 0x0419 tx timeout
[   38.043738][ T4344] Bluetooth: hci0: command 0x0419 tx timeout
[   38.044954][ T4344] Bluetooth: hci4: command 0x0419 tx timeout
[   38.046545][ T4344] Bluetooth: hci2: command 0x0419 tx timeout
[   38.121272][ T4525] device syzkaller0 entered promiscuous mode
[   38.210548][ T4530] device syzkaller0 entered promiscuous mode
[   40.105921][ T4552] netlink: 68 bytes leftover after parsing attributes in process `syz.4.44'.
[   40.127849][ T4554] loop0: detected capacity change from 0 to 2048
[   40.162520][ T4554] EXT4-fs (loop0): Encoding requested by superblock is unknown
[   40.649118][ T4567] netlink: 4 bytes leftover after parsing attributes in process `syz.0.47'.
[   41.042031][ T4575] loop1: detected capacity change from 0 to 8
[   41.106924][ T4575] SQUASHFS error: lzo decompression failed, data probably corrupt
[   41.108382][ T4575] SQUASHFS error: Failed to read block 0x91: -5
[   41.111286][ T4575] SQUASHFS error: Unable to read metadata cache entry [8f]
[   41.112471][ T4575] SQUASHFS error: Unable to read inode 0x11f
[   42.083086][ T4586] netlink: 3 bytes leftover after parsing attributes in process `syz.1.49'.
[   42.476456][ T4583] No such timeout policy "syz1"
[   42.914545][ T4598] netlink: 20 bytes leftover after parsing attributes in process `syz.1.56'.
[   42.992403][ T4603] loop0: detected capacity change from 0 to 4096
[   42.995010][ T4603] EXT4-fs: inline encryption not supported
[   42.998617][ T4603] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   43.000370][ T4603] EXT4-fs (loop0): Test dummy encryption mode enabled
[   43.009407][ T4603] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003]
[   43.010964][ T4603] System zones: 0-5
[   43.016245][ T4603] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   44.130439][ T4625] binder: 4624:4625 tried to acquire reference to desc 0, got 1 instead
[   44.138327][ T4625] binder: 4624:4625 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   44.141585][ T4625] binder: 4625 RLIMIT_NICE not set
[   44.145946][ T4625] binder: 4625 RLIMIT_NICE not set
[   44.149953][   T24] binder: release 4624:4625 transaction 11 out, still active
[   44.151798][   T24] binder: undelivered TRANSACTION_COMPLETE
[   44.178336][   T24] binder: release 4624:4625 transaction 11 in, still active
[   44.179755][   T24] binder: send failed reply for transaction 11, target dead
[   44.212284][ T4603] fscrypt: AES-256-XTS using implementation "xts-aes-ce"
[   44.260705][ T4628] loop3: detected capacity change from 0 to 164
[   44.280258][ T4623] loop2: detected capacity change from 0 to 32768
[   44.296236][ T4623] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.63 (4623)
[   44.312657][ T4623] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   44.315038][ T4623] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[   44.319186][ T4623] BTRFS info (device loop2): turning off barriers
[   44.320243][ T4623] BTRFS info (device loop2): turning on async discard
[   44.321389][ T4623] BTRFS info (device loop2): doing ref verification
[   44.322517][ T4623] BTRFS info (device loop2): using free space tree
[   44.387578][ T4623] BTRFS info (device loop2): enabling ssd optimizations
[   44.533795][ T4652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.68'.
[   44.537596][ T4333] EXT4-fs (loop0): unmounting filesystem.
[   44.548301][ T4652] bond1 (unregistering): Released all slaves
[   44.564299][ T4335] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   44.789499][ T4664] loop0: detected capacity change from 0 to 512
[   44.794785][ T4664] =======================================================
[   44.794785][ T4664] WARNING: The mand mount option has been deprecated and
[   44.794785][ T4664]          and is ignored by this kernel. Remove the mand
[   44.794785][ T4664]          option from the mount to silence this warning.
[   44.794785][ T4664] =======================================================
[   45.000098][ T4664] EXT4-fs (loop0): external journal device major/minor numbers have changed
[   45.002183][ T4664] EXT4-fs (loop0): failed to open journal device unknown-block(8,1) -6
[   45.278785][ T4321] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   45.348378][ T4672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   45.350081][ T4672] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   45.359750][ T4672] loop2: detected capacity change from 0 to 128
[   45.366132][ T4672] affs: No valid root block on device loop2
[   45.508148][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.509624][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.510925][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.512285][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.514115][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.515424][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.516672][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.517903][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.519202][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   45.520514][ T4678] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   46.974892][ T4691] binder: 4690:4691 tried to acquire reference to desc 0, got 1 instead
[   46.995994][ T4684] loop1: detected capacity change from 0 to 32768
[   46.998974][ T4684] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.78 (4684)
[   47.012496][ T4684] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   47.017920][ T4684] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm
[   47.019610][ T4684] BTRFS info (device loop1): setting nodatasum
[   47.020725][ T4684] BTRFS info (device loop1): force zlib compression, level 3
[   47.022230][ T4684] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[   47.024444][ T4684] BTRFS info (device loop1): use lzo compression, level 0
[   47.025728][ T4684] BTRFS info (device loop1): turning on flush-on-commit
[   47.027097][ T4684] BTRFS info (device loop1): enabling auto defrag
[   47.028371][ T4684] BTRFS info (device loop1): max_inline at 4096
[   47.030364][ T4684] BTRFS info (device loop1): using free space tree
[   47.059949][ T4684] BTRFS info (device loop1): enabling ssd optimizations
[   47.114887][ T4691] binder: 4690:4691 ioctl c0306201 20000180 returned -14
[   47.117082][   T24] binder: release 4690:4691 transaction 16 out, still active
[   47.126976][   T24] binder: send failed reply for transaction 16, target dead
[   47.157037][ T4713] tipc: Started in network mode
[   47.158008][ T4713] tipc: Node identity 7f000001, cluster identity 4711
[   47.160221][ T4713] tipc: Enabled bearer <udp:syz2>, priority 10
[   47.175600][ T4713] netlink: 104 bytes leftover after parsing attributes in process `syz.4.80'.
[   47.180015][ T4713] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[   47.182350][ T4713] tipc: Enabled bearer <udp:syz0>, priority 10
[   47.184695][ T4328] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   48.295099][ T4660] tipc: Node number set to 2130706433
[   48.663645][ T4738] loop1: detected capacity change from 0 to 40427
[   48.667981][ T4738] F2FS-fs (loop1): Corrupted extension count (327717 + 1 > 64)
[   48.669523][ T4738] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[   48.671052][ T4738] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x3ffff
[   48.676430][ T4738] F2FS-fs (loop1): invalid crc value
[   48.692615][ T4738] F2FS-fs (loop1): Found nat_bits in checkpoint
[   48.708008][ T4743] netlink: 24 bytes leftover after parsing attributes in process `syz.4.87'.
[   48.727738][ T4738] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[   48.731213][ T4738] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   48.773822][ T4746] loop4: detected capacity change from 0 to 128
[   48.785647][ T4746] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   48.788439][ T4738] syz.1.85: attempt to access beyond end of device
[   48.788439][ T4738] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427
[   48.794795][ T4746] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   48.839857][ T4501] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   50.367600][ T4342] Bluetooth: hci0: command 0x0409 tx timeout
[   51.043716][ T4774] process 'syz.2.95' launched './file0' with NULL argv: empty string added
[   51.467989][ T4784] loop0: detected capacity change from 0 to 8
[   52.163408][ T4789] loop2: detected capacity change from 0 to 256
[   52.165006][ T4789] FAT-fs (loop2): Unrecognized mount option "shortname=winÅŁ4„“Bpxla‹e=1" or missing value
[   52.197982][ T4317] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   52.298196][ T4791] device syzkaller0 entered promiscuous mode
[   52.447314][ T4803] loop1: detected capacity change from 0 to 512
[   52.513841][ T4805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.515979][ T4805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.752085][ T4803] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   52.787596][ T4803] EXT4-fs (loop1): required journal recovery suppressed and not mounted read-only
[   54.306792][ T4660] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   54.702447][ T4660] usb 1-1: device descriptor read/64, error -71
[   54.972902][ T4660] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   55.132989][ T4660] usb 1-1: device descriptor read/64, error -71
[   55.303819][ T4660] usb usb1-port1: attempt power cycle
[   55.705558][   T27] audit: type=1326 audit(55.690:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.710642][   T27] audit: type=1326 audit(55.690:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.733143][   T27] audit: type=1326 audit(55.690:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=158 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.737140][   T27] audit: type=1326 audit(55.690:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.748351][   T27] audit: type=1326 audit(55.690:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.752521][   T27] audit: type=1326 audit(55.710:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.768606][   T27] audit: type=1326 audit(55.710:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.773297][   T27] audit: type=1326 audit(55.710:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.778577][   T27] audit: type=1326 audit(55.710:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=208 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.783087][   T27] audit: type=1326 audit(55.710:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4862 comm="syz.3.123" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7ffc0000
[   55.813425][ T4660] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   55.845160][ T4660] usb 1-1: device descriptor read/8, error -71
[   56.182999][ T4660] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   56.215608][ T4660] usb 1-1: device descriptor read/8, error -71
[   56.337472][ T4660] usb usb1-port1: unable to enumerate USB device
[   56.861100][ T4874] device syzkaller0 entered promiscuous mode
[   56.898281][ T4877] 8021q: adding VLAN 0 to HW filter on device bond1
[   57.079239][ T4878] net_ratelimit: 5266 callbacks suppressed
[   57.079252][ T4878] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[   57.099773][ T4877] device veth0 entered promiscuous mode
[   57.102503][ T4877] bond1: (slave macvlan2): making interface the new active one
[   57.109968][ T4877] bond1: (slave macvlan2): Enslaving as an active interface with an up link
[   57.111895][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[   57.273083][ T4888] netlink: 12 bytes leftover after parsing attributes in process `syz.4.133'.
[   57.601794][ T4888] netlink: 28 bytes leftover after parsing attributes in process `syz.4.133'.
[   57.603950][ T4888] 8021q: adding VLAN 0 to HW filter on device bond1
[   57.710798][ T4915] netlink: 'syz.4.141': attribute type 2 has an invalid length.
[   57.714632][ T4915] netlink: 'syz.4.141': attribute type 2 has an invalid length.
[   57.716194][ T4915] netlink: 8 bytes leftover after parsing attributes in process `syz.4.141'.
[   57.784282][ T4923] loop1: detected capacity change from 0 to 764
[   58.220484][ T4932] netlink: 24 bytes leftover after parsing attributes in process `syz.0.147'.
[   58.250867][ T4932] netlink: 20 bytes leftover after parsing attributes in process `syz.0.147'.
[   58.667928][ T4935] netlink: 12 bytes leftover after parsing attributes in process `syz.4.149'.
[   59.156094][ T4953] VFS: Mount too revealing
[   59.224909][ T4959] fuse: Bad value for 'fd'
[   60.067887][ T4970] xt_CT: No such helper "pptp"
[   60.752784][ T4984] device syzkaller0 entered promiscuous mode
[   60.780713][ T4989] loop3: detected capacity change from 0 to 512
[   60.806569][ T4989] EXT2-fs (loop3): (no)acl options not supported
[   61.333229][ T4995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.165'.
[   61.891787][ T5005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.169'.
[   62.404173][ T5025] device syzkaller0 entered promiscuous mode
[   63.616290][ T5036] device syzkaller0 entered promiscuous mode
[   63.693728][ T5051] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   63.693728][ T5051] The task syz.3.181 (5051) triggered the difference, watch for misbehavior.
[   64.528024][ T5067] fuse: Bad value for 'fd'
[   64.561883][ T5068] loop3: detected capacity change from 0 to 2048
[   64.628775][ T5068] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   65.002810][    C1] sched: RT throttling activated
[   65.008784][ T2064] ieee802154 phy0 wpan0: encryption failed: -22
[   65.010699][ T2064] ieee802154 phy1 wpan1: encryption failed: -22
[   65.558183][ T4538] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[   65.572113][ T4538] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   65.593303][ T4538] EXT4-fs (loop3): This should not happen!! Data will be lost
[   65.593303][ T4538] 
[   65.595121][ T4538] EXT4-fs (loop3): Total free blocks count 0
[   65.596092][ T4538] EXT4-fs (loop3): Free/Dirty block details
[   65.597114][ T4538] EXT4-fs (loop3): free_blocks=2415919504
[   65.598094][ T4538] EXT4-fs (loop3): dirty_blocks=3856
[   65.622213][ T4538] EXT4-fs (loop3): Block reservation details
[   65.628087][ T4538] EXT4-fs (loop3): i_reserved_data_blocks=241
[   65.630991][ T4538] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65793 with max blocks 2048 with error 28
[   68.773090][ T5104] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   68.774670][ T5104] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   68.775983][ T5104] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   68.777452][ T5104] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   68.786043][ T5104] bond0: (slave vxlan0): Enslaving as an active interface with an up link
[   69.349625][ T5119] netlink: 'syz.1.203': attribute type 10 has an invalid length.
