last executing test programs:

7.092633199s ago: executing program 5:
r0 = gettid()
accept(0xffffffffffffffff, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000000c0))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
open$dir(0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000007080)='./file0\x00', &(0x7f00000070c0), 0x0, &(0x7f0000000240)=ANY=[@ANYRESHEX, @ANYBLOB=',', @ANYRESHEX, @ANYBLOB])

6.403900059s ago: executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000000c0))
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
readv(r1, 0x0, 0x0)
close(r1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/dmi', 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000044c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
r2 = semget$private(0x0, 0x4, 0x0)
semop(r2, &(0x7f00000000c0)=[{0x0, 0x5}, {}], 0x2)

6.135910519s ago: executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r1=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="10", 0x1, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
r2 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000080)="ee", 0x27, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={0x0, 0x0, r2}, 0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={'sha512-ssse3\x00'}})

6.103907426s ago: executing program 3:
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = gettid()
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
readv(r1, 0x0, 0x0)
close(r1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1910000, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0xfffffffffffffffe)
rt_sigreturn()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
ptrace$PTRACE_SETSIGMASK(0x420b, r0, 0x8, &(0x7f00000000c0)={[0xe1aa]})

6.080623098s ago: executing program 5:
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x2, 0xe, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_address={0x3, 0x6}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@mcast2, @in=@empty}}]}, 0x80}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000280)=@flushpolicy={0x10, 0x1d, 0x6a1d63bef531ea9b}, 0x10}}, 0x0)

5.853904447s ago: executing program 3:
gettid()
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigreturn()
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
ioctl$TUNGETSNDBUF(r0, 0x541b, 0x0)

5.783047056s ago: executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000100))
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
readv(r1, 0x0, 0x0)
close(r1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
rt_sigreturn()
poll(0x0, 0x0, 0x64)
poll(0x0, 0x0, 0x100)
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)

5.730610426s ago: executing program 4:
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0)
mlockall(0x1)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46)
sendmsg$unix(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)='D', 0x1}], 0x1}, 0x0)
rt_sigreturn()
socket$inet6(0xa, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
r2 = memfd_create(&(0x7f0000000400)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[z\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\x03\x00\x00\x00\x00\x00\x00\x00\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x82\x10n1\xed\xba\xe3\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\xff\xe9\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\xaf\x88X\xbc', 0x0)
fallocate(r2, 0x0, 0x0, 0x8000008)
fchmod(r2, 0x0)

5.694032829s ago: executing program 5:
r0 = gettid()
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc))
pipe2(&(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x0)
read$char_usb(r1, &(0x7f0000000380)=""/161, 0xd0)
close(r1)
rt_sigreturn()
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

5.060938996s ago: executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = mq_open(&(0x7f0000001ec0)='.pending_reads\x00', 0x40, 0x0, 0x0)
ioctl$TUNSETIFINDEX(r1, 0x8902, 0x0)
r2 = accept$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r4 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
write$binfmt_script(r5, &(0x7f0000000340), 0xffffff46)
dup3(r5, r4, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0xb, &(0x7f0000000140)=[{&(0x7f0000000380)=ANY=[], 0x10}], 0x1}, 0x0)
rt_sigreturn()
recvmsg(0xffffffffffffffff, 0x0, 0x0)
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
r6 = eventfd(0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
write$FUSE_ATTR(r7, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78)
write$cgroup_devices(r7, &(0x7f0000000380)=ANY=[@ANYBLOB="01202a3a8a"], 0x8)
poll(0x0, 0x0, 0x6c)
timer_settime(0x0, 0x0, &(0x7f0000000140)={{}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup(r8)
getsockopt$inet6_tcp_int(r9, 0x6, 0x0, 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x34)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x6, &(0x7f0000000080)=[{0x0, 0x5, 0x2, 0x2}, {0x0, 0x3, 0x3b, 0x9}, {0x0, 0xdf, 0x80, 0x1f}, {0x1000, 0x4, 0xfb, 0x7f}, {0x81, 0xc1, 0x1, 0x7f}, {0x3f, 0x0, 0x20, 0xed}]})
fcntl$getownex(r1, 0x10, 0x0)

4.924152466s ago: executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000bbdffc))
r2 = eventfd(0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = msgget$private(0x0, 0x0)
msgrcv(r4, 0x0, 0x0, 0x0, 0x0)
rt_sigreturn()
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1000, 0x1)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
msgsnd(r4, &(0x7f0000000180)=ANY=[@ANYRES8], 0x99, 0x0)
ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x5450, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
msgctl$IPC_INFO(0x0, 0x3, 0x0)
socket$unix(0x1, 0x0, 0x0)
write$FUSE_ATTR(r3, &(0x7f0000000240)={0x78, 0xfffffffffffffffe, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x8}}}, 0x78)
write$cgroup_devices(r3, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
close(r3)
socket$inet_udp(0x2, 0x2, 0x0)
rt_sigreturn()
timer_settime(0x0, 0x1, &(0x7f0000000200)={{}, {0x0, 0x3938700}}, 0x0)
semget(0xffffffffffffffff, 0x0, 0x0)
semctl$GETVAL(0x0, 0x0, 0xc, 0x0)
sendto$inet_nvme_of_msg(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

4.877113468s ago: executing program 5:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000040))
poll(0x0, 0x0, 0x401)
rt_sigreturn()
poll(0x0, 0x0, 0x64)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
io_setup(0x0, 0x0)

4.635347075s ago: executing program 0:
socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8991, &(0x7f0000000000)={'bond0\x00'})

4.63358926s ago: executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x1805a, &(0x7f0000000000)=ANY=[], 0x1, 0x105c3, &(0x7f0000020c00)="$eJzs3E1vG0UYB/DHDW3aUkqF+sKNlRBSImGrTtKKCgkCtAKkpop4OXABHHtjubW9IXackDNIHPgavSEuHPgEXPgeSAhxAYkbCOTdTdVUPbTUxC35/aTNf3Y8fjxj5eDxJhvAoXUm+eP3SpyOExExExGnIvJ2pTxyy0U8HxEvRMSRu45K2X+n41hEnIyI0+PiRc1K+dC3n33/12j3+le3X/3l4yu3f6tMb9XAQXv9nvOXIqK3UbS3e0Vm7SJvlv2NUSfP3tKozOKB3q3yPCtyO13LK2w39sY18lxsF+Ozja3BONe7jeY42531vH+jX7zgYNTeq5M/4WZjMz9vpWt5dgZZnu3dYl47Ze4OhkWdVlnv87x8DId7WfSnO2mxno1beTb7w7K/qJu10p1xjsosXy6aWbeVz2Ptod7qJ8r1Tn9rJxmlm4NO1k8u1eqv1OqXq/XNrJUO06Vqo9e6vJTMtbvjYdVh2ugtt7Os3U1rzaw3n8y1m81qvZ7MXU3XOo1+Uq/XFmsXq5fmy9bLyds3Pky6rWRunG92+lvDTneQrGebSfGM+WShtnhlPnmxnry/spqsvnft2srqB59c/ejGGyvvvlUO2pvWbP47MUyXkrmFiwsL1frF6kJ9/vCs/860Jrh+eCQ+SQI8NPt/YBrs//fv/2ft/w/l/vewrx8eiU+SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH1k9Hv3snb5wpzp8u+58pu56LiAsRcT4izkXE3/cxE8f21TwbEZWyfb/xR++Zww+VyCuMnzNbHicjYrk8/nz2v34XAAAA4P/rmx+/+DJiZtzMf7w27QlxkMovbY5Pql7+lc9Tk6p2Ni+2M6Fq5/ZKTsT5iDh65tcJVbsQEUdOfTqhag9kZl8cvysqRRw5yNkAAAAHY/9OYGK7NwAAAB47X097AkxHfr22/Fv88lrwbBHlBcET+84AAACAJ1Bl2hMAAAAAHti//V/dfP8/6fv//ez+fwAAAPBYKe7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8A87d4+jNhDFAfyB45BPBUV8XIUqSknBIXKElDlAcpt0HCGKhDgH6XKECCLGs4VXFKv1GO+i308yb8aCPw+oxoMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAn/7U2/XP/fcfXXOOv06dlPk0AAAAwCWHertOg2kzf5vPv8+nPkbEMiIWETGPiEtr9ypetjJnETHK40vPr+/18DsiJZxfM8nHm4j4nI9/H/r+FgAAAOB27XerTUR1HqaHT0M3xDXlizavSuWlSz4vSqXNUti3Qmnzu8giFhFRT/8WSltGxPjdl0JpD1Ll0vrt02TUlPE1uwEAAK6japViqzcAAACenK9DN8Aw0n5t/i9+3gueNCVvC75uzQAAAIBnaDR0AwAAAEDv0vrf/f8AAADgtjX3/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBPh3q73u9Wm645x1M3j3rTcdeuAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP/sz8sJhEAYhMHe9Z3TYP5hSYPG4MEqED7+xsMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzL7/7yf2JqnEnmXhtLzyPJ2qmxdWrsnRtHfxhvvwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725+4EQiAIwmDf+Z/TYv5hSYPGIEIVLHzMMA8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCxAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWF/bm3TRgI4zj8+pIocZuMkN5KYAYaKgQj8CEhWfIMDMBCNFS0FovACiDBuaYzBc/T/H/FFfcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvKbLwxdvEVFE6jJFGm9+Tu8R8RFp27ajz1sWu/Ox+brnbH+Y5PyO6W8ZEWUUfZwDANC7qtscq3W9/Mv7n3eQd5i3mjf14pmfBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAruzbP2sUWxQA8LPZP0leqte84tkICkmj68Z/G0grRASxsbAMyRqCGw1JBBNEiN9A8AvYa5XWz2BvYaGVIClURLBRNjub3OiCUXFmSX4/uDPnXnZm7t1i4cy5CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwS7Y3Y6wXlyLi/8pe3PHy/f25fud3H1/812s3nleW03t2blGNiJuL7daZHNcyaB58119d37g12263Vv5iMJzjswRFBhEDMQ1BEkT59y4v4McJAIBDrZq1Tl7/uro10xkrTUd8fbI//x9P4jhg/v/56cPL6bPS/L+R2woHX31tabm+ur5xanFpdqG10LrdmJo6d7558cJko77zrqR+1N+YAAAA8KdqWUvz/6HpH+v//yRxHDD/v3vl2rHO2Eh2TVn+39de0a/omQAAABxt/x7/9KHUZ7xUq8W92bW1lUb3uNuf7B4LmOrPXd/fHc5amv+XpwuaGwAAAJCr7c3SWERs9frz2blv/X9i77q0/v/qceVqes9yRIxm9f/Tc3fa87msZPDl8SfkotcIAABAsUazltb/qzv7/yu7nxmKiIkT3bg3epD9/+Mnn71Nn5Xu/z+b2woH01Cz+33snJsRlWbRMwIAAOAwG8laJ/9/U42ZlS+PLtXs/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+sWP3KBEDUQCAk52NVuKCYGPjCUQ7qwULwXuIguARvIJ38A7eI6VoaS1biIWtvElGl20WLBJ/vg8m7yUMmZep8gYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtRYnX3mKy6zLJ/2zx9eb84hPKzG8vLW7MSKvhyz6F6qPx64AAACA/yCV/r6qqufm/iziZJ77/6bMiZ7/bqvLSz+/2veXWHr/GHvp4f1zoVm3Trz08ur64nCwL/z5ttfOmOadz2cvqRzC7CyavJ/1bduebuR0c4BiAYBvOSixT8r/UMSjMQsD4C/bX76Z9qNa6v/TfJS6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb1EQAA//9TYmvH")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000300), 0x0, 0x0, 0x0)

