last executing test programs:

1m27.149634954s ago: executing program 0 (id=488):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000950000000000000072975d5224e57527a8db06ba0fa36c34170234118f4e31046fcd4fc8022614f1a3a7c888ceb114365a178a7906090abe93e927b12d1ce635854534bc043d5c3b305ca5a38e7fdfab22c90f21b65ea1e0cd7afce3e4098599a2265e1700f4915db3189884b5ec7e949783b22495bcc17929a9aa31b0250afb7ccf5d97a34fb9aaf655fd7afb033b9ca4ded45038d5348d922ac3500b475d43a5b97329de8b4bfe5744a8fa14080a46f5b57a15bd2af549ee63ac47ded93dd4bba64a7996e33c1356d3a3aa74c7899c9ebdfaecaa776216eae3605f9cecca1d8d234b66a262aa61791c0975702f2c4b8ac87da75808af0ec3bd4b9ddce694944c967cb2005a827f4c76a45e4960a2bad516960af6ee5a80145e1ecf3e739269f13c73b0d55fe2521d8834ae5a17f22b0a2178c03cefb15808db4d3997d693a3c6a14f8d742147cbb2fc49eb3deb9953d611cd83493697fcd391afdaed3e6a8a469153c6e866da74f785370b69f6596dcb41694fe802eaf0735a936a0501c83ec63ee5807eb67a9b4f284bf6635a4593f15f43339f"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

1m26.942264779s ago: executing program 0 (id=491):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000240)="03", 0x1, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r0}, &(0x7f00000005c0)=""/66, 0x42, &(0x7f0000000340)={&(0x7f0000000280)={'sha224-avx\x00'}})

1m26.799151532s ago: executing program 0 (id=493):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000fc4fbe)=""/80, 0x50)

1m26.674342504s ago: executing program 0 (id=495):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000000)={[{@inlinecrypt}, {@usrquota}, {@test_dummy_encryption_v1}, {@data_err_ignore}]}, 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x1304825, 0x0)
quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000440))

1m25.82779571s ago: executing program 0 (id=501):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x80601)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x9a89852df9061736, 0x0, 0x4, 0x2800000c, 0xfffffffd, 0x4, 0x101, 0x0, 0x7cce8c743ee810dd})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x0, 0x55a})

1m24.843039369s ago: executing program 0 (id=511):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f0000000080)={[{@barrier}, {@autodefrag}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x34, 0x74]}}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
syz_mount_image$msdos(&(0x7f0000003a40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000080)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

1m24.631976203s ago: executing program 32 (id=511):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f0000000080)={[{@barrier}, {@autodefrag}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x34, 0x74]}}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
syz_mount_image$msdos(&(0x7f0000003a40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000080)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

5.416639985s ago: executing program 2 (id=1188):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1800011, &(0x7f0000000080)={[{@nombcache}, {@sysvgroups}, {@norecovery}, {@noauto_da_alloc}, {@nombcache}]}, 0x28, 0x5fb, &(0x7f00000004c0)="$eJzs3c9vFFUcAPDvTH/Sqi3EqHiQJsZAorS0gCHGRLgTgj9uniotBFkooTVaJLEkeDExXjyYePIg/hdK4tWDVw9ePBkSYgwHMUTWzO5s2W53+3u7y+7nkwz73sx23pvSb9+b1/dmA+haY9k/acT+iLiaRIxUHeuN/OBY+X33/75xLtuSKBbf/SuJG58lS9XnSvLX4fyL/xuJ5Nc0Yl/P6nLnF69fmi4UZq/l+YmFy1cn5hevH754efrC7IXZK1OvT504fuz4ickj27q+6qJP3/rw45Evzrz//bcPk8kffj+TxMl4lL8hu67arx3YVsnZ92wsimUPqvdn39cT2zx3u/hnpPJz8lhSu4O2dT7/eXwmIp6Pkeip+t8cic/fbmnlgKYqJlFpo4Cuk2wp/gd3viLALqv0Ayr39vXug1dLm9wrAXbDvVPlAYBy7PdFRCX+e8tjgzEY2d6h+8mKcZ4kIrY3MleWlfHLz2duZVs0GIcDmmPpZmWUu7b9T0qxORqDpdzQ/XRF/KdVW7b/nS2WP1aTF/+we5ZuRsQLefvfH5uK/7Gq+P9gi+WLfwAAAAAAANg5d05FxGv15v+ly/N/+uvM/xmOiJM7UP76f/9L7+aJZAeKA6rcOxXxZt35v8tzfEd78tzTpfkAfcn5i4XZI/mawUPRN5Dla5f4plWvh7/c902j8qvn/2VbVn5lLmB+hru9NQtxZ6YXpnfi2qHb3bsZ8WJp/u+BfM/K+T9Z+5/Uaf+zuL66wTL2vXL7bKNj68c/0CzF7yIO1m3/H3e3k7WfzzFR6g9MVHoFq7306Vc/Nipf/EPrZO3/0NrxP5BUP69nfnPn74+Io4u9xUbHt9r/70/e66mcP/PJ9MLCtcmI/uT06v1Tm6szdKpKPFTiJYv/Qy+vPf633P+visM9EbG0wTKfezT8R6Nj2n9onSz+Z9Zu/0dXtv+bT0zdHv2pUflnN9T+Hyu16YfyPcb/oNrq53FsNEBbUl0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeMKlEfFUJOn4cjpNx8cjhiPi2RhKC3PzC6+en/voykx2rPT5/2nlk35Hyvkky0+W0o/zUzX5oxGxNyK+7tlTyo+fmyvMtPriAQAAAAAAAAAAAAAAAAAAoE0Ml9b8Fwdq1/9n/uxpde2ApuvNX8U7dJ/edd/xsFhWu7840Kw6Abtj/fgHOtXG47+vqfUAdl/j+H/wsH6/H+gU+v/QvbYY//5cAB1A+w/daoNjeoPNrgfQCtp/AAAAAADoKHsP3PktiYilN/aUtkx/fsxkf+hsaasrALSMObzQvXrnWl0DoFXc4wPJcurfuov9G8/+T5pTIQAAAAAAAAAAAABglYP7rf+HbrX2+n9z+6GTrbH+v17we1wAdJDGH/2h7YdO5x4fWK+1t/4fAAAAAAAAAAAAANrA4PVL04XC7LX5xScv8VZ7VGNziaXptqjGjiYeNefMfRHRHhe424nKIzhaWI0W/14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACW/R8AAP//nqEvTw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x85)

4.778333097s ago: executing program 2 (id=1197):
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file1\x00', 0xa0c416, &(0x7f0000000240)=ANY=[@ANYBLOB="646f747300000000732c646d6173a594e5e0d4ee303030303032fd33a1ddfe6717c3d234e02f30303030302c6e6f646f74732cb7f973636172642c6e66733d6e6f73", @ANYRES32, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ffffffff3030303030313737373737373737f9909fdfd4291a9ccfbbdb0556c0f39fdb37372c004c0f1208ec0c34b7df4ba1b5e6b76697434de7574db9bcaef6a61212c3f260bebc7ac5b1b113e1119b83f1cf9f686b3dc422c2ddbcefe94e5c255b5e8c90613e6b598b3b7a2c05de53dab7acab1c2e7b6a547f8120c12a14b06fb302b8adb87fa67ab868940868fee39f0796736ccd4adf62186a216263c1322da47b156791f49bf9e904cf364616ba0d1bf1348f2e7305e9f22d6495da942b5034e13663b99da29b77f44729d2d624e275c0a7bd51391746002809f9ccbc48c93edf96a9ac580d0821f5c4caa4780ac2b7947ff520b17e3de63455fc5162ed9dd00f909ec0444b769ae353ef7f79bd4ad30ac1bf3def59632a6a7f6a069774c022bb68bb06c4204677147fda0e2825b3b223782ddc9a5762d74f50933517388aa6508249ce", @ANYRES16=0x0, @ANYRESHEX], 0x5, 0x29d, &(0x7f0000000740)="$eJzs3E9P03AYwPFnHWwDw5+TiV58ohe9NDiP6mEaSIxLNIMl6sGkhKJ1cyNto5sxsWdPvA7izaOJ8Q3wLrwRE8OJkzVspZQxQMZgOL6fhPRpn98PnrYpeX6QbuPZ6tvKsmcuW74YORVDJJAtkWlxZEcq2mZacSY+LvfzEsitmXebn+efv3hcKBZnS6pzhYU7eVWdvPb9/ccv13/4l958FcnK+vTLjd/5n+uX169s/Fl47XjqZKRW99XSxXrdtxarti45XsVUfVq1Lc9Wp+bZ7p78crW+stJUq7Y0Mb7i2p6nVq2phjTVr2suqqqmpmnqxPh2nJMLJHPsGeW1UskqnEoxODdct2ClRWRs39NQXhtMRQAAYJAO7v+NeMxO/2909v8iR/T/n6JRk9+69v+e9t7/pyXu/yt2q//33aZarywn2f/jUL31/8bpFIOTSAWJnQd7Uq5bGOs+if4fAAAAAAAAAAAAAAAAAAAAAID/wVYYToVhOLW9NUQkjPazIpJO7HeZeqHerR9WyfsfJr6y0Q0+5P5jCCRe3MuJ/Aoa5UY51dq283OPirMz2pJ48W+z0Sin4/ztdl735kdlPMrnu+YzcvNGO7+de/ikmMyvNspjsnRo5UG/LgEAAAAAAEPP1Nh0fDAn8freNDUrnfnW+r0dBbt/H+hY34/I1ZGzOw8AAAAAAHAwr/mhYlWrtns2QfoMf1bPgUhv0++G2b6UkRaRI8aU5kUGf6H2BVk5F2UMOjBO8bG617dvGKZE2kdGo18GHU8BAAAAgOGyux44/lz+vQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH+c7HPO/m3woM8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/+BgAA//894bte")
creat(&(0x7f00000001c0)='./file2\x00', 0x124)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)

4.381838205s ago: executing program 2 (id=1200):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000080)='./file1\x00', 0x8c0, &(0x7f00000001c0)={[{@user_xattr}, {@dir_resv_level}, {@coherency_full}, {@resv_level={'resv_level', 0x3d, 0x2}}, {@nouser_xattr}, {@localflocks}, {@heartbeat_none}, {@commit={'commit', 0x3d, 0x7ff}}]}, 0xc, 0x442b, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzsLOwIaVsGDr53NgmOf38p159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4n2zb/6H965/2dOI6Oehr75/s6vmL7944E8L3sz8+WV9fXw9V3SERhWZDTb//9uu9meZjQxzSqu2GjvoghHByy7iqukII739X/xTnkrTR5NgbQjiWfMIb9z67mduj0Tx8XDybfzp1f2349OTqg7XWnz0K4avS/167Pf/zi13DP72yR90DAAAAAAAAAAAAAAAAAPCMG7929fo7g0PhURS6V6Ot7+uOJ8dW78eu75kXOv9hAQAAAAAAAAAAAAAAAAAA4G9q8/3/XHRim/f/x5LjSIv66291fox0zsTbV8cuDA4l+79HW/JfT5J+OdcV+rfZ9z27//u5TP3t93/f2s9uNcbX6LcvRPFA6jyOBwZC+CbZ+P1UdCQulZcqr94qLy/M7tkwnlnp+Nd3709FJ9nQv934j2ba7/z+///dcjVVz2/u3SX2XEvHv6tluW8/jdqK//lMvf2IP7uXjn93La23ucBIfQKoxv/z7p3jP5Zpv1PxPx5CyEXVseZSM0B1DVNNb7VeIS0d/0O1tNTUmfwhW93/v2fifyHT/kHN/yvZLyK2lY7/v2ppPakSm/d/f7zz/X8x0/5BxL86/hXf/21Jx/9wPbE7VaT2l2x3/h/PtN+p+F+Pk3Eej1JXwGpUT2/1/+pIS8e/Z0v+5vNf3Nb671Km/n49/zX6bTz/Nab/l6P68x/bS8e/t2W5du//iUy9Ts//I7X1H7uVjv+RWlp67dxX+9lu/Ccz7Xcq/rVVSU8j/pvzyR+H6+lfW/+1JR3/f9cT4+YSK7WftfVftPP6/3Km/YNY/1XHvxJ3ttfnRXP8u8LRluWq8f+hje//K5l6nY9/CIPW+ruWvv+PtSxXu/97do7/VKZep+P/UicbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgGjCbHvhDFA6nzOB4YCOF8cn4qHImmC7P56VJ55qOlEMaS9Fw4Ed0ulacLpfzcQnm2mC+USuWZEC4k+SdDT7RUKlfy84W7Fzfa6o3uFAuLlelioRJCGE/S/x+ONdqanqvMF+6GEC5t5P0nLi/evVNYyM/OLb45ODg4GCY2xtAfFT+pFBcq9d7ruSFMbtTti5oGV8u+vDGWo9GH5eXFhUKpln6lqU6pPFMoNdWZSvK+CP1RZXF5YaZQKeZL5duN/g7SSHIcm7j23rUrQ1vyb0b14+j+DgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv+jR8BtfhhC662dxCGGk8Uu0XfmHj4tn80+n7q8Nn55cfbD2pFU5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwi4dozQQRGEAfjMWaucxrJbdznZFES1cETyBHsPD6FG8hHdIkSJtihBIZiFsdmGbpPq+5sH8zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJjn6b37eKubiBRXm8uIv6//xWH+UurP/fj9izPMyOk8v3YPj3VT/j0d5XflaNnmXbpefX/GSO39DvZkuE97fZ/rybmm9m1qvr7vTaRcRURb8tuUc1XNewsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W0fRtwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA//+Elx0W")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x10)