[   69.526420][ T5119] 8021q: adding VLAN 0 to HW filter on device team0
[   69.528410][ T5119] bond0: (slave team0): Enslaving as an active interface with an up link
[   69.555893][ T5124] overlayfs: failed to clone upperpath
[   69.604704][   T14] cfg80211: failed to load regulatory.db
[   69.617117][ T5127] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   69.625538][ T5101] loop3: detected capacity change from 0 to 65536
[   69.740285][ T5136] netlink: 'syz.0.206': attribute type 1 has an invalid length.
[   69.751703][ T5101] XFS (loop3): Mounting V5 Filesystem
[   69.821182][ T5101] XFS (loop3): Ending clean mount
[   69.835718][ T5101] XFS (loop3): Quotacheck needed: Please wait.
[   69.850694][ T1575] XFS (loop3): Metadata CRC error detected at xfs_inobt_read_verify+0x50/0x108, xfs_inobt block 0x8008 
[   69.872788][ T1575] XFS (loop3): Unmount and run xfs_repair
[   69.874814][ T1575] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[   69.876129][ T1575] 00000000: 49 41 42 33 00 00 00 00 ff ff ff ff ff ff ff ff  IAB3............
[   69.877661][ T1575] 00000010: 00 00 00 00 00 00 80 08 00 00 00 00 00 00 00 00  ................
[   69.879320][ T1575] 00000020: d6 f6 9d bd 8c 5d 46 be b8 8e 92 c0 ae 88 ce b2  .....]F.........
[   69.880692][ T1575] 00000030: 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   69.882356][ T1575] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   69.887210][ T1575] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   69.888692][ T1575] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   69.890348][ T1575] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   69.891894][ T1575] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x184/0x290" at daddr 0x8008 len 2 error 74
[   69.895274][ T5145] netlink: 'syz.4.208': attribute type 12 has an invalid length.
[   69.896766][ T5147] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   70.215858][ T5101] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[   70.279900][ T4718] XFS (loop3): Metadata CRC error detected at xfs_allocbt_read_verify+0x50/0x108, xfs_bnobt block 0x8004 
[   70.282082][ T4718] XFS (loop3): Unmount and run xfs_repair
[   70.283174][ T4718] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[   70.284401][ T4718] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[   70.285902][ T4718] 00000010: 00 00 00 00 00 00 80 04 00 00 00 00 00 00 00 00  ................
[   70.293560][ T4718] 00000020: d6 f6 9d bd 8c 5d 46 be b8 8e 92 c0 ae 88 ce b2  .....]F.........
[   70.318220][ T4718] 00000030: 00 00 00 01 fa 4d b4 46 00 00 00 05 00 00 00 03  .....M.F........
[   70.327337][ T4718] 00000040: 00 00 04 a4 00 00 3b 5c 00 00 00 00 00 00 00 00  ......;\........
[   70.335654][ T4718] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   70.339332][ T4718] 00000060: 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   70.343871][ T4718] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   70.346528][ T5101] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x184/0x290" at daddr 0x8004 len 2 error 74
[   70.799124][ T4327] XFS (loop3): Unmounting Filesystem
[   73.173388][ T5193] loop3: detected capacity change from 0 to 512
[   73.590052][ T5193] EXT4-fs (loop3): orphan cleanup on readonly fs
[   73.599989][ T5193] __quota_error: 22 callbacks suppressed
[   73.600004][ T5193] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[   73.616644][ T5193] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   73.618382][ T5193] EXT4-fs error (device loop3): ext4_acquire_dquot:6841: comm syz.3.213: Failed to acquire dquot type 1
[   73.638061][ T5193] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[   73.648120][ T5193] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   73.649914][ T5193] EXT4-fs error (device loop3): ext4_acquire_dquot:6841: comm syz.3.213: Failed to acquire dquot type 1
[   73.661453][ T5193] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.213: bg 0: block 248: padding at end of block bitmap is not set
[   73.672577][ T5193] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6180: Corrupt filesystem
[   73.680978][ T5193] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[   73.683494][ T5193] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   73.685332][ T5193] EXT4-fs error (device loop3): ext4_acquire_dquot:6841: comm syz.3.213: Failed to acquire dquot type 1
[   73.713702][ T5193] EXT4-fs (loop3): 1 orphan inode deleted
[   73.886931][ T5193] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   74.165440][ T5218] netlink: 'syz.1.222': attribute type 1 has an invalid length.
[   74.167996][ T5193] raw_sendmsg: syz.3.213 forgot to set AF_INET. Fix it!
[   74.184479][ T5217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.223'.
[   74.201680][ T5217] 8021q: adding VLAN 0 to HW filter on device bond1
[   74.219916][ T5218] bond1: (slave bridge1): making interface the new active one
[   74.225636][ T5218] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   74.237537][ T5217] device macvlan2 entered promiscuous mode
[   74.270403][ T4327] EXT4-fs (loop3): unmounting filesystem.
[   74.280253][ T5217] bond1: (slave vti0): refused to change device type
[   74.300681][ T5218] device macvlan2 entered promiscuous mode
[   74.302385][ T5218] device bond1 entered promiscuous mode
[   74.305739][ T5218] device bridge1 entered promiscuous mode
[   74.308251][ T5218] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   74.312134][ T5218] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[   74.322145][ T5218] device bond1 left promiscuous mode
[   74.324570][ T5218] device bridge1 left promiscuous mode
[   75.260490][ T5302] loop1: detected capacity change from 0 to 512
[   75.269019][ T5302] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   76.369832][ T5305] sctp: [Deprecated]: syz.2.231 (pid 5305) Use of struct sctp_assoc_value in delayed_ack socket option.
[   76.369832][ T5305] Use struct sctp_sack_info instead
[   76.384594][ T5308] sch_tbf: burst 1023 is lower than device lo mtu (65550) !
[   76.386459][ T5302] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   76.388157][ T5302] EXT4-fs (loop1): orphan cleanup on readonly fs
[   76.389404][ T5302] Quota error (device loop1): v2_read_file_info: Can't read info structure
[   76.391092][ T5302] EXT4-fs warning (device loop1): ext4_enable_quotas:7093: Failed to enable quota tracking (type=1, err=-5, ino=4). Please run e2fsck to fix.
[   76.408813][ T5302] EXT4-fs (loop1): Cannot turn on quotas: error -5
[   76.425087][ T5302] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.230: bg 0: block 64: padding at end of block bitmap is not set
[   76.444336][ T5302] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6180: Corrupt filesystem
[   76.460740][ T5302] EXT4-fs (loop1): 1 truncate cleaned up
[   76.461797][ T5302] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   76.936717][ T4328] EXT4-fs (loop1): unmounting filesystem.
[   76.978382][ T5320] device syzkaller0 entered promiscuous mode
[   77.377875][ T5334] loop1: detected capacity change from 0 to 512
[   77.397094][ T5334] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   77.402127][ T5334] EXT4-fs (loop1): ea_inode feature is not supported for Hurd
[   77.675716][ T5345] loop0: detected capacity change from 0 to 256
[   79.441004][ T5373] netlink: 'syz.3.248': attribute type 1 has an invalid length.
[   79.472593][ T5373] 8021q: adding VLAN 0 to HW filter on device bond2
[   80.441494][ T5373] netlink: 28 bytes leftover after parsing attributes in process `syz.3.248'.
[   80.454083][ T5373] device bond2 entered promiscuous mode
[   80.954177][ T5373] bond2: (slave dummy0): making interface the new active one
[   80.956726][ T5373] device dummy0 entered promiscuous mode
[   80.965670][ T5373] bond2: (slave dummy0): Enslaving as an active interface with an up link
[   83.400680][ T5399] loop0: detected capacity change from 0 to 64
[   83.830597][ T5403] binder: 5402:5403 tried to acquire reference to desc 0, got 1 instead
[   83.843812][ T5403] binder: 5402:5403 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   83.852447][ T5403] binder: 5403 RLIMIT_NICE not set
[   83.856350][ T5403] binder: 5403 RLIMIT_NICE not set
[   83.866284][ T5410] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   83.871841][ T5403] binder: 5403 RLIMIT_NICE not set
[   83.875857][ T5403] binder_alloc: 5402: binder_alloc_buf, no vma
[   83.876896][ T5403] binder: cannot allocate buffer: vma cleared, target dead or dying
[   83.876925][ T5403] binder: 5402:5403 transaction reply to 5402:5403 failed 22/29189/-3, size 0-0 line 3230
[   83.888087][ T5403] binder: send failed reply for transaction 21 to 5402:5403
[   83.894393][ T4377] binder: undelivered TRANSACTION_COMPLETE
[   83.895621][ T4377] binder: undelivered TRANSACTION_ERROR: 29189
[   83.903381][ T4376] binder: undelivered TRANSACTION_ERROR: 29190
[   84.012270][ T5418] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   84.241288][ T5421] loop1: detected capacity change from 0 to 32768
[   84.673283][ T5421] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   84.674820][ T5421] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   84.704415][ T5421] gfs2: fsid=syz:syz.0: journal 0 mapped with 18 extents in 3ms
[   84.711880][ T4376] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   84.713825][ T4376] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   85.640056][ T5428] loop0: detected capacity change from 0 to 8
[   85.645240][ T4376] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 931ms
[   85.650807][ T4376] gfs2: fsid=syz:syz.0: jid=0: Done
[   85.652594][ T5421] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   85.665701][ T5428] SQUASHFS error: lzo decompression failed, data probably corrupt
[   85.667021][ T5428] SQUASHFS error: Failed to read block 0x91: -5
[   85.668069][ T5428] SQUASHFS error: Unable to read metadata cache entry [8f]
[   85.669276][ T5428] SQUASHFS error: Unable to read inode 0x11f
[   86.658651][ T5442] netlink: 3 bytes leftover after parsing attributes in process `syz.0.263'.
[   87.302142][ T5449] loop3: detected capacity change from 0 to 4096
[   87.327962][ T5449] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[   87.391765][ T5449] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[   87.394219][ T5446] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.400491][ T5446] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.698050][ T5449] ntfs3: loop3: Inode r=b is not in use!
[   87.699224][ T5449] ntfs3: loop3: Failed to load $Extend.
[   87.829768][ T5460] loop1: detected capacity change from 0 to 256
[   88.195985][ T5458] Zero length message leads to an empty skb
[   88.288463][ T5464] fuse: Bad value for 'fd'
[   88.301242][ T5468] device syzkaller0 entered promiscuous mode
[   89.453379][ T5477] netlink: 'syz.2.277': attribute type 4 has an invalid length.
[   89.476307][ T5477] netlink: 'syz.2.277': attribute type 17 has an invalid length.
[   89.853346][ T5501] loop3: detected capacity change from 0 to 256
[   89.894862][ T4317] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   91.284774][ T5510] loop0: detected capacity change from 0 to 4096
[   91.288630][ T5510] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[   91.309876][ T5510] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[   91.315073][ T5510] ntfs3: loop0: Inode r=b is not in use!
[   91.317388][ T5510] ntfs3: loop0: Failed to load $Extend.
[   93.104467][ T5548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.295'.
[   96.358284][ T5581] netlink: 'syz.3.304': attribute type 1 has an invalid length.
[   96.427607][ T5581] bond3: (slave bridge1): Enslaving as a backup interface with an up link
[   96.441929][ T5581] bond3 (unregistering): (slave bridge1): Releasing backup interface
[   96.865632][ T5581] bond3 (unregistering): Released all slaves
[   97.973553][ T5618] ptrace attach of "ci2-linux-6-1-kasan-arm64/syz-executor exec"[4328] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
[  101.018749][ T5652] device syzkaller0 entered promiscuous mode
[  101.037119][ T5652] TC_ACT_REPEAT abuse ?
[  102.007414][ T5669] 8021q: adding VLAN 0 to HW filter on device bond2
[  102.116206][ T5672] device veth0 entered promiscuous mode
[  102.117759][ T5672] bond2: (slave macvlan3): making interface the new active one
[  102.119324][ T5672] bond2: (slave macvlan3): Enslaving as an active interface with an up link
[  102.121271][ T5674] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.123287][ T5674] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.135114][ T5674] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  102.137931][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  102.185566][ T5679] loop3: detected capacity change from 0 to 512
[  102.187649][ T5679] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  102.198053][ T5681] device syzkaller0 entered promiscuous mode
[  102.254493][ T5679] EXT4-fs (loop3): required journal recovery suppressed and not mounted read-only
[  103.601658][ T5705] 9pnet: p9_errstr2errno: server reported unknown error ČVmI®LÓā—…N
[  104.515788][ T5712] netlink: 'syz.3.341': attribute type 1 has an invalid length.