4.473899125s ago: executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000005140)='./file0\x00', 0x816, &(0x7f0000000280)={[{@nospace_cache}, {@nodatacow}, {@nobarrier}, {@noautodefrag}, {@nobarrier}, {@compress_algo={'compress', 0x3d, 'no'}}, {@nospace_cache}, {@usebackuproot}]}, 0x1, 0x50ed, &(0x7f0000005180)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTsT3573JENYvrOR3E/wmHm5XUpgfKxQ6WkmPbbFHXpgfLxQ65pIemydDeHBhZX9S+H8stJPClbV54UhSOB0L+fnQLRxLCifimfb52ny6aeH7WMgvsJiPV1Cs6V4SkfS42q/HQuGGPc52Dw4AAHBPieE5z7Jjvc2QRtn52qAdVg/aYWTQDvVBO4wmO6Q79tseZnsLcXv7zMalPf//yHD5P74Vq7JFv+v/Q7z+P3+uYff6/9lYaCSF+VhopXcMaMVjZGH343iMRivvcWV9twAAAAB3tfi9QH2F5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+zda4xc1X0A8LPP8T68XkiqEBolm6TGcROv1zaQqKXKmlI1IqVZNxRURRQbe00WL9ixTYlRiIxNRCMEpQ1S8qEIoyiq+QC1AhFJAeEixREqj4iqKIBAoTVEQaSUJCJNkEI1e++ZvXPuzsOPNV76+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w8GvXPO3zeKP/va8Z1+4ePyKPWsvfvW68059MoSJmcc7snBH/423j//87nPv2fPA6jvuO3z+R3vzcnk8DFT/dOZ3boi1Hl4cwv0dIXSngRWDWaAnvz8Y63vfYAinhNlArcRkf1YibTh8vy+EfWE2UKvqe30hDBYCFz71yMM3VxO39YWwNIRQSdt4vpK10ZcGzujNAv1pYGt3FvjVW5la4LudWQCOWXwz1F70BybqMwzPXa7B66/nuHXs7ZUOrysmhhvn+9naee5UQW/6wMQxPW2l6pgXpbfHQe+2BfBuK23nWz1txS9S+TeUt2ZDldC5aXLzhqund8ZHOsPoaFejmubpeX7m9S9tPJL0gnkdxg4MH5fX4S1PLL27a/kFj9+3YunL+z+295Vj7eaPCpu0mJ5vlZC/5hbM8xiN+zxZAG+/0rekEV+6QgibP/97n2kWL83/h5vP/+PLOd521uWOtb45lM3N4yODMfHaUDY3BwAAgAVjIew13Tr60Cea1Vea/4+0d/w/HvLPJ/PZaA+GMD6T2LskhNNmHs8Cd8XmLlsSwgdnUhP1gbVJ4GAI751JLK9VlZRYFEuMJIGfDOWB8SRwKAYmksC3YuDWJHBDDBxIAhtj4GASODcGwlT9OH5/KB9H24G+GFifbcQD8SyEXwzF1pJt9VytKgAAgOMknx321N8tnOtwrBni9PJAX6sM8QzshhkqSQ3pDLY2rWpYQ3erGjpb1VAb9+7mwy/V3NGq5tJpGB31GW7/5d98NjRRmv+PNZ//V+boSEfp+H8I62b+xtydeWS6Fl8/UZcBAAAAOAYD//viN5vFS/P/8fbO/4/7RLoKmcNjcTfEliUhjNUHsmr/sBzIjnoP5AEAAABYCGrH42vHwqfy2+wU7XQ+Xc4/cYT544H/8Tnz9x58cH2z/pbm/xPtnf/fX3+bdeJQ7MXXloSwqBD4QexlNTBjJAZ+/Mn6QD7+Q3ED3BSryk9MqFV1UyyxPgbGksC+RiV+WCtxWn0gf7Jqje+tjWMqL1EIAAAAwAkXdwfE4/Lx/P8P/Wb1Nc3Kleb/64/s/P+ZeXDp9P7pgRBWdofQlf4w4LH+bGHAGBjsyBMP9Wd1daVVXd8fwjnVgaVVvZiv/9+drjH4VF9WVQyc9qH9r59RTXyzL4SVxcDTn7vzrGpiZxKoNf6XfSF8oDratPHvLMoa70kb//qiEN5fCNSqumxRCNXGetOqHqnk1zFIq/rnSgjvKgRqVZ1dCWFXAGCBiv+Vbio+uGPXtVs2TE9Pbp/HRNyH3xc2T01Pjm7cOr2p0qBPm5I+1y1jdH15TO1e+ea5fImii+5dN9hOuvY7wbFiW/l+/NKJg/n9+F2oZ2acq3vq7q5Jh/yRD5ebCIVvUo2G3DnPQ+4vVjL7JJbqj/l7w0BYdPWOye2jX9ywc+f2VdnfdrOvzv7Gw0zZtlqVbqv+ufrWxsuj4WpZiaPdVsuKlazceeW2lTt2Xbti6soNl09ePnnVqrNXj505tmbs42eurI5qLPvbYqjL5qo6Gepbd7Y5ruM41NO7C5WciE8NCQmJhZbYOrCs6f/Jpfn/tubz//ipEz/58/UZGh3/H46H+bPHZw/zr4+Bfe0e/x9udDS/dmLASBLYHQO7HeYHAADgnSFO8uPezLhX+qfLv/Nys3Kl+f/u9n7/f5zW/68tXX9+o2X+l8cSY43W/0+X+a+t/7+70fr/6TL/tfX/970N6/9fXQskm+QX1v8HAADeCU7c+v8tl/dPLxBQytByef/0AgGlDC2X8W/3AgFHvP7/8//5V/8dmijN/29tb/5v4X4AAAA4eXz5z675nWbx0vx/X3vz/xO//l9odP7/SKPARKOFAa3/BwAAwALVaP2/4Rv7L21WrjT/P9De/D+edtFZlzvW+uZQtqZdSNe0e22o9pMBAAAAWBg6w+hoT5t561ZGXXv0bT6TLwXaLF304p8cPrLz/w+2N/+v+13GLU8svbtr+QWPv3nfiqUv7//Y3ldmj/8DAAAA86fd/RIAAAAAAAAAAAAAAMDb78X/2LOmWbz0+/+wbubxRr//j9f9i78veHdd7lhr6/X/8vsXfvqeXTNLFj42FMKHi4Ete7acEvJr8y8rBh6+ZPl7qok9aYkHXzj3pWri0jTwqRWnvlFNnJME1sdFEt+bBuJVFd9YnATi8or/ngbi9jiQBnrzwFcXZ+PoSLfVTwezbdWRbqtnB0NYUgjUttX9g1kbHekAb0sCtQF+IQ3EAf55HuhMe3XPQNarGBiMRe8YyHoFAMBJK34L7Ambp6Ynx+JX+Hh7enf9bVS3ZNn15Wo72mz+uXxpsovuXTfYTror/S46e63xnlCpDmFV6etqMUvHzCiPTy0tNt27Gwy51WpvnQ3KpY500/U2HlFfNqLRjVunN/W0HPia1llWd7fMsqo02Slm6ZzZpG3U0kZf2hhRm9umjS7H+51hdLQryfUHMTgc6rR6RbT7e/3iOn+NXgXFPFcd3vurZvWV5v/D7c3/K8VxvZFfDGB3vLLe3y2xzD8AAADMr6+u/fU34r/P3vjo083ylub/I+3N/+MerPxQcLa342C8/v/eJSHMXFp/OAvcFZu7bEkIH5xJTcQS2QX1z48lxrLAXXGHyfJYYv1EfVWLYuBAEvjJUB44mAQOxUC+l2J/yHfl/P1QCGfNpNbVl9gWSwwngc/EwEgSGI2BsSSwOAbGk8Cri/PARBL4txgIU/Xb6t7F+bYCAAA4Evk8q6f+bkjneQe6W2XoaJWhv1WGzlYZKq0yNBpFvP/tmKEnOXmlo5CpJ621L6mllCFeDP+I+1XKEH5YnzMtWGo6nn9QO9+goz7DA5/oroQmSvP/sfbm//31t1nrh+L8f/b6f1ngB7F7X4unjo/EwI8/WR/IdwwcipPdm2pVTeQl8kn7TbHEeAyMJIFtMTCeBNavywP73lMfyGfatcb31hqfyksUAgAAAHDCxR0EcTdNnP/fseMrA83Kleb/4+3N/2N7A8XGboi1Hl4cwv0ds72pBVYMZoG4H2Mw/jz+fYMhnFLYwVErMdmflehNGg7f78t+od6bVvW9vuzHB/H+hU898vDN1cRtfSEsLex9qbXxfCVroy8NnNGbBfrTwNbuLBD3/NQC3+3MAnDMansF4wsqP9WlZnjucg1ef++Ua4KmwyvtA50j31y/uZovpR2u+T7VmiN72pruv+W4Kb09Dnq3LcR327B3W/GLVP4N5a3ZUCV0bprcvOHq6Z3xkeIvWUvm6Xku/kq1nfRxeB3uPvretlZJOzCWfHyMzV1u7tdhR6zulieW3t21/ILH71ux9OX9H9v7StvdaCD+UPiR6/518EeFzTvfKiF/zS24z5MJnycL8b+BEU9bCGHdq1+/qVm8NP+faG/+353czvh13Jg7loTwkcLGfSxu/j9ekn0OFgLZp+S7yoHskPt/DTX85AQAAIDjrba7o7a/YCq/zU4IT+fJ5fwTR5g/7q8YnzN/u/3u/+tLljaLl+b/65vP/xcl3XT83/F/5onj/3M62XdFL0of2H1Mu6JL1TEvHP+f08n+bnP8f06O/zv+PxfH/1tw/H9OJ/vTVvqWtM2XrhDCy3/00LPN4qX5/7b25v/W/5t70b7a+n/rG63/t63R+n+7rf8HAADMqwYLzaXzvNLqfaUM6ep9pQwtFwhsucSg9f+OeP2/l05//jehidL8f3d78//4chgotr5Q1v8bWdegqltjYJuFAQEAADgZNdpBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNvrgX/4n03N4o/+9rxnX7h4/Io9ay9+9brzTn0yhKmZxzuycEf/jbeP//zuc+/Z88DqO+47fP5HK3m5nvz2d+tyx1rfHAphX+GRwZh4bah6ZzZw4afv2dVdTTw2FMKHi4Ete7acUk18ayiEZcXAw5csf081sSct8eAL575UTVyaBj614tQ3qolz8kBH2t1/XJx1tyPt7s2LQ1hSCNS6e8Xi+qpqbfxpHuhM2/inwayNGBiMRb8xmLURA9OxxNSiEFZ2h9CVVvVoJauqK63qXypZVV1pVV+uhHBOCKE7reqF3qyq7nTkT/ZmVcXAaR/a//oZ1cS+3hBWFgNPf+7Os6qJLySBWuN/0RvCB6ovmbTxb/dkjfekjd/WE8L7Qwi9aYlfdmcletMSL3aH8K5CoNb457tD2BV4R4gfPnWfaDt2Xbtlw/T05PZ5TPTmbfWFzVPTk6Mbt05vqiR9aqSjkH7r+qMf+3Ovf2lj9faie9cNtpPuzsv1zHR5dU/d3TUne+9jv/qLlcw+H6X6Y/7eMBAWXb1jcvvoFzfs3Ll9Vfa33eyrs79deTTbVqsWyrZaVqxk5c4rt63csevaFVNXbrh88vLJq1advXrszLE1Yx8/c2V1VGPZ3+Mx1DtP/FBP7y5UciI+ACQkJBZaorPu023sZP8gL33Rn+1oT6jMfECXphXFLB0zozweg157lCM+mu8pLUe0qjRxKGVZ3TrLmtJkYjZLX5Zl5ntdaXJYrKlzZpPG+51hdLSr0XYYrr9b3Lw/O4bN+0y+6dpNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//wNUIwc=")
r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r1, r0, 0x0, 0x80000000)
mknod$loop(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
renameat2(r2, &(0x7f0000000140)='./file1\x00', r2, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

2.903651931s ago: executing program 5:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="1c0000001a00110214f9f407000904001f0000000001000000020000", 0x1c)

2.817867735s ago: executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x7, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}, 0xd8)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x3}, 0x8)
sendto$inet(r0, 0x0, 0xffffffffffffff7c, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r0, &(0x7f0000000080)='\x00', 0x1, 0xc840, 0x0, 0x0)
close(r0)

2.494338651s ago: executing program 2:
pipe2(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x1, 0x0)
vmsplice(r0, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.432374935s ago: executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
write$binfmt_elf32(r0, &(0x7f0000000240)=ANY=[], 0xfffffdb6)
r1 = gettid()
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
readv(r2, 0x0, 0x0)
close(r2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
rt_sigreturn()
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
futex(&(0x7f00000000c0)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
rt_sigreturn()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
fallocate(r3, 0x0, 0x0, 0x8020003)
fchownat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x0)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
r5 = dup(r4)
write$FUSE_ENTRY(r5, 0x0, 0x0)

2.204109048s ago: executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46)
poll(0x0, 0x0, 0x64)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r3 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil)
shmat(r3, &(0x7f0000ffb000/0x2000)=nil, 0x5000)
msgget$private(0x0, 0x0)

2.201419648s ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r0}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, 0x0}, 0x0)

1.994956361s ago: executing program 2:
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)}, 0x0)
r0 = syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x1, 0x0, &(0x7f0000000180)="69005d2137a47ce245573265e461df394b7a3ea70d2554ebb2599e6d955f18036044c198b0694dc6905ad7acbc4ac835cecff446430d55fcd81bb4e1f8e544e08c65e3e0ca1417597d68c7e069099e47bb528e8a82642cd92e63f07f4a4a49c6af2f35f498abb1a2f5b8e1c187105a7c0c21a14624a0da8b1b7e0a49c24e16f56b02a025a2984c10cd48297c4080c6cc7683051deaec6642b32859e305de75b3602239acc91b8865b8e9709708fd8fa34563be5b132e5c63d3")
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000000)={[{@huge_within_size}]})
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1e, 0x10, &(0x7f0000000340)=@raw=[@generic={0x81, 0xd, 0x6, 0x25d, 0xfffffffd}, @map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, 0x2b, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x3, 0xb, 0xffffff2b, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x5, &(0x7f0000000740)=[r1, r1, r1, r1, r2, r1, 0xffffffffffffffff], &(0x7f0000000780)=[{0x4, 0x4, 0xf, 0x6}, {0x3, 0x4, 0xf, 0x9}, {0x5, 0x1, 0xb, 0x8}, {0x0, 0x2, 0x4, 0x3}, {0x0, 0x1, 0xa, 0xb}], 0x10, 0x7a}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000000)={0x6, @multicast1, 0x0, 0x3, 'dh\x00'}, 0x2c)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setstatus(r1, 0x4, 0x0)
r6 = dup(r1)
pwritev2(r6, &(0x7f0000000300)=[{&(0x7f0000000680)="bb", 0x1}], 0x1, 0x1000000, 0x0, 0x0)
sendfile(r6, r1, 0x0, 0x87fffa0)

1.985669118s ago: executing program 1:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='ext4_sync_file_exit\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_pid(r4, &(0x7f0000000980), 0x12)

1.733690361s ago: executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r2}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r4}, 0x10)
ioctl$TUNSETOFFLOAD(r0, 0x40086607, 0x20001412)

812.969444ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000ffdd18110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})

711.598534ms ago: executing program 2:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8991, 0x0)

581.470037ms ago: executing program 4:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r1}, 0x10)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)

511.696304ms ago: executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
mkdir(0x0, 0x0)

424.007202ms ago: executing program 1:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
readv(0xffffffffffffffff, &(0x7f00000033c0), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000f, 0x4008032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007ef000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f000084b000/0x4000)=nil)

300.714259ms ago: executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r1=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="10", 0x1, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r3 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000080)="ee", 0x27, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r2, r2, r3}, 0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={'sha512-ssse3\x00'}})

286.651331ms ago: executing program 2:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='block_bio_remap\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='block_bio_remap\x00', r3}, 0x10)
write$cgroup_type(r0, &(0x7f0000000000), 0x9)

224.550554ms ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0xd)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x16, 0x0, 0xb161, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2, <r3=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r3, 0x0, &(0x7f0000001780)=""/4096}, 0x20)

120.182684ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))

113.679291ms ago: executing program 4:
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0400380c"], 0x8)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x0)