4.212357908s ago: executing program 4 (id=1203):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = fsopen(&(0x7f0000000000)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='/dev/null\x00', &(0x7f0000000080)='/dev/null\x00', 0x0)
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000280)=""/144, 0x28}], 0x300)

4.11701779s ago: executing program 4 (id=1204):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000000000000000001d01000015000300040000b702"], 0x2c}, 0x1, 0x0, 0x0, 0x44810}, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x4})
r0 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl(r0, 0x8b32, &(0x7f0000000040))

3.851181315s ago: executing program 4 (id=1206):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x0, @private0={0xfc, 0x0, '\x00', 0x4}}]}, &(0x7f00000002c0)=0x10)
getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4060, &(0x7f00000010c0)=0xfdc)

3.651187219s ago: executing program 4 (id=1209):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88)
recvmmsg(r0, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000240)=""/170, 0xaa}], 0x1}, 0x1}], 0x1, 0x40000041, 0x0)

3.039086171s ago: executing program 4 (id=1213):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000002000000000800040001000000", 0x24)
syz_genetlink_get_family_id$team(&(0x7f0000000280), r0)

3.034489451s ago: executing program 2 (id=1214):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f0000000240)=[@in={0x2, 0x4e23, @rand_addr=0x64010101}]}, &(0x7f0000000280)=0x10)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r1, 0x7}, 0x8)

2.962889783s ago: executing program 4 (id=1215):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xa, 0x86, 0xf3, 0x40, 0x1110, 0x9024, 0xdb24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xe9, 0x50, 0x9, [{{0x9, 0x4, 0x62, 0x4, 0x0, 0x6f, 0x6f, 0x49, 0x5}}]}}]}}, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2.56383453s ago: executing program 2 (id=1217):
r0 = syz_mount_image$btrfs(&(0x7f00000004c0), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001e00)={[{@clear_cache}, {@user_subvol_rm}, {@nodiscard}, {@noautodefrag}, {@autodefrag}, {@autodefrag}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x37, 0x38, 0x36, 0x32, 0x2d, 0x78, 0x2d, 0x2d, 0x32, 0x78]}}, {@space_cache}]}, 0x0, 0x559e, &(0x7f00000103c0)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000580)={0x1})
chdir(&(0x7f0000000240)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x189300, 0x12)

2.139142628s ago: executing program 1 (id=1223):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000003e00)={0x0, 0x0, '\x00', @bt={0x7, 0xde11, 0x1732, 0x1, 0x10000, 0x0, 0x4, 0x8}})

2.0780898s ago: executing program 1 (id=1224):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x28}}, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")
r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40186e8d, &(0x7f0000000040)={0x3f, 0x42c0000000003f, 0x400, 0x200000003, 0x6, 0x3, 0x2401})

1.147710138s ago: executing program 3 (id=1229):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0xffffec77, @my=0x1}, 0x10)

1.05070374s ago: executing program 3 (id=1230):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800000000000000000c00000008000300", @ANYRES32=r2, @ANYBLOB="0a00060008021100000100003000508011000a004abee339084eeef16f162471f40000000800070000000000050002"], 0x58}}, 0x800)

1.04984785s ago: executing program 1 (id=1231):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0x8f9, 0x0, 0xffffffffffffff00}]})

824.890374ms ago: executing program 3 (id=1232):
socket$inet(0x2b, 0x801, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x3087, 0x10, 0x100004, 0x219}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

821.986914ms ago: executing program 5 (id=1242):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x28, 0x0, 0x0, 0xffffefff}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
sendto$inet6(r0, &(0x7f0000000100)="c10e000018001f06b9409b0dffff110d0207be040205060506100a044300040018000000fac8388827a685a168d9a44604094565360c648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902fc3a10004a320c0400160012000a00000000000000000000080756ede4ccbe5880", 0xec1, 0x0, 0x0, 0x9e5e111c47e3504f)

680.073047ms ago: executing program 3 (id=1233):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x8090)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000800)=ANY=[@ANYBLOB="84010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000fffe00080009000000000008000a000000000008000a000000000008000a000000000008000900000000000800097c86b722735035dc0067f6b13308000a000000000008000a000000000008000900975b9b5e04"], 0x184}}, 0x0)

654.319147ms ago: executing program 1 (id=1234):
io_setup(0x23, &(0x7f0000000140)=<r0=>0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
io_submit(r0, 0x1, &(0x7f0000000700)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x2, r1, 0x0}])
ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0)

504.21243ms ago: executing program 5 (id=1235):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002300)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000002340)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001", @ANYRES32, @ANYRESOCT, @ANYRES32, @ANYBLOB="7209809582b5febb95ae6ed95edf75fa964c38c4d97a6d3ee2c62d62eae173e17d26b3", @ANYRESHEX, @ANYBLOB="64b36d46e5782553031ec6cc7e7cd0de411bb6b3fdfbfab8ca3e0d5814a9399e485888fd1e1d77f258d54f3fa3c60b01e0f089c6421af0300e52c1d359", @ANYRESHEX, @ANYBLOB="e400249cdf724d95123c4c4bd37b114f5590906a16fb6ee60343d61af3c4a89c819bc0f6ad4f8356faa0c8977a793fa17bec1af9f5845653a47bda7e477506764a8b39b5c80c3b903522f089836ee7f3cecde9b890185202e7614b89746df17f1ebad64c14b6722f62ea8aa2110dd751d0290d227eb1012c1b57498b6f8c4ed4a9f5ccd2e341eec96ce750cbf54fc7db066793b0507d8ab84ee3936355c7b1747de49eab9430ac2880bbf7c0692b117588bd9b33347377662aed4b04e1b8a39e99291fcc8f9c51ef47dfef9cd7425d0ffdb904e222d6eebd4be7562832ea12f8af3a22a5660bb5f84d7c9c9285eee0649840debe63faf6d81a41ab610d88e05ff3ac7d99cc92ada4e1391d97eef7384305483888113c3350d3acefaa2f1e7e2d893fa00de456b5e7f0c5f3c681732ecb84b69d190e4860c8ecb9b103a7f15c0fafdf37e013dcf4d8ca054144b1bfe63daceb92f0d2ff534c1246928afa3b3530d2718c4644075584a40971ad377c9f5f2462ffadf157c09fe81123699b5377ef0c9136718a390cc9901c178ae04732de4253a25128c39b43a8a4cdd3371ae7721579711346d3338973e491013cb4a6276f1330d66f6eaa196763822422540c855605e44f3a4b2c9002e357e1efddc9baf2f4f31ebb1592b59ffb1db2a888f5d673b0264ac79bfb42c06aad22a6afbaf13acaf1d6a261066dc28c89f4a62f287eadf0c9dbdc8071e831ef91ea04d394e13fe33544dbe782deb333fbf0f09a51941b2e32014614d12054ab7d1d305565b0899bef09520b4c8df7fefabb3c155e5dc9f8ee94001595153936d03a787e3cd6eb0942878c21e20ea1994847b5487bcb3dd1887262209466885f9266060c8b8bc063dca342b2ee58c87a246471e01821fbe558adfc74aebb40b1a99ee3dbf5f3db278a2bf5e18db1446a9b5effe6bd7c697c086b5d6354d065982e51411e0db63fff31012c98d61aeabf6d056f2e33c5e14560458de19d0d03f1059332f9a5dcae642862003b7748e74c6ec66e3eb172b0bec6d65faadeff9df0c613027063fb3d066177c752534a2554ce03ea572337d5d87585064f898628ba4cf31fb8a5b13c4823fd4e54e79bd67cf472a3a8722d0b5fafc5e02dd6cabda2d0d3334ea94e4d1f1054d735d11d08aad3af08434e15eaab40561507049909939080aa1c7af69ea7b6518ef6eeaf57e598dec359dd2f8268a30e1a39c6c348bf30363fed8b8113755a9aaf967068137809c185853a15ca6171c0f9f799de1dbc41a6d7a0ab9dd798fe67f55d3c9a74f2b4518f40eba4d212079d07e9b958b685af4c1ee6236a68fc6dda6ab1b06617f823298d774ee028cc457509811d7a245c6ca5820f8d5827e1f2529c4e81861f275ba1e7aae9b16de5d5b29c0d040865fed64e0ea01cf4c65210ef9afaed86a36bc3fd2deae27974af1aa74bfbdcc72eb6560bb7917e"], 0x6f4}, 0x1, 0x0, 0x0, 0x10}, 0x20040080)

455.182171ms ago: executing program 5 (id=1236):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000040)="05000000010003", 0x7)
close(0xffffffffffffffff)

424.837262ms ago: executing program 1 (id=1237):
r0 = socket(0x10, 0x803, 0x0)
setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000040)=0x3, 0x4)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0), 0x41, 0x2, 0x0)

422.206272ms ago: executing program 2 (id=1248):
process_madvise(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000240)="d3", 0x1}], 0x1, 0xb, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f0000000240))

371.627643ms ago: executing program 5 (id=1238):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_TTL={0x5, 0x6, 0x5}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5}]}]}, 0x30}}, 0x0)

340.443434ms ago: executing program 3 (id=1239):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fcdbdf251200000008000300", @ANYRES32=r1, @ANYBLOB="0a000600180211000001000014001180040007"], 0x3c}, 0x1, 0x0, 0x0, 0x400c0}, 0x4)

186.816186ms ago: executing program 5 (id=1240):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000200)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x44, r1, 0x1, 0x70bd27, 0x2, {}, [@NL802154_ATTR_SEC_DEVKEY={0x28, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x8000000)

186.717786ms ago: executing program 1 (id=1241):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000000a80)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e0500001e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba0", @ANYRES16], 0x1, 0x11dc, &(0x7f0000001280)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eexBHTNR2l3hYdDewfD6X/OD3vuQ9BgbeMG/23/jq40Gvynr5NNbOnIm1cUR6kCLFWvzt83j19R9/euHWnbs32p3O9s2Urrdvt15LKW28+P17n37z0g/Ti+9+u/Hd+djbfH//161f9i7vXdn//fZH/Sr1qzQcTVOe7o1G0/xeWaSdfjXIUnqnLPKqSP1hVUwO9HvlaDyepXy4s94YT4qqSvlwlgbFLE1HaTqZpfzDvD9MWZal9UbwX3S/flDXdURdPx7noq7r+oloxMV4MtZjI5qxGU/F0/FMXIpn43I8F8/HlfmoVc8bAAAAAAAAAAAAAAAAAAAAThfn/wEAAAAAAAAAAAAAAAAAAGD1bt25e6Pd6WzfTOlCRPnlbne3u/hd9Nu96EcZRVyLZvwW89P/C4v6+lud7WtpbjO+KO//lb+/233sYL41/5zA0nxrkU8H8+ej8Wh+K5pxaXl+a2n+Qrzy8iP5LJrx8wcxijJ24s/sw/xnrZTefLtzKH91Pg4AAABOgyz9Y+n+Pcv+rb/IH+H5wKH99dm4ena1ayeimn0yyMuymBxbcS6O/S8UCsX/XKz6zsRJeHjRVz0TAAAAAAAAAAAAjuIkXidc9RoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2IFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBVAAAA//8xgdSv")
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x88000, 0x54)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000000)={0x5, 0x5571, 0x4})