[  104.626679][ T5712] device bond3 entered promiscuous mode
[  104.629997][ T5712] 8021q: adding VLAN 0 to HW filter on device bond3
[  104.643371][ T5717] 8021q: adding VLAN 0 to HW filter on device bond1
[  104.651880][ T5720] device veth0 entered promiscuous mode
[  104.658134][ T5720] bond1: (slave macvlan2): making interface the new active one
[  104.659669][ T5720] bond1: (slave macvlan2): Enslaving as an active interface with an up link
[  104.664692][ T5277] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  104.899260][ T5726] bond3: (slave bridge2): making interface the new active one
[  104.900517][ T5726] device bridge2 entered promiscuous mode
[  104.902572][ T5726] bond3: (slave bridge2): Enslaving as an active interface with an up link
[  104.913487][ T5277] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  105.836270][ T5738] netlink: 'syz.4.360': attribute type 11 has an invalid length.
[  105.919857][   T27] audit: type=1326 audit(105.900:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5735 comm="syz.3.350" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c977aa8 code=0x7fc00000
[  105.923664][   T27] audit: type=1326 audit(105.900:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5735 comm="syz.3.350" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=94 compat=0 ip=0xffff8c977aa8 code=0x7fc00000
[  106.734385][ T5758] netlink: 'syz.0.352': attribute type 1 has an invalid length.
[  106.754850][ T5758] bond3: (slave gretap1): making interface the new active one
[  106.756731][ T5758] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  106.771793][ T5758] bond3: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  107.628353][ T5776] device syzkaller0 entered promiscuous mode
[  110.496215][ T5807] fuse: Bad value for 'fd'
[  110.510366][   T24] kernel write not supported for file [eventfd] (pid: 24 comm: kworker/1:1)
[  115.269824][ T5881] binder: 5879:5881 tried to acquire reference to desc 0, got 1 instead
[  115.665456][ T5881] binder: 5879:5881 ioctl c0306201 20000180 returned -14
[  115.734115][   T24] binder: release 5879:5881 transaction 27 out, still active
[  115.735389][   T24] binder: undelivered TRANSACTION_COMPLETE
[  115.743226][  T111] binder: send failed reply for transaction 27, target dead
[  115.769628][ T5908] loop3: detected capacity change from 0 to 256
[  115.772579][ T5908] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  115.782114][ T5908] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 0000fc00)
[  115.785961][ T5908] FAT-fs (loop3): Filesystem has been set read-only
[  115.799602][ T5908] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 0000fc00)
[  116.318972][ T5920] netlink: 24 bytes leftover after parsing attributes in process `syz.1.398'.
[  118.158222][ T5947] loop1: detected capacity change from 0 to 512
[  118.170213][ T5947] EXT4-fs (loop1): external journal device major/minor numbers have changed
[  118.171882][ T5947] EXT4-fs (loop1): failed to open journal device unknown-block(8,1) -6
[  118.282280][ T5953] binder: 5952:5953 tried to acquire reference to desc 0, got 1 instead
[  118.316498][ T4317] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  118.657052][ T5953] binder: 5952:5953 ioctl c0306201 20000180 returned -14
[  118.661165][ T4380] binder: release 5952:5953 transaction 32 out, still active
[  118.679231][ T4380] binder: send failed reply for transaction 32, target dead
[  120.938564][ T5983] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  120.939813][ T5983] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  120.941540][ T5983] vhci_hcd vhci_hcd.0: Device attached
[  121.300661][ T5984] vhci_hcd: connection closed
[  121.310263][ T1576] vhci_hcd: stop threads
[  121.312510][ T1576] vhci_hcd: release socket
[  121.320553][ T1576] vhci_hcd: disconnect device
[  123.818168][ T6025] fuse: Bad value for 'fd'
[  123.824476][  T111] kernel write not supported for file [eventfd] (pid: 111 comm: kworker/0:2)
[  124.810394][ T6048] trusted_key: encrypted_key: insufficient parameters specified
[  125.219981][ T6049] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  125.221147][ T6049] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  125.223908][ T6049] vhci_hcd vhci_hcd.0: Device attached
[  125.503031][ T1515] usb 4-1: new low-speed USB device number 2 using vhci_hcd
[  125.597278][ T6060] vhci_hcd: connection reset by peer
[  125.621643][ T5270] vhci_hcd: stop threads
[  125.625718][ T5270] vhci_hcd: release socket
[  125.627450][ T5270] vhci_hcd: disconnect device
[  125.923966][ T2064] ieee802154 phy0 wpan0: encryption failed: -22
[  125.925340][ T2064] ieee802154 phy1 wpan1: encryption failed: -22
[  126.783823][ T6088] loop0: detected capacity change from 0 to 512
[  126.787671][ T6081] netlink: 12 bytes leftover after parsing attributes in process `syz.3.439'.
[  126.803132][ T6088] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  126.804760][ T6088] EXT4-fs (loop0): ea_inode feature is not supported for Hurd
[  127.720687][ T6104] netlink: 'syz.3.447': attribute type 1 has an invalid length.
[  127.736341][ T6104] 8021q: adding VLAN 0 to HW filter on device bond4
[  127.767047][ T6104] bond4: (slave veth3): Enslaving as an active interface with a down link
[  127.784582][ T6104] device veth0_to_bond entered promiscuous mode
[  127.786151][ T6104] device veth0_to_bond left promiscuous mode
[  127.788005][ T6104] bond4: (slave vlan3): making interface the new active one
[  127.789878][ T6104] device veth0_to_bond entered promiscuous mode
[  127.791494][ T6104] device vlan3 entered promiscuous mode
[  127.792709][ T6104] bond4: (slave vlan3): Enslaving as an active interface with an up link
[  127.796866][ T4532] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready
[  129.138428][ T6132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.455'.
[  130.910516][ T1515] vhci_hcd: vhci_device speed not set
[  130.920889][ T6143] loop1: detected capacity change from 0 to 512
[  131.027312][ T6143] EXT2-fs (loop1): (no)acl options not supported
[  131.367524][ T6153] loop0: detected capacity change from 0 to 2048
[  131.389875][ T6153] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  132.689138][ T4732] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  132.694408][ T4732] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  132.696820][ T4732] EXT4-fs (loop0): This should not happen!! Data will be lost
[  132.696820][ T4732] 
[  132.701864][ T4732] EXT4-fs (loop0): Total free blocks count 0
[  132.711624][ T4732] EXT4-fs (loop0): Free/Dirty block details
[  132.712608][ T4732] EXT4-fs (loop0): free_blocks=2415919504
[  132.715718][ T4732] EXT4-fs (loop0): dirty_blocks=3856
[  132.718672][ T4732] EXT4-fs (loop0): Block reservation details
[  132.719612][ T4732] EXT4-fs (loop0): i_reserved_data_blocks=241
[  132.733976][ T4732] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 65793 with max blocks 2048 with error 28
[  134.067812][ T6197] netlink: 'syz.0.468': attribute type 10 has an invalid length.
[  134.561621][ T6197] 8021q: adding VLAN 0 to HW filter on device team0
[  134.563510][ T6197] bond0: (slave team0): Enslaving as an active interface with an up link
[  135.938325][ T6214] netlink: 'syz.2.473': attribute type 1 has an invalid length.
[  137.506961][ T6220] bond2: (slave bridge1): making interface the new active one
[  138.272257][ T6220] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  138.278431][ T6223] device macvlan3 entered promiscuous mode
[  138.280169][ T6223] device bond2 entered promiscuous mode
[  138.281291][ T6223] device bridge1 entered promiscuous mode
[  138.284889][ T6223] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  138.287028][ T6223] bond2: (slave macvlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  138.307196][ T6223] device bond2 left promiscuous mode
[  138.308110][ T6223] device bridge1 left promiscuous mode
[  140.015574][ T6255] netlink: 24 bytes leftover after parsing attributes in process `syz.3.480'.
[  144.795899][ T6306] netlink: 'syz.4.495': attribute type 1 has an invalid length.
[  145.246354][ T6306] bond2: (slave bridge2): making interface the new active one
[  145.248876][ T6306] bond2: (slave bridge2): Enslaving as an active interface with an up link
[  145.281109][ T6306] device macvlan2 entered promiscuous mode
[  145.282604][ T6306] device bond2 entered promiscuous mode
[  145.293190][ T6306] device bridge2 entered promiscuous mode
[  145.294511][ T6306] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  145.296280][ T6306] bond2: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  145.544020][ T6306] device bond2 left promiscuous mode
[  145.545785][ T6306] device bridge2 left promiscuous mode
[  146.125782][ T6332] netlink: 24 bytes leftover after parsing attributes in process `syz.0.500'.
[  146.196908][ T6335] loop1: detected capacity change from 0 to 256
[  146.198443][ T6335] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  146.266777][ T6335] FAT-fs (loop1): Directory bread(block 64) failed
[  146.267846][ T6335] FAT-fs (loop1): Directory bread(block 65) failed
[  146.268954][ T6335] FAT-fs (loop1): Directory bread(block 66) failed
[  146.269994][ T6335] FAT-fs (loop1): Directory bread(block 67) failed
[  146.272022][ T6335] FAT-fs (loop1): Directory bread(block 68) failed
[  146.276370][ T6335] FAT-fs (loop1): Directory bread(block 69) failed
[  146.277513][ T6335] FAT-fs (loop1): Directory bread(block 70) failed
[  146.278574][ T6335] FAT-fs (loop1): Directory bread(block 71) failed
[  146.279623][ T6335] FAT-fs (loop1): Directory bread(block 72) failed
[  146.280687][ T6335] FAT-fs (loop1): Directory bread(block 73) failed
[  147.361206][ T6356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.509'.
[  148.536846][ T6371] netlink: 'syz.0.514': attribute type 1 has an invalid length.
[  148.566044][ T6371] bond4: (slave bridge1): making interface the new active one
[  148.567922][ T6371] bond4: (slave bridge1): Enslaving as an active interface with an up link
[  148.578685][ T6371] device macvlan4 entered promiscuous mode
[  148.580326][ T6371] device bond4 entered promiscuous mode
[  148.581229][ T6371] device bridge1 entered promiscuous mode
[  148.582405][ T6371] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  148.584285][ T6371] bond4: (slave macvlan4): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  148.611316][ T6371] device bond4 left promiscuous mode
[  148.612179][ T6371] device bridge1 left promiscuous mode
[  149.025752][ T6384] syz.2.518 uses obsolete (PF_INET,SOCK_PACKET)
[  149.412348][ T6378] loop1: detected capacity change from 0 to 32768
[  149.467967][ T6378] XFS (loop1): Mounting V5 Filesystem
[  149.489447][   T27] audit: type=1326 audit(149.470:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.4.520" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbaf77aa8 code=0x0
[  149.506488][ T6378] XFS (loop1): Ending clean mount
[  149.725481][ T6378] XFS (loop1): User initiated shutdown received.
[  149.726744][ T6378] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x10c/0x15c (fs/xfs/xfs_fsops.c:489).  Shutting down filesystem.
[  149.729038][ T6378] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  149.772709][ T4328] XFS (loop1): Unmounting Filesystem
[  150.098301][ T6407] loop1: detected capacity change from 0 to 512
[  150.112543][ T6407] EXT4-fs error (device loop1): ext4_get_branch:178: inode #13: block 1024: comm syz.1.521: invalid block
[  150.129642][ T6407] EXT4-fs (loop1): Remounting filesystem read-only
[  150.136940][ T6407] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.521: invalid indirect mapped block 1024 (level 0)
[  150.152300][ T6407] EXT4-fs (loop1): Remounting filesystem read-only
[  150.157074][ T6407] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.521: bg 0: block 35: padding at end of block bitmap is not set
[  150.173755][ T6407] EXT4-fs (loop1): Remounting filesystem read-only
[  150.178258][ T6407] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  150.184973][ T6407] EXT4-fs (loop1): Remounting filesystem read-only
[  150.188135][ T6407] EXT4-fs (loop1): 1 truncate cleaned up
[  150.189891][ T6407] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  150.317436][ T6413] Driver unsupported XDP return value 0 on prog  (id 86) dev N/A, expect packet loss!
[  150.475641][   T27] audit: type=1326 audit(150.460:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6406 comm="syz.1.521" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffad377aa8 code=0x0
[  151.227069][ T4328] EXT4-fs (loop1): unmounting filesystem.
[  151.843096][ T6433] netlink: 4 bytes leftover after parsing attributes in process `syz.2.526'.