42.005374ms ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

0s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_kthread_work_queue_work\x00', r1}, 0x10)
socketpair(0x11, 0xa, 0x0, &(0x7f0000001080))

kernel console output (not intermixed with test programs):

oop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  205.641025][ T6363] 9pnet_fd: Insufficient options for proto=fd
[  207.532731][ T5118] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.398841][   T12] team0 (unregistering): Port device team_slave_1 removed
[  208.569744][   T12] team0 (unregistering): Port device team_slave_0 removed
[  208.654825][ T6389] IPVS: Scheduler module ip_vs_sip not found
[  208.684429][ T6373] loop1: detected capacity change from 0 to 40427
[  208.732231][ T6373] F2FS-fs (loop1): Found nat_bits in checkpoint
[  208.827597][ T6397] 9pnet_fd: Insufficient options for proto=fd
[  208.864877][ T6373] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  208.956528][ T6372] UBIFS error (pid: 6372): cannot open "./file0", error -22
[  208.998154][ T5121] F2FS-fs (loop1): access invalid blkaddr:2048
[  209.014093][ T5121] CPU: 0 PID: 5121 Comm: syz-executor.1 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0
[  209.024536][ T5121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  209.034606][ T5121] Call Trace:
[  209.037883][ T5121]  <TASK>
[  209.040809][ T5121]  dump_stack_lvl+0x241/0x360
[  209.045512][ T5121]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.050712][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.056353][ T5121]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  209.062269][ T5121]  ? __lock_acquire+0x1346/0x1fd0
[  209.067303][ T5121]  __f2fs_is_valid_blkaddr+0xe16/0x1460
[  209.072875][ T5121]  f2fs_map_blocks+0xf29/0x4970
[  209.077814][ T5121]  ? xas_load+0x59b/0x5c0
[  209.082157][ T5121]  ? __pfx_f2fs_map_blocks+0x10/0x10
[  209.087453][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.093113][ T5121]  ? xa_load+0x2dd/0x350
[  209.097369][ T5121]  ? __pfx_xa_load+0x10/0x10
[  209.101981][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.107619][ T5121]  ? folio_index+0xab/0x350
[  209.112134][ T5121]  f2fs_mpage_readpages+0xcff/0x21b0
[  209.117444][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.123104][ T5121]  ? __pfx_f2fs_mpage_readpages+0x10/0x10
[  209.128859][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.134519][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.140190][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.145848][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.151485][ T5121]  ? f2fs_readahead+0x184/0x340
[  209.156345][ T5121]  read_pages+0x180/0x840
[  209.160693][ T5121]  ? __pfx_lru_add_fn+0x10/0x10
[  209.165552][ T5121]  ? __pfx_read_pages+0x10/0x10
[  209.170410][ T5121]  ? filemap_add_folio+0x26d/0x650
[  209.175543][ T5121]  ? __pfx_filemap_add_folio+0x10/0x10
[  209.181031][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.186677][ T5121]  ? page_cache_ra_order+0x2e0/0xcb0
[  209.191993][ T5121]  page_cache_ra_unbounded+0x6ce/0x7f0
[  209.197478][ T5121]  f2fs_readdir+0x5bc/0xbf0
[  209.201991][ T5121]  ? __pfx___might_resched+0x10/0x10
[  209.207304][ T5121]  ? __pfx_f2fs_readdir+0x10/0x10
[  209.212335][ T5121]  ? trace_contention_end+0x3c/0x120
[  209.217637][ T5121]  ? iterate_dir+0x55b/0x820
[  209.222249][ T5121]  ? __fdget_pos+0x24e/0x310
[  209.226874][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.232554][ T5121]  ? common_file_perm+0x1a6/0x210
[  209.237618][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.243283][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.248943][ T5121]  iterate_dir+0x660/0x820
[  209.253379][ T5121]  __se_sys_getdents64+0x20d/0x4f0
[  209.258503][ T5121]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  209.264494][ T5121]  ? __pfx___se_sys_getdents64+0x10/0x10
[  209.270165][ T5121]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  209.276154][ T5121]  ? __pfx_filldir64+0x10/0x10
[  209.280955][ T5121]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  209.287329][ T5121]  ? exc_page_fault+0x590/0x8c0
[  209.292185][ T5121]  ? srso_alias_return_thunk+0x5/0xfbef5
[  209.297854][ T5121]  ? do_syscall_64+0xb6/0x230
[  209.302536][ T5121]  do_syscall_64+0xf3/0x230
[  209.307046][ T5121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.312949][ T5121] RIP: 0033:0x7f29f86a83a3
[  209.317388][ T5121] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 8b fa ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8
[  209.337017][ T5121] RSP: 002b:00007ffc83936428 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  209.345442][ T5121] RAX: ffffffffffffffda RBX: 00005555949cf970 RCX: 00007f29f86a83a3
[  209.353415][ T5121] RDX: 0000000000008000 RSI: 00005555949cf970 RDI: 0000000000000005
[  209.361386][ T5121] RBP: 00005555949cf944 R08: 0000000000000000 R09: 0000000000000000
[  209.369352][ T5121] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb0
[  209.377330][ T5121] R13: 0000000000000010 R14: 00005555949cf940 R15: 0000000000000011
[  209.385338][ T5121]  </TASK>
[  209.411669][ T5121] syz-executor.1: attempt to access beyond end of device
[  209.411669][ T5121] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  209.427622][ T5121] syz-executor.1: attempt to access beyond end of device
[  209.427622][ T5121] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  209.467699][ T5121] syz-executor.1: attempt to access beyond end of device
[  209.467699][ T5121] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  209.517325][ T5121] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  209.713134][ T6038] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  209.779475][ T6379] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  209.820681][ T6379] team0: Device veth1_macvtap failed to register rx_handler
[  209.871914][ T6387] macsec0: entered promiscuous mode
[  209.885829][ T6403] loop5: detected capacity change from 0 to 128
[  209.917168][   T29] audit: type=1800 audit(1718521855.386:21): pid=6403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="loop5" ino=1048604 res=0 errno=0
[  209.938904][ T6391] macsec0: left promiscuous mode
[  209.944709][ T6391] macsec0: entered allmulticast mode
[  209.950012][ T6391] veth1_macvtap: entered allmulticast mode
[  209.971580][ T6038] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  210.024586][ T6038] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  210.055751][ T6207] batman_adv: batadv0: Adding interface: batadv_slave_0
[  210.079628][ T6207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.121097][ T6207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.143610][ T6207] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.150689][ T6207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.191039][ T6207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.334706][ T6414] loop0: detected capacity change from 0 to 2048
[  210.779244][ T6207] hsr_slave_0: entered promiscuous mode
[  210.829418][ T6207] hsr_slave_1: entered promiscuous mode
[  210.881968][ T6207] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  210.920495][ T6207] Cannot create hsr debugfs directory
[  210.957275][ T6419] loop2: detected capacity change from 0 to 1024
[  210.985772][ T6419] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  211.015290][ T6419] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869)
[  211.043087][ T6419] EXT4-fs (loop2): invalid journal inode
[  211.048823][ T6419] EXT4-fs (loop2): can't get journal size
[  211.107307][ T6419] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  211.907972][ T6434] 9pnet_fd: Insufficient options for proto=fd
[  212.332604][ T5123] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  212.342594][ T5123] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  212.350491][ T5123] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  212.359693][ T5123] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  212.368787][ T5123] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  212.376273][ T5123] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  212.440773][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.636157][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.694322][ T5127] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.961288][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.299654][ T6038] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.423753][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.805198][ T6038] 8021q: adding VLAN 0 to HW filter on device team0
[  213.821502][ T6456] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[  214.180804][ T5174] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.188043][ T5174] bridge0: port 1(bridge_slave_0) entered forwarding state
[  214.401484][ T5123] Bluetooth: hci2: command tx timeout
[  214.414101][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.421315][ T5846] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.439242][   T12] bridge_slave_1: left allmulticast mode
[  214.446974][   T12] bridge_slave_1: left promiscuous mode
[  214.452814][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.467537][ T6465] loop5: detected capacity change from 0 to 128
[  214.490599][   T12] bridge_slave_0: left allmulticast mode
[  214.501341][   T12] bridge_slave_0: left promiscuous mode
[  214.507117][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.519941][   T29] audit: type=1800 audit(1718521859.976:22): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="loop5" ino=1048605 res=0 errno=0
[  214.541978][ T6467] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  214.604824][ T6467] loop0: detected capacity change from 0 to 4096
[  214.626322][ T6467] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512).
[  214.649794][ T6467] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  214.719525][ T6467] ntfs3: loop0: Failed to initialize $Extend/$ObjId.
[  215.419784][ T6472] loop0: detected capacity change from 0 to 32768
[  215.429346][ T6472] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (6472)
[  215.456906][ T6472] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  215.467348][ T6472] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  215.476231][ T6472] BTRFS info (device loop0): using free-space-tree
[  215.511606][ T6476] loop5: detected capacity change from 0 to 2048
[  216.642162][ T5123] Bluetooth: hci2: command tx timeout
[  216.753089][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  216.894251][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  216.940315][ T5118] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  216.970164][   T12] bond0 (unregistering): Released all slaves
[  217.105539][ T6439] chnl_net:caif_netlink_parms(): no params data found
[  217.755625][ T6207] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  218.325200][ T6207] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  218.390496][ T6207] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  218.627551][ T6207] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  218.721741][ T5123] Bluetooth: hci2: command tx timeout
[  218.761777][ T6508] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  218.912430][ T6528] loop2: detected capacity change from 0 to 64
[  218.924517][ T6528] minix: Unknown parameter '
[  218.924517][ T6528] '
[  218.959916][ T6530] loop5: detected capacity change from 0 to 256
[  218.977240][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies.
[  219.000150][ T6530] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  219.089507][   T12] hsr_slave_0: left promiscuous mode
[  219.112388][   T12] hsr_slave_1: left promiscuous mode
[  219.335074][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.344156][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  219.359628][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  219.369011][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  219.386350][ T6535] netlink: 133788 bytes leftover after parsing attributes in process `syz-executor.0'.
[  219.436117][   T12] veth1_macvtap: left promiscuous mode
[  219.477959][   T12] veth0_macvtap: left promiscuous mode
[  219.486819][   T12] veth1_vlan: left promiscuous mode
[  219.501332][   T12] veth0_vlan: left promiscuous mode
[  219.881475][ T6544] loop0: detected capacity change from 0 to 32768
[  220.159662][ T6544] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (6544)
[  220.717800][ T6544] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  220.728208][ T6544] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  220.736985][ T6544] BTRFS info (device loop0): using free-space-tree
[  220.812435][ T5123] Bluetooth: hci2: command tx timeout
[  222.071779][ T5118] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  222.277057][   T12] team0 (unregistering): Port device team_slave_1 removed
[  222.347722][   T12] team0 (unregistering): Port device team_slave_0 removed
[  223.548046][ T6439] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.556789][ T6439] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.592221][ T6439] bridge_slave_0: entered allmulticast mode
[  223.599966][ T6439] bridge_slave_0: entered promiscuous mode
[  223.620590][ T6439] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.646259][ T6439] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.666934][ T6439] bridge_slave_1: entered allmulticast mode
[  223.676778][ T6439] bridge_slave_1: entered promiscuous mode
[  223.963287][ T6439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.038665][ T6439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.283089][ T6439] team0: Port device team_slave_0 added
[  224.340208][   T29] audit: type=1326 audit(1718521869.806:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6585 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b08a7cea9 code=0x0
[  224.366729][ T6439] team0: Port device team_slave_1 added
[  224.432035][ T6038] 8021q: adding VLAN 0 to HW filter on device batadv0
[  224.483567][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_0
[  224.490563][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  224.551266][ T6439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  224.632883][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_1
[  224.639870][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  224.711072][ T6439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  224.881789][ T6608] loop0: detected capacity change from 0 to 64
[  224.914828][ T6592] loop5: detected capacity change from 0 to 32768
[  224.939573][ T6439] hsr_slave_0: entered promiscuous mode
[  224.954396][ T6439] hsr_slave_1: entered promiscuous mode
[  224.968512][ T6439] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  224.977443][ T6592] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  224.986701][ T6439] Cannot create hsr debugfs directory
[  225.068097][ T6207] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.147970][ T6592] XFS (loop5): Starting recovery (logdev: internal)
[  225.210392][ T6038] veth0_vlan: entered promiscuous mode
[  225.242854][ T6592] XFS (loop5): Ending recovery (logdev: internal)
[  225.300062][ T6621] loop0: detected capacity change from 0 to 256
[  225.309896][ T6207] 8021q: adding VLAN 0 to HW filter on device team0
[  225.362223][ T5175] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.369479][ T5175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.410657][ T6621] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  225.533323][ T5175] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.540577][ T5175] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.637747][ T6038] veth1_vlan: entered promiscuous mode
[  225.887729][ T6626] input: syz0 as /devices/virtual/input/input6
[  226.024969][ T6038] veth0_macvtap: entered promiscuous mode
[  226.029609][ T6627] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  226.050169][ T6038] veth1_macvtap: entered promiscuous mode
[  226.138012][ T6627] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'.
[  226.694400][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  226.716735][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  226.747255][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.308302][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.361121][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.401639][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.453798][ T6038] batman_adv: batadv0: Interface activated: batadv_slave_0
[  227.594144][ T5113] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  227.613934][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.657312][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.680649][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.721975][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.765441][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.802280][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.815106][ T6038] batman_adv: batadv0: Interface activated: batadv_slave_1
[  227.856223][ T6038] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  227.872740][ T6038] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  227.887281][ T6038] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  227.905753][ T6038] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.992063][ T6207] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.536392][ T6439] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  228.591215][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.597889][ T6439] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  228.626361][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.671298][ T6439] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  228.753870][ T6439] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  229.184690][ T6439] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.354836][ T6659] loop0: detected capacity change from 0 to 128
[  229.387283][ T6439] 8021q: adding VLAN 0 to HW filter on device team0
[  229.437958][   T29] audit: type=1800 audit(1718521874.906:24): pid=6659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1048606 res=0 errno=0
[  229.534061][ T5177] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.541433][ T5177] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.623548][ T6651] loop5: detected capacity change from 0 to 32768
[  229.714620][ T5177] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.721826][ T5177] bridge0: port 2(bridge_slave_1) entered forwarding state
[  229.806379][ T6207] veth0_vlan: entered promiscuous mode
[  229.960830][ T6651] bcachefs (loop5): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names
[  229.976952][ T6651] bcachefs (loop5): recovering from clean shutdown, journal seq 7
[  230.048962][ T6651] bcachefs (loop5): alloc_read... done
[  230.061428][ T6651] bcachefs (loop5): stripes_read... done