4.15621ms ago: executing program 5 (id=1243):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

0s ago: executing program 3 (id=1254):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000002000010027bd7000000000000a002040000000070000000014000200fe88000000000000000000000000010108000d"], 0x40}, 0x1, 0x0, 0x0, 0x24048844}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)

kernel console output (not intermixed with test programs):

apacity change from 0 to 256
[  135.855375][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  135.888376][ T5698] 8021q: adding VLAN 0 to HW filter on device team0
[  135.897831][ T5774] usb 2-1: USB disconnect, device number 6
[  135.959399][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  136.010930][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  136.065666][ T4308] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.073708][ T4308] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.160437][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  136.186055][    T7] Bluetooth: hci1: command 0x0419 tx timeout
[  136.219957][ T4774] udevd[4774]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  136.240504][ T5946] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[  136.300353][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  136.325839][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  136.364730][ T4206] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.372236][ T4206] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.442722][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  136.502759][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  136.521616][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  136.581071][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  136.610706][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  136.692799][ T5963] capability: warning: `syz.4.589' uses 32-bit capabilities (legacy support in use)
[  136.699974][ T5698] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  136.778790][ T5698] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  136.841214][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  136.871427][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  136.905139][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  136.976816][ T5971] trusted_key: encrypted_key: keyword 'updat' not recognized
[  136.979026][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  137.027265][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  137.062677][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  137.084438][ T4497] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  137.129441][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  137.384107][ T5984] device bridge0 entered promiscuous mode
[  137.414512][ T5984] device macvlan2 entered promiscuous mode
[  137.470253][ T4497] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  137.524300][ T4497] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  137.603848][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  137.628056][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  137.630230][ T4497] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  137.662401][ T5698] 8021q: adding VLAN 0 to HW filter on device batadv0
[  137.687935][ T4497] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  137.727656][ T4497] usb 4-1: SerialNumber: syz
[  137.760929][ T6000] input: syz0 as /devices/virtual/input/input10
[  137.814585][ T5776] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[  138.037350][ T4497] usb 4-1: 0:2 : does not exist
[  138.125775][ T4497] usb 4-1: USB disconnect, device number 3
[  138.204523][ T5776] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  138.234481][ T5776] usb 5-1: config 0 has no interface number 0
[  138.240793][ T5776] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  138.289872][ T5776] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  138.352402][ T5776] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.406432][ T5776] usb 5-1: config 0 descriptor??
[  138.448185][ T5776] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  138.470436][ T4774] udevd[4774]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  138.604637][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  138.614115][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  138.641046][ T6030] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  138.669627][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  138.690050][ T4497] usb 5-1: USB disconnect, device number 6
[  138.709160][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  138.733858][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  138.758644][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  138.786781][ T5698] device veth0_vlan entered promiscuous mode
[  138.823263][ T5698] device veth1_vlan entered promiscuous mode
[  138.972630][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  138.985833][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  139.021727][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  139.061088][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  139.095043][ T5698] device veth0_macvtap entered promiscuous mode
[  139.112387][ T5698] device veth1_macvtap entered promiscuous mode
[  139.194430][ T5698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.195075][ T6047] ALSA: mixer_oss: invalid OSS volume 'LIøÄ'
[  139.240165][ T5698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.284417][ T5776] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  139.294471][ T5698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.335119][ T5698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.410347][ T5698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.460487][ T5698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.495020][ T5698] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.505438][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  139.541863][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  139.565424][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  139.596023][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  139.648908][ T5698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.664560][ T5776] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  139.677104][ T5698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.704415][ T5776] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 247, changing to 7
[  139.716385][ T5698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.731549][ T6034] loop3: detected capacity change from 0 to 32768
[  139.744324][ T5776] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 42566, setting to 1024
[  139.795280][ T5698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.826746][ T5698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.905009][ T5698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.954583][ T5698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  139.976611][ T5776] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  139.996297][ T5776] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.010053][ T5698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.016593][ T5776] usb 2-1: Product: syz
[  140.047042][ T5776] usb 2-1: Manufacturer: syz
[  140.052225][ T5698] batman_adv: batadv0: Interface activated: batadv_slave_1
[  140.077025][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  140.084325][ T5776] usb 2-1: SerialNumber: syz
[  140.097078][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  140.134093][ T5776] usb 2-1: config 0 descriptor??
[  140.139061][ T5698] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.164779][ T5698] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.205960][ T5698] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.219665][ T5776] usb 2-1: 0:0 : invalid sync pipe. bmAttributes d1, bLength 9, bSynchAddress 97
[  140.244442][ T5698] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.439297][ T6050] loop4: detected capacity change from 0 to 32768
[  140.525262][ T6050] XFS: ikeep mount option is deprecated.
[  140.571041][ T6054] loop2: detected capacity change from 0 to 32768
[  140.573961][ T5775] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.618052][ T5775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.651677][ T1111] usb 2-1: USB disconnect, device number 7
[  140.698885][ T6050] XFS (loop4): Mounting V5 Filesystem
[  140.717640][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  140.767946][  T580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.793614][ T6054] XFS (loop2): Mounting V5 Filesystem
[  140.814464][ T5163] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  140.842011][  T580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.925029][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  140.966491][ T4458] udevd[4458]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  140.999740][ T6050] XFS (loop4): Ending clean mount
[  141.016519][ T6050] XFS (loop4): Quotacheck needed: Please wait.
[  141.054406][ T5163] usb 4-1: Using ep0 maxpacket: 16
[  141.097606][ T6054] XFS (loop2): Ending clean mount
[  141.166043][ T6050] XFS (loop4): Quotacheck: Done.
[  141.174889][ T5163] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  141.218263][ T6050] XFS (loop4): User initiated shutdown received.
[  141.255030][ T6050] XFS (loop4): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:491).  Shutting down filesystem.
[  141.255173][ T6091] netlink: 28 bytes leftover after parsing attributes in process `syz.5.513'.
[  141.320655][ T6050] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  141.365857][ T4189] XFS (loop2): Unmounting Filesystem
[  141.394636][ T5163] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  141.428388][ T5163] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.474466][ T5163] usb 4-1: Product: syz
[  141.494477][ T5163] usb 4-1: Manufacturer: syz
[  141.499913][ T5163] usb 4-1: SerialNumber: syz
[  141.511016][ T4193] XFS (loop4): Unmounting Filesystem
[  141.541004][ T5163] usb 4-1: config 0 descriptor??
[  141.597277][ T5163] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  141.658149][ T5163] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  142.234995][ T5163] em28xx 4-1:0.0: chip ID is em2874
[  142.554437][ T5776] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  142.623629][ T5163] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  142.671747][ T5163] em28xx 4-1:0.0: board has no eeprom
[  142.854678][ T5163] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  142.868874][ T5163] em28xx 4-1:0.0: dvb set to bulk mode.
[  142.912744][ T5163] usb 4-1: USB disconnect, device number 4
[  142.966869][ T5163] em28xx 4-1:0.0: Disconnecting em28xx
[  142.991811][ T5774] em28xx 4-1:0.0: Binding DVB extension
[  143.114546][ T5776] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  143.136987][ T5774] em28xx 4-1:0.0: Registering input extension
[  143.159764][ T5776] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.219550][ T5776] usb 2-1: Product: syz
[  143.229086][ T6151] loop4: detected capacity change from 0 to 4096
[  143.234313][ T5776] usb 2-1: Manufacturer: syz
[  143.272389][ T5776] usb 2-1: SerialNumber: syz
[  143.302162][ T5776] usb 2-1: config 0 descriptor??
[  143.385227][ T5774] rc_core: IR keymap rc-pinnacle-pctv-hd not found
[  143.395307][ T5774] Registered IR keymap rc-empty
[  143.406409][ T5776] gspca_main: sq930x-2.14.0 probing 2770:930c
[  143.420830][ T5774] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  143.434024][ T5774] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input11
[  143.455026][ T6151] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  143.472372][ T5774] em28xx 4-1:0.0: Input extension successfully initialized
[  143.481474][ T5163] em28xx 4-1:0.0: Closing input extension
[  143.499438][ T6172] input: syz0 as /devices/virtual/input/input12
[  143.862603][ T5163] em28xx 4-1:0.0: Freeing device
[  144.224643][ T5776] gspca_sq930x: ucbus_write failed -71
[  144.419106][ T6192] netlink: 20 bytes leftover after parsing attributes in process `syz.5.644'.
[  144.464499][ T5776] gspca_sq930x: Sensor ov9630 not yet treated
[  144.470824][ T5776] sq930x: probe of 2-1:0.0 failed with error -22
[  144.512966][ T5776] usb 2-1: USB disconnect, device number 8
[  144.564882][ T6177] loop2: detected capacity change from 0 to 32768
[  144.598737][ T6197] tap0: tun_chr_ioctl cmd 35108
[  144.627752][ T6177] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.643 (6177)
[  144.691218][ T6177] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  144.732009][ T6177] BTRFS info (device loop2): setting nodatacow, compression disabled
[  144.814215][ T6177] BTRFS info (device loop2): force clearing of disk cache
[  144.853214][ T6177] BTRFS info (device loop2): setting datacow
[  144.870107][ T6177] BTRFS info (device loop2): disabling free space tree
[  144.904065][ T6177] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  144.948781][ T6180] loop4: detected capacity change from 0 to 40427
[  144.971166][ T6177] BTRFS info (device loop2): use zstd compression, level 3
[  145.009382][ T6177] BTRFS info (device loop2): has skinny extents
[  145.114658][ T6180] F2FS-fs (loop4): Small segment_count (9 < 1 * 24)
[  145.163989][ T6180] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  145.233473][ T6180] F2FS-fs (loop4): Found nat_bits in checkpoint
[  145.401151][ T6180] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  145.452087][ T6177] BTRFS info (device loop2): clearing free space tree
[  145.477992][ T6177] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  145.494448][ T6180] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  145.524539][ T6177] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  145.922775][ T6199] loop5: detected capacity change from 0 to 32768