[  152.964150][ T6441] loop1: detected capacity change from 0 to 40427
[  152.969484][ T6441] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  152.971216][ T6441] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  152.997914][ T6441] F2FS-fs (loop1): invalid crc value
[  153.413880][ T6454] Soft offlining pfn 0x1386fe at process virtual address 0x20000000
[  153.417283][ T6454] Soft offlining pfn 0x1386ff at process virtual address 0x20001000
[  153.418772][ T6454] Soft offlining pfn 0x141790 at process virtual address 0x20002000
[  153.420175][ T6454] Soft offlining pfn 0x141791 at process virtual address 0x20003000
[  153.421707][ T6454] Soft offlining pfn 0x147c40 at process virtual address 0x20004000
[  153.423124][ T6454] Soft offlining pfn 0x147c41 at process virtual address 0x20005000
[  153.424629][ T6454] Soft offlining pfn 0x142521 at process virtual address 0x20006000
[  153.426045][ T6454] Soft offlining pfn 0x142523 at process virtual address 0x20007000
[  153.427532][ T6454] Soft offlining pfn 0x142524 at process virtual address 0x20008000
[  153.429059][ T6454] Soft offlining pfn 0x142525 at process virtual address 0x20009000
[  153.430520][ T6454] Soft offlining pfn 0x142526 at process virtual address 0x2000a000
[  153.431966][ T6454] Soft offlining pfn 0x142527 at process virtual address 0x2000b000
[  153.433448][ T6454] Soft offlining pfn 0x142528 at process virtual address 0x2000c000
[  153.434995][ T6454] Soft offlining pfn 0x142529 at process virtual address 0x2000d000
[  153.436330][ T6454] Soft offlining pfn 0x14252a at process virtual address 0x2000e000
[  153.437879][ T6454] Soft offlining pfn 0x14252b at process virtual address 0x2000f000
[  153.439282][ T6454] Soft offlining pfn 0x14252c at process virtual address 0x20010000
[  153.440701][ T6454] Soft offlining pfn 0x14252d at process virtual address 0x20011000
[  153.685095][ T6441] F2FS-fs (loop1): Found nat_bits in checkpoint
[  153.730868][ T6441] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  153.732224][ T6441] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  154.157019][ T4344] Bluetooth: hci2: command 0x0406 tx timeout
[  154.211392][ T4344] Bluetooth: hci1: command 0x0406 tx timeout
[  154.212707][ T4344] Bluetooth: hci4: command 0x0406 tx timeout
[  154.213963][ T4344] Bluetooth: hci3: command 0x0406 tx timeout
[  154.221795][ T1576] device vlan3 left promiscuous mode
[  155.969095][ T4344] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  155.976171][ T4344] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  155.978126][ T4344] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  155.979703][ T4344] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  155.981165][ T4344] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  155.984086][ T4344] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  158.221986][ T4342] Bluetooth: hci3: command 0x0409 tx timeout
[  158.446013][ T4389] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.685208][ T4389] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.948490][ T4389] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.966001][ T6494] chnl_net:caif_netlink_parms(): no params data found
[  158.987771][ T6494] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.989165][ T6494] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.990880][ T6494] device bridge_slave_0 entered promiscuous mode
[  158.993918][ T6494] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.995282][ T6494] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.996970][ T6494] device bridge_slave_1 entered promiscuous mode
[  159.011228][ T6494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  159.425177][ T4389] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.429978][ T6494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  159.437630][ T6530] loop0: detected capacity change from 0 to 512
[  159.440215][ T6494] team0: Port device team_slave_0 added
[  159.443336][ T6530] EXT4-fs (loop0): can't read group descriptor 0
[  159.451928][ T6494] team0: Port device team_slave_1 added
[  159.453248][ T6530] netlink: 'syz.0.555': attribute type 13 has an invalid length.
[  159.744319][ T6530] Bluetooth: MGMT ver 1.22
[  159.773859][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_0
[  159.775056][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.779036][ T6494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  159.782424][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.785134][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.790176][ T6494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  159.834767][ T6494] device hsr_slave_0 entered promiscuous mode
[  159.873307][ T6494] device hsr_slave_1 entered promiscuous mode
[  159.902905][ T6494] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  159.904236][ T6494] Cannot create hsr debugfs directory
[  160.129107][ T6554] input: syz1 as /devices/virtual/input/input2
[  160.243564][ T4342] Bluetooth: hci3: command 0x041b tx timeout
[  160.695976][ T6572] loop1: detected capacity change from 0 to 32768
[  160.749854][ T6572] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  160.755672][ T6572] JBD2: Ignoring recovery information on journal
[  160.788686][ T6572] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  161.871394][ T4328] ocfs2: Unmounting device (7,1) on (node local)
[  162.323845][ T4344] Bluetooth: hci3: command 0x040f tx timeout
[  162.408866][ T6621] loop0: detected capacity change from 0 to 512
[  162.411689][ T6621] EXT2-fs (loop0): (no)acl options not supported
[  162.431130][ T6621] EXT2-fs (loop0): warning: mounting ext3 filesystem as ext2
[  162.540804][ T6625] EXT2-fs (loop0): error: ext2_valid_block_bitmap: Invalid block bitmap - block_group = 0, block = 252
[  162.544655][ T6625] EXT2-fs (loop0): error: ext2_new_blocks: Allocating block in system zone - blocks from 4, length 1
[  162.556171][ T6625] EXT2-fs (loop0): error: ext2_new_blocks: Allocating block in system zone - blocks from 5, length 1
[  162.561381][ T6625] EXT2-fs (loop0): error: ext2_new_blocks: Allocating block in system zone - blocks from 6, length 1
[  162.564828][ T6625] EXT2-fs (loop0): error: ext2_new_blocks: Allocating block in system zone - blocks from 7, length 1
[  162.574193][ T6625] EXT2-fs (loop0): error: ext2_new_blocks: Allocating block in system zone - blocks from 8, length 1
[  163.063042][ T6625] EXT2-fs (loop0): error: ext2_new_blocks: Allocating block in system zone - blocks from 9, length 1
[  163.603772][ T6634] netlink: 20 bytes leftover after parsing attributes in process `syz.1.578'.
[  163.606614][ T6634] device ip6gre1 entered promiscuous mode
[  164.095531][ T6634] netlink: 'syz.1.578': attribute type 6 has an invalid length.
[  164.096926][ T6634] netlink: 72 bytes leftover after parsing attributes in process `syz.1.578'.
[  164.444698][ T4344] Bluetooth: hci3: command 0x0419 tx timeout
[  164.482380][ T6494] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  164.525180][ T6494] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  164.710967][ T6494] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  164.734169][ T6494] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  165.156599][ T6494] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.170582][ T6494] 8021q: adding VLAN 0 to HW filter on device team0
[  167.239898][ T6494] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  167.241575][ T6494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  167.614663][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  167.619212][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  167.622405][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  167.705296][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  167.711770][ T4732] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.713037][ T4732] bridge0: port 1(bridge_slave_0) entered forwarding state
[  167.716784][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  167.718768][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  167.720389][ T4732] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.721554][ T4732] bridge0: port 2(bridge_slave_1) entered forwarding state
[  167.723275][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  167.725070][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  167.726789][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  167.728424][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  167.730021][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  167.733431][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  167.735306][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  167.736766][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  167.738483][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  167.740123][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  167.741743][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  167.743366][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  167.745051][ T4732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  167.749365][ T6710] netlink: 'syz.4.601': attribute type 13 has an invalid length.
[  168.085965][ T6720] netlink: 4 bytes leftover after parsing attributes in process `syz.4.592'.
[  169.507278][ T6737] loop1: detected capacity change from 0 to 256
[  170.581704][ T6742] netlink: 'syz.3.597': attribute type 1 has an invalid length.
[  170.601441][ T6742] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  170.603141][ T6742] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  170.604555][ T6742] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  170.606051][ T6742] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  170.609808][ T6742] bond5: (slave geneve2): making interface the new active one
[  170.612771][ T6742] bond5: (slave geneve2): Enslaving as an active interface with an up link
[  170.631009][ T6742] netlink: 28 bytes leftover after parsing attributes in process `syz.3.597'.
[  170.638692][ T6742] 8021q: adding VLAN 0 to HW filter on device bond5
[  170.670923][ T6745] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  170.737826][ T6494] 8021q: adding VLAN 0 to HW filter on device batadv0
[  170.751670][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  170.753409][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  172.144312][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  172.146360][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  172.156423][ T6494] device veth0_vlan entered promiscuous mode
[  172.159098][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  172.161010][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  172.162734][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  172.166510][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  172.234424][ T4389] device hsr_slave_0 left promiscuous mode
[  172.273467][ T4389] device hsr_slave_1 left promiscuous mode
[  172.363036][ T4389] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.364490][ T4389] batman_adv: batadv0: Removing interface: batadv_slave_0
[  172.366571][ T4389] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.367923][ T4389] batman_adv: batadv0: Removing interface: batadv_slave_1
[  172.369485][ T4389] device bridge_slave_1 left promiscuous mode
[  172.371788][ T4389] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.423717][ T4389] device bridge_slave_0 left promiscuous mode
[  172.425082][ T4389] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.473918][ T4389] device veth0 left promiscuous mode
[  172.553462][ T4389] device veth1_macvtap left promiscuous mode
[  172.556639][ T4389] device veth0_macvtap left promiscuous mode
[  172.558769][ T4389] device veth1_vlan left promiscuous mode
[  172.559959][ T4389] device veth0_vlan left promiscuous mode
[  172.658575][ T6786] netlink: 'syz.3.613': attribute type 1 has an invalid length.
[  172.661106][ T6786] netlink: 24 bytes leftover after parsing attributes in process `syz.3.613'.
[  172.675425][ T4389] bond2 (unregistering): (slave bridge1): Releasing active interface
[  173.085075][ T4389] bond2 (unregistering): Released all slaves
[  173.132608][ T4389] bond1 (unregistering): (slave macvlan2): Releasing backup interface
[  174.739099][ T4389] bond1 (unregistering): Released all slaves
[  176.785449][ T4389] team0 (unregistering): Port device team_slave_1 removed
[  176.945136][ T4389] team0 (unregistering): Port device team_slave_0 removed
[  177.103254][ T4389] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  177.303393][ T4389] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  178.805250][ T4389] bond0 (unregistering): Released all slaves
[  179.095657][ T6494] device veth1_vlan entered promiscuous mode
[  179.098445][ T6301] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  179.194358][ T6840] netlink: 8 bytes leftover after parsing attributes in process `syz.3.628'.
[  179.203282][ T6494] device veth0_macvtap entered promiscuous mode
[  179.208415][ T6494] device veth1_macvtap entered promiscuous mode
[  179.210938][ T6301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  179.212499][ T6301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  179.215504][ T6301] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  179.217915][ T6301] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  179.223751][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.225329][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.226883][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.228489][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.232209][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.235151][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.237115][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.247530][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.251183][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.519018][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.521005][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.522648][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.533196][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.539782][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.542583][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.582969][ T6855] loop0: detected capacity change from 0 to 256
[  179.584740][ T6855] exfat: Deprecated parameter 'utf8'
[  179.687213][ T6855] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xeb34f926, utbl_chksum : 0xe619d30d)
[  179.780841][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.824631][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.183229][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.203098][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  180.204883][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  180.206503][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  180.208087][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  180.236171][ T6494] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.237837][ T6494] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.239352][ T6494] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.240851][ T6494] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.350168][ T6859] binder: 6858:6859 tried to acquire reference to desc 0, got 1 instead
[  180.368437][ T6859] binder: 6858:6859 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  180.370484][ T6859] binder: 6859 RLIMIT_NICE not set
[  180.371399][ T6859] binder: 6859 RLIMIT_NICE not set
[  181.508107][ T4375] binder: release 6858:6859 transaction 44 out, still active
[  181.509354][ T4375] binder: release 6858:6859 transaction 37 in, still active
[  181.510684][ T4375] binder: undelivered TRANSACTION_COMPLETE
[  181.511892][ T4375] binder: release 6858:6859 transaction 37 out, still active
[  181.536376][ T4423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  181.537799][ T4423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  181.573088][ T4375] binder: undelivered TRANSACTION_COMPLETE
[  181.574133][ T4375] binder: send failed reply for transaction 44, target dead
[  181.575352][ T4375] binder: send failed reply for transaction 37, target dead
[  181.578289][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  181.590804][ T6875] loop1: detected capacity change from 0 to 2048
[  181.601921][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  181.605295][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  181.606607][ T1575] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  181.625882][ T6878] device syzkaller0 entered promiscuous mode
[  181.649096][ T6875] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  182.109388][ T6884] netlink: 'syz.2.545': attribute type 10 has an invalid length.
[  182.113666][ T6884] 8021q: adding VLAN 0 to HW filter on device team0
[  182.116514][ T6884] bond0: (slave team0): Enslaving as an active interface with an up link
[  184.553461][ T6908] 9pnet_fd: p9_fd_create_tcp (6908): problem connecting socket to 127.0.0.1
[  185.755861][ T6916] loop2: detected capacity change from 0 to 32768
[  185.825688][ T6924] netlink: 'syz.1.653': attribute type 12 has an invalid length.
[  187.997805][ T6933] netlink: 'syz.3.654': attribute type 10 has an invalid length.
[  188.002108][ T6933] 8021q: adding VLAN 0 to HW filter on device team0
[  188.004237][ T6933] bond0: (slave team0): Enslaving as an active interface with an up link
[  188.155008][ T2064] ieee802154 phy0 wpan0: encryption failed: -22
[  188.156076][ T2064] ieee802154 phy1 wpan1: encryption failed: -22
[  188.526533][ T6948] netlink: 8 bytes leftover after parsing attributes in process `syz.3.659'.