[  230.066055][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.067198][ T6651] bcachefs (loop5): snapshots_read... done
[  230.116541][ T6651] bcachefs (loop5): journal_replay... done
[  230.129970][ T6651] bcachefs (loop5): resume_logged_ops... done
[  230.147182][ T6651] bcachefs (loop5): going read-write
[  230.156195][ T6671] loop0: detected capacity change from 0 to 1024
[  230.164105][ T6207] veth1_vlan: entered promiscuous mode
[  230.203421][ T6651] bcachefs (loop5): done starting filesystem
[  230.339239][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.527483][ T6207] veth0_macvtap: entered promiscuous mode
[  230.617201][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.727325][ T1072] hfsplus: b-tree write err: -5, ino 4
[  230.736120][ T5113] bcachefs (loop5): shutting down
[  230.761360][ T5113] bcachefs (loop5): going read-only
[  230.767097][ T5113] bcachefs (loop5): finished waiting for writes to stop
[  230.787048][ T5113] bcachefs (loop5): flushing journal and stopping allocators, journal seq 9
[  230.814920][ T5113] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 9
[  230.834382][ T5113] bcachefs (loop5): shutdown complete, journal seq 10
[  230.842929][ T5113] bcachefs (loop5): marking filesystem clean
[  230.864893][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.943232][ T5124] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  230.955840][ T5124] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  230.965463][ T5124] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  230.973332][ T6207] veth1_macvtap: entered promiscuous mode
[  230.980245][ T6678] loop0: detected capacity change from 0 to 128
[  230.985945][ T5124] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  231.000217][ T5124] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  231.008166][ T5124] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  231.066143][ T6682] loop2: detected capacity change from 0 to 128
[  231.072612][ T6678] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  231.122858][ T5113] bcachefs (loop5): shutdown complete
[  231.150065][ T6678] qnx6: wrong signature (magic) in superblock #1.
[  231.181173][ T6678] qnx6: unable to read the first superblock
[  231.277409][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.317621][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.351247][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.369086][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.379103][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.398363][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.410791][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.429895][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.458492][ T6207] batman_adv: batadv0: Interface activated: batadv_slave_0
[  231.547959][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.590182][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.621213][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.648217][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.671019][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.712782][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.733917][ T6207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.744673][ T6207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.773105][ T6207] batman_adv: batadv0: Interface activated: batadv_slave_1
[  231.860597][   T12] bridge_slave_1: left allmulticast mode
[  231.868067][   T12] bridge_slave_1: left promiscuous mode
[  231.879932][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.897449][   T12] bridge_slave_0: left allmulticast mode
[  231.908933][   T12] bridge_slave_0: left promiscuous mode
[  231.925457][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.369265][   T29] audit: type=1800 audit(1718521877.836:25): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=1048608 res=0 errno=0
[  232.470027][   T29] audit: type=1326 audit(1718521877.936:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6693 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f651e67cea9 code=0x0
[  232.576900][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  232.607496][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  232.639098][   T12] bond0 (unregistering): Released all slaves
[  232.666224][ T6207] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.686647][ T6207] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.699452][ T6699] loop0: detected capacity change from 0 to 4096
[  232.711132][ T6207] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.713717][ T6699] nilfs2: Unknown parameter 'm	�E��'
[  232.725846][ T6207] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  232.870381][ T6699] loop0: detected capacity change from 0 to 512
[  232.884710][ T6699] ext4: Unknown parameter 'fscontext'
[  233.121251][ T5124] Bluetooth: hci3: command tx timeout
[  234.150606][ T6439] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.263847][   T29] audit: type=1804 audit(1718521879.726:27): pid=6720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1005331324/syzkaller.9AdWhC/76/file0" dev="sda1" ino=1957 res=1 errno=0
[  234.307075][   T12] hsr_slave_0: left promiscuous mode
[  234.331941][   T12] hsr_slave_1: left promiscuous mode
[  234.338288][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  234.351149][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  234.363457][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  234.382503][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  234.429993][   T12] veth1_macvtap: left promiscuous mode
[  234.441446][   T12] veth0_macvtap: left promiscuous mode
[  234.452765][   T12] veth1_vlan: left promiscuous mode
[  234.464609][   T12] veth0_vlan: left promiscuous mode
[  234.742649][ T6712] loop2: detected capacity change from 0 to 32768
[  234.757510][ T6712] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section disk_groups: label 1 empty
[  234.757510][ T6712] disk_groups (size 152):
[  234.757510][ T6712] [parent 0 name �] [parent 0 name ] [deleted]
[  234.891412][ T6718] loop5: detected capacity change from 0 to 32768
[  234.957376][ T6718] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  235.148947][ T6718] XFS (loop5): Starting recovery (logdev: internal)
[  235.170602][ T6731] loop0: detected capacity change from 0 to 128
[  235.202993][ T5124] Bluetooth: hci3: command tx timeout
[  235.216813][   T29] audit: type=1800 audit(1718521880.686:28): pid=6731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1048610 res=0 errno=0
[  235.244827][ T6718] XFS (loop5): Ending recovery (logdev: internal)
[  236.396236][   T12] team0 (unregistering): Port device team_slave_1 removed
[  236.463824][   T12] team0 (unregistering): Port device team_slave_0 removed
[  237.291245][ T5124] Bluetooth: hci3: command tx timeout
[  237.560703][ T1059] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.605079][ T1059] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.670628][ T6756] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  237.719122][ T6679] chnl_net:caif_netlink_parms(): no params data found
[  237.775297][ T1059] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.811315][ T1059] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.126356][ T5113] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  238.138476][ T6439] veth0_vlan: entered promiscuous mode
[  238.547902][ T6439] veth1_vlan: entered promiscuous mode
[  238.587449][ T6679] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.602740][ T6679] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.622922][ T6679] bridge_slave_0: entered allmulticast mode
[  238.647667][ T6679] bridge_slave_0: entered promiscuous mode
[  238.692383][ T6679] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.730571][ T6679] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.777571][ T6679] bridge_slave_1: entered allmulticast mode
[  238.821084][ T6679] bridge_slave_1: entered promiscuous mode
[  238.971574][ T6775] xt_TCPMSS: Only works on TCP SYN packets
[  239.268548][   T29] audit: type=1326 audit(1718521884.686:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feadd87cea9 code=0x0
[  239.290810][    C1] vkms_vblank_simulate: vblank timer overrun
[  239.462631][ T5124] Bluetooth: hci3: command tx timeout
[  239.489259][ T6679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  239.588535][ T6679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  240.230372][ T6679] team0: Port device team_slave_0 added
[  240.298109][ T6679] team0: Port device team_slave_1 added
[  240.400054][ T6786] loop2: detected capacity change from 0 to 4096
[  240.437948][ T6770] loop4: detected capacity change from 0 to 32768
[  240.459045][ T6786] nilfs2: Unknown parameter 'm	�E��'
[  240.472157][ T6770] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (6770)
[  240.514715][ T6439] veth0_macvtap: entered promiscuous mode
[  240.537017][ T6770] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  240.560510][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_0
[  240.577097][ T6786] loop2: detected capacity change from 0 to 512
[  240.583833][ T6770] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm
[  240.592994][ T6786] ext4: Unknown parameter 'fscontext'
[  240.598479][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.625842][ T6770] BTRFS info (device loop4): using free-space-tree
[  240.655550][ T6679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  240.705753][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_1
[  240.768138][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.895778][ T6679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  240.909670][ T6439] veth1_macvtap: entered promiscuous mode
[  241.729479][ T6679] hsr_slave_0: entered promiscuous mode
[  241.737848][ T6679] hsr_slave_1: entered promiscuous mode
[  241.766265][ T6679] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  241.810081][ T6679] Cannot create hsr debugfs directory
[  241.816518][ T6770] loop4: detected capacity change from 32768 to 11
[  241.874579][ T6812] syz-executor.4: attempt to access beyond end of device
[  241.874579][ T6812] loop4: rw=6145, sector=10464, nr_sectors = 8 limit=11
[  241.881414][   T29] audit: type=1800 audit(1718521887.346:30): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=265 res=0 errno=0
[  241.911601][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.961367][ T6812] BTRFS error (device loop4): bdev /dev/loop4 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  241.974811][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.997775][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  242.017627][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.049091][ T6812] syz-executor.4: attempt to access beyond end of device
[  242.049091][ T6812] loop4: rw=6145, sector=10456, nr_sectors = 8 limit=11
[  242.050982][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  242.096272][ T6812] BTRFS error (device loop4): bdev /dev/loop4 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
[  242.100000][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.140314][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  242.160907][ T6812] BTRFS error (device loop4 state AL): Transaction aborted (error -5)
[  242.176976][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.197881][ T6812] BTRFS: error (device loop4 state AL) in free_log_tree:3247: errno=-5 IO failure
[  242.210031][ T6812] BTRFS info (device loop4 state EAL): forced readonly
[  242.217840][ T6812] BTRFS: error (device loop4 state EAL) in free_log_tree:3247: errno=-5 IO failure
[  242.231674][ T6812] BTRFS warning (device loop4 state EAL): Skipping commit of aborted transaction.
[  242.241482][ T6812] BTRFS: error (device loop4 state EAL) in cleanup_transaction:1999: errno=-5 IO failure
[  242.302870][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_0
[  242.325937][ T6207] BTRFS info (device loop4 state EAL): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  242.345799][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.357728][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.369191][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.393569][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.404775][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.418356][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.439119][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.468867][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.546911][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_1
[  242.851836][ T6829] loop2: detected capacity change from 0 to 1024
[  243.020273][ T6829] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.079358][ T6439] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  243.116693][ T6439] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  243.137156][ T6439] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  243.146291][ T6829] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.2: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  243.194269][ T6439] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  243.265258][ T5127] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.444403][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  244.480055][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  244.543183][ T6856] loop0: detected capacity change from 0 to 256
[  244.615916][ T6856] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  244.667251][ T6861] loop4: detected capacity change from 0 to 512
[  244.696097][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  244.747425][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  244.771493][ T6831] loop5: detected capacity change from 0 to 32768
[  244.983485][ T6861] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: invalid ea_ino
[  245.077340][ T6861] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117)
[  245.132403][ T6831] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  245.189447][ T6861] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  245.346147][   T29] audit: type=1400 audit(1718521890.766:31): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A077E142D901405 pid=6859 comm="syz-executor.4"
[  245.377437][ T6831] XFS (loop5): Starting recovery (logdev: internal)
[  245.396491][ T6207] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.452270][ T6831] XFS (loop5): Ending recovery (logdev: internal)
[  245.504248][ T6878] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  246.883547][ T6889] loop4: detected capacity change from 0 to 128
[  246.908217][ T6878] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  247.815865][   T29] audit: type=1800 audit(1718521893.266:32): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1048618 res=0 errno=0
[  248.151137][ T5113] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  248.347023][ T6679] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  248.386410][ T6679] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  248.645107][ T6679] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  249.262167][ T6679] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  249.323439][ T6903] geneve2: entered promiscuous mode
[  249.355755][ T6903] geneve2: entered allmulticast mode
[  249.774798][ T6919] loop4: detected capacity change from 0 to 32768
[  249.817477][ T6919] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (6919)
[  249.836737][ T6919] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  249.848032][ T6919] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  249.856865][ T6919] BTRFS info (device loop4): using free-space-tree
[  250.811118][ T5175] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  251.291053][ T6679] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.919974][ T6679] 8021q: adding VLAN 0 to HW filter on device team0
[  252.028442][ T5242] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.035834][ T5242] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.113132][ T5175] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11
[  252.124605][ T5175] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  252.129810][ T6207] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  252.141034][ T5175] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  252.161122][ T5175] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  252.170174][ T5175] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.171113][ T6960] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  252.187820][ T5175] usb 1-1: config 0 descriptor??
[  252.203013][ T6924] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  252.223731][ T6963] loop2: detected capacity change from 0 to 128
[  252.286323][   T29] audit: type=1800 audit(1718521897.756:33): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=1048619 res=0 errno=0
[  252.378825][ T6960] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  252.640682][ T1791] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.647916][ T1791] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.680895][ T5175] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  253.302346][ T5175] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  253.472549][ T5175] usb 1-1: USB disconnect, device number 2
[  254.309703][ T6679] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.559742][ T6679] veth0_vlan: entered promiscuous mode
[  254.623453][ T6679] veth1_vlan: entered promiscuous mode
[  255.016859][ T6679] veth0_macvtap: entered promiscuous mode
[  255.154785][ T6679] veth1_macvtap: entered promiscuous mode
[  255.371866][ T1237] ieee802154 phy0 wpan0: encryption failed: -22
[  255.378293][ T1237] ieee802154 phy1 wpan1: encryption failed: -22
[  255.525599][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.409303][ T7023] loop1: detected capacity change from 0 to 131072
[  256.433615][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.443731][ T7023] F2FS-fs (loop1): QUOTA feature is enabled, so ignore qf_name
[  256.454344][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.473614][ T7023] F2FS-fs (loop1): invalid crc value
[  256.477791][ T7024] loop2: detected capacity change from 0 to 512
[  256.491336][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.512420][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.536082][ T7023] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  256.578104][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.628140][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.644878][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.661119][ T7023] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b
[  256.676391][ T7034] loop4: detected capacity change from 0 to 256
[  256.686212][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.710166][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.742101][   T29] audit: type=1800 audit(1718521902.196:34): pid=7023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=5 res=0 errno=0