[  146.217742][    T7] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  146.343007][ T6210] loop1: detected capacity change from 0 to 40427
[  146.430641][ T6265] loop4: detected capacity change from 0 to 1024
[  146.537573][ T6210] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff
[  146.596013][ T6210] F2FS-fs (loop1): invalid crc value
[  146.631428][ T6267] syz.2.661 (6267): /proc/6266/oom_adj is deprecated, please use /proc/6266/oom_score_adj instead.
[  146.653583][ T6210] F2FS-fs (loop1): Found nat_bits in checkpoint
[  146.675314][    T7] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  146.714335][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.764952][    T7] usb 4-1: config 0 descriptor??
[  146.835018][ T6199] XFS (loop5): Mounting V5 Filesystem
[  146.847580][    T7] gspca_main: cpia1-2.14.0 probing 0813:0001
[  146.924633][ T6210] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  147.051437][ T6279] loop4: detected capacity change from 0 to 128
[  147.057006][ T6277] loop2: detected capacity change from 0 to 1024
[  147.098931][ T6199] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  147.150239][ T4181] attempt to access beyond end of device
[  147.150239][ T4181] loop1: rw=2049, want=45104, limit=40427
[  147.157746][ T6199] XFS (loop5): Starting recovery (logdev: internal)
[  147.183481][ T6279] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  147.222678][ T6277] EXT4-fs (loop2): Ignoring removed nobh option
[  147.237574][ T6279] hpfs: filesystem error: improperly stopped
[  147.244495][ T6199] XFS (loop5): Ending recovery (logdev: internal)
[  147.261956][    T7] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[  147.291442][ T6277] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.663: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  147.293677][ T6279] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  147.376082][ T6279] hpfs: You really don't want any checks? You are crazy...
[  147.384097][ T6279] hpfs: hpfs_map_sector(): read error
[  147.488870][ T6279] hpfs: code page support is disabled
[  147.494867][ T6277] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.663: couldn't read orphan inode 11 (err -117)
[  147.521321][ T6279] hpfs: hpfs_map_4sectors(): unaligned read
[  147.533700][ T6277] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback.
[  147.566371][ T5698] XFS (loop5): Unmounting Filesystem
[  147.587487][ T6279] hpfs: hpfs_map_4sectors(): unaligned read
[  147.594140][ T6279] hpfs: filesystem error: unable to find root dir
[  147.713275][    T7] gspca_cpia1: usb_control_msg 02, error -71
[  147.735585][ T6277] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.663: Invalid block bitmap block 0 in block_group 0
[  147.754590][    T7] gspca_cpia1: usb_control_msg 05, error -71
[  147.771180][    T7] cpia1 4-1:0.0: unexpected systemstate: 00
[  147.797880][    T7] usb 4-1: USB disconnect, device number 5
[  147.834988][ T6277] Quota error (device loop2): write_blk: dquota write failed
[  147.844530][ T6277] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  147.894791][ T6277] EXT4-fs error (device loop2): ext4_acquire_dquot:6209: comm syz.2.663: Failed to acquire dquot type 0
[  148.051232][  T580] Quota error (device loop2): remove_tree: Getting block too big (0 >= 9)
[  148.073836][  T580] EXT4-fs error (device loop2): ext4_release_dquot:6245: comm kworker/u4:3: Failed to release dquot type 0
[  148.174624][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.472485][ T6302] loop4: detected capacity change from 0 to 2048
[  148.629913][ T6302] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  148.637852][ T5163] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  148.670463][ T6302] UDF-fs: Scanning with blocksize 512 failed
[  148.717091][ T6302] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  148.894474][ T5163] usb 3-1: Using ep0 maxpacket: 8
[  148.919234][ T6324] netlink: 48 bytes leftover after parsing attributes in process `syz.5.678'.
[  149.014599][ T5163] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  149.044443][ T5163] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.116446][ T5163] pvrusb2: Hardware description: Terratec Grabster AV400
[  149.123729][ T5163] pvrusb2: **********
[  149.144535][ T5163] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  149.189052][ T5163] pvrusb2: Important functionality might not be entirely working.
[  149.220767][ T5163] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  149.304774][ T5163] pvrusb2: **********
[  149.372209][ T2424] pvrusb2: Invalid write control endpoint
[  149.548923][ T6298] pvrusb2: Invalid write control endpoint
[  149.585660][ T2424] pvrusb2: Invalid write control endpoint
[  149.593168][ T2424] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  149.611336][    T7] usb 3-1: USB disconnect, device number 7
[  149.659799][ T2424] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  149.695878][ T2424] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  149.737569][ T2424] pvrusb2: Device being rendered inoperable
[  149.744020][ T6350] loop1: detected capacity change from 0 to 2048
[  149.763742][ T2424] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  149.792735][ T6348] loop3: detected capacity change from 0 to 4096
[  149.830215][ T2424] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  149.893364][ T6350] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  149.912240][ T2424] pvrusb2: Attached sub-driver cx25840
[  149.934350][ T2424] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  149.963881][ T6348] ntfs: volume version 3.1.
[  149.974464][ T2424] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  150.292442][ T6362] device bridge0 entered promiscuous mode
[  150.361313][ T6362] device macvlan2 entered promiscuous mode
[  150.419633][ T6362] bridge0: port 3(macvlan2) entered blocking state
[  150.443488][ T6362] bridge0: port 3(macvlan2) entered disabled state
[  150.462249][ T6336] loop4: detected capacity change from 0 to 32768
[  150.574706][ T6362] device bridge0 left promiscuous mode
[  150.662527][ T6370] loop1: detected capacity change from 0 to 2048
[  150.896751][ T6370] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  150.968354][ T6381] loop2: detected capacity change from 0 to 256
[  151.196799][ T6381] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  151.214306][ T5163] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  151.454423][ T5163] usb 4-1: Using ep0 maxpacket: 8
[  151.459300][ T6398] netlink: 28 bytes leftover after parsing attributes in process `syz.2.703'.
[  151.486840][ T6396] loop1: detected capacity change from 0 to 512
[  151.574929][ T5163] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  151.599275][ T6396] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  151.616400][ T5163] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  151.638296][ T6396] EXT4-fs (loop1): invalid journal inode
[  151.647024][ T6396] EXT4-fs (loop1): can't get journal size
[  151.734934][ T6396] EXT4-fs (loop1): 1 truncate cleaned up
[  151.747306][ T6396] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none.
[  151.748154][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.706'.
[  151.786457][ T5163] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  151.798548][ T5163] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.807843][ T5163] usb 4-1: Product: syz
[  151.812369][ T5163] usb 4-1: Manufacturer: syz
[  151.818198][ T5163] usb 4-1: SerialNumber: syz
[  151.826209][ T5163] usb 4-1: config 0 descriptor??
[  152.244608][ T5157] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  152.302799][ T5163] usb 4-1: USB disconnect, device number 6
[  152.532863][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.605212][ T5157] usb 3-1: config 0 has an invalid interface number: 199 but max is 1
[  152.634144][ T5157] usb 3-1: config 0 has no interface number 1
[  152.658292][ T5157] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  152.680002][ T5157] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  152.804604][ T5157] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  152.825035][ T5157] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  152.862527][ T5157] usb 3-1: SerialNumber: syz
[  152.882668][ T5157] usb 3-1: config 0 descriptor??
[  152.956457][ T5157] usb 3-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  152.994652][ T5157] usb 3-1: No valid video chain found.
[  153.116694][ T6448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'.
[  153.162032][ T5163] usb 3-1: USB disconnect, device number 8
[  153.213446][ T6448] netlink: 'syz.3.726': attribute type 2 has an invalid length.
[  153.242749][ T6360] syz.5.688 (6360): drop_caches: 1
[  153.317464][ T6454] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  153.344911][ T6357] syz.5.688 (6357): drop_caches: 1
[  153.769532][ T6479] loop1: detected capacity change from 0 to 8
[  154.525228][ T6505] loop1: detected capacity change from 0 to 256
[  154.611977][ T6505] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  154.799854][ T6515] loop5: detected capacity change from 0 to 2048
[  154.878428][ T6515] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  154.974214][   T26] audit: type=1800 audit(1757471874.516:18): pid=6515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.748" name="file1" dev="loop5" ino=1367 res=0 errno=0
[  155.963652][ T6526] loop1: detected capacity change from 0 to 32768
[  156.118077][ T6527] loop4: detected capacity change from 0 to 40427
[  156.139945][ T6526] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  156.202470][ T6527] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff
[  156.236221][ T6526] OCFS2: ERROR (device loop1): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = 
[  156.269746][ T6526] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  156.324766][ T6527] F2FS-fs (loop4): invalid crc value
[  156.328093][ T6526] OCFS2: File system is now read-only.
[  156.374400][ T6526] (syz.1.763,6526,0):ocfs2_find_entry_id:407 ERROR: status = -30
[  156.407104][ T6527] F2FS-fs (loop4): Found nat_bits in checkpoint
[  156.522177][ T6526] OCFS2: ERROR (device loop1): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = 
[  156.608559][ T6562] loop5: detected capacity change from 0 to 4096
[  156.631618][ T6526] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  156.679826][ T6527] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  156.681835][ T6526] (syz.1.763,6526,1):ocfs2_assign_bh:2414 ERROR: status = -30
[  156.711028][ T6526] (syz.1.763,6526,1):ocfs2_inode_lock_full_nested:2509 ERROR: status = -30
[  156.727600][ T6526] (syz.1.763,6526,1):ocfs2_mknod:272 ERROR: status = -30
[  156.736104][ T6526] (syz.1.763,6526,1):ocfs2_create:676 ERROR: status = -30
[  156.747417][ T6562] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  156.842929][ T4193] attempt to access beyond end of device
[  156.842929][ T4193] loop4: rw=2049, want=45104, limit=40427
[  156.855711][ T4181] ocfs2: Unmounting device (7,1) on (node local)
[  157.584982][ T6577] loop1: detected capacity change from 0 to 4096
[  157.748774][ T6585] loop5: detected capacity change from 0 to 4096
[  157.755101][ T6577] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  157.956847][ T6598] loop3: detected capacity change from 0 to 512
[  158.017046][ T6585] ntfs: (device loop5): parse_options(): NLS character set maccenteuroAdmask=0000000000004000 not found. Using previous one default.
[  158.095171][ T6585] ntfs: (device loop5): ntfs_mapping_pairs_decompress(): Corrupt attribute.  deltaxcn = 0x1, max_cluster = 0x0
[  158.133411][ T6598] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  158.184627][ T6585] ntfs: (device loop5): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute.
[  158.199342][ T6598] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002]
[  158.215350][ T6598] EXT4-fs (loop3): orphan cleanup on readonly fs
[  158.227542][ T6598] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.774: bad orphan inode 267
[  158.249608][ T6585] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  158.297285][ T6585] ntfs: (device loop5): ntfs_mapping_pairs_decompress(): Corrupt attribute.  deltaxcn = 0x1, max_cluster = 0x0
[  158.350935][ T6598] EXT4-fs (loop3): Remounting filesystem read-only
[  158.409009][ T6585] ntfs: (device loop5): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute.
[  158.451946][ T6598] EXT4-fs (loop3): mounted filesystem without journal. Opts: nojournal_checksum,noblock_validity,discard,errors=remount-ro,inode_readahead_blks=0x0000000001000000. Quota mode: none.
[  158.485430][ T6585] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  158.556069][ T6598] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.774: dx entry: limit 0 != root limit 125
[  158.574477][ T6585] ntfs: (device loop5): check_mft_mirror(): Failed to read $MFTMirr.
[  158.593145][ T6598] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.774: Corrupt directory, running e2fsck is recommended
[  158.607510][ T6585] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
[  158.644103][ T6580] loop2: detected capacity change from 0 to 32768
[  158.673078][ T6580] XFS: noikeep mount option is deprecated.
[  158.685885][ T6585] ntfs: volume version 3.1.
[  158.900703][ T6580] XFS (loop2): Mounting V5 Filesystem
[  159.000819][ T6580] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  159.084758][ T6580] XFS (loop2): Starting recovery (logdev: internal)
[  159.119650][ T6631] loop5: detected capacity change from 0 to 512
[  159.162392][ T6580] XFS (loop2): Ending recovery (logdev: internal)
[  159.197046][ T6631] EXT4-fs (loop5): Ignoring removed nobh option
[  159.261629][ T6631] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.778: iget: bad i_size value: 38620345925642
[  159.319528][ T6593] loop4: detected capacity change from 0 to 32768