[  188.534703][ T6945] loop0: detected capacity change from 0 to 256
[  188.583272][ T6945] FAT-fs (loop0): Directory bread(block 64) failed
[  188.586675][ T6945] FAT-fs (loop0): Directory bread(block 65) failed
[  188.587719][ T6945] FAT-fs (loop0): Directory bread(block 66) failed
[  188.591613][ T6945] FAT-fs (loop0): Directory bread(block 67) failed
[  188.599150][ T6945] FAT-fs (loop0): Directory bread(block 68) failed
[  188.600462][ T6945] FAT-fs (loop0): Directory bread(block 69) failed
[  188.616911][ T6945] FAT-fs (loop0): Directory bread(block 70) failed
[  188.618317][ T6945] FAT-fs (loop0): Directory bread(block 71) failed
[  188.625958][ T6945] FAT-fs (loop0): Directory bread(block 72) failed
[  188.629459][ T6945] FAT-fs (loop0): Directory bread(block 73) failed
[  188.759034][ T6948] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.761376][ T6948] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.003494][ T6977] xt_CONNSECMARK: invalid mode: 0
[  191.010786][ T6977] loop1: detected capacity change from 0 to 8
[  191.230173][ T6977] SQUASHFS error: lzo decompression failed, data probably corrupt
[  191.231563][ T6977] SQUASHFS error: Failed to read block 0x91: -5
[  191.232685][ T6977] SQUASHFS error: Unable to read metadata cache entry [8f]
[  191.234052][ T6977] SQUASHFS error: Unable to read inode 0x11f
[  191.253478][ T6975] usb usb8: usbfs: process 6975 (syz.2.676) did not claim interface 0 before use
[  191.276595][ T6980] loop0: detected capacity change from 0 to 512
[  191.278082][ T6980] EXT4-fs: Ignoring removed bh option
[  191.299592][ T6980] EXT4-fs error (device loop0): ext4_iget_extra_inode:4763: inode #15: comm syz.0.667: corrupted in-inode xattr
[  191.302308][ T6980] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.667: couldn't read orphan inode 15 (err -117)
[  191.361687][ T6980] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  192.628944][ T4333] EXT4-fs (loop0): unmounting filesystem.
[  192.679921][ T7005] loop1: detected capacity change from 0 to 256
[  192.777592][ T7005] FAT-fs (loop1): Directory bread(block 64) failed
[  192.778736][ T7005] FAT-fs (loop1): Directory bread(block 65) failed
[  192.783440][ T7005] FAT-fs (loop1): Directory bread(block 66) failed
[  192.784533][ T7005] FAT-fs (loop1): Directory bread(block 67) failed
[  192.785745][ T7005] FAT-fs (loop1): Directory bread(block 68) failed
[  192.786792][ T7005] FAT-fs (loop1): Directory bread(block 69) failed
[  194.536621][ T7005] FAT-fs (loop1): Directory bread(block 70) failed
[  194.537784][ T7005] FAT-fs (loop1): Directory bread(block 71) failed
[  194.538962][ T7005] FAT-fs (loop1): Directory bread(block 72) failed
[  194.540024][ T7005] FAT-fs (loop1): Directory bread(block 73) failed
[  195.167744][ T7029] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  195.477985][ T7035] loop1: detected capacity change from 0 to 512
[  195.483680][ T7035] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  195.501843][ T7035] EXT4-fs error (device loop1): ext4_orphan_get:1405: inode #15: comm syz.1.692: iget: bad i_size value: 38620345925642
[  195.526512][ T7035] EXT4-fs error (device loop1): ext4_orphan_get:1410: comm syz.1.692: couldn't read orphan inode 15 (err -117)
[  195.532997][ T7035] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  196.085184][ T4344] Bluetooth: hci1: Invalid handle: 0xff00 > 0x0eff
[  196.087535][ T4344] Bluetooth: hci1: hcon 00000000aa1345f5 sent 1 < count 511
[  196.222358][ T7035] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz.1.692: bg 0: block 5: invalid block bitmap
[  196.247917][ T7035] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 980 with error 28
[  196.254829][ T7035] EXT4-fs (loop1): This should not happen!! Data will be lost
[  196.254829][ T7035] 
[  196.256473][ T7035] EXT4-fs (loop1): Total free blocks count 0
[  196.257411][ T7035] EXT4-fs (loop1): Free/Dirty block details
[  196.258506][ T7035] EXT4-fs (loop1): free_blocks=0
[  196.259304][ T7035] EXT4-fs (loop1): dirty_blocks=984
[  196.260079][ T7035] EXT4-fs (loop1): Block reservation details
[  196.261086][ T7035] EXT4-fs (loop1): i_reserved_data_blocks=984
[  196.404196][ T7050] loop0: detected capacity change from 0 to 32768
[  196.418791][ T7069] loop2: detected capacity change from 0 to 512
[  196.447975][ T7069] EXT4-fs: Ignoring removed bh option
[  196.450884][ T4328] EXT4-fs (loop1): unmounting filesystem.
[  196.486837][ T7069] EXT4-fs error (device loop2): ext4_iget_extra_inode:4763: inode #15: comm syz.2.686: corrupted in-inode xattr
[  196.576640][ T7069] EXT4-fs error (device loop2): ext4_orphan_get:1410: comm syz.2.686: couldn't read orphan inode 15 (err -117)
[  196.581712][ T7069] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  196.967145][ T7084] Soft offlining pfn 0x1483ab at process virtual address 0x20000000
[  196.970051][ T7084] Soft offlining pfn 0x1483ac at process virtual address 0x20001000
[  196.971460][ T7084] Soft offlining pfn 0x1483ad at process virtual address 0x20002000
[  196.972987][ T7084] Soft offlining pfn 0x12328f at process virtual address 0x20003000
[  196.974351][ T7084] Soft offlining pfn 0x13960c at process virtual address 0x20004000
[  196.975755][ T7084] Soft offlining pfn 0x146ce0 at process virtual address 0x20005000
[  196.977139][ T7084] Soft offlining pfn 0x147cad at process virtual address 0x20006000
[  196.978635][ T7084] Soft offlining pfn 0x147cae at process virtual address 0x20007000
[  196.980152][ T7084] Soft offlining pfn 0x147caf at process virtual address 0x20008000
[  196.981590][ T7084] Soft offlining pfn 0x1483a8 at process virtual address 0x20009000
[  196.983118][ T7084] Soft offlining pfn 0x1483a9 at process virtual address 0x2000a000
[  196.984804][ T7084] Soft offlining pfn 0x1483aa at process virtual address 0x2000b000
[  196.986205][ T7084] Soft offlining pfn 0x147446 at process virtual address 0x2000c000
[  196.987591][ T7084] Soft offlining pfn 0x147447 at process virtual address 0x2000d000
[  196.988955][ T7084] Soft offlining pfn 0x142978 at process virtual address 0x2000e000
[  196.990372][ T7084] Soft offlining pfn 0x13f1c3 at process virtual address 0x2000f000
[  196.991814][ T7084] Soft offlining pfn 0x142334 at process virtual address 0x20010000
[  196.993254][ T7084] Soft offlining pfn 0x142335 at process virtual address 0x20011000
[  198.244814][ T6494] EXT4-fs (loop2): unmounting filesystem.
[  199.252028][ T7137] 9pnet_fd: p9_fd_create_tcp (7137): problem connecting socket to 127.0.0.1
[  200.554067][ T7162] loop0: detected capacity change from 0 to 512
[  201.604092][ T7173] loop0: detected capacity change from 0 to 4096
[  202.584158][ T7173] EXT4-fs (loop0): Test dummy encryption mode enabled
[  202.626817][ T7173] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  202.797202][ T4333] EXT4-fs (loop0): unmounting filesystem.
[  203.739482][ T7194] loop1: detected capacity change from 0 to 256
[  206.104777][ T7226] loop1: detected capacity change from 0 to 256
[  206.106398][ T7226] exfat: Deprecated parameter 'utf8'
[  207.143002][ T7226] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xeb34f926, utbl_chksum : 0xe619d30d)
[  208.107828][ T7220] device syzkaller0 entered promiscuous mode
[  208.130948][ T7227] tipc: Started in network mode
[  208.131875][ T7227] tipc: Node identity 2e6f98b426de, cluster identity 4711
[  208.137738][ T7227] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  208.294158][ T7211] tipc: Resetting bearer <eth:syzkaller0>
[  208.341087][ T7241] binder: 7240:7241 tried to acquire reference to desc 0, got 1 instead
[  208.352159][ T7241] binder: 7240:7241 got transaction with invalid offset (0, min 0 max 120) or object.
[  208.357018][ T7241] binder: 7240:7241 transaction call to 7240:0 failed 49/29201/-22, size 120-24 line 3346
[  208.358895][ T7241] binder: 7240:7241 ioctl c0306201 20000180 returned -14
[  208.360962][ T4379] binder: undelivered TRANSACTION_ERROR: 29201
[  208.396695][ T7211] tipc: Disabling bearer <eth:syzkaller0>
[  208.413174][ T7243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.724'.
[  208.451346][ T7244] netlink: 8 bytes leftover after parsing attributes in process `syz.4.724'.
[  208.454261][ T7244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.724'.
[  208.471815][ T7248] capability: warning: `syz.3.727' uses deprecated v2 capabilities in a way that may be insecure
[  208.476477][ T7247] loop2: detected capacity change from 0 to 128
[  208.665815][ T7253] tipc: Started in network mode
[  208.666770][ T7253] tipc: Node identity ac1414aa, cluster identity 4711
[  208.668407][ T7253] tipc: Enabled bearer <udp:s>, priority 10
[  208.670560][ T7253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.729'.
[  209.690189][ T7275] binder: 7273:7275 tried to acquire reference to desc 0, got 1 instead
[  209.695428][ T7275] binder: 7273:7275 got transaction to invalid handle, 3
[  209.696710][ T7275] binder: 7275:7273 cannot find target node
[  209.697636][ T7275] binder: 7273:7275 transaction call to 0:0 failed 55/29201/-22, size 0-0 line 3045
[  209.982702][ T4715] tipc: Node number set to 2886997162
[  210.040864][ T7280] loop0: detected capacity change from 0 to 256
[  210.103177][ T4715] binder: undelivered TRANSACTION_COMPLETE
[  210.104240][ T4715] binder: undelivered TRANSACTION_ERROR: 29201
[  210.105376][ T4715] binder: undelivered transaction 54, process died.
[  211.343817][ T7312] device syzkaller0 entered promiscuous mode
[  212.446590][ T7343] binder: 7342:7343 tried to acquire reference to desc 0, got 1 instead
[  212.466930][ T4375] binder: release 7342:7343 transaction 60 out, still active
[  212.569074][ T4375] binder: undelivered TRANSACTION_COMPLETE
[  212.570362][ T4375] binder: send failed reply for transaction 67 to 7342:7343
[  214.436983][ T7388] loop0: detected capacity change from 0 to 736
[  214.468560][ T7390] netlink: 12 bytes leftover after parsing attributes in process `syz.3.763'.
[  214.675976][ T7393] netlink: 84 bytes leftover after parsing attributes in process `syz.4.761'.
[  214.969121][ T7390] bridge4: port 1(erspan0) entered blocking state
[  214.970466][ T7390] bridge4: port 1(erspan0) entered disabled state
[  214.972755][ T7390] device erspan0 entered promiscuous mode
[  214.978773][ T7390] bridge4: port 1(erspan0) entered blocking state
[  214.979954][ T7390] bridge4: port 1(erspan0) entered forwarding state
[  215.017707][ T7399] netlink: 1355 bytes leftover after parsing attributes in process `syz.0.764'.
[  215.346040][ T7399] loop0: detected capacity change from 0 to 131072
[  215.371815][ T7399] F2FS-fs (loop0): Invalid segment/section count (31, 24 x 150994945)
[  215.373389][ T7399] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  215.376201][ T7399] F2FS-fs (loop0): invalid crc value
[  215.383795][ T7399] F2FS-fs (loop0): Found nat_bits in checkpoint
[  215.398881][ T7399] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  215.400147][ T7399] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  216.026949][ T7416] xt_CONNSECMARK: invalid mode: 0
[  216.029162][ T7416] loop2: detected capacity change from 0 to 8
[  216.038210][ T7416] SQUASHFS error: lzo decompression failed, data probably corrupt
[  216.039637][ T7416] SQUASHFS error: Failed to read block 0x91: -5
[  216.040656][ T7416] SQUASHFS error: Unable to read metadata cache entry [8f]
[  216.041831][ T7416] SQUASHFS error: Unable to read inode 0x11f
[  216.285145][ T6842] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  216.656029][ T7424] loop0: detected capacity change from 0 to 256
[  217.539569][ T7430] device syzkaller0 entered promiscuous mode
[  217.571214][ T7426] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  217.576897][ T7425] tipc: Resetting bearer <eth:syzkaller0>
[  217.740905][ T7425] tipc: Disabling bearer <eth:syzkaller0>
[  217.861073][ T7443] 8021q: VLANs not supported on ip6gre0
[  219.267552][ T7473] 9pnet_fd: p9_fd_create_tcp (7473): problem connecting socket to 127.0.0.1
[  221.638027][ T7491] loop2: detected capacity change from 0 to 256
[  224.861374][ T7531] 9pnet_fd: p9_fd_create_tcp (7531): problem connecting socket to 127.0.0.1
[  229.031999][ T7577] syz.1.810 sent an empty control message without MSG_MORE.