[  256.745516][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_0
[  256.861578][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  256.890016][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.920614][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  256.947175][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.967483][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.021878][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.056066][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.080579][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.091200][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.119563][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.167711][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_1
[  257.241322][ T6679] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.250108][ T6679] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  257.261270][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  257.281021][ T6679] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  257.299972][ T6679] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.475585][    T9] usb 1-1: Using ep0 maxpacket: 16
[  257.615777][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.651701][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.760002][ T2469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.787337][ T2469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.940573][ T7095] loop1: detected capacity change from 0 to 128
[  260.062233][   T29] audit: type=1800 audit(1718521905.516:35): pid=7095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=1048627 res=0 errno=0
[  260.090148][ T7078] loop2: detected capacity change from 0 to 131072
[  260.099063][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  260.121109][    T9] usb 1-1: unable to read config index 0 descriptor/start: -71
[  260.128732][ T7078] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name
[  260.141252][    T9] usb 1-1: can't read configurations, error -71
[  260.153072][ T7078] F2FS-fs (loop2): invalid crc value
[  260.188323][ T7078] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  260.277007][ T7078] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[  260.393567][   T29] audit: type=1800 audit(1718521905.816:36): pid=7078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=5 res=0 errno=0
[  261.137917][ T7112] loop3: detected capacity change from 0 to 1024
[  261.358403][ T7119] loop1: detected capacity change from 0 to 256
[  261.464119][ T7082] loop5: detected capacity change from 0 to 32768
[  261.521471][ T7082] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  261.591527][ T1059] hfsplus: b-tree write err: -5, ino 4
[  261.708275][ T7082] XFS (loop5): Starting recovery (logdev: internal)
[  261.853490][ T7082] XFS (loop5): Ending recovery (logdev: internal)
[  261.995689][ T5113] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  263.050501][ T7134] loop0: detected capacity change from 0 to 32768
[  263.154764][ T7134] btrfs: Unknown parameter 'check_int'
[  263.347311][ T7136] loop3: detected capacity change from 0 to 32768
[  263.422489][ T7136] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  263.590242][ T7136] XFS (loop3): Ending clean mount
[  263.897515][ T7162] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[  263.946722][ T7162] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[  266.651881][ T7176] loop2: detected capacity change from 0 to 131072
[  266.710188][ T7176] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name
[  266.855316][ T7176] F2FS-fs (loop2): invalid crc value
[  267.126753][ T7176] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  267.227248][ T7176] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[  267.292423][ T6679] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  267.303596][   T29] audit: type=1800 audit(1718521912.766:37): pid=7176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=5 res=0 errno=0
[  267.324016][    C0] vkms_vblank_simulate: vblank timer overrun
[  268.429237][ T7213] loop5: detected capacity change from 0 to 4096
[  268.437766][ T7213] ntfs3: loop5: Different NTFS sector size (2048) and media sector size (512).
[  268.485747][ T7213] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  268.504830][ T7213] ntfs3: loop5: Failed to initialize $Extend/$ObjId.
[  268.692475][ T7216] loop3: detected capacity change from 0 to 4096
[  268.727451][ T7216] nilfs2: Unknown parameter 'm	�E��'
[  268.816144][ T7219] loop0: detected capacity change from 0 to 64
[  268.885586][ T7216] loop3: detected capacity change from 0 to 512
[  268.938844][ T7216] ext4: Unknown parameter 'fscontext'
[  271.530195][ T7241] loop0: detected capacity change from 0 to 131072
[  271.581559][ T7241] F2FS-fs (loop0): QUOTA feature is enabled, so ignore qf_name
[  271.591228][ T7241] F2FS-fs (loop0): invalid crc value
[  271.608369][ T7241] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  271.731558][ T7241] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b
[  271.867846][   T29] audit: type=1800 audit(1718521917.336:38): pid=7241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=5 res=0 errno=0
[  272.442397][ T7258] sctp: [Deprecated]: syz-executor.3 (pid 7258) Use of int in max_burst socket option.
[  272.442397][ T7258] Use struct sctp_assoc_value instead
[  273.490882][ T7274] loop4: detected capacity change from 0 to 256
[  273.787803][ T7251] loop5: detected capacity change from 0 to 32768
[  273.813023][ T7251] jfs: Unrecognized mount option "" or missing value
[  273.908474][ T7277] Process accounting resumed
[  273.930399][ T7277] loop2: detected capacity change from 0 to 512
[  273.937785][ T7277] EXT4-fs: Ignoring removed mblk_io_submit option
[  273.948759][ T7277] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  273.961965][ T7277] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  274.037705][ T7277] EXT4-fs (loop2): 1 truncate cleaned up
[  274.044982][ T7277] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  274.102886][ T7277] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.368302][ T7283] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  274.722523][   T29] audit: type=1326 audit(1718521920.196:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febcea7cea9 code=0x0
[  275.070195][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  275.362551][ T7251] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  275.891247][   T29] audit: type=1804 audit(1718521921.296:40): pid=7312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1465851372/syzkaller.xXZIWP/101/bus" dev="sda1" ino=1959 res=1 errno=0
[  275.995733][   T29] audit: type=1804 audit(1718521921.296:41): pid=7312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir1465851372/syzkaller.xXZIWP/101/bus" dev="sda1" ino=1959 res=1 errno=0
[  276.426872][ T7321] loop1: detected capacity change from 0 to 64
[  277.126038][ T7324] loop0: detected capacity change from 0 to 512
[  277.143553][ T7324] EXT4-fs: Ignoring removed mblk_io_submit option
[  277.158044][ T7324] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  277.179961][ T7324] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  277.211912][ T7324] EXT4-fs (loop0): orphan cleanup on readonly fs
[  277.338659][ T7324] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0
[  277.339351][ T7327] loop4: detected capacity change from 0 to 2048
[  277.411729][ T7324] EXT4-fs (loop0): Remounting filesystem read-only
[  277.442217][ T7324] Quota error (device loop0): write_blk: dquota write failed
[  277.450104][ T7324] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  277.471195][ T7331] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  277.481386][ T7324] EXT4-fs (loop0): 1 orphan inode deleted
[  277.551914][ T7327] syz-executor.4: attempt to access beyond end of device
[  277.551914][ T7327] loop4: rw=0, sector=343245196361800, nr_sectors = 2 limit=2048
[  277.631658][ T7327] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=1)
[  277.651823][ T7324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  277.734078][ T7331] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  277.783270][ T7331] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4)
[  277.823643][ T7331] Remounting filesystem read-only
[  277.829702][ T2469] NILFS (loop4): discard dirty page: offset=0, ino=2
[  277.848394][ T2469] NILFS (loop4): discard dirty block: blocknr=18, size=1024
[  277.860368][ T2469] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  277.891561][ T2469] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  277.932651][ T7340] loop3: detected capacity change from 0 to 127
[  277.952699][ T2469] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  277.981231][ T2469] NILFS (loop4): discard dirty page: offset=0, ino=3
[  277.987954][ T2469] NILFS (loop4): discard dirty block: blocknr=42, size=1024
[  278.035158][ T2469] NILFS (loop4): discard dirty block: blocknr=43, size=1024
[  278.063234][ T2469] NILFS (loop4): discard dirty block: blocknr=44, size=1024
[  278.087629][   T29] audit: type=1326 audit(1718521923.546:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7339 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febcea7cea9 code=0x0
[  278.129718][ T2469] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  278.192197][ T2469] NILFS (loop4): discard dirty page: offset=229376, ino=3
[  278.199380][ T2469] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  278.314153][ T2469] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  278.401186][ T2469] NILFS (loop4): discard dirty block: blocknr=50, size=1024
[  278.646795][ T2469] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  279.045977][ T7335] NILFS (loop4): mounting fs with errors
[  279.076958][ T7347] loop1: detected capacity change from 0 to 2048
[  279.136577][ T7327] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=2)
[  279.151810][ T5123] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  279.161717][ T5123] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  279.163361][ T7327] Remounting filesystem read-only
[  279.176058][ T5123] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  279.196802][ T5113] syz-executor.5 (5113) used greatest stack depth: 18384 bytes left
[  279.197504][ T5123] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  279.213610][ T5123] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  279.221173][ T5123] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  279.344781][ T7347] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  279.381644][ T7347] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.419591][ T6207] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer
[  279.472771][ T6207] NILFS (loop4): discard dirty page: offset=0, ino=6
[  279.499923][ T6207] NILFS (loop4): discard dirty block: blocknr=35, size=1024
[  279.518708][ T6207] NILFS (loop4): discard dirty block: blocknr=171622598180900, size=1024
[  279.544592][ T6207] NILFS (loop4): discard dirty block: blocknr=37, size=1024
[  279.577245][ T6207] NILFS (loop4): discard dirty block: blocknr=38, size=1024
[  279.608143][ T1072] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.617427][ T6207] NILFS (loop4): discard dirty page: offset=0, ino=5
[  279.662233][ T6207] NILFS (loop4): discard dirty block: blocknr=41, size=1024
[  279.695086][ T6207] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  279.744439][ T6207] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  279.800736][ T6207] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  279.828006][ T6207] NILFS (loop4): discard dirty page: offset=0, ino=4
[  279.841183][ T6207] NILFS (loop4): discard dirty block: blocknr=40, size=1024
[  279.871374][ T6207] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  279.894838][ T6207] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  279.926790][ T6207] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024
[  279.949726][ T1072] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.284247][ T5123] Bluetooth: hci0: command tx timeout
[  281.300358][ T1072] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.319656][ T7372] loop2: detected capacity change from 0 to 512
[  281.331683][ T5118] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.373809][ T7372] EXT4-fs (loop2): can't mount with commit=3, fs mounted w/o journal
[  281.471999][ T5242] kernel write not supported for file /sysvipc/shm (pid: 5242 comm: kworker/1:7)
[  281.527593][ T7372] loop2: detected capacity change from 0 to 512
[  281.749596][ T1072] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.126639][ T7399] loop4: detected capacity change from 0 to 2048
[  283.167554][ T7394] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  283.183319][ T7397] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  283.556407][ T5123] Bluetooth: hci0: command tx timeout
[  283.715015][ T7406] loop3: detected capacity change from 0 to 64
[  284.522037][ T7394] loop4: detected capacity change from 0 to 64
[  284.572459][ T1072] bridge_slave_1: left allmulticast mode
[  284.581055][ T1072] bridge_slave_1: left promiscuous mode
[  284.590085][ T1072] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.641978][ T1072] bridge_slave_0: left allmulticast mode
[  284.647687][ T1072] bridge_slave_0: left promiscuous mode
[  284.662630][ T1072] bridge0: port 1(bridge_slave_0) entered disabled state
[  285.138039][   T29] audit: type=1326 audit(1718521930.526:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7412 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b08a7cea9 code=0x0
[  285.609596][ T5123] Bluetooth: hci0: command tx timeout
[  285.716665][ T7423] loop3: detected capacity change from 0 to 4096
[  285.735349][ T7423] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  285.831847][ T7423] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  286.037766][ T7423] ntfs3: loop3: Failed to initialize $Extend/$ObjId.
[  286.945230][ T5124] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  286.955102][ T5124] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  286.964572][ T5124] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  286.984967][ T5124] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  286.996030][ T5124] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  287.003748][ T5124] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  287.340560][ T1072] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  287.681115][ T5124] Bluetooth: hci0: command tx timeout
[  287.741353][ T1072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  287.754597][ T1072] bond0 (unregistering): Released all slaves
[  288.100521][ T7460] loop3: detected capacity change from 0 to 4096
[  288.110525][ T7460] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  288.193869][ T7465] loop1: detected capacity change from 0 to 2048
[  288.233658][ T7467] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  288.303034][ T7354] chnl_net:caif_netlink_parms(): no params data found
[  288.323910][ T7467] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  288.345172][ T7467] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4)
[  288.356887][ T7467] Remounting filesystem read-only
[  288.429961][ T7469] loop4: detected capacity change from 0 to 4096
[  288.438405][ T7469] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512).
[  288.469251][ T7469] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  288.494507][ T7469] ntfs3: loop4: Failed to initialize $Extend/$ObjId.
[  288.523373][ T7465] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer
[  288.563415][ T7465] NILFS (loop1): discard dirty page: offset=0, ino=18
[  288.570237][ T7465] NILFS (loop1): discard dirty block: blocknr=0, size=1024
[  288.582185][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.596328][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.608232][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.619746][ T7465] NILFS (loop1): discard dirty page: offset=0, ino=2
[  288.644408][ T7465] NILFS (loop1): discard dirty block: blocknr=18, size=1024
[  288.670412][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.695188][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.710212][ T1072] hsr_slave_0: left promiscuous mode
[  288.716912][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.726923][ T1072] hsr_slave_1: left promiscuous mode
[  288.733901][ T7465] NILFS (loop1): discard dirty page: offset=0, ino=6
[  288.740732][ T7465] NILFS (loop1): discard dirty block: blocknr=35, size=1024
[  288.748154][ T7465] NILFS (loop1): discard dirty block: blocknr=36, size=1024
[  288.756742][ T7465] NILFS (loop1): discard dirty block: blocknr=37, size=1024
[  288.764153][ T7465] NILFS (loop1): discard dirty block: blocknr=38, size=1024
[  288.775603][ T7476] loop4: detected capacity change from 0 to 256
[  288.821239][ T7465] NILFS (loop1): discard dirty page: offset=4096, ino=6
[  288.828245][ T7465] NILFS (loop1): discard dirty block: blocknr=39, size=1024
[  288.842251][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  288.871838][ T7476] FAT-fs (loop4): Unrecognized mount option "s��" or missing value
[  288.880218][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  288.887687][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.904836][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  288.929132][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.940708][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  288.958178][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  288.993005][ T7465] NILFS (loop1): discard dirty page: offset=0, ino=5
[  288.999819][ T7465] NILFS (loop1): discard dirty block: blocknr=41, size=1024
[  289.007506][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.016075][ T1072] veth1_macvtap: left promiscuous mode
[  289.016495][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.029951][ T1072] veth0_macvtap: left promiscuous mode
[  289.044710][ T5124] Bluetooth: hci4: command tx timeout
[  289.248641][ T1072] veth1_vlan: left promiscuous mode
[  289.273052][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.316705][ T1072] veth0_vlan: left promiscuous mode
[  289.348358][ T7465] NILFS (loop1): discard dirty page: offset=0, ino=4
[  289.496674][ T7465] NILFS (loop1): discard dirty block: blocknr=40, size=1024
[  289.592994][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.643720][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.704278][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.713852][ T7465] NILFS (loop1): discard dirty page: offset=0, ino=3
[  289.720549][ T7465] NILFS (loop1): discard dirty block: blocknr=42, size=1024
[  289.728050][ T7465] NILFS (loop1): discard dirty block: blocknr=43, size=1024