[  159.327277][ T6631] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.778: couldn't read orphan inode 15 (err -117)
[  159.357755][ T6631] EXT4-fs (loop5): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback.
[  159.383145][ T4189] XFS (loop2): Unmounting Filesystem
[  159.411635][ T6593] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  159.434607][ T6593] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  159.492045][ T6635] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.778: bg 0: block 5: invalid block bitmap
[  159.542573][ T6635] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 240 with error 28
[  159.557798][ T6593] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  159.603320][ T5296] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  159.613959][ T6635] EXT4-fs (loop5): This should not happen!! Data will be lost
[  159.613959][ T6635] 
[  159.627442][ T5296] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  159.656942][ T6635] EXT4-fs (loop5): Total free blocks count 0
[  159.714379][ T6635] EXT4-fs (loop5): Free/Dirty block details
[  159.720537][ T6635] EXT4-fs (loop5): free_blocks=0
[  159.790409][ T6635] EXT4-fs (loop5): dirty_blocks=240
[  159.806171][ T5296] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 178ms
[  159.817872][ T6641] siw: device registration error -23
[  159.827105][ T6635] EXT4-fs (loop5): Block reservation details
[  159.846106][ T6635] EXT4-fs (loop5): i_reserved_data_blocks=240
[  159.856512][ T5296] gfs2: fsid=syz:syz.0: jid=0: Done
[  159.864135][ T6593] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  160.181043][ T6617] loop1: detected capacity change from 0 to 32768
[  160.219520][ T5296] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  160.394476][ T6617] JBD2: Ignoring recovery information on journal
[  160.594559][ T5296] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.605092][ T6617] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  160.622346][ T5296] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.694580][ T5296] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  160.737224][ T5296] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  160.765023][ T6617] OCFS2: ERROR (device loop1): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #17056 has bad parent pointer (312, expected 74)
[  160.793579][ T5296] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  160.823298][ T5296] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  160.850281][ T6617] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  160.908447][ T6664] siw: device registration error -23
[  160.923735][ T6617] OCFS2: File system is now read-only.
[  160.939958][ T6617] (syz.1.777,6617,1):_ocfs2_free_suballoc_bits:2479 ERROR: status = -30
[  160.949474][ T6648] loop5: detected capacity change from 0 to 40427
[  161.007894][ T6617] (syz.1.777,6617,0):ocfs2_remove_inode:699 ERROR: status = -30
[  161.024709][ T6617] (syz.1.777,6617,0):ocfs2_wipe_inode:821 ERROR: status = -30
[  161.034953][ T5296] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  161.049005][ T5296] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.057936][ T6617] (syz.1.777,6617,0):ocfs2_delete_inode:1082 ERROR: status = -30
[  161.066828][ T5296] usb 4-1: Product: syz
[  161.071298][ T5296] usb 4-1: Manufacturer: syz
[  161.084322][ T6648] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  161.102905][ T5296] usb 4-1: SerialNumber: syz
[  161.108367][ T6648] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  161.174898][ T6648] F2FS-fs (loop5): invalid crc value
[  161.227660][ T6648] F2FS-fs (loop5): Found nat_bits in checkpoint
[  161.389602][ T6648] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  161.404530][ T6648] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  161.404603][ T5296] cdc_ncm 4-1:1.0: bind() failure
[  161.471579][ T5296] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  161.517425][ T5296] cdc_ncm 4-1:1.1: bind() failure
[  161.547553][ T5296] usb 4-1: USB disconnect, device number 7
[  161.686251][ T4181] ocfs2: Unmounting device (7,1) on (node local)
[  161.813051][ T6698] loop2: detected capacity change from 0 to 1024
[  161.979737][ T6698] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  162.035706][ T6698] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.158846][ T6698] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #15: comm syz.2.794: lblock 0 mapped to illegal pblock 0 (length 1)
[  162.184737][ T6711] loop3: detected capacity change from 0 to 256
[  162.226307][ T6711] exfat: Deprecated parameter 'namecase'
[  162.232615][ T6698] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  162.280107][ T6711] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  162.293643][ T6698] EXT4-fs (loop2): This should not happen!! Data will be lost
[  162.293643][ T6698] 
[  162.631753][ T6732] netlink: 16 bytes leftover after parsing attributes in process `syz.4.804'.
[  162.718408][ T6732] device bond0 entered promiscuous mode
[  162.822738][ T6732] device bond_slave_0 entered promiscuous mode
[  162.834760][ T6746] netlink: 32 bytes leftover after parsing attributes in process `syz.3.808'.
[  162.852796][ T6732] device bond_slave_1 entered promiscuous mode
[  162.881166][ T6732] device bond0 left promiscuous mode
[  162.892156][ T6732] device bond_slave_0 left promiscuous mode
[  162.915891][ T6732] device bond_slave_1 left promiscuous mode
[  162.982952][ T6746] netlink: 16 bytes leftover after parsing attributes in process `syz.3.808'.
[  163.300217][ T6765] loop1: detected capacity change from 0 to 16
[  163.352561][ T6765] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  163.380070][ T6767] loop2: detected capacity change from 0 to 2048
[  163.410702][ T6765] cramfs: empty filesystem
[  163.469090][ T6767] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  163.552917][ T6782] netlink: 12 bytes leftover after parsing attributes in process `syz.4.825'.
[  163.612166][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  163.612184][   T26] audit: type=1800 audit(1757471883.156:19): pid=6767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.817" name="bus" dev="loop2" ino=18 res=0 errno=0
[  163.986781][ T6800] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  164.006195][    C0] vkms_vblank_simulate: vblank timer overrun
[  164.075920][ T6806] program syz.1.832 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  164.096373][ T6809] loop3: detected capacity change from 0 to 128
[  164.200444][ T6809] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  164.281093][ T6809] hpfs: filesystem error: improperly stopped
[  164.314447][ T6809] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  164.397031][ T6809] hpfs: You really don't want any checks? You are crazy...
[  164.448075][ T6809] hpfs: hpfs_map_sector(): read error
[  164.514428][ T6809] hpfs: code page support is disabled
[  164.571867][ T6809] hpfs: hpfs_map_4sectors(): unaligned read
[  164.647781][ T6809] hpfs: hpfs_map_4sectors(): unaligned read
[  164.696800][ T6809] hpfs: filesystem error: unable to find root dir
[  165.019075][ T6808] loop2: detected capacity change from 0 to 131072
[  165.110361][ T6808] F2FS-fs (loop2): Invalid log sectorsize (67108873)
[  165.117938][ T6808] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  165.146014][ T6808] F2FS-fs (loop2): invalid crc value
[  165.206356][ T6808] F2FS-fs (loop2): Found nat_bits in checkpoint
[  165.252708][ T6836] loop1: detected capacity change from 0 to 8192
[  165.266334][ T6808] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  165.273776][ T6808] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  165.280918][ T6846] loop5: detected capacity change from 0 to 736
[  165.345038][ T6854] loop3: detected capacity change from 0 to 2048
[  165.362333][ T6808] fscrypt (loop2, inode 8): Error -61 getting encryption context
[  165.377728][ T6836] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  165.419022][ T6836] REISERFS (device loop1): using ordered data mode
[  165.423637][ T6854] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  165.467925][ T6836] reiserfs: using flush barriers
[  165.494009][ T6846] rock: directory entry would overflow storage
[  165.507499][ T6836] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  165.525371][ T6846] rock: sig=0x3b10, size=4, remaining=3
[  165.533008][ T6836] REISERFS (device loop1): checking transaction log (loop1)
[  165.629421][ T6861] loop4: detected capacity change from 0 to 1024
[  165.640524][ T6836] REISERFS (device loop1): Using r5 hash to sort names
[  165.655899][ T6836] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  165.674511][ T6863] loop3: detected capacity change from 0 to 256
[  165.796672][   T26] audit: type=1800 audit(1757471885.346:20): pid=6861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.853" name="file1" dev="loop4" ino=20 res=0 errno=0
[  165.810500][ T6863] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d)
[  165.916774][ T6868] loop5: detected capacity change from 0 to 64
[  165.981179][ T6868] hfs: unable to locate alternate MDB
[  166.034405][ T6868] hfs: continuing without an alternate MDB
[  166.042305][ T4308] hfsplus: b-tree write err: -5, ino 4
[  166.339966][ T6873] netlink: 92 bytes leftover after parsing attributes in process `syz.4.857'.
[  166.677996][ T6885] loop1: detected capacity change from 0 to 2048
[  166.774304][ T6885] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  166.847988][ T6885] NILFS (loop1): mounting unchecked fs
[  166.865427][ T4774] udevd[4774]: incorrect nilfs2 checksum on /dev/loop1
[  166.922224][ T6885] NILFS (loop1): recovery complete
[  166.986617][ T6898] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  167.222162][ T6904] netlink: 7986 bytes leftover after parsing attributes in process `syz.1.870'.
[  167.302633][ T6907] loop5: detected capacity change from 0 to 128
[  167.429649][ T6916] loop3: detected capacity change from 0 to 512
[  167.453853][ T6907] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a80ec018, mo2=0002]
[  167.492854][ T6907] System zones: 1-3, 19-19, 35-36
[  167.539787][ T6907] EXT4-fs (loop5): mounted filesystem without journal. Opts: quota,debug,,errors=continue. Quota mode: writeback.
[  167.558633][ T6893] loop4: detected capacity change from 0 to 32768
[  167.596930][ T6907] ext4 filesystem being mounted at /51/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  167.633293][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.644695][ T4497] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  167.648693][ T6893] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.867 (6893)
[  167.690548][ T6916] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  167.723952][ T6907] EXT4-fs warning (device loop5): verify_group_input:147: Cannot add at group 25 (only 1 groups)
[  167.724191][ T6893] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  167.752283][ T6916] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  167.765147][ T6893] BTRFS info (device loop4): setting nodatacow, compression disabled
[  167.775705][ T6893] BTRFS info (device loop4): max_inline at 0
[  167.783387][ T6893] BTRFS info (device loop4): enabling disk space caching
[  167.791399][ T6893] BTRFS info (device loop4): turning off barriers
[  167.798354][ T6893] BTRFS info (device loop4): turning on flush-on-commit
[  167.808013][ T6893] BTRFS info (device loop4): doing ref verification
[  167.815546][ T6893] BTRFS info (device loop4): force clearing of disk cache
[  167.824926][ T6893] BTRFS info (device loop4): enabling ssd optimizations
[  167.832639][ T6893] BTRFS info (device loop4): max_inline at 4096
[  167.840819][ T6893] BTRFS info (device loop4): disk space caching is enabled
[  167.889736][ T6916] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #2: comm syz.3.877: corrupted inode contents
[  167.900156][ T6893] BTRFS info (device loop4): has skinny extents
[  167.914640][ T6916] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #2: comm syz.3.877: mark_inode_dirty error
[  167.943748][ T6916] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #2: comm syz.3.877: corrupted inode contents
[  167.969512][ T6926] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #2: comm syz.3.877: corrupted inode contents
[  167.990290][ T6926] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #2: comm syz.3.877: mark_inode_dirty error
[  168.008334][ T6926] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #2: comm syz.3.877: corrupted inode contents
[  168.094633][ T4497] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  168.103765][ T4497] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  168.134453][ T6926] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz.3.877: mark_inode_dirty error
[  168.163115][ T6893] BTRFS info (device loop4): clearing free space tree
[  168.172342][ T6926] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #2: comm syz.3.877: corrupted inode contents
[  168.184532][ T6893] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  168.197515][ T6926] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #2: comm syz.3.877: mark_inode_dirty error
[  168.215714][ T4497] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  168.245230][ T6893] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  168.268133][ T4497] usb 2-1: config 220 has no interface number 2
[  168.319563][ T6953] loop2: detected capacity change from 0 to 128
[  168.321030][ T4497] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  168.364334][ T4497] usb 2-1: config 220 interface 0 has no altsetting 0
[  168.376808][ T6953] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  168.383431][ T4497] usb 2-1: config 220 interface 76 has no altsetting 0
[  168.411278][ T6953] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.425688][ T4497] usb 2-1: config 220 interface 1 has no altsetting 0