[  230.121175][ T7612] netlink: 28 bytes leftover after parsing attributes in process `syz.2.821'.
[  238.144235][ T7740] overlayfs: './file0' not a directory
[  239.454920][ T7774] loop1: detected capacity change from 0 to 512
[  239.486050][ T7774] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  239.492993][ T7774] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  239.502580][ T7774] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.863: Invalid block bitmap block 0 in block_group 0
[  239.512263][ T7774] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  239.515528][ T7774] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.863: attempt to clear invalid blocks 983261 len 1
[  239.529520][ T7774] EXT4-fs error (device loop1): __ext4_get_inode_loc:4520: comm syz.1.863: Invalid inode table block 0 in block_group 0
[  239.543060][ T7774] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  239.545523][ T7774] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem
[  239.547461][ T7774] EXT4-fs error (device loop1): __ext4_get_inode_loc:4520: comm syz.1.863: Invalid inode table block 0 in block_group 0
[  239.549647][ T7795] netlink: 'syz.4.864': attribute type 1 has an invalid length.
[  239.551140][ T7774] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  239.553447][ T7774] EXT4-fs error (device loop1): ext4_truncate:4325: inode #11: comm syz.1.863: mark_inode_dirty error
[  239.555592][ T7774] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem
[  239.557410][ T7774] EXT4-fs error (device loop1): __ext4_get_inode_loc:4520: comm syz.1.863: Invalid inode table block 0 in block_group 0
[  239.557693][ T7795] device bond3 entered promiscuous mode
[  239.560684][ T7795] 8021q: adding VLAN 0 to HW filter on device bond3
[  239.560918][ T7774] EXT4-fs (loop1): 1 truncate cleaned up
[  239.564789][ T7774] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  239.573722][ T7795] netlink: 28 bytes leftover after parsing attributes in process `syz.4.864'.
[  239.584366][ T7795] bond3: (slave bridge3): making interface the new active one
[  239.585770][ T7795] device bridge3 entered promiscuous mode
[  239.590379][ T7795] bond3: (slave bridge3): Enslaving as an active interface with an up link
[  239.594931][ T7790] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  240.540337][ T4328] EXT4-fs (loop1): unmounting filesystem.
[  242.046434][ T7819] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  242.743834][ T7843] loop0: detected capacity change from 0 to 512
[  242.745528][ T7843] EXT4-fs: Ignoring removed bh option
[  243.337014][ T7843] EXT4-fs error (device loop0): ext4_iget_extra_inode:4763: inode #15: comm syz.0.877: corrupted in-inode xattr
[  243.359706][ T7850] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  243.385831][ T7843] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.877: couldn't read orphan inode 15 (err -117)
[  243.395811][ T7843] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  243.848675][ T4333] EXT4-fs (loop0): unmounting filesystem.
[  244.518402][ T7871] Soft offlining pfn 0x122d54 at process virtual address 0x20000000
[  244.521723][ T7871] Soft offlining pfn 0x122d55 at process virtual address 0x20001000
[  244.523165][ T7871] Soft offlining pfn 0x122d56 at process virtual address 0x20002000
[  244.524586][ T7871] Soft offlining pfn 0x122d57 at process virtual address 0x20003000
[  244.525940][ T7871] Soft offlining pfn 0x122d58 at process virtual address 0x20004000
[  244.527397][ T7871] Soft offlining pfn 0x122d59 at process virtual address 0x20005000
[  244.528734][ T7871] Soft offlining pfn 0x122d5a at process virtual address 0x20006000
[  244.530042][ T7871] Soft offlining pfn 0x122d5b at process virtual address 0x20007000
[  244.531388][ T7871] Soft offlining pfn 0x122d5c at process virtual address 0x20008000
[  244.532973][ T7871] Soft offlining pfn 0x122d5d at process virtual address 0x20009000
[  244.534330][ T7871] Soft offlining pfn 0x122d5e at process virtual address 0x2000a000
[  244.535671][ T7871] Soft offlining pfn 0x122971 at process virtual address 0x2000b000
[  244.537157][ T7871] Soft offlining pfn 0x122972 at process virtual address 0x2000c000
[  244.538494][ T7871] Soft offlining pfn 0x122973 at process virtual address 0x2000d000
[  244.539882][ T7871] Soft offlining pfn 0x122974 at process virtual address 0x2000e000
[  244.541208][ T7871] Soft offlining pfn 0x122975 at process virtual address 0x2000f000
[  244.542545][ T7871] Soft offlining pfn 0x122976 at process virtual address 0x20010000
[  244.544248][ T7871] Soft offlining pfn 0x122977 at process virtual address 0x20011000
[  246.662479][ T7902] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  246.667156][ T7902] device syzkaller0 entered promiscuous mode
[  247.051322][ T7902] tipc: Resetting bearer <eth:syzkaller0>
[  247.157823][ T7899] tipc: Resetting bearer <eth:syzkaller0>
[  247.313964][ T7899] tipc: Disabling bearer <eth:syzkaller0>
[  248.607893][ T7930] netlink: 12 bytes leftover after parsing attributes in process `syz.4.901'.
[  248.614718][ T7922] loop0: detected capacity change from 0 to 512
[  248.620960][ T7922] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  248.623960][ T7922] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  248.651901][ T7922] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz.0.898: Invalid block bitmap block 0 in block_group 0
[  248.657866][ T7930] bridge4: port 1(veth3) entered blocking state
[  248.658964][ T7930] bridge4: port 1(veth3) entered disabled state
[  248.660626][ T7930] device veth3 entered promiscuous mode
[  248.665965][ T7922] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  248.668395][ T7922] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #11: comm syz.0.898: attempt to clear invalid blocks 983261 len 1
[  248.671308][ T7922] EXT4-fs error (device loop0): __ext4_get_inode_loc:4520: comm syz.0.898: Invalid inode table block 0 in block_group 0
[  248.676985][ T7922] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  248.679060][ T7922] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem
[  248.680637][ T7922] EXT4-fs error (device loop0): __ext4_get_inode_loc:4520: comm syz.0.898: Invalid inode table block 0 in block_group 0
[  248.684704][ T7922] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  248.686600][ T7922] EXT4-fs error (device loop0): ext4_truncate:4325: inode #11: comm syz.0.898: mark_inode_dirty error
[  248.688764][ T7922] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem
[  248.690699][ T7922] EXT4-fs error (device loop0): __ext4_get_inode_loc:4520: comm syz.0.898: Invalid inode table block 0 in block_group 0
[  248.698456][ T7922] EXT4-fs (loop0): 1 truncate cleaned up
[  248.710108][ T7930] bridge4: port 2(veth0_to_bond) entered blocking state
[  248.711374][ T7930] bridge4: port 2(veth0_to_bond) entered disabled state
[  248.716438][ T7930] device veth0_to_bond entered promiscuous mode
[  248.721902][ T7922] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  248.746781][ T7930] bridge4: port 3(veth5) entered blocking state
[  248.747976][ T7930] bridge4: port 3(veth5) entered disabled state
[  248.945471][ T2064] ieee802154 phy0 wpan0: encryption failed: -22
[  248.946539][ T2064] ieee802154 phy1 wpan1: encryption failed: -22
[  249.043460][ T7930] device veth5 entered promiscuous mode
[  249.585397][ T4333] EXT4-fs (loop0): unmounting filesystem.
[  255.723527][ T8025] Injecting memory failure for pfn 0x21102a at process virtual address 0x20ffe000
[  255.969588][ T8025] Memory failure: 0x21102a: recovery action for reserved kernel page: Ignored
[  256.429675][ T8032] loop1: detected capacity change from 0 to 131072
[  256.681333][ T8032] F2FS-fs (loop1): Test dummy encryption mode enabled
[  256.684440][ T8032] F2FS-fs (loop1): invalid crc value
[  256.698203][ T8032] F2FS-fs (loop1): Found nat_bits in checkpoint
[  256.717792][ T8032] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  258.557570][ T8068] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  258.881152][ T8072] overlayfs: './file0' not a directory
[  258.902686][ T8079] loop0: detected capacity change from 0 to 512
[  258.991647][ T8079] EXT4-fs error (device loop0): ext4_orphan_get:1405: inode #15: comm syz.0.925: inode has both inline data and extents flags
[  258.998618][ T8079] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.925: couldn't read orphan inode 15 (err -117)
[  259.004847][ T8079] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  259.632210][ T8095] PKCS7: Unknown OID: [4] 0.0
[  259.633456][ T8095] PKCS7: Only support pkcs7_signedData type
[  260.415506][ T8106] netlink: 12 bytes leftover after parsing attributes in process `syz.1.941'.
[  261.006210][ T8106] bridge2: port 1(veth0_to_bond) entered blocking state
[  261.007542][ T8106] bridge2: port 1(veth0_to_bond) entered disabled state
[  263.645967][ T4333] EXT4-fs (loop0): unmounting filesystem.
[  264.651170][ T8175] Soft offlining pfn 0x13851a at process virtual address 0x20000000
[  264.653214][ T8175] Soft offlining pfn 0x1423b6 at process virtual address 0x20001000
[  264.654602][ T8175] Soft offlining pfn 0x147848 at process virtual address 0x20002000
[  264.655923][ T8175] Soft offlining pfn 0x14df60 at process virtual address 0x20003000
[  264.657276][ T8175] Soft offlining pfn 0x140206 at process virtual address 0x20004000
[  264.658618][ T8175] Soft offlining pfn 0x1423da at process virtual address 0x20005000
[  264.659968][ T8175] Soft offlining pfn 0x11b023 at process virtual address 0x20006000
[  264.661299][ T8175] Soft offlining pfn 0x12317c at process virtual address 0x20007000
[  264.662655][ T8175] Soft offlining pfn 0x1423dc at process virtual address 0x20008000
[  264.664046][ T8175] Soft offlining pfn 0x1423dd at process virtual address 0x20009000
[  264.665464][ T8175] Soft offlining pfn 0x13fb71 at process virtual address 0x2000a000
[  264.666771][ T8175] Soft offlining pfn 0x1423d3 at process virtual address 0x2000b000
[  264.668103][ T8175] Soft offlining pfn 0x1423b1 at process virtual address 0x2000c000
[  264.669363][ T8175] Soft offlining pfn 0x1423de at process virtual address 0x2000d000
[  264.670705][ T8175] Soft offlining pfn 0x14671e at process virtual address 0x2000e000
[  264.672130][ T8175] Soft offlining pfn 0x14239f at process virtual address 0x2000f000
[  264.673646][ T8175] Soft offlining pfn 0x13fb6e at process virtual address 0x20010000
[  264.675021][ T8175] Soft offlining pfn 0x1423b2 at process virtual address 0x20011000
[  265.994137][ T8191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  266.857151][ T8212] netlink: 12 bytes leftover after parsing attributes in process `syz.0.968'.
[  266.892373][ T8212] bridge2: port 1(veth5) entered blocking state
[  268.464308][ T8212] bridge2: port 1(veth5) entered disabled state
[  268.465840][ T8212] device veth5 entered promiscuous mode
[  268.515933][ T8212] bridge2: port 2(veth0_to_bond) entered blocking state
[  268.529104][ T8212] bridge2: port 2(veth0_to_bond) entered disabled state
[  268.530912][ T8212] device veth0_to_bond entered promiscuous mode
[  268.543113][ T8212] bridge2: port 3(veth7) entered blocking state
[  268.544172][ T8212] bridge2: port 3(veth7) entered disabled state
[  268.545638][ T8212] device veth7 entered promiscuous mode
[  268.909512][ T8231] Soft offlining pfn 0x14d4ab at process virtual address 0x20000000
[  268.911417][ T8231] Soft offlining pfn 0x14548c at process virtual address 0x20001000
[  268.912841][ T8231] Soft offlining pfn 0x14548d at process virtual address 0x20002000
[  268.914241][ T8231] Soft offlining pfn 0x14548e at process virtual address 0x20003000
[  268.915656][ T8231] Soft offlining pfn 0x14548f at process virtual address 0x20004000
[  268.917045][ T8231] Soft offlining pfn 0x147e74 at process virtual address 0x20005000
[  268.918472][ T8231] Soft offlining pfn 0x147e75 at process virtual address 0x20006000
[  268.919912][ T8231] Soft offlining pfn 0x147e76 at process virtual address 0x20007000
[  268.921245][ T8231] Soft offlining pfn 0x147e77 at process virtual address 0x20008000
[  268.922732][ T8231] Soft offlining pfn 0x13bc54 at process virtual address 0x20009000
[  268.924229][ T8231] Soft offlining pfn 0x13bc55 at process virtual address 0x2000a000
[  268.925615][ T8231] Soft offlining pfn 0x13bc56 at process virtual address 0x2000b000
[  268.927089][ T8231] Soft offlining pfn 0x13bc57 at process virtual address 0x2000c000
[  268.928635][ T8231] Soft offlining pfn 0x142798 at process virtual address 0x2000d000
[  268.930030][ T8231] Soft offlining pfn 0x142799 at process virtual address 0x2000e000
[  268.931451][ T8231] Soft offlining pfn 0x14279a at process virtual address 0x2000f000
[  268.933061][ T8231] Soft offlining pfn 0x14279b at process virtual address 0x20010000
[  268.934506][ T8231] Soft offlining pfn 0x1245e8 at process virtual address 0x20011000
[  269.283531][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  271.141671][ T4376] libceph: connect (1)[c::]:6789 error -101
[  271.143680][ T4376] libceph: mon0 (1)[c::]:6789 connect error
[  271.187539][ T8250] ceph: No mds server is up or the cluster is laggy
[  272.379327][ T8269] tipc: Started in network mode
[  272.380218][ T8269] tipc: Node identity 762545e86a5, cluster identity 4711
[  272.381384][ T8269] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  272.383582][ T8269] device syzkaller0 entered promiscuous mode
[  272.782066][ T8269] tipc: Resetting bearer <eth:syzkaller0>
[  272.790493][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  272.792141][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  272.794192][ T8268] tipc: Resetting bearer <eth:syzkaller0>
[  273.155904][ T8268] tipc: Disabling bearer <eth:syzkaller0>
[  273.304122][ T8294] loop1: detected capacity change from 0 to 512
[  273.312068][ T8294] EXT4-fs: Ignoring removed mblk_io_submit option
[  273.322749][ T8294] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  273.342741][ T8289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.990'.