[  289.735423][ T7465] NILFS (loop1): discard dirty block: blocknr=44, size=1024
[  289.743587][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.752588][ T7465] NILFS (loop1): discard dirty page: offset=65536, ino=3
[  289.759631][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.778899][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.789113][ T7465] NILFS (loop1): discard dirty block: blocknr=0, size=1024
[  289.813426][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.842243][ T7465] NILFS (loop1): discard dirty page: offset=196608, ino=3
[  289.862956][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.900192][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  289.949878][ T7465] NILFS (loop1): discard dirty block: blocknr=49, size=1024
[  289.983536][ T7465] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  290.065902][ T7484] loop4: detected capacity change from 0 to 40427
[  290.074484][ T7484] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  290.082363][ T7484] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  290.100216][ T7484] F2FS-fs (loop4): Found nat_bits in checkpoint
[  290.167657][ T7484] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  290.174829][ T7484] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  290.286795][ T7498] syz-executor.1[7498] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  290.286994][ T7498] syz-executor.1[7498] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  290.471324][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  290.674253][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  290.694638][    T9] usb 5-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=6a.b1
[  290.719008][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.730817][    T9] usb 5-1: Product: syz
[  290.735100][    T9] usb 5-1: Manufacturer: syz
[  290.739996][    T9] usb 5-1: SerialNumber: syz
[  290.773737][    T9] usb 5-1: config 0 descriptor??
[  290.787349][    T9] cytherm 5-1:0.0: Cypress thermometer device now attached
[  291.124705][ T5124] Bluetooth: hci4: command tx timeout
[  292.756285][ T1072] team0 (unregistering): Port device team_slave_1 removed
[  293.201482][ T5124] Bluetooth: hci4: command tx timeout
[  293.998060][ T1072] team0 (unregistering): Port device team_slave_0 removed
[  294.520346][    T9] usb 5-1: USB disconnect, device number 2
[  294.528153][    T9] cytherm 5-1:0.0: Cypress thermometer now disconnected
[  295.340306][ T5124] Bluetooth: hci4: command tx timeout
[  295.458891][ T7511] loop3: detected capacity change from 0 to 64
[  295.577304][ T7511] hfs: unable to load codepage "macWoman�a.Gu�d=0x0000000000000000"
[  296.424231][ T7516] loop1: detected capacity change from 0 to 131072
[  296.454148][ T7516] F2FS-fs (loop1): QUOTA feature is enabled, so ignore qf_name
[  296.462701][ T7511] hfs: unable to parse mount options
[  296.465702][ T7516] F2FS-fs (loop1): invalid crc value
[  296.484680][ T7516] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  296.574745][ T7516] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b
[  296.613704][ T7521] loop4: detected capacity change from 0 to 64
[  296.617251][ T7511] loop3: detected capacity change from 0 to 1024
[  296.628356][ T7511] hfsplus: type requires a 4 character value
[  296.635756][   T29] audit: type=1800 audit(1718521942.106:44): pid=7516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=5 res=0 errno=0
[  296.657210][ T7511] hfsplus: unable to parse mount options
[  296.770967][ T7524] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  296.791800][ T7354] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.799493][ T7524] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'.
[  296.828397][ T7354] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.837340][ T7525] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  296.851276][ T7354] bridge_slave_0: entered allmulticast mode
[  296.861122][ T7354] bridge_slave_0: entered promiscuous mode
[  296.870051][ T7525] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'.
[  296.884841][ T7354] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.901126][ T7354] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.921936][ T7354] bridge_slave_1: entered allmulticast mode
[  296.941194][ T7354] bridge_slave_1: entered promiscuous mode
[  297.127415][ T7354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  297.172252][ T7445] chnl_net:caif_netlink_parms(): no params data found
[  297.254281][ T7542] loop4: detected capacity change from 0 to 64
[  297.264747][ T7354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  297.822829][ T7354] team0: Port device team_slave_0 added
[  297.862201][ T7354] team0: Port device team_slave_1 added
[  298.890841][ T7354] batman_adv: batadv0: Adding interface: batadv_slave_0
[  298.922441][ T7354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  298.988566][ T7354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  299.016269][ T7354] batman_adv: batadv0: Adding interface: batadv_slave_1
[  299.035047][ T7354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.095975][ T7354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  299.168002][ T7445] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.212670][ T7445] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.219974][ T7445] bridge_slave_0: entered allmulticast mode
[  299.227667][ T7445] bridge_slave_0: entered promiscuous mode
[  299.236829][ T7445] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.244630][ T7445] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.264948][ T7445] bridge_slave_1: entered allmulticast mode
[  299.302554][ T7445] bridge_slave_1: entered promiscuous mode
[  300.083578][ T7445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  300.164749][ T7445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  300.422719][ T7565] loop4: detected capacity change from 0 to 131072
[  300.433743][ T7565] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name
[  300.444500][ T7565] F2FS-fs (loop4): invalid crc value
[  300.481461][ T7565] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  300.566584][ T7565] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[  300.566897][ T7445] team0: Port device team_slave_0 added
[  300.724935][ T7445] team0: Port device team_slave_1 added
[  300.843792][ T7577] loop1: detected capacity change from 0 to 64
[  300.898194][ T7586] overlayfs: failed to resolve './file0': -2
[  301.089585][ T1072] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.194226][ T7445] batman_adv: batadv0: Adding interface: batadv_slave_0
[  301.208038][ T7575] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[  301.214734][ T7445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.250754][ T7445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  301.269223][ T7354] hsr_slave_0: entered promiscuous mode
[  301.320397][ T7354] hsr_slave_1: entered promiscuous mode
[  301.329389][ T7574] loop3: detected capacity change from 0 to 512
[  301.346184][ T7574] EXT4-fs: Ignoring removed nobh option
[  301.368998][ T7590] loop1: detected capacity change from 0 to 64
[  301.376229][ T5189] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  301.392055][ T7574] EXT4-fs: Mount option(s) incompatible with ext2
[  301.427714][ T1072] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.444993][ T7445] batman_adv: batadv0: Adding interface: batadv_slave_1
[  301.457565][ T7445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.510151][ T7445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  301.564278][ T5189] usb 1-1: device descriptor read/64, error -71
[  301.624817][ T1072] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.891268][ T5189] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  302.003722][ T1072] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.227845][ T5189] usb 1-1: device descriptor read/64, error -71
[  302.389715][ T5189] usb usb1-port1: attempt power cycle
[  302.902506][ T5189] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  303.022760][ T5189] usb 1-1: device descriptor read/8, error -71
[  303.254166][ T7445] hsr_slave_0: entered promiscuous mode
[  303.268774][ T7445] hsr_slave_1: entered promiscuous mode
[  303.280353][ T7445] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  303.305622][ T7445] Cannot create hsr debugfs directory
[  303.331038][ T5189] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  303.379088][ T5189] usb 1-1: device descriptor read/8, error -71
[  303.434319][ T7607] ptm ptm2: ldisc open failed (-12), clearing slot 2
[  303.515280][ T5189] usb usb1-port1: unable to enumerate USB device
[  303.669314][ T7614] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  303.848709][ T1072] bridge_slave_1: left allmulticast mode
[  303.865007][ T1072] bridge_slave_1: left promiscuous mode
[  303.870829][ T1072] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.968843][ T1072] bridge_slave_0: left allmulticast mode
[  303.994400][ T1072] bridge_slave_0: left promiscuous mode
[  304.029448][ T1072] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.745532][ T7615] loop3: detected capacity change from 0 to 32768
[  304.814680][ T7615] 
[  304.814680][ T7615]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  304.814680][ T7615] 
[  304.869195][ T7615] 
[  304.869195][ T7615]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  304.869195][ T7615] 
[  304.941085][ T7615] 
[  304.941085][ T7615]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  304.941085][ T7615] 
[  304.990849][ T7615] jfs: Unrecognized mount option "18446744073709551615�00000000000000000000000���X�c�v�:�Q���"��C���o��"���'ή���_��0��-�%��+�t��6P���'�k�;/|�%�T�9i�(��%Z��@�G~��ͱ�\�����������%S:U�VT����OvO7MfO�Jj�N��"��Bn�]��XZ
[  304.990849][ T7615] �o�*��e�4�b��L����*�" or missing value
[  305.047247][ T7611] loop1: detected capacity change from 0 to 40427
[  305.101301][ T7618] loop4: detected capacity change from 0 to 131072
[  305.111141][ T7618] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name
[  305.125689][ T7618] F2FS-fs (loop4): invalid crc value
[  305.151596][ T6679] 
[  305.151596][ T6679]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  305.151596][ T6679] 
[  305.170650][ T7618] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  305.175987][ T6679] 
[  305.175987][ T6679]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  305.175987][ T6679] 
[  305.225830][ T7611] F2FS-fs (loop1): Found nat_bits in checkpoint
[  305.292121][ T7618] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[  305.419270][ T7611] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  305.505627][ T7611] UBIFS error (pid: 7611): cannot open "./file0", error -22
[  305.555619][ T6439] F2FS-fs (loop1): access invalid blkaddr:2048
[  305.584876][ T6439] CPU: 1 PID: 6439 Comm: syz-executor.1 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0
[  305.595348][ T6439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  305.605397][ T6439] Call Trace:
[  305.608665][ T6439]  <TASK>
[  305.611590][ T6439]  dump_stack_lvl+0x241/0x360
[  305.616273][ T6439]  ? __pfx_dump_stack_lvl+0x10/0x10
[  305.621467][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.627099][ T6439]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  305.632999][ T6439]  ? __lock_acquire+0x1346/0x1fd0
[  305.638025][ T6439]  __f2fs_is_valid_blkaddr+0xe16/0x1460
[  305.643580][ T6439]  f2fs_map_blocks+0xf29/0x4970
[  305.648506][ T6439]  ? xas_load+0x59b/0x5c0
[  305.652853][ T6439]  ? __pfx_f2fs_map_blocks+0x10/0x10
[  305.658140][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.663771][ T6439]  ? xa_load+0x2dd/0x350
[  305.668011][ T6439]  ? __pfx_xa_load+0x10/0x10
[  305.672607][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.678238][ T6439]  ? folio_index+0xab/0x350
[  305.682745][ T6439]  f2fs_mpage_readpages+0xcff/0x21b0
[  305.688049][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.693730][ T6439]  ? __pfx_f2fs_mpage_readpages+0x10/0x10
[  305.699454][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.705092][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.710736][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.716370][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.722001][ T6439]  ? f2fs_readahead+0x184/0x340
[  305.726854][ T6439]  read_pages+0x180/0x840
[  305.731185][ T6439]  ? __pfx_lru_add_fn+0x10/0x10
[  305.736038][ T6439]  ? __pfx_read_pages+0x10/0x10
[  305.740894][ T6439]  ? filemap_add_folio+0x26d/0x650
[  305.746020][ T6439]  ? __pfx_filemap_add_folio+0x10/0x10
[  305.751490][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.757123][ T6439]  ? page_cache_ra_order+0x2e0/0xcb0
[  305.762417][ T6439]  page_cache_ra_unbounded+0x6ce/0x7f0
[  305.767891][ T6439]  f2fs_readdir+0x5bc/0xbf0
[  305.772397][ T6439]  ? __pfx___might_resched+0x10/0x10
[  305.777699][ T6439]  ? __pfx_f2fs_readdir+0x10/0x10
[  305.782722][ T6439]  ? trace_contention_end+0x3c/0x120
[  305.788010][ T6439]  ? iterate_dir+0x55b/0x820
[  305.792602][ T6439]  ? __fdget_pos+0x24e/0x310
[  305.797193][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.802831][ T6439]  ? common_file_perm+0x1a6/0x210
[  305.807854][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.813488][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.819122][ T6439]  iterate_dir+0x660/0x820
[  305.823543][ T6439]  __se_sys_getdents64+0x20d/0x4f0
[  305.828656][ T6439]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  305.834637][ T6439]  ? __pfx___se_sys_getdents64+0x10/0x10
[  305.840264][ T6439]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  305.846247][ T6439]  ? __pfx_filldir64+0x10/0x10
[  305.851026][ T6439]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  305.857356][ T6439]  ? exc_page_fault+0x590/0x8c0
[  305.862204][ T6439]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.867842][ T6439]  ? do_syscall_64+0xb6/0x230
[  305.872521][ T6439]  do_syscall_64+0xf3/0x230
[  305.877026][ T6439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.882916][ T6439] RIP: 0033:0x7febceaa83a3
[  305.887322][ T6439] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 8b fa ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8
[  305.906920][ T6439] RSP: 002b:00007ffe55897f78 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  305.915333][ T6439] RAX: ffffffffffffffda RBX: 000055556d584970 RCX: 00007febceaa83a3
[  305.923299][ T6439] RDX: 0000000000008000 RSI: 000055556d584970 RDI: 0000000000000005
[  305.931284][ T6439] RBP: 000055556d584944 R08: 0000000000000000 R09: 0000000000000000
[  305.939245][ T6439] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb0
[  305.947207][ T6439] R13: 0000000000000010 R14: 000055556d584940 R15: 0000000000000007
[  305.955201][ T6439]  </TASK>
[  305.991405][ T6439] syz-executor.1: attempt to access beyond end of device
[  305.991405][ T6439] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  306.040127][ T6439] syz-executor.1: attempt to access beyond end of device
[  306.040127][ T6439] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  306.281974][ T6439] syz-executor.1: attempt to access beyond end of device
[  306.281974][ T6439] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  306.318737][ T6439] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  306.996712][ T1072] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  307.059943][ T1072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  307.133648][ T1072] bond0 (unregistering): Released all slaves
[  307.614119][ T7640] tunl0 speed is unknown, defaulting to 1000
[  307.672661][ T1072] IPVS: stopping master sync thread 5316 ...
[  308.354199][ T7640] tunl0 speed is unknown, defaulting to 1000
[  308.563114][ T7640] tunl0 speed is unknown, defaulting to 1000
[  309.025215][ T7652] loop4: detected capacity change from 0 to 64
[  309.076326][ T1072] hsr_slave_0: left promiscuous mode
[  309.136671][ T1072] hsr_slave_1: left promiscuous mode
[  309.197656][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  309.251029][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  309.256297][ T7640] infiniband syz0: set active
[  309.298113][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  309.314531][ T7640] infiniband syz0: added tunl0
[  309.315543][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  309.360919][ T7640] syz0: rxe_create_cq: returned err = -12
[  309.381892][ T7640] infiniband syz0: Couldn't create ib_mad CQ
[  309.389512][ T7640] infiniband syz0: Couldn't open port 1
[  309.433373][ T1072] veth1_macvtap: left promiscuous mode
[  309.452079][ T1072] veth0_macvtap: left promiscuous mode
[  309.457889][ T1072] veth1_vlan: left promiscuous mode
[  309.467919][ T1072] veth0_vlan: left promiscuous mode
[  309.477218][ T7640] RDS/IB: syz0: added
[  309.482804][ T7640] smc: adding ib device syz0 with port count 1
[  309.502619][ T7640] smc:    ib device syz0 port 1 has pnetid 
[  309.585668][   T29] audit: type=1326 audit(1718521955.056:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7660 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b1907cea9 code=0x0
[  309.701448][   T45] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  309.740395][ T7667] loop4: detected capacity change from 0 to 512
[  309.810305][ T5123] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  309.823128][ T5123] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  309.834817][ T5123] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  309.857338][ T5123] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  309.865348][ T5123] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  309.873274][ T5123] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  309.893972][   T45] usb 1-1: too many configurations: 43, using maximum allowed: 8
[  309.920487][   T45] usb 1-1: config index 0 descriptor too short (expected 64754, got 72)
[  309.928967][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  309.939520][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  309.952592][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  309.969948][   T45] usb 1-1: config index 1 descriptor too short (expected 64754, got 72)
[  309.982589][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  309.993860][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  310.008985][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  310.031623][   T45] usb 1-1: config index 2 descriptor too short (expected 64754, got 72)
[  310.039973][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  310.064318][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  310.092595][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  310.124320][   T45] usb 1-1: config index 3 descriptor too short (expected 64754, got 72)
[  310.133228][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  310.147384][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  310.169074][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  310.204181][   T45] usb 1-1: config index 4 descriptor too short (expected 64754, got 72)