[  168.584739][ T4497] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  168.594851][ T1111] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  168.612821][ T4497] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.634920][ T4497] usb 2-1: Product: syz
[  168.639142][ T4497] usb 2-1: Manufacturer: syz
[  168.658322][ T4497] usb 2-1: SerialNumber: syz
[  168.751782][ T4291] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop4 scanned by udevd (4291)
[  168.834312][ T1111] usb 6-1: Using ep0 maxpacket: 8
[  168.964666][ T1111] usb 6-1: config 0 has an invalid interface number: 31 but max is 0
[  169.003026][ T1111] usb 6-1: config 0 has no interface number 0
[  169.044672][ T4232] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  169.047133][ T6970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.890'.
[  169.098453][ T6971] netlink: 36 bytes leftover after parsing attributes in process `syz.2.890'.
[  169.104796][ T4497] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  169.144557][ T4497] usb 2-1: No valid video chain found.
[  169.160717][ T4497] usb 2-1: selecting invalid altsetting 0
[  169.204479][ T1111] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  169.237063][ T1111] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.264435][ T1111] usb 6-1: Product: syz
[  169.275705][ T4497] usb 2-1: selecting invalid altsetting 0
[  169.282540][ T1111] usb 6-1: Manufacturer: syz
[  169.288833][ T4497] usbtest: probe of 2-1:220.1 failed with error -22
[  169.296840][ T4232] usb 5-1: Using ep0 maxpacket: 8
[  169.317148][ T1111] usb 6-1: SerialNumber: syz
[  169.338127][ T1111] usb 6-1: config 0 descriptor??
[  169.344804][ T4497] usb 2-1: USB disconnect, device number 9
[  169.382972][ T6963] kernel write not supported for file /sequencer (pid: 6963 comm: kworker/1:18)
[  169.414944][ T4232] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  169.438266][ T4232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.506785][ T4232] pvrusb2: Hardware description: Terratec Grabster AV400
[  169.540710][ T4232] pvrusb2: **********
[  169.547759][ T4232] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  169.578718][ T4232] pvrusb2: Important functionality might not be entirely working.
[  169.599717][ T4232] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  169.616152][ T1111] usb 6-1: USB disconnect, device number 2
[  169.634145][ T4232] pvrusb2: **********
[  169.727163][ T2424] pvrusb2: Invalid write control endpoint
[  169.817964][ T6967] loop3: detected capacity change from 0 to 32768
[  169.853826][ T2424] pvrusb2: Invalid write control endpoint
[  169.865251][ T2424] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  169.875803][ T6967] (syz.3.889,6967,1):ocfs2_verify_userspace_stack:855 ERROR: cluster stack passed to mount, but this filesystem does not support it
[  169.896161][ T6967] (syz.3.889,6967,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 70
[  169.899529][ T2424] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  169.925852][ T6967] (syz.3.889,6967,0):ocfs2_fill_super:1177 ERROR: status = -22
[  169.933037][ T2424] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  169.957924][ T2424] pvrusb2: Device being rendered inoperable
[  169.970841][ T2424] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  169.978575][ T6958] pvrusb2: Attempted to execute control transfer when device not ok
[  169.997125][ T4232] usb 5-1: USB disconnect, device number 7
[  170.004156][ T2424] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  170.049256][ T2424] pvrusb2: Attached sub-driver cx25840
[  170.077296][ T2424] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  170.125729][ T2424] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  170.273499][ T6996] netlink: 12 bytes leftover after parsing attributes in process `syz.5.899'.
[  170.397668][ T7002] loop2: detected capacity change from 0 to 256
[  170.516574][ T7002] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  170.778474][ T7017] loop4: detected capacity change from 0 to 4096
[  170.806149][ T7017] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
[  170.854394][ T4497] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  170.874679][ T1111] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  170.933616][   T26] audit: type=1800 audit(1757471890.476:21): pid=7017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.908" name="file1" dev="loop4" ino=24 res=0 errno=0
[  171.000199][ T4193] ntfs3: loop4: ntfs_sync_fs r=1a failed, -22.
[  171.014116][ T4193] ntfs3: loop4: ntfs_evict_inode r=1a failed, -22.
[  171.023305][ T4193] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  171.040827][ T7027] loop2: detected capacity change from 0 to 8192
[  171.104468][ T4497] usb 4-1: Using ep0 maxpacket: 8
[  171.124572][ T1111] usb 6-1: Using ep0 maxpacket: 16
[  171.225190][ T4497] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  171.243351][ T4497] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  171.254782][ T1111] usb 6-1: config 0 has an invalid interface number: 251 but max is 0
[  171.279537][ T1111] usb 6-1: config 0 has no interface number 0
[  171.293634][ T4497] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  171.318059][ T1111] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  171.359915][ T1111] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  171.374297][ T4497] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  171.402566][ T4497] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  171.437028][ T4497] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.484469][ T7039] batman_adv: batadv0: Adding interface: dummy0
[  171.501892][ T7039] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.534812][ T7039] batman_adv: batadv0: Interface activated: dummy0
[  171.564758][ T1111] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  171.591175][ T1111] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.600019][ T1111] usb 6-1: Product: syz
[  171.624394][ T1111] usb 6-1: Manufacturer: syz
[  171.629429][ T1111] usb 6-1: SerialNumber: syz
[  171.673234][ T1111] usb 6-1: config 0 descriptor??
[  171.705932][ T7014] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  171.723981][ T7047] loop4: detected capacity change from 0 to 1024
[  171.724011][ T7014] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  171.755485][ T4497] usb 4-1: GET_CAPABILITIES returned 0
[  171.756817][ T7045] loop1: detected capacity change from 0 to 4096
[  171.771395][ T4497] usbtmc 4-1:16.0: can't read capabilities
[  171.810641][ T7047] EXT4-fs (loop4): mounted filesystem without journal. Opts: acl,barrier,barrier=0x0000000000000000,sysvgroups,debug_want_extra_isize=0x0000000000000080,resuid=0x0000000000000000,nodelalloc,acl,noinit_itable,,errors=continue. Quota mode: none.
[  171.849126][ T7045] ntfs: volume version 3.1.
[  171.986568][ T7052] loop2: detected capacity change from 0 to 64
[  172.013552][ T4497] usb 4-1: USB disconnect, device number 8
[  172.028017][ T7014] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  172.036032][ T7014] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  172.250706][ T4189] hfs: node 4:3 still has 1 user(s)!
[  172.633424][ T7072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.932'.
[  172.661741][ T7066] loop4: detected capacity change from 0 to 4096
[  172.714799][ T1111] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  172.736217][ T1111] asix 6-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  172.784724][ T1111] asix: probe of 6-1:0.251 failed with error -71
[  172.843523][ T1111] usb 6-1: USB disconnect, device number 3
[  173.313371][ T7094] loop1: detected capacity change from 0 to 256
[  173.416566][ T7094] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  173.733898][ T7114] netlink: 20 bytes leftover after parsing attributes in process `syz.3.954'.
[  173.837224][ T7116] loop4: detected capacity change from 0 to 512
[  173.914729][ T7116] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  173.964518][ T7116] UDF-fs: Scanning with blocksize 512 failed
[  174.048059][ T7116] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  174.055559][ T7129] netlink: 32 bytes leftover after parsing attributes in process `syz.3.961'.
[  174.093874][ T7116] UDF-fs: Scanning with blocksize 1024 failed
[  174.093993][ T7129] netlink: 20 bytes leftover after parsing attributes in process `syz.3.961'.
[  174.159001][ T7116] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  174.194527][ T7116] UDF-fs: Scanning with blocksize 2048 failed
[  174.224457][ T7116] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  174.257797][ T7096] loop2: detected capacity change from 0 to 32768
[  174.311880][ T7116] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  174.565800][ T7140] loop1: detected capacity change from 0 to 4096
[  174.601941][ T7137] loop3: detected capacity change from 0 to 8192
[  174.732816][ T7137] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  174.841066][ T7137] REISERFS (device loop3): using ordered data mode
[  174.888408][ T7137] reiserfs: using flush barriers
[  174.904433][   T23] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  174.920360][ T7148] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  174.937098][ T7137] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  174.985749][ T7147] loop2: detected capacity change from 0 to 2048
[  175.014760][ T7137] REISERFS (device loop3): checking transaction log (loop3)
[  175.021772][ T7142] loop5: detected capacity change from 0 to 32768
[  175.046810][ T7147] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  175.078889][ T7137] REISERFS (device loop3): Using rupasov hash to sort names
[  175.104789][ T7137] REISERFS (device loop3): using 3.5.x disk format
[  175.114559][ T7142] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.968 (7142)
[  175.135285][ T7147] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry where CRC length (12) does not match entry length (28)
[  175.210659][ T7137] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  175.219495][ T7151] loop1: detected capacity change from 0 to 2048
[  175.241809][ T7142] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  175.253808][ T7137] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  175.280031][ T7142] BTRFS info (device loop5): turning on sync discard
[  175.296242][ T7142] BTRFS info (device loop5): enabling auto defrag
[  175.303551][ T7137] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  175.322873][ T7142] BTRFS info (device loop5): doing ref verification
[  175.354582][   T23] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  175.369864][ T7151] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  175.375425][ T7142] BTRFS info (device loop5): force clearing of disk cache
[  175.393657][ T7137] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  175.396052][ T7151] UDF-fs: Scanning with blocksize 512 failed
[  175.409318][   T23] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  175.409350][   T23] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  175.444020][ T7142] BTRFS info (device loop5): disabling free space tree
[  175.534627][ T7142] BTRFS info (device loop5): has skinny extents
[  175.565877][ T7151] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  175.594867][   T23] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  175.604137][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.700543][   T23] usb 5-1: Product: syz
[  175.742778][   T23] usb 5-1: Manufacturer: syz
[  175.747598][ T7158] loop2: detected capacity change from 0 to 2048
[  175.766249][   T23] usb 5-1: SerialNumber: syz
[  175.791668][ T7158] EXT4-fs (loop2): Ignoring removed bh option
[  175.815127][   T23] hub 5-1:1.0: bad descriptor, ignoring hub
[  175.827852][   T23] hub: probe of 5-1:1.0 failed with error -5
[  175.905506][ T7158] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  176.026553][   T23] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  176.038777][ T7142] BTRFS info (device loop5): enabling ssd optimizations
[  176.059803][ T7142] BTRFS info (device loop5): clearing free space tree
[  176.098171][ T7142] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  176.164774][ T7142] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  176.175598][ T6963] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  176.289035][   T26] audit: type=1800 audit(1757471895.836:22): pid=7142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.968" name="bus" dev="loop5" ino=263 res=0 errno=0
[  176.324638][ T7188] loop2: detected capacity change from 0 to 128
[  176.395685][ T7188] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  176.437664][ T7188] ext4 filesystem being mounted at /194/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  176.484691][ T4232] usb 5-1: USB disconnect, device number 8
[  176.505994][ T4232] usblp0: removed
[  176.614736][ T6963] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  176.649156][ T6963] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.730543][ T6963] usb 2-1: config 0 descriptor??
[  176.732329][ T7199] loop2: detected capacity change from 0 to 256
[  176.845934][ T6963] gspca_main: cpia1-2.14.0 probing 0813:0001
[  176.944392][ T4497] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  177.204455][ T6963] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  177.317809][ T4497] usb 4-1: config index 0 descriptor too short (expected 69, got 36)
[  177.342756][ T4497] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  177.547462][ T4497] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  177.567124][ T4497] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.588403][ T4497] usb 4-1: Product: syz
[  177.593394][ T4497] usb 4-1: Manufacturer: syz
[  177.596236][ T7225] input: syz1 as /devices/virtual/input/input14
[  177.603447][ T4497] usb 4-1: SerialNumber: syz
[  177.621585][ T4497] usb 4-1: config 0 descriptor??