[  273.355760][ T8294] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002]
[  273.357485][ T8295] binder: 8290:8295 tried to acquire reference to desc 0, got 1 instead
[  273.363454][ T8294] EXT4-fs (loop1): orphan cleanup on readonly fs
[  273.368853][ T8294] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.992: bg 0: block 361: padding at end of block bitmap is not set
[  273.378473][ T8294] EXT4-fs (loop1): Remounting filesystem read-only
[  273.379892][ T8294] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  273.383719][ T8294] EXT4-fs (loop1): Remounting filesystem read-only
[  273.384809][ T8294] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.992: attempt to clear invalid blocks 33619980 len 1
[  273.385520][ T8295] binder: 8290:8295 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  273.387208][ T8294] EXT4-fs (loop1): Remounting filesystem read-only
[  273.390658][ T8294] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.992: invalid indirect mapped block 1811939328 (level 0)
[  273.390969][ T8295] binder: 8295 RLIMIT_NICE not set
[  273.395976][ T8295] binder: 8295 RLIMIT_NICE not set
[  273.397455][ T8294] EXT4-fs (loop1): Remounting filesystem read-only
[  273.398452][ T8295] binder: 8295 RLIMIT_NICE not set
[  273.398481][ T8294] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.992: invalid indirect mapped block 2185560079 (level 1)
[  273.399252][ T8295] binder_alloc: 8290: binder_alloc_buf, no vma
[  273.399290][ T8295] binder_debug: 3 callbacks suppressed
[  273.399295][ T8295] binder: cannot allocate buffer: vma cleared, target dead or dying
[  273.399311][ T8295] binder: 8290:8295 transaction reply to 8290:8295 failed 73/29189/-3, size 0-0 line 3230
[  273.399328][ T8295] binder: send failed reply for transaction 72 to 8290:8295
[  273.402191][ T8294] EXT4-fs (loop1): Remounting filesystem read-only
[  273.409029][ T8294] EXT4-fs (loop1): 1 truncate cleaned up
[  273.409888][ T8294] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  275.179825][ T8318] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.992: dx entry: limit 0 != root limit 125
[  275.182454][ T8318] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.992: Corrupt directory, running e2fsck is recommended
[  275.502302][ T4380] binder: undelivered TRANSACTION_ERROR: 29190
[  275.710885][ T4380] binder: undelivered TRANSACTION_COMPLETE
[  275.716994][ T4380] binder: undelivered TRANSACTION_ERROR: 29189
[  276.463664][ T4328] EXT4-fs (loop1): unmounting filesystem.
[  276.912138][ T8327] overlayfs: failed to clone lowerpath
[  278.676997][ T8348] Soft offlining pfn 0x146bb2 at process virtual address 0x20000000
[  278.678681][ T8348] Soft offlining pfn 0x146bb3 at process virtual address 0x20001000
[  278.680077][ T8348] Soft offlining pfn 0x146bb4 at process virtual address 0x20002000
[  278.681442][ T8348] Soft offlining pfn 0x146bb5 at process virtual address 0x20003000
[  278.682784][ T8348] Soft offlining pfn 0x146bb6 at process virtual address 0x20004000
[  278.684192][ T8348] Soft offlining pfn 0x146bb7 at process virtual address 0x20005000
[  278.685598][ T8348] Soft offlining pfn 0x146bb8 at process virtual address 0x20006000
[  278.686931][ T8348] Soft offlining pfn 0x146bb9 at process virtual address 0x20007000
[  278.688294][ T8348] Soft offlining pfn 0x146bba at process virtual address 0x20008000
[  278.689806][ T8348] Soft offlining pfn 0x146bbb at process virtual address 0x20009000
[  278.691134][ T8348] Soft offlining pfn 0x146bbc at process virtual address 0x2000a000
[  278.692537][ T8348] Soft offlining pfn 0x146bbd at process virtual address 0x2000b000
[  278.693889][ T8348] Soft offlining pfn 0x147e7e at process virtual address 0x2000c000
[  278.695183][ T8348] Soft offlining pfn 0x147e7f at process virtual address 0x2000d000
[  278.696516][ T8348] Soft offlining pfn 0x148450 at process virtual address 0x2000e000
[  278.697884][ T8348] Soft offlining pfn 0x148451 at process virtual address 0x2000f000
[  278.699286][ T8348] Soft offlining pfn 0x148452 at process virtual address 0x20010000
[  278.700638][ T8348] Soft offlining pfn 0x148453 at process virtual address 0x20011000
[  279.137853][ T8343] loop0: detected capacity change from 0 to 32768
[  279.227189][ T8343] XFS (loop0): Mounting V5 Filesystem
[  279.883584][ T8343] XFS (loop0): Ending clean mount
[  280.744424][ T4333] XFS (loop0): Unmounting Filesystem
[  283.064115][ T4342] Bluetooth: hci3: command 0x0406 tx timeout
[  283.904313][ T8413] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1018'.
[  286.680674][ T8429] Set syz1 is full, maxelem 65536 reached
[  286.936508][ T8440] netlink: 'syz.3.1026': attribute type 1 has an invalid length.
[  287.163204][ T8440] 8021q: adding VLAN 0 to HW filter on device bond6
[  287.168175][ T8444] bond6: (slave gretap1): making interface the new active one
[  287.170804][ T8444] bond6: (slave gretap1): Enslaving as an active interface with an up link
[  287.172431][ T7786] IPv6: ADDRCONF(NETDEV_CHANGE): bond6: link becomes ready
[  288.197467][ T8460] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  289.698284][ T8456] loop1: detected capacity change from 0 to 65536
[  289.909763][ T8456] XFS (loop1): Mounting V5 Filesystem
[  289.925855][ T8456] XFS (loop1): Ending clean mount
[  289.949802][ T8476] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  289.952633][ T8476] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  290.393602][   T24] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x15c/0x234, xfs_agf block 0x1 
[  290.396150][   T24] XFS (loop1): Unmount and run xfs_repair
[  290.397195][   T24] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  290.398490][   T24] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  290.399935][   T24] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  290.401735][   T24] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 01 00 00 04  ................
[  290.406401][   T24] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  290.407821][   T24] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  290.409402][   T24] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.410879][   T24] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.413615][   T24] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.416863][ T8456] XFS (loop1): metadata I/O error in "xfs_read_agf+0x250/0x5fc" at daddr 0x1 len 1 error 74
[  290.421550][   T24] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x15c/0x234, xfs_agf block 0x1 
[  290.426601][   T24] XFS (loop1): Unmount and run xfs_repair
[  290.427526][   T24] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  290.430924][   T24] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  290.432329][   T24] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  290.436794][   T24] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 01 00 00 04  ................
[  290.438612][   T24] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  290.443200][   T24] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  290.444723][   T24] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.445971][ T8498] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x15c/0x234, xfs_agf block 0x8001 
[  290.446099][   T24] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.448508][ T8498] XFS (loop1): Unmount and run xfs_repair
[  290.449542][   T24] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.450722][ T8498] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  290.453903][ T8498] 00000000: 58 41 47 46 00 00 00 01 00 00 00 01 00 00 40 00  XAGF..........@.
[  290.455383][ T8498] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  290.456930][ T8498] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  290.458431][ T8498] 00000030: 00 00 00 04 00 00 3b 5f 00 00 3b 5c 00 00 00 00  ......;_..;\....
[  290.459819][ T8498] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  290.461427][ T8498] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.463104][ T8456] XFS (loop1): metadata I/O error in "xfs_read_agf+0x250/0x5fc" at daddr 0x1 len 1 error 74
[  290.466279][ T8498] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.468880][ T8498] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  290.471271][ T8498] XFS (loop1): metadata I/O error in "xfs_read_agf+0x250/0x5fc" at daddr 0x8001 len 1 error 74
[  291.209278][ T8498] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x580/0xaec (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  291.290984][ T8498] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  291.353747][ T4342] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11
[  291.374855][ T4328] XFS (loop1): Unmounting Filesystem
[  292.483294][ T8525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1044'.
[  294.729937][ T8547] netlink: 'syz.0.1054': attribute type 2 has an invalid length.
[  296.628916][ T8555] loop0: detected capacity change from 0 to 32768
[  296.644121][ T8555] (syz.0.1054,8555,1):ocfs2_parse_options:1446 ERROR: Unrecognized mount option "dir_ršlv_level=000000N000000000000™\:Fherency=full" or missing value
[  296.651949][ T8555] (syz.0.1054,8555,1):ocfs2_fill_super:1176 ERROR: status = -22
[  297.150612][ T8560] loop1: detected capacity change from 0 to 40427
[  297.167973][ T8560] F2FS-fs (loop1): Unrecognized mount option "whint_mode=fs-based" or missing value
[  297.396959][ T8618] loop1: detected capacity change from 0 to 256
[  297.525238][ T8618] FAT-fs (loop1): Directory bread(block 64) failed
[  297.526557][ T8618] FAT-fs (loop1): Directory bread(block 65) failed
[  297.527831][ T8618] FAT-fs (loop1): Directory bread(block 66) failed
[  297.529004][ T8618] FAT-fs (loop1): Directory bread(block 67) failed
[  297.530240][ T8618] FAT-fs (loop1): Directory bread(block 68) failed
[  297.531342][ T8618] FAT-fs (loop1): Directory bread(block 69) failed
[  297.532721][ T8618] FAT-fs (loop1): Directory bread(block 70) failed
[  297.533914][ T8618] FAT-fs (loop1): Directory bread(block 71) failed
[  297.535317][ T8618] FAT-fs (loop1): Directory bread(block 72) failed
[  297.536538][ T8618] FAT-fs (loop1): Directory bread(block 73) failed
[  297.682976][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.684542][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.686030][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.687475][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.842934][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  300.068640][ T8650] PKCS7: Unknown OID: [4] 0.0
[  300.069382][ T8650] PKCS7: Only support pkcs7_signedData type
[  301.069061][ T8681] overlayfs: failed to clone lowerpath
[  301.771045][ T8689] netlink: 'syz.2.1073': attribute type 12 has an invalid length.
[  302.535194][ T8706] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1074'.