[  310.212782][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  310.223622][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  310.236103][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  310.253658][   T45] usb 1-1: config index 5 descriptor too short (expected 64754, got 72)
[  310.268098][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  310.288699][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  310.306200][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  310.359584][   T45] usb 1-1: config index 6 descriptor too short (expected 64754, got 72)
[  310.372886][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  310.392388][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  310.403978][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  310.433353][   T45] usb 1-1: config index 7 descriptor too short (expected 64754, got 72)
[  310.441930][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  310.452141][   T45] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  310.464189][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  310.517885][ T1072] team0 (unregistering): Port device team_slave_1 removed
[  310.551136][   T45] usb 1-1: string descriptor 0 read error: -71
[  310.571214][   T45] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  310.580292][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.609443][   T45] usb 1-1: can't set config #1, error -71
[  310.612990][ T1072] team0 (unregistering): Port device team_slave_0 removed
[  310.616829][   T45] usb 1-1: USB disconnect, device number 9
[  311.632656][ T1791] tunl0 speed is unknown, defaulting to 1000
[  311.635645][ T7665] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  312.076018][ T5123] Bluetooth: hci2: command tx timeout
[  312.346363][ T7676] loop4: detected capacity change from 0 to 64
[  312.417450][   T25] tunl0 speed is unknown, defaulting to 1000
[  312.417673][   T29] audit: type=1804 audit(1718521957.886:46): pid=7672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1005331324/syzkaller.9AdWhC/132/bus" dev="sda1" ino=1946 res=1 errno=0
[  313.030823][ T7640] tunl0 speed is unknown, defaulting to 1000
[  313.432916][ T7354] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  313.468658][ T7354] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  313.509706][ T7354] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  313.539585][ T7354] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  313.539690][ T7640] tunl0 speed is unknown, defaulting to 1000
[  313.680452][   T45] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  313.697152][ T5123] Bluetooth: hci5: command 0x0406 tx timeout
[  313.700320][ T7445] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  313.739780][ T7445] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  313.788646][ T7445] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  313.799279][ T7694] overlayfs: failed to resolve './file0': -2
[  313.838880][ T7445] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  313.974752][   T45] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  314.001347][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.050492][   T45] usb 5-1: Product: syz
[  314.078432][   T45] usb 5-1: Manufacturer: syz
[  314.094710][   T45] usb 5-1: SerialNumber: syz
[  314.126164][   T45] usb 5-1: config 0 descriptor??
[  314.161518][ T5124] Bluetooth: hci2: command tx timeout
[  314.392075][ T7354] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.870332][ T7354] 8021q: adding VLAN 0 to HW filter on device team0
[  314.880991][ T7668] tunl0 speed is unknown, defaulting to 1000
[  314.970855][ T5189] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.979671][ T5189] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.993391][   T45] usb 5-1: Firmware version (0.0) predates our first public release.
[  315.004859][   T45] usb 5-1: Please update to version 0.2 or newer
[  315.060797][ T5189] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.068034][ T5189] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.175659][   T45] usb 5-1: USB disconnect, device number 3
[  315.299717][ T7640] tunl0 speed is unknown, defaulting to 1000
[  315.388092][ T7445] 8021q: adding VLAN 0 to HW filter on device bond0
[  315.415255][ T7711] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  315.522755][ T7712] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  315.658632][ T7445] 8021q: adding VLAN 0 to HW filter on device team0
[  315.708375][ T7715] loop4: detected capacity change from 0 to 1024
[  316.241364][ T5124] Bluetooth: hci2: command tx timeout
[  316.751746][ T1237] ieee802154 phy0 wpan0: encryption failed: -22
[  316.970218][ T1237] ieee802154 phy1 wpan1: encryption failed: -22
[  317.007830][ T5206] bridge0: port 1(bridge_slave_0) entered blocking state
[  317.015157][ T5206] bridge0: port 1(bridge_slave_0) entered forwarding state
[  317.034672][   T29] audit: type=1804 audit(1718521962.506:47): pid=7718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1005331324/syzkaller.9AdWhC/141/bus" dev="sda1" ino=1948 res=1 errno=0
[  317.072569][ T7715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  317.167058][   T29] audit: type=1804 audit(1718521962.506:48): pid=7718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir1005331324/syzkaller.9AdWhC/141/bus" dev="sda1" ino=1948 res=1 errno=0
[  317.222472][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  317.229724][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  317.244370][ T7640] tunl0 speed is unknown, defaulting to 1000
[  318.051254][ T6207] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.229366][ T7354] 8021q: adding VLAN 0 to HW filter on device batadv0
[  318.256275][ T7668] chnl_net:caif_netlink_parms(): no params data found
[  318.501037][ T5124] Bluetooth: hci2: command tx timeout
[  319.891968][ T7445] 8021q: adding VLAN 0 to HW filter on device batadv0
[  320.006615][ T7753] loop4: detected capacity change from 0 to 4096
[  320.043576][ T7753] nilfs2: Unknown parameter '.'
[  320.059619][ T7445] veth0_vlan: entered promiscuous mode
[  320.083443][ T7445] veth1_vlan: entered promiscuous mode
[  320.154400][ T7445] veth0_macvtap: entered promiscuous mode
[  320.177440][ T7445] veth1_macvtap: entered promiscuous mode
[  320.232169][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.275551][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.311014][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.349197][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.371124][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.404903][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.647849][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.681008][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.708138][ T7445] batman_adv: batadv0: Interface activated: batadv_slave_0
[  321.108894][   T29] audit: type=1804 audit(1718521966.556:49): pid=7747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1005331324/syzkaller.9AdWhC/143/bus" dev="sda1" ino=1948 res=1 errno=0
[  322.308683][ T7766] loop4: detected capacity change from 0 to 128
[  322.348834][   T29] audit: type=1800 audit(1718521967.816:50): pid=7766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1048629 res=0 errno=0
[  322.481639][ T7640] tunl0 speed is unknown, defaulting to 1000
[  322.521487][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  322.574178][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.613386][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  322.674474][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.707241][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  322.750898][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.776527][ T7445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  322.801240][ T7445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.826323][ T7445] batman_adv: batadv0: Interface activated: batadv_slave_1
[  322.911872][ T7445] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  322.951664][ T7445] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  323.014969][ T7445] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  323.040917][ T7445] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  323.174565][ T7668] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.191629][ T7668] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.213375][ T7668] bridge_slave_0: entered allmulticast mode
[  323.223574][ T7668] bridge_slave_0: entered promiscuous mode
[  323.265353][ T7784] loop4: detected capacity change from 0 to 8
[  323.338975][ T7784] SQUASHFS error: lzo decompression failed, data probably corrupt
[  323.371192][ T7784] SQUASHFS error: Failed to read block 0x91: -5
[  323.378221][ T7640] tunl0 speed is unknown, defaulting to 1000
[  323.426738][ T7784] SQUASHFS error: Unable to read metadata cache entry [8f]
[  323.434613][ T7668] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.442659][ T7784] SQUASHFS error: Unable to read inode 0x11f
[  323.452873][ T7668] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.490121][ T7668] bridge_slave_1: entered allmulticast mode
[  323.509445][ T7668] bridge_slave_1: entered promiscuous mode
[  323.789972][ T7354] veth0_vlan: entered promiscuous mode
[  323.865685][ T7668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  324.700705][   T29] audit: type=1804 audit(1718521970.166:51): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1005331324/syzkaller.9AdWhC/147/bus" dev="sda1" ino=1948 res=1 errno=0
[  324.759985][   T29] audit: type=1804 audit(1718521970.206:52): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir1005331324/syzkaller.9AdWhC/147/bus" dev="sda1" ino=1948 res=1 errno=0
[  324.838680][ T7788] loop4: detected capacity change from 0 to 1024
[  324.848315][ T7668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  324.875179][ T7788] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  324.968431][ T7354] veth1_vlan: entered promiscuous mode
[  325.012141][ T1059] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  325.020002][ T1059] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.073665][ T7668] team0: Port device team_slave_0 added
[  325.086336][ T7797] loop3: detected capacity change from 0 to 128
[  325.135148][ T7668] team0: Port device team_slave_1 added
[  325.147112][   T29] audit: type=1800 audit(1718521970.596:53): pid=7797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1048630 res=0 errno=0
[  325.269595][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  325.280128][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.307331][ T7668] batman_adv: batadv0: Adding interface: batadv_slave_0
[  325.327901][ T7668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  325.353834][    C1] vkms_vblank_simulate: vblank timer overrun
[  325.373955][ T7668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  325.383223][ T6207] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.427345][ T7668] batman_adv: batadv0: Adding interface: batadv_slave_1
[  325.456682][ T7668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  325.500398][ T7668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  325.646874][ T7807] loop4: detected capacity change from 0 to 4096
[  325.678982][ T7807] nilfs2: Unknown parameter '.'
[  325.892886][ T7354] veth0_macvtap: entered promiscuous mode
[  327.007899][ T7810] loop3: detected capacity change from 0 to 131072
[  327.081584][ T7810] F2FS-fs (loop3): QUOTA feature is enabled, so ignore qf_name
[  327.093765][ T7810] F2FS-fs (loop3): invalid crc value
[  327.286030][ T7810] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  327.380859][ T7810] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[  327.519990][ T7668] hsr_slave_0: entered promiscuous mode
[  327.571547][ T7668] hsr_slave_1: entered promiscuous mode
[  327.664730][ T7668] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  327.687079][ T7668] Cannot create hsr debugfs directory
[  327.748198][ T7354] veth1_macvtap: entered promiscuous mode
[  328.635495][ T7827] loop2: detected capacity change from 0 to 128
[  328.661202][   T29] audit: type=1800 audit(1718521974.126:54): pid=7827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=1048634 res=0 errno=0
[  328.888538][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.951565][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.972556][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.996847][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.022544][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.074782][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.115663][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.182352][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.259768][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.297465][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.327974][ T7354] batman_adv: batadv0: Interface activated: batadv_slave_0
[  329.454813][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.481094][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.501142][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.531171][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.551098][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.591160][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.621177][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.661288][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.721070][ T7354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.771254][ T7354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.813222][ T7354] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.017276][ T7354] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.070158][ T7354] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.119886][ T7354] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.160700][ T7354] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.599903][ T7668] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.748056][ T7835] loop2: detected capacity change from 0 to 131072
[  330.758636][ T7835] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name
[  330.782367][ T7835] F2FS-fs (loop2): invalid crc value
[  330.816964][ T7835] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  330.903592][ T7833] loop4: detected capacity change from 0 to 40427
[  330.920395][ T7835] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[  330.934457][ T7668] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.961306][ T7833] F2FS-fs (loop4): invalid crc value
[  330.969364][   T29] audit: type=1800 audit(1718521976.436:55): pid=7835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=5 res=0 errno=0
[  331.196146][ T7833] F2FS-fs (loop4): Found nat_bits in checkpoint
[  331.236566][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.244610][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.846811][ T7668] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.906614][ T7833] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  332.154901][ T7668] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.217300][ T1072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.257844][ T1072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.268795][ T7849] loop3: detected capacity change from 0 to 1024
[  332.318843][ T7849] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  332.435502][ T7668] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  332.449133][ T7668] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  332.526310][ T7668] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  332.557580][ T7668] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  332.947338][ T7668] 8021q: adding VLAN 0 to HW filter on device bond0
[  333.006291][ T7858] rdma_rxe: rxe_newlink: failed to add tunl0
[  333.029635][ T7668] 8021q: adding VLAN 0 to HW filter on device team0
[  333.104411][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.111645][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  333.168831][ T6679] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.205579][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.212825][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  333.269851][ T7860] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  333.699112][ T7855] loop5: detected capacity change from 0 to 32768
[  333.783694][ T7855] XFS (loop5): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  333.904549][ T7855] XFS (loop5): Ending clean mount
[  333.993232][ T7855] XFS (loop5): Quotacheck needed: Please wait.
[  334.076679][ T7897] loop2: detected capacity change from 0 to 128
[  334.113301][ T7668] 8021q: adding VLAN 0 to HW filter on device batadv0
[  334.167926][ T7855] XFS (loop5): Quotacheck: Done.
[  334.932743][   T29] audit: type=1800 audit(1718521980.396:56): pid=7897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=1048638 res=0 errno=0
[  335.405198][ T7855] bridge0: port 3(vlan2) entered blocking state
[  336.241407][ T7855] bridge0: port 3(vlan2) entered disabled state
[  336.337364][ T7855] vlan2: entered allmulticast mode
[  336.599882][ T7855] vlan2: entered promiscuous mode
[  336.631506][ T7668] veth0_vlan: entered promiscuous mode
[  337.064758][ T7668] veth1_vlan: entered promiscuous mode
[  337.638319][ T7354] XFS (loop5): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  337.979148][   T29] audit: type=1800 audit(1718521983.446:57): pid=7925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file2" dev="sda1" ino=1944 res=0 errno=0
[  337.990427][ T7668] veth0_macvtap: entered promiscuous mode
[  338.078341][ T7668] veth1_macvtap: entered promiscuous mode
[  338.228574][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.290112][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.310336][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.370980][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.395880][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.409303][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.425191][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.442333][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.459516][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.471149][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.490533][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.530720][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.590225][ T7668] batman_adv: batadv0: Interface activated: batadv_slave_0
[  338.643729][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  338.693721][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.754817][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  338.804314][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.857043][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  338.887201][   T29] audit: type=1326 audit(1718521984.356:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5367cea9 code=0x0