[  177.633359][ T7224] netlink: 8 bytes leftover after parsing attributes in process `syz.5.992'.
[  177.635417][ T6963] gspca_cpia1: usb_control_msg 02, error -71
[  177.666558][ T4497] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  177.674124][ T4232] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  177.692088][ T6963] gspca_cpia1: usb_control_msg 05, error -71
[  177.699620][ T6963] cpia1 2-1:0.0: unexpected systemstate: 00
[  177.751145][ T6963] usb 2-1: USB disconnect, device number 10
[  177.771891][ T7231] Attempt to restore checkpoint with obsolete wellknown handles
[  177.839459][ T7233] loop2: detected capacity change from 0 to 256
[  177.864111][ T7235] netlink: 20 bytes leftover after parsing attributes in process `syz.5.998'.
[  177.924323][ T4232] usb 5-1: Using ep0 maxpacket: 32
[  177.942345][ T7233] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  177.952816][ T7237] loop5: detected capacity change from 0 to 4096
[  178.047330][ T7240] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.054651][ T4232] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.092421][ T7237] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  178.101216][ T4232] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  178.119944][ T4232] usb 5-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00
[  178.120716][ T7237] Remounting filesystem read-only
[  178.129952][ T4232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.164137][ T4232] usb 5-1: config 0 descriptor??
[  178.266035][ T7244] loop2: detected capacity change from 0 to 2048
[  178.370794][ T7244] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  178.534618][ T4497] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71
[  178.564015][ T4497] gspca_pac7302: probe of 4-1:0.0 failed with error -71
[  178.599714][ T4497] usb 4-1: USB disconnect, device number 9
[  178.622018][ T7248] loop1: detected capacity change from 0 to 32768
[  178.681272][ T7248] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.1004 (7248)
[  178.723106][ T4232] glorious 0003:258A:0033.0003: hidraw0: USB HID v0.00 Device [Glorious Model D] on usb-dummy_hcd.4-1/input0
[  178.800614][ T7248] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  178.810687][ T7248] BTRFS info (device loop1): using free space tree
[  178.817613][ T7248] BTRFS info (device loop1): has skinny extents
[  178.950608][ T4497] usb 5-1: USB disconnect, device number 9
[  179.019281][ T7262] fido_id[7262]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  179.054345][ T6963] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  179.093234][ T7248] BTRFS info (device loop1): enabling ssd optimizations
[  179.232513][ T7248] BTRFS info (device loop1): balance: start -f -sprofiles=data|0x10000,usage=4393751544831,usage=1023..1023,drange=7..559102,stripes=268435459..4
[  179.250265][ T7248] BTRFS info (device loop1): balance: ended with status: 0
[  179.504510][ T6963] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  179.548673][ T6963] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  179.549208][ T7258] loop5: detected capacity change from 0 to 32768
[  179.593359][ T6963] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  179.634335][ T6963] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.665530][ T7258] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  179.685926][ T6963] usb 3-1: config 0 descriptor??
[  179.733338][ T7258] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  179.779157][ T7258] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  179.803356][ T5156] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  179.821846][ T5156] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  179.996369][ T5156] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 174ms
[  180.028355][ T5156] gfs2: fsid=syz:syz.0: jid=0: Done
[  180.050454][ T7258] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  180.244563][ T6963] usbhid 3-1:0.0: can't add hid device: -71
[  180.250962][ T6963] usbhid: probe of 3-1:0.0 failed with error -71
[  180.263371][ T7281] loop3: detected capacity change from 0 to 32768
[  180.284555][ T6963] usb 3-1: USB disconnect, device number 9
[  180.415166][ T7292] loop1: detected capacity change from 0 to 4096
[  180.423651][ T7281] XFS (loop3): Mounting V5 Filesystem
[  180.436084][ T7292] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  180.610685][ T7281] XFS (loop3): Ending clean mount
[  180.616680][ T7292] ntfs: volume version 3.1.
[  180.677101][ T7281] XFS (loop3): Quotacheck needed: Please wait.
[  180.689653][ T7258] gfs2: fsid=syz:syz.0: found 1 quota changes
[  180.786961][  T580] XFS (loop3): WARNING: Reset corrupted AGFL on AG 0. 1 blocks leaked. Please unmount and run xfs_repair.
[  180.919320][ T7292] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  180.944500][ T7292] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  181.023381][ T7281] XFS (loop3): Quotacheck: Done.
[  181.060135][ T7319] loop4: detected capacity change from 0 to 256
[  181.089879][ T7292] ntfs: (device loop1): ntfs_cluster_alloc(): Failed to map page.
[  181.129345][ T7292] ntfs: (device loop1): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5).
[  181.193125][ T5698] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  181.197923][ T7324] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  181.221386][ T5698] CPU: 1 PID: 5698 Comm: syz-executor Not tainted syzkaller #0
[  181.241024][ T5698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  181.252515][ T5698] Call Trace:
[  181.256105][ T5698]  <TASK>
[  181.259333][ T5698]  dump_stack_lvl+0x168/0x230
[  181.264506][ T5698]  ? show_regs_print_info+0x20/0x20
[  181.270454][ T5698]  ? load_image+0x3b0/0x3b0
[  181.278154][ T5698]  ? __lock_acquire+0x7c60/0x7c60
[  181.284234][ T5698]  ? do_raw_spin_unlock+0x11d/0x230
[  181.289991][ T5698]  gfs2_assert_warn_i+0x18f/0x2c0
[  181.295313][ T5698]  gfs2_quota_cleanup+0x4b4/0x6a0
[  181.300536][ T5698]  gfs2_make_fs_ro+0x491/0x5d0
[  181.305384][ T5698]  ? gfs2_dinode_out+0xb00/0xb00
[  181.310411][ T5698]  ? gfs2_put_super+0x189/0x7d0
[  181.315542][ T5698]  ? __lock_acquire+0x7c60/0x7c60
[  181.321113][ T5698]  ? __rwlock_init+0x140/0x140
[  181.326341][ T5698]  ? hook_inode_free_security+0xa0/0xa0
[  181.332097][ T5698]  ? do_raw_spin_unlock+0x11d/0x230
[  181.338111][ T5698]  gfs2_put_super+0x1d2/0x7d0
[  181.342899][ T5698]  ? gfs2_evict_inode+0x11f0/0x11f0
[  181.348898][ T5698]  generic_shutdown_super+0x130/0x300
[  181.355095][ T5698]  kill_block_super+0x7c/0xe0
[  181.360128][ T5698]  deactivate_locked_super+0x93/0xf0
[  181.365690][ T5698]  cleanup_mnt+0x418/0x4d0
[  181.370739][ T5698]  ? lockdep_hardirqs_on+0x94/0x140
[  181.377033][ T5698]  task_work_run+0x125/0x1a0
[  181.382629][ T5698]  exit_to_user_mode_loop+0x10f/0x130
[  181.389163][ T5698]  exit_to_user_mode_prepare+0xb1/0x140
[  181.394984][ T5698]  syscall_exit_to_user_mode+0x16/0x40
[  181.400554][ T5698]  do_syscall_64+0x58/0xa0
[  181.405590][ T5698]  ? clear_bhb_loop+0x30/0x80
[  181.410529][ T5698]  ? clear_bhb_loop+0x30/0x80
[  181.416044][ T5698]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  181.422527][ T5698] RIP: 0033:0x7f632f480ed7
[  181.427464][ T5698] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  181.449182][ T5698] RSP: 002b:00007ffc1ebd2108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  181.459141][ T5698] RAX: 0000000000000000 RBX: 00007f632f502c05 RCX: 00007f632f480ed7
[  181.468166][ T5698] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1ebd21c0
[  181.477125][ T5698] RBP: 00007ffc1ebd21c0 R08: 0000000000000000 R09: 0000000000000000
[  181.486134][ T5698] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc1ebd3250
[  181.494469][ T5698] R13: 00007f632f502c05 R14: 000000000002c328 R15: 00007ffc1ebd3290
[  181.503621][ T5698]  </TASK>
[  181.541729][   T26] audit: type=1800 audit(1757471901.086:23): pid=7281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1009" name="file1" dev="loop3" ino=6150 res=0 errno=0
[  181.626366][ T7324] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  181.652083][ T7324] ntfs: (device loop1): ntfs_cluster_alloc(): Failed to map page.
[  181.683062][ T4184] XFS (loop3): Unmounting Filesystem
[  181.684757][ T7324] ntfs: (device loop1): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5).
[  181.794185][ T7324] ntfs: (device loop1): ntfs_truncate(): Cannot truncate inode 0x43, attribute type 0x80, because the conversion from resident to non-resident attribute failed with error code -5.
[  182.112578][ T4181] ntfs: (device loop1): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  182.419890][ T7355] loop1: detected capacity change from 0 to 1024
[  182.504498][ T7355] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  182.616488][ T7355] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,stripe=0x0000000000000003,min_batch_time=0x0000000000000001,nogrpid,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x0000000000. Quota mode: none.
[  182.654485][   T23] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  182.713194][ T7355] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none.
[  182.733771][ T7355] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #11: comm syz.1.1024: missing EA_INODE flag
[  182.753783][ T7355] EXT4-fs (loop1): Remounting filesystem read-only
[  182.800489][ T7355] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1024: error while reading EA inode 11 err=-117
[  182.818691][ T7355] EXT4-fs (loop1): Remounting filesystem read-only
[  182.912390][   T23] usb 3-1: Using ep0 maxpacket: 32
[  182.954398][ T5293] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  183.065211][   T23] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  183.074147][   T23] usb 3-1: config 0 has no interface number 0
[  183.145414][ T7379] device bridge0 entered promiscuous mode
[  183.151475][ T7379] device macvlan2 entered promiscuous mode
[  183.189211][ T7379] bridge0: port 3(macvlan2) entered blocking state
[  183.209259][ T7379] bridge0: port 3(macvlan2) entered disabled state
[  183.234370][ T5293] usb 4-1: Using ep0 maxpacket: 16
[  183.245782][ T7379] device bridge0 left promiscuous mode
[  183.294578][   T23] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  183.318816][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.350286][   T23] usb 3-1: Product: syz
[  183.354505][ T5293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  183.355336][   T23] usb 3-1: Manufacturer: syz
[  183.399958][   T23] usb 3-1: SerialNumber: syz
[  183.439294][   T23] usb 3-1: config 0 descriptor??
[  183.512747][   T23] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  183.532974][   T23] usb 3-1: selecting invalid altsetting 1
[  183.534566][ T5293] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  183.549030][   T23] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  183.569411][ T5293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.604375][ T5293] usb 4-1: Product: syz
[  183.608844][ T5293] usb 4-1: Manufacturer: syz
[  183.624469][ T5293] usb 4-1: SerialNumber: syz
[  183.635055][   T23] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  183.641871][ T5293] usb 4-1: config 0 descriptor??
[  183.683469][   T23] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  183.724490][   T23] usb 3-1: media controller created
[  183.725114][ T5293] hub 4-1:0.0: bad descriptor, ignoring hub
[  183.754398][ T5293] hub: probe of 4-1:0.0 failed with error -5
[  183.793654][   T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  183.794636][ T5293] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input15
[  183.914544][ T7375] loop4: detected capacity change from 0 to 32768
[  184.081522][ T7375] XFS (loop4): Mounting V5 Filesystem
[  184.125666][ T7377] loop1: detected capacity change from 0 to 32768
[  184.165655][ T7377] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  184.239785][ T7377] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  184.321136][ T7375] XFS (loop4): Ending clean mount
[  184.331318][ T7377] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  184.365270][ T4232] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  184.373442][ T7375] XFS (loop4): Quotacheck needed: Please wait.
[  184.380237][ T4232] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  184.530597][ T4232] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 150ms
[  184.549700][ T4232] gfs2: fsid=syz:syz.0: jid=0: Done
[  184.564123][ T7377] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  184.572750][ T4281] XFS (loop4): WARNING: Reset corrupted AGFL on AG 0. 1 blocks leaked. Please unmount and run xfs_repair.
[  184.641977][ T7381] loop5: detected capacity change from 0 to 32768
[  184.721363][ T7375] XFS (loop4): Quotacheck: Done.
[  184.787454][ T7381] JBD2: Ignoring recovery information on journal
[  184.829495][ T7381] JBD2: corrupted journal superblock
[  184.844541][ T7354] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  184.857965][ T7381] JBD2: error -117 scanning journal
[  184.864518][ T7381] (syz.5.1031,7381,1):ocfs2_journal_wipe:1154 ERROR: status = -117
[  184.893156][ T7381] (syz.5.1031,7381,1):ocfs2_check_volume:2424 ERROR: status = -117
[  184.902446][   T23] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  184.924394][ T7381] (syz.5.1031,7381,0):ocfs2_check_volume:2493 ERROR: status = -117
[  184.926114][   T23] zl10353_read_register: readreg error (reg=127, ret==-71)
[  184.956489][ T7381] (syz.5.1031,7381,0):ocfs2_mount_volume:1824 ERROR: status = -117
[  184.964413][   T23] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  185.009024][ T4193] XFS (loop4): Unmounting Filesystem
[  185.031463][ T7381] (syz.5.1031,7381,0):ocfs2_fill_super:1177 ERROR: status = -117
[  185.050270][   T23] usb 3-1: USB disconnect, device number 10
[  185.199448][ T7377] gfs2: fsid=syz:syz.0: found 1 quota changes
[  185.597410][ T4181] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  185.702714][ T4181] CPU: 0 PID: 4181 Comm: syz-executor Not tainted syzkaller #0
[  185.710556][ T4181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  185.720817][ T4181] Call Trace:
[  185.724227][ T4181]  <TASK>
[  185.727371][ T4181]  dump_stack_lvl+0x168/0x230
[  185.732359][ T4181]  ? show_regs_print_info+0x20/0x20
[  185.737998][ T4181]  ? load_image+0x3b0/0x3b0
[  185.742773][ T4181]  ? __lock_acquire+0x7c60/0x7c60
[  185.748475][ T4181]  ? do_raw_spin_unlock+0x11d/0x230
[  185.754077][ T4181]  gfs2_assert_warn_i+0x18f/0x2c0
[  185.759418][ T4181]  gfs2_quota_cleanup+0x4b4/0x6a0
[  185.765282][ T4181]  gfs2_make_fs_ro+0x491/0x5d0
[  185.770256][ T4181]  ? gfs2_dinode_out+0xb00/0xb00
[  185.776042][ T4181]  ? gfs2_put_super+0x189/0x7d0
[  185.781381][ T4181]  ? __lock_acquire+0x7c60/0x7c60
[  185.786886][ T4181]  ? __rwlock_init+0x140/0x140
[  185.792118][ T4181]  ? hook_inode_free_security+0xa0/0xa0
[  185.798222][ T4181]  ? do_raw_spin_unlock+0x11d/0x230
[  185.803943][ T4181]  gfs2_put_super+0x1d2/0x7d0
[  185.809031][ T4181]  ? gfs2_evict_inode+0x11f0/0x11f0
[  185.814921][ T4181]  generic_shutdown_super+0x130/0x300
[  185.821034][ T4181]  kill_block_super+0x7c/0xe0
[  185.826039][ T4181]  deactivate_locked_super+0x93/0xf0
[  185.831827][ T4181]  cleanup_mnt+0x418/0x4d0
[  185.836652][ T4181]  ? lockdep_hardirqs_on+0x94/0x140
[  185.842377][ T4181]  task_work_run+0x125/0x1a0
[  185.847260][ T4181]  exit_to_user_mode_loop+0x10f/0x130
[  185.852739][ T4181]  exit_to_user_mode_prepare+0xb1/0x140
[  185.858482][ T4181]  syscall_exit_to_user_mode+0x16/0x40
[  185.864474][ T4181]  do_syscall_64+0x58/0xa0
[  185.869312][ T4181]  ? clear_bhb_loop+0x30/0x80
[  185.874873][ T4181]  ? clear_bhb_loop+0x30/0x80
[  185.880141][ T4181]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  185.886878][ T4181] RIP: 0033:0x7ff6b3169ed7
[  185.892166][ T4181] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  185.913964][ T4181] RSP: 002b:00007ffed4ca4eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  185.923971][ T4181] RAX: 0000000000000000 RBX: 00007ff6b31ebc05 RCX: 00007ff6b3169ed7
[  185.933250][ T4181] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed4ca4f70
[  185.942736][ T4181] RBP: 00007ffed4ca4f70 R08: 0000000000000000 R09: 0000000000000000
[  185.951958][ T4181] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffed4ca6000
[  185.961379][ T4181] R13: 00007ff6b31ebc05 R14: 000000000002d49c R15: 00007ffed4ca6040
[  185.972586][ T4181]  </TASK>
[  186.110644][ T7400] loop2: detected capacity change from 0 to 4096
[  186.185558][ T7400] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  186.202929][ T7403] ALSA: mixer_oss: invalid OSS volume 'LIøÄ'
[  186.248092][ T7405] device bridge0 entered promiscuous mode
[  186.275158][ T7405] device macvlan2 entered promiscuous mode
[  186.318991][ T7400] ntfs: volume version 3.1.
[  186.416352][ T7400] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  186.463480][ T7407] loop5: detected capacity change from 0 to 1024
[  186.511264][ T7400] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  186.563579][ T7407] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  186.567148][ T7400] ntfs: (device loop2): ntfs_cluster_alloc(): Failed to map page.
[  186.627806][ T7400] ntfs: (device loop2): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5).
[  186.665657][ T7408] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  186.687562][ T7407] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,stripe=0x0000000000000003,min_batch_time=0x0000000000000001,nogrpid,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x0000000000. Quota mode: none.
[  186.717463][    C1] vkms_vblank_simulate: vblank timer overrun
[  186.733462][ T7408] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  186.771273][ T7394] loop3: detected capacity change from 0 to 65536
[  186.784473][ T7408] ntfs: (device loop2): ntfs_cluster_alloc(): Failed to map page.
[  186.791385][ T7407] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: none.
[  186.793945][ T7408] ntfs: (device loop2): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5).
[  186.813251][ T7408] ntfs: (device loop2): ntfs_truncate(): Cannot truncate inode 0x43, attribute type 0x80, because the conversion from resident to non-resident attribute failed with error code -5.
[  186.815017][ T7407] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #11: comm syz.5.1039: missing EA_INODE flag
[  186.860747][ T7407] EXT4-fs (loop5): Remounting filesystem read-only
[  186.874512][ T7407] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.1039: error while reading EA inode 11 err=-117
[  186.966491][ T7407] EXT4-fs (loop5): Remounting filesystem read-only
[  186.982432][ T7394] XFS (loop3): Mounting V5 Filesystem
[  187.016265][ T4189] ntfs: (device loop2): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  187.235848][ T7394] XFS (loop3): Ending clean mount
[  187.369166][ T7427] loop2: detected capacity change from 0 to 2048
[  187.369930][ T7425] loop1: detected capacity change from 0 to 4096
[  187.486541][ T7427] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  187.510370][ T7427] UDF-fs: Scanning with blocksize 512 failed
[  187.571035][ T7427] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  187.678308][ T4184] XFS (loop3): Unmounting Filesystem
[  187.794992][ T4181] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22.
[  187.814589][ T4181] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  188.092091][ T7442] loop4: detected capacity change from 0 to 8192
[  188.222769][ T7442] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  188.244388][ T7442] REISERFS (device loop4): using ordered data mode
[  188.251489][ T7442] reiserfs: using flush barriers
[  188.284466][ T7442] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  188.304868][ T7442] REISERFS (device loop4): checking transaction log (loop4)
[  188.346379][ T7442] REISERFS (device loop4): Using r5 hash to sort names
[  188.353831][ T7442] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  188.474418][   T26] audit: type=1800 audit(1757471908.026:24): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1052" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=2 res=0 errno=0
[  188.517993][    C1] vkms_vblank_simulate: vblank timer overrun
[  188.803169][ T7440] loop5: detected capacity change from 0 to 32768
[  188.911818][ T7440] XFS (loop5): Mounting V5 Filesystem
[  188.912824][ T7449] loop3: detected capacity change from 0 to 32768
[  188.979567][ T7449] JBD2: Ignoring recovery information on journal
[  188.997456][ T7449] JBD2: corrupted journal superblock
[  189.003492][ T7449] JBD2: error -117 scanning journal
[  189.018967][ T7449] (syz.3.1049,7449,1):ocfs2_journal_wipe:1154 ERROR: status = -117
[  189.027810][ T7449] (syz.3.1049,7449,1):ocfs2_check_volume:2424 ERROR: status = -117
[  189.036478][ T7449] (syz.3.1049,7449,1):ocfs2_check_volume:2493 ERROR: status = -117
[  189.045414][ T7449] (syz.3.1049,7449,1):ocfs2_mount_volume:1824 ERROR: status = -117
[  189.055598][ T7449] (syz.3.1049,7449,0):ocfs2_fill_super:1177 ERROR: status = -117
[  189.080235][ T7444] loop2: detected capacity change from 0 to 32768
[  189.110277][ T7444] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  189.120042][ T7444] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  189.163187][ T7444] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  189.171550][ T7440] XFS (loop5): Ending clean mount
[  189.187942][ T7440] XFS (loop5): Quotacheck needed: Please wait.
[  189.197800][ T5293] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  189.208797][ T5293] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  189.266629][ T4232] usb 4-1: USB disconnect, device number 10
[  189.442459][ T5293] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 233ms
[  189.484532][ T5293] gfs2: fsid=syz:syz.0: jid=0: Done
[  189.511016][ T7444] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  189.511987][ T7440] XFS (loop5): Quotacheck: Done.
[  189.571553][ T7469] device bridge0 entered promiscuous mode
[  189.588075][ T7469] device macvlan3 entered promiscuous mode
[  189.675183][ T7469] bridge0: port 3(macvlan3) entered blocking state
[  189.683326][ T7465] loop3: detected capacity change from 0 to 4096
[  189.684154][ T7469] bridge0: port 3(macvlan3) entered disabled state
[  189.708974][ T7465] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  189.743416][ T7469] device bridge0 left promiscuous mode
[  189.751166][ T5698] XFS (loop5): Unmounting Filesystem
[  189.812610][ T7465] ntfs: volume version 3.1.
[  189.853944][ T7473] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.202694][ T7444] gfs2: fsid=syz:syz.0: found 1 quota changes
[  190.214524][ T7480] sch_tbf: peakrate 2 is lower than or equals to rate 2 !
[  190.664952][ T4189] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  190.695221][ T4189] CPU: 1 PID: 4189 Comm: syz-executor Not tainted syzkaller #0
[  190.703535][ T4189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  190.713800][ T4189] Call Trace:
[  190.717625][ T4189]  <TASK>
[  190.721108][ T4189]  dump_stack_lvl+0x168/0x230
[  190.723190][ T7486] loop1: detected capacity change from 0 to 8192
[  190.725828][ T4189]  ? show_regs_print_info+0x20/0x20
[  190.725858][ T4189]  ? load_image+0x3b0/0x3b0
[  190.725881][ T4189]  ? __lock_acquire+0x7c60/0x7c60
[  190.725902][ T4189]  ? do_raw_spin_unlock+0x11d/0x230
[  190.725924][ T4189]  gfs2_assert_warn_i+0x18f/0x2c0
[  190.725952][ T4189]  gfs2_quota_cleanup+0x4b4/0x6a0
[  190.765519][ T7486] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  190.765932][ T4189]  gfs2_make_fs_ro+0x491/0x5d0
[  190.781910][ T4189]  ? gfs2_dinode_out+0xb00/0xb00
[  190.788347][ T4189]  ? gfs2_put_super+0x189/0x7d0
[  190.793855][ T4189]  ? __lock_acquire+0x7c60/0x7c60
[  190.794390][ T7486] REISERFS (device loop1): using ordered data mode
[  190.799446][ T4189]  ? __rwlock_init+0x140/0x140
[  190.799479][ T4189]  ? hook_inode_free_security+0xa0/0xa0
[  190.799503][ T4189]  ? do_raw_spin_unlock+0x11d/0x230
[  190.799525][ T4189]  gfs2_put_super+0x1d2/0x7d0
[  190.817371][ T7486] reiserfs: using flush barriers
[  190.818236][ T4189]  ? gfs2_evict_inode+0x11f0/0x11f0
[  190.835150][ T7486] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  190.839289][ T4189]  generic_shutdown_super+0x130/0x300
[  190.839328][ T4189]  kill_block_super+0x7c/0xe0
[  190.839350][ T4189]  deactivate_locked_super+0x93/0xf0
[  190.857983][ T7486] REISERFS (device loop1): checking transaction log (loop1)
[  190.861671][ T4189]  cleanup_mnt+0x418/0x4d0
[  190.868157][ T7486] REISERFS (device loop1): Using r5 hash to sort names
[  190.872012][ T4189]  ? lockdep_hardirqs_on+0x94/0x140
[  190.881496][ T7486] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  190.884791][ T4189]  task_work_run+0x125/0x1a0
[  190.884829][ T4189]  exit_to_user_mode_loop+0x10f/0x130
[  190.884854][ T4189]  exit_to_user_mode_prepare+0xb1/0x140
[  190.884875][ T4189]  syscall_exit_to_user_mode+0x16/0x40
[  190.884894][ T4189]  do_syscall_64+0x58/0xa0
[  190.884911][ T4189]  ? clear_bhb_loop+0x30/0x80
[  190.884930][ T4189]  ? clear_bhb_loop+0x30/0x80
[  190.969445][ T4189]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  190.975832][ T4189] RIP: 0033:0x7f58eb436ed7
[  190.981086][ T4189] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  191.002620][ T4189] RSP: 002b:00007ffe0f302e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  191.011813][ T4189] RAX: 0000000000000000 RBX: 00007f58eb4b8c05 RCX: 00007f58eb436ed7
[  191.020045][ T4189] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe0f302f20
[  191.029139][ T4189] RBP: 00007ffe0f302f20 R08: 0000000000000000 R09: 0000000000000000
[  191.038252][ T4189] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe0f303fb0
[  191.047452][ T4189] R13: 00007f58eb4b8c05 R14: 000000000002e80c R15: 00007ffe0f303ff0
[  191.055751][ T4189]  </TASK>
[  191.058998][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.364539][ T4495] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  191.433260][ T7504] input: syz0 as /devices/virtual/input/input16
[  191.456909][ T7502] loop5: detected capacity change from 0 to 4096
[  191.513212][ T7510] device macvlan3 entered promiscuous mode
[  191.527436][ T7510] bridge0: port 3(macvlan3) entered blocking state
[  191.553246][ T7510] bridge0: port 3(macvlan3) entered disabled state
[  191.592352][ T7512] netlink: 'syz.1.1077': attribute type 2 has an invalid length.
[  191.594828][ T7502] ntfs: volume version 3.1.
[  191.634374][ T4495] usb 5-1: Using ep0 maxpacket: 16
[  191.730776][ T7502] __ntfs_error: 12 callbacks suppressed
[  191.730794][ T7502] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  191.818248][ T7502] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  191.865059][ T7202] Bluetooth: hci0: command 0x0406 tx timeout
[  191.870201][ T4232] Bluetooth: hci2: command 0x0406 tx timeout
[  191.879096][ T7502] ntfs: (device loop5): ntfs_cluster_alloc(): Failed to map page.
[  191.887444][ T4232] Bluetooth: hci3: command 0x0406 tx timeout
[  191.889502][ T7502] ntfs: (device loop5): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5).
[  191.905224][ T7519] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  191.914619][ T4495] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  191.930768][ T7519] ntfs: (device loop5): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  191.977332][ T7519] ntfs: (device loop5): ntfs_cluster_alloc(): Failed to map page.
[  191.986827][ T4495] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.986854][ T4495] usb 5-1: Product: syz
[  191.986869][ T4495] usb 5-1: Manufacturer: syz
[  191.996425][ T7519] ntfs: (device loop5): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5).
[  192.019172][ T4495] usb 5-1: SerialNumber: syz