[  302.774066][ T8713] device bond0 entered promiscuous mode
[  302.774994][ T8713] device bond_slave_0 entered promiscuous mode
[  302.776104][ T8713] device bond_slave_1 entered promiscuous mode
[  305.423376][ T8739] loop1: detected capacity change from 0 to 64
[  308.256685][ T8776] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  310.760681][ T8806] overlayfs: failed to clone lowerpath
[  310.788812][ T2064] ieee802154 phy0 wpan0: encryption failed: -22
[  310.789974][ T2064] ieee802154 phy1 wpan1: encryption failed: -22
[  312.028208][ T8826] bridge_slave_0: mtu greater than device maximum
[  312.035818][ T8826] I/O error, dev loop5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  312.039208][ T8826] isofs_fill_super: bread failed, dev=loop5, iso_blknum=16, block=32
[  312.362593][ T8834] Soft offlining pfn 0x1478d9 at process virtual address 0x20000000
[  312.369220][ T8834] Soft offlining pfn 0x13fdfe at process virtual address 0x20001000
[  312.370957][ T8834] Soft offlining pfn 0x1411bd at process virtual address 0x20002000
[  312.373396][ T8834] Soft offlining pfn 0x147bac at process virtual address 0x20003000
[  312.377738][ T8834] Injecting memory failure for pfn 0x14de67 at process virtual address 0x20000000
[  312.395810][ T8834] Memory failure: 0x14de67: keeping poisoned page in swap cache
[  312.397808][ T8834] Memory failure: 0x14de67: recovery action for clean swapcache page: Recovered
[  312.399259][ T8834] Injecting memory failure for pfn 0x141e95 at process virtual address 0x20001000
[  312.405179][ T8834] Memory failure: 0x141e95: recovery action for dirty LRU page: Recovered
[  312.406722][ T8834] Injecting memory failure for pfn 0x146dfa at process virtual address 0x20002000
[  312.411564][ T8834] Memory failure: 0x146dfa: recovery action for dirty LRU page: Recovered
[  312.769504][ T8840] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  312.792086][ T8845] binder: 8843:8845 ioctl 4018620d 0 returned -22
[  313.396571][ T8856] overlayfs: failed to clone upperpath
[  313.462077][ T8867] loop0: detected capacity change from 0 to 256
[  313.485634][ T8867] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  313.575799][ T8867] "syz.0.1119" (8867) uses obsolete ecb(arc4) skcipher
[  313.699591][ T8872] tc action pedit 'at' offset -2147483607 out of bounds
[  314.952867][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  314.955470][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  314.966907][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  314.983931][ T8904] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  315.004463][ T8904] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  315.022667][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  315.025925][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  315.027559][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  315.029052][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  315.030474][ T8904] virt_wifi0 speed is unknown, defaulting to 1000
[  316.765064][ T8932] loop1: detected capacity change from 0 to 128
[  317.176517][ T8932] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  317.196379][ T8932] EXT4-fs (loop1): unmounting filesystem.
[  317.728266][ T8947] PKCS7: Unknown OID: [4] 0.0
[  317.729240][ T8947] PKCS7: Only support pkcs7_signedData type
[  320.086906][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  321.016040][ T8986] loop1: detected capacity change from 0 to 4096
[  321.018547][ T8986] EXT4-fs: Ignoring removed mblk_io_submit option
[  321.078462][ T8986] EXT4-fs (loop1): Test dummy encryption mode enabled
[  321.103747][ T8986] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  321.128863][ T8986] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-ce"
[  321.204424][ T9000] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.1150'.
[  321.206168][ T9000] netlink: zone id is out of range
[  323.316312][ T4328] 
[  323.316808][ T4328] ======================================================
[  323.317959][ T4328] WARNING: possible circular locking dependency detected
[  323.319217][ T4328] syzkaller #0 Not tainted
[  323.319988][ T4328] ------------------------------------------------------
[  323.321134][ T4328] syz-executor/4328 is trying to acquire lock:
[  323.322169][ T4328] ffff0000e1bde268 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x50/0x1c4
[  323.323735][ T4328] 
[  323.323735][ T4328] but task is already holding lock:
[  323.324921][ T4328] ffff0000e18a34b0 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0x7cc/0x1084
[  323.326519][ T4328] 
[  323.326519][ T4328] which lock already depends on the new lock.
[  323.326519][ T4328] 
[  323.328148][ T4328] 
[  323.328148][ T4328] the existing dependency chain (in reverse order) is:
[  323.329707][ T4328] 
[  323.329707][ T4328] -> #2 (&ei->i_data_sem/2){++++}-{3:3}:
[  323.331019][ T4328]        down_read+0x64/0x300
[  323.331841][ T4328]        ext4_map_blocks+0x278/0x1778
[  323.332730][ T4328]        ext4_getblk+0x178/0x664
[  323.333571][ T4328]        ext4_bread+0x3c/0x1a8
[  323.334421][ T4328]        ext4_quota_read+0x160/0x350
[  323.335338][ T4328]        find_tree_dqentry+0x174/0xc04
[  323.336251][ T4328]        find_tree_dqentry+0x4f8/0xc04
[  323.337190][ T4328]        find_tree_dqentry+0x4f8/0xc04
[  323.338207][ T4328]        find_tree_dqentry+0x4f8/0xc04
[  323.339229][ T4328]        qtree_read_dquot+0x49c/0x774
[  323.340119][ T4328]        v2_read_dquot+0xbc/0x118
[  323.341042][ T4328]        dquot_acquire+0x120/0x4d8
[  323.341977][ T4328]        ext4_acquire_dquot+0x270/0x428
[  323.342910][ T4328]        dqget+0x614/0xab8
[  323.343676][ T4328]        __dquot_initialize+0x294/0xacc
[  323.344731][ T4328]        dquot_initialize+0x24/0x34
[  323.345636][ T4328]        ext4_process_orphan+0x5c/0x2b4
[  323.346553][ T4328]        ext4_orphan_cleanup+0x920/0x1060
[  323.347480][ T4328]        ext4_fill_super+0x594c/0x61b0
[  323.348359][ T4328]        get_tree_bdev+0x358/0x544
[  323.349209][ T4328]        ext4_get_tree+0x28/0x38
[  323.350004][ T4328]        vfs_get_tree+0x90/0x274
[  323.350802][ T4328]        do_new_mount+0x228/0x810
[  323.351630][ T4328]        path_mount+0x5bc/0xe80
[  323.352507][ T4328]        __arm64_sys_mount+0x49c/0x59c
[  323.353438][ T4328]        invoke_syscall+0x98/0x290
[  323.354343][ T4328]        el0_svc_common+0x138/0x258
[  323.355218][ T4328]        do_el0_svc+0x58/0x130
[  323.355970][ T4328]        el0_svc+0x58/0x128
[  323.356705][ T4328]        el0t_64_sync_handler+0x84/0xf0
[  323.357635][ T4328]        el0t_64_sync+0x18c/0x190
[  323.358497][ T4328] 
[  323.358497][ T4328] -> #1 (&s->s_dquot.dqio_sem){++++}-{3:3}:
[  323.359888][ T4328]        down_read+0x64/0x300
[  323.360633][ T4328]        v2_read_dquot+0x4c/0x118
[  323.361455][ T4328]        dquot_acquire+0x120/0x4d8
[  323.362351][ T4328]        ext4_acquire_dquot+0x270/0x428
[  323.363302][ T4328]        dqget+0x614/0xab8
[  323.364050][ T4328]        __dquot_initialize+0x2fc/0xacc
[  323.364946][ T4328]        dquot_initialize+0x24/0x34
[  323.365790][ T4328]        ext4_create+0x9c/0x3fc
[  323.366588][ T4328]        path_openat+0xe18/0x26bc
[  323.367361][ T4328]        do_filp_open+0x194/0x384
[  323.368176][ T4328]        do_sys_openat2+0x134/0x3f4
[  323.369016][ T4328]        __arm64_sys_openat+0x118/0x14c
[  323.369959][ T4328]        invoke_syscall+0x98/0x290
[  323.370844][ T4328]        el0_svc_common+0x138/0x258
[  323.371743][ T4328]        do_el0_svc+0x58/0x130
[  323.372572][ T4328]        el0_svc+0x58/0x128
[  323.373385][ T4328]        el0t_64_sync_handler+0x84/0xf0
[  323.374400][ T4328]        el0t_64_sync+0x18c/0x190
[  323.375220][ T4328] 
[  323.375220][ T4328] -> #0 (&dquot->dq_lock){+.+.}-{3:3}:
[  323.376599][ T4328]        __lock_acquire+0x2880/0x6800
[  323.377513][ T4328]        lock_acquire+0x20c/0x63c
[  323.378396][ T4328]        __mutex_lock_common+0x190/0x1f60
[  323.379360][ T4328]        mutex_lock_nested+0x38/0x44
[  323.380247][ T4328]        dquot_commit+0x50/0x1c4
[  323.381051][ T4328]        ext4_write_dquot+0x1b4/0x31c
[  323.381980][ T4328]        ext4_mark_dquot_dirty+0xe8/0x140
[  323.382953][ T4328]        mark_all_dquot_dirty+0x108/0x424
[  323.383902][ T4328]        __dquot_free_space+0x73c/0xa78
[  323.384866][ T4328]        ext4_free_blocks+0x1888/0x2390
[  323.385804][ T4328]        ext4_ext_remove_space+0x162c/0x3a9c
[  323.386838][ T4328]        ext4_ext_truncate+0x164/0x20c
[  323.387792][ T4328]        ext4_truncate+0x9f4/0x1084
[  323.388668][ T4328]        ext4_evict_inode+0xc10/0x1278
[  323.389550][ T4328]        evict+0x3e0/0x828
[  323.390289][ T4328]        iput+0x754/0x7e4
[  323.391000][ T4328]        do_unlinkat+0x36c/0x500
[  323.391763][ T4328]        __arm64_sys_unlinkat+0xe0/0xfc
[  323.392580][ T4328]        invoke_syscall+0x98/0x290
[  323.393377][ T4328]        el0_svc_common+0x138/0x258
[  323.394258][ T4328]        do_el0_svc+0x58/0x130
[  323.395045][ T4328]        el0_svc+0x58/0x128
[  323.395801][ T4328]        el0t_64_sync_handler+0x84/0xf0
[  323.396730][ T4328]        el0t_64_sync+0x18c/0x190
[  323.397533][ T4328] 
[  323.397533][ T4328] other info that might help us debug this:
[  323.397533][ T4328] 
[  323.399356][ T4328] Chain exists of:
[  323.399356][ T4328]   &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2
[  323.399356][ T4328] 
[  323.401670][ T4328]  Possible unsafe locking scenario:
[  323.401670][ T4328] 
[  323.402808][ T4328]        CPU0                    CPU1
[  323.403772][ T4328]        ----                    ----
[  323.404731][ T4328]   lock(&ei->i_data_sem/2);
[  323.405589][ T4328]                                lock(&s->s_dquot.dqio_sem);
[  323.406848][ T4328]                                lock(&ei->i_data_sem/2);
[  323.408108][ T4328]   lock(&dquot->dq_lock);
[  323.408833][ T4328] 
[  323.408833][ T4328]  *** DEADLOCK ***
[  323.408833][ T4328] 
[  323.410098][ T4328] 4 locks held by syz-executor/4328:
[  323.411005][ T4328]  #0: ffff0000d410a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c
[  323.412734][ T4328]  #1: ffff0000d410a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3e0/0x1278
[  323.414324][ T4328]  #2: ffff0000e18a34b0 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0x7cc/0x1084
[  323.415952][ T4328]  #3: ffff80001554cb08 (dquot_srcu){....}-{0:0}, at: rcu_lock_acquire+0x10/0x4c
[  323.417473][ T4328] 
[  323.417473][ T4328] stack backtrace:
[  323.418476][ T4328] CPU: 0 PID: 4328 Comm: syz-executor Not tainted syzkaller #0
[  323.419763][ T4328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  323.421404][ T4328] Call trace:
[  323.421932][ T4328]  dump_backtrace+0x1c0/0x1ec
[  323.422697][ T4328]  show_stack+0x2c/0x3c
[  323.423375][ T4328]  __dump_stack+0x30/0x40
[  323.424099][ T4328]  dump_stack_lvl+0xf4/0x15c
[  323.424851][ T4328]  dump_stack+0x1c/0x5c
[  323.425527][ T4328]  print_circular_bug+0x148/0x1b0
[  323.426380][ T4328]  check_noncircular+0x264/0x2f8
[  323.427218][ T4328]  __lock_acquire+0x2880/0x6800
[  323.428084][ T4328]  lock_acquire+0x20c/0x63c
[  323.428844][ T4328]  __mutex_lock_common+0x190/0x1f60
[  323.429671][ T4328]  mutex_lock_nested+0x38/0x44
[  323.430425][ T4328]  dquot_commit+0x50/0x1c4
[  323.431097][ T4328]  ext4_write_dquot+0x1b4/0x31c
[  323.431929][ T4328]  ext4_mark_dquot_dirty+0xe8/0x140
[  323.432853][ T4328]  mark_all_dquot_dirty+0x108/0x424
[  323.433742][ T4328]  __dquot_free_space+0x73c/0xa78
[  323.434587][ T4328]  ext4_free_blocks+0x1888/0x2390
[  323.435445][ T4328]  ext4_ext_remove_space+0x162c/0x3a9c
[  323.436387][ T4328]  ext4_ext_truncate+0x164/0x20c
[  323.437267][ T4328]  ext4_truncate+0x9f4/0x1084
[  323.438080][ T4328]  ext4_evict_inode+0xc10/0x1278
[  323.438865][ T4328]  evict+0x3e0/0x828
[  323.439514][ T4328]  iput+0x754/0x7e4
[  323.440214][ T4328]  do_unlinkat+0x36c/0x500
[  323.441011][ T4328]  __arm64_sys_unlinkat+0xe0/0xfc
[  323.441860][ T4328]  invoke_syscall+0x98/0x290
[  323.442590][ T4328]  el0_svc_common+0x138/0x258
[  323.443399][ T4328]  do_el0_svc+0x58/0x130
[  323.444107][ T4328]  el0_svc+0x58/0x128
[  323.444797][ T4328]  el0t_64_sync_handler+0x84/0xf0
[  323.445658][ T4328]  el0t_64_sync+0x18c/0x190
[  323.647434][ T4328] EXT4-fs (loop1): unmounting filesystem.