[  338.900975][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.959877][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  339.003288][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.061669][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  339.115504][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.152776][ T7668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  339.179020][ T7668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.205361][ T7668] batman_adv: batadv0: Interface activated: batadv_slave_1
[  339.332943][ T7668] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  339.388421][ T7668] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  339.423103][ T7668] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  339.452451][ T7668] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  339.872616][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  339.880518][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  341.735350][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  341.810146][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.374111][ T7986] loop3: detected capacity change from 0 to 2048
[  343.874703][ T7983] tunl0 speed is unknown, defaulting to 1000
[  344.130183][ T7990] netlink: 'syz-executor.5': attribute type 10 has an invalid length.
[  344.193290][ T7990] team0: Port device netdevsim0 added
[  344.236291][ T7988] loop5: detected capacity change from 0 to 512
[  344.521751][ T7988] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.543534][ T7988] ext4 filesystem being mounted at /root/syzkaller-testdir2319378307/syzkaller.I9oo7N/4/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  345.077162][ T7988] EXT4-fs error (device loop5): ext4_find_dest_de:2111: inode #12: block 32: comm syz-executor.5: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  345.502771][ T7354] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.561063][   T29] audit: type=1326 audit(1718521991.006:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b08a7cea9 code=0x0
[  347.909343][ T8030] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.678892][ T8041] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  349.086438][ T8045] loop3: detected capacity change from 0 to 1024
[  349.485342][ T8045] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc018, mo2=0002]
[  349.511253][ T8045] System zones: 0-1, 3-36
[  349.592926][ T8045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.864080][ T8025] loop5: detected capacity change from 0 to 32768
[  352.432458][ T8025] XFS: attr2 mount option is deprecated.
[  352.438172][ T8025] XFS: ikeep mount option is deprecated.
[  352.513608][ T8025] XFS: noikeep mount option is deprecated.
[  352.645278][ T8025] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/loop5": -EINTR
[  354.369359][   T29] audit: type=1326 audit(1718521999.840:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5367cea9 code=0x0
[  354.646728][ T5124] Bluetooth: hci3: command 0x0406 tx timeout
[  356.412165][ T6679] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.288743][ T8098] loop4: detected capacity change from 0 to 40427
[  357.405975][ T8098] F2FS-fs (loop4): Found nat_bits in checkpoint
[  357.550476][ T8106] loop1: detected capacity change from 0 to 32768
[  357.605898][ T8106] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (8106)
[  357.645911][ T8098] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  357.675230][ T8106] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  357.717052][ T8106] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm
[  357.731279][ T8106] BTRFS info (device loop1): using free-space-tree
[  358.283446][ T8137] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  358.371997][ T8106] loop1: detected capacity change from 32768 to 11
[  358.381025][   T29] audit: type=1800 audit(1718522003.800:61): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=265 res=0 errno=0
[  358.424942][ T8162] syz-executor.1: attempt to access beyond end of device
[  358.424942][ T8162] loop1: rw=6145, sector=10448, nr_sectors = 8 limit=11
[  358.529615][ T8162] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  358.550111][   T29] audit: type=1800 audit(1718522004.000:62): pid=8166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=265 res=0 errno=0
[  358.640922][   T29] audit: type=1800 audit(1718522004.100:63): pid=8166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=265 res=0 errno=0
[  358.690061][ T8163] BTRFS error (device loop1 state AL): Transaction aborted (error -5)
[  358.734102][ T8163] BTRFS: error (device loop1 state AL) in free_log_tree:3247: errno=-5 IO failure
[  358.761085][ T8163] BTRFS info (device loop1 state EAL): forced readonly
[  358.807627][ T8163] BTRFS warning (device loop1 state EAL): Skipping commit of aborted transaction.
[  358.861012][ T8163] BTRFS: error (device loop1 state EAL) in cleanup_transaction:1999: errno=-5 IO failure
[  359.083050][ T7668] BTRFS info (device loop1 state EAL): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  359.645761][ T8177] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  360.485730][ T8192] input: syz0 as /devices/virtual/input/input7
[  360.665786][   T29] audit: type=1800 audit(1718522006.140:64): pid=8201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1970 res=0 errno=0
[  361.086520][ T8211] sp0: Synchronizing with TNC
[  363.455663][ T8207] loop2: detected capacity change from 0 to 32768
[  363.499379][ T8207] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (8207)
[  363.574148][ T8207] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  363.629644][ T8207] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[  363.677995][ T8207] BTRFS info (device loop2): using free-space-tree
[  363.751412][ T8247] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  364.235957][ T8207] BTRFS error (device loop2): open_ctree failed
[  364.401121][ T8269] loop4: detected capacity change from 0 to 512
[  365.778844][ T8269] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.791669][ T8269] ext4 filesystem being mounted at /root/syzkaller-testdir1107618570/syzkaller.OkVXE8/94/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  365.952394][ T8269] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.4'.
[  366.173526][ T6207] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.384799][ T5174] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  366.621091][ T5174] usb 1-1: Using ep0 maxpacket: 8
[  366.642721][ T5174] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  366.674628][ T5174] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.768612][ T8104] syz-executor.5 (8104): drop_caches: 3
[  366.776052][ T5174] usb 1-1: config 0 descriptor??
[  367.034240][ T5174] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  368.394651][ T8307] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  368.407903][ T8307] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.1'.
[  368.434262][ T8307] gretap0: entered promiscuous mode
[  368.754295][ T8322] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  368.792311][ T8321] loop1: detected capacity change from 0 to 64
[  369.156602][ T5174] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  369.178365][ T5174] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  369.198597][ T5174] asix 1-1:0.0: probe with driver asix failed with error -71
[  369.229149][ T5174] usb 1-1: USB disconnect, device number 10
[  369.437415][ T8316] loop2: detected capacity change from 0 to 32768
[  369.450235][ T8316] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (8316)
[  369.469232][ T8316] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  369.485403][ T8316] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[  369.506728][ T8316] BTRFS info (device loop2): using free-space-tree
[  369.861946][ T8316] loop2: detected capacity change from 32768 to 11
[  369.875358][ T8385] syz-executor.2: attempt to access beyond end of device
[  369.875358][ T8385] loop2: rw=6145, sector=10456, nr_sectors = 8 limit=11
[  369.942443][ T8385] BTRFS error (device loop2): bdev /dev/loop2 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  369.972113][ T8385] syz-executor.2: attempt to access beyond end of device
[  369.972113][ T8385] loop2: rw=6145, sector=10448, nr_sectors = 8 limit=11
[  369.995409][ T8385] BTRFS error (device loop2): bdev /dev/loop2 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
[  370.011353][ T8385] BTRFS error (device loop2 state AL): Transaction aborted (error -5)
[  370.019763][ T8385] BTRFS: error (device loop2 state AL) in free_log_tree:3247: errno=-5 IO failure
[  370.067075][ T8385] BTRFS info (device loop2 state EAL): forced readonly
[  370.121664][ T8385] BTRFS: error (device loop2 state EAL) in free_log_tree:3247: errno=-5 IO failure
[  370.208484][ T8385] BTRFS warning (device loop2 state EAL): Skipping commit of aborted transaction.
[  370.258764][ T8385] BTRFS: error (device loop2 state EAL) in cleanup_transaction:1999: errno=-5 IO failure
[  370.546303][ T7445] BTRFS info (device loop2 state EAL): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  372.315433][ T8465] loop1: detected capacity change from 0 to 2048
[  372.543317][ T8465] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  372.660882][ T8465] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  373.486393][ T8469] loop5: detected capacity change from 0 to 131072
[  373.527170][ T8469] F2FS-fs (loop5): invalid crc value
[  373.653325][ T8469] F2FS-fs (loop5): Found nat_bits in checkpoint
[  373.832224][ T8469] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  373.969356][ T8469] F2FS-fs (loop5): dec_valid_node_count: inconsistent i_blocks, ino:7, iblocks:0
[  375.788783][ T8501] syz-executor.1[8501] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.789821][ T8501] syz-executor.1[8501] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.929080][ T8522] 
[  376.943061][ T8522] ======================================================
[  376.950070][ T8522] WARNING: possible circular locking dependency detected
[  376.957077][ T8522] 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 Not tainted
[  376.964177][ T8522] ------------------------------------------------------
[  376.971183][ T8522] syz-executor.0/8522 is trying to acquire lock:
[  376.977498][ T8522] ffff8880b9429430 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x18a/0x790
[  376.986140][ T8522] 
[  376.986140][ T8522] but task is already holding lock:
[  376.993495][ T8522] ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[  377.002396][ T8522] 
[  377.002396][ T8522] which lock already depends on the new lock.
[  377.002396][ T8522] 
[  377.012790][ T8522] 
[  377.012790][ T8522] the existing dependency chain (in reverse order) is:
[  377.021880][ T8522] 
[  377.021880][ T8522] -> #1 (&base->lock){-.-.}-{2:2}:
[  377.029186][ T8522]        lock_acquire+0x1ed/0x550
[  377.034215][ T8522]        _raw_spin_lock_irqsave+0xd5/0x120
[  377.040028][ T8522]        lock_timer_base+0x112/0x240
[  377.045311][ T8522]        __mod_timer+0x1ca/0xeb0
[  377.050244][ T8522]        queue_delayed_work_on+0x1ca/0x390
[  377.056051][ T8522]        kvfree_call_rcu+0x47f/0x790
[  377.061338][ T8522]        rtnl_register_internal+0x482/0x590
[  377.067242][ T8522]        rtnl_register+0x36/0x80
[  377.072191][ T8522]        ip_rt_init+0x2f6/0x3a0
[  377.077040][ T8522]        ip_init+0xe/0x20
[  377.081367][ T8522]        inet_init+0x3d8/0x580
[  377.086130][ T8522]        do_one_initcall+0x24a/0x880
[  377.091421][ T8522]        do_initcall_level+0x157/0x210
[  377.096899][ T8522]        do_initcalls+0x3f/0x80
[  377.101752][ T8522]        kernel_init_freeable+0x435/0x5d0
[  377.107475][ T8522]        kernel_init+0x1d/0x2b0
[  377.112330][ T8522]        ret_from_fork+0x4d/0x80
[  377.117271][ T8522]        ret_from_fork_asm+0x1a/0x30
[  377.122563][ T8522] 
[  377.122563][ T8522] -> #0 (krc.lock){..-.}-{2:2}:
[  377.129620][ T8522]        validate_chain+0x18e0/0x5900
[  377.135002][ T8522]        __lock_acquire+0x1346/0x1fd0
[  377.140373][ T8522]        lock_acquire+0x1ed/0x550
[  377.145394][ T8522]        _raw_spin_lock+0x2e/0x40
[  377.150423][ T8522]        kvfree_call_rcu+0x18a/0x790
[  377.155712][ T8522]        trie_delete_elem+0x546/0x6a0
[  377.161087][ T8522]        bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
[  377.167062][ T8522]        bpf_trace_run2+0x2ee/0x540
[  377.172267][ T8522]        enqueue_timer+0x3ce/0x570
[  377.177381][ T8522]        __mod_timer+0xa0e/0xeb0
[  377.182312][ T8522]        sk_reset_timer+0x23/0xc0
[  377.187339][ T8522]        tipc_sk_finish_conn+0x16b/0x820
[  377.192974][ T8522]        tipc_socketpair+0x25c/0x4b0
[  377.198261][ T8522]        __sys_socketpair+0x411/0x720
[  377.203645][ T8522]        __x64_sys_socketpair+0x9b/0xb0
[  377.209203][ T8522]        do_syscall_64+0xf3/0x230
[  377.214231][ T8522]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.220650][ T8522] 
[  377.220650][ T8522] other info that might help us debug this:
[  377.220650][ T8522] 
[  377.230870][ T8522]  Possible unsafe locking scenario:
[  377.230870][ T8522] 
[  377.238312][ T8522]        CPU0                    CPU1
[  377.243666][ T8522]        ----                    ----
[  377.249018][ T8522]   lock(&base->lock);
[  377.253091][ T8522]                                lock(krc.lock);
[  377.259419][ T8522]                                lock(&base->lock);
[  377.266009][ T8522]   lock(krc.lock);
[  377.269815][ T8522] 
[  377.269815][ T8522]  *** DEADLOCK ***
[  377.269815][ T8522] 
[  377.277949][ T8522] 2 locks held by syz-executor.0/8522:
[  377.283400][ T8522]  #0: ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[  377.292740][ T8522]  #1: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540
[  377.302177][ T8522] 
[  377.302177][ T8522] stack backtrace:
[  377.308052][ T8522] CPU: 0 PID: 8522 Comm: syz-executor.0 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0
[  377.318458][ T8522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  377.328508][ T8522] Call Trace:
[  377.331788][ T8522]  <TASK>
[  377.334714][ T8522]  dump_stack_lvl+0x241/0x360
[  377.339405][ T8522]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.344615][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.350255][ T8522]  ? print_circular_bug+0x130/0x1a0
[  377.355464][ T8522]  check_noncircular+0x36a/0x4a0
[  377.360413][ T8522]  ? __pfx_check_noncircular+0x10/0x10
[  377.365878][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.371519][ T8522]  ? lockdep_lock+0x123/0x2b0
[  377.376196][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.381837][ T8522]  ? mark_lock+0x9a/0x350
[  377.386172][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.391819][ T8522]  validate_chain+0x18e0/0x5900
[  377.396710][ T8522]  ? __pfx_validate_chain+0x10/0x10
[  377.401916][ T8522]  ? stack_depot_save_flags+0x6e4/0x830
[  377.407476][ T8522]  ? do_raw_spin_lock+0x14f/0x370
[  377.412510][ T8522]  ? __pfx_lock_release+0x10/0x10
[  377.417541][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.423177][ T8522]  ? do_raw_spin_unlock+0x13c/0x8b0
[  377.428390][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.434031][ T8522]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  377.439935][ T8522]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  377.446269][ T8522]  ? stack_trace_save+0x118/0x1d0
[  377.451295][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.456940][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.462582][ T8522]  ? mark_lock+0x9a/0x350
[  377.466917][ T8522]  __lock_acquire+0x1346/0x1fd0
[  377.471784][ T8522]  lock_acquire+0x1ed/0x550
[  377.476286][ T8522]  ? kvfree_call_rcu+0x18a/0x790
[  377.481234][ T8522]  ? __pfx_lock_acquire+0x10/0x10
[  377.486268][ T8522]  ? __phys_addr+0xba/0x170
[  377.490781][ T8522]  _raw_spin_lock+0x2e/0x40
[  377.495295][ T8522]  ? kvfree_call_rcu+0x18a/0x790
[  377.500236][ T8522]  kvfree_call_rcu+0x18a/0x790
[  377.505007][ T8522]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  377.510910][ T8522]  ? __pfx_kvfree_call_rcu+0x10/0x10
[  377.516206][ T8522]  ? longest_prefix_match+0x49f/0x650
[  377.521599][ T8522]  trie_delete_elem+0x546/0x6a0
[  377.526466][ T8522]  ? bpf_trace_run2+0x1fc/0x540
[  377.531327][ T8522]  bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
[  377.536786][ T8522]  bpf_trace_run2+0x2ee/0x540
[  377.541486][ T8522]  ? __pfx_bpf_trace_run2+0x10/0x10
[  377.546705][ T8522]  ? __pfx_debug_object_activate+0x10/0x10
[  377.552520][ T8522]  ? __lock_acquire+0x1346/0x1fd0
[  377.557546][ T8522]  enqueue_timer+0x3ce/0x570
[  377.562147][ T8522]  __mod_timer+0xa0e/0xeb0
[  377.566571][ T8522]  ? __pfx___mod_timer+0x10/0x10
[  377.571507][ T8522]  ? __pfx_lock_acquire+0x10/0x10
[  377.576534][ T8522]  ? net_generic+0x1f/0x240
[  377.581039][ T8522]  ? __pfx_lock_release+0x10/0x10
[  377.586078][ T8522]  sk_reset_timer+0x23/0xc0
[  377.590597][ T8522]  tipc_sk_finish_conn+0x16b/0x820
[  377.595717][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.601366][ T8522]  tipc_socketpair+0x25c/0x4b0
[  377.606140][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.611782][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.617425][ T8522]  __sys_socketpair+0x411/0x720
[  377.622291][ T8522]  ? __pfx___sys_socketpair+0x10/0x10
[  377.627709][ T8522]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  377.633699][ T8522]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  377.640032][ T8522]  ? do_syscall_64+0x100/0x230
[  377.644806][ T8522]  __x64_sys_socketpair+0x9b/0xb0
[  377.649846][ T8522]  do_syscall_64+0xf3/0x230
[  377.654360][ T8522]  ? srso_alias_return_thunk+0x5/0xfbef5
[  377.660007][ T8522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.665905][ T8522] RIP: 0033:0x7f8b08a7cea9
[  377.670316][ T8522] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  377.689927][ T8522] RSP: 002b:00007f8b098500c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  377.698346][ T8522] RAX: ffffffffffffffda RBX: 00007f8b08bb3f80 RCX: 00007f8b08a7cea9
[  377.706317][ T8522] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e
[  377.714284][ T8522] RBP: 00007f8b08aebff4 R08: 0000000000000000 R09: 0000000000000000
[  377.722250][ T8522] R10: 0000000020000940 R11: 0000000000000246 R12: 0000000000000000
2024/06/16 07:13:43 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  377.730214][ T8522] R13: 000000000000000b R14: 00007f8b08bb3f80 R15: 00007fff90f8e498
[  377.738195][ T8522]  </TASK>
[  377.821197][ T5123] Bluetooth: hci5: unexpected event for opcode 0x0c38
[  378.202487][ T1237] ieee802154 phy0 wpan0: encryption failed: -22
[  378.208856][ T1237] ieee802154 phy1 wpan1: encryption failed: -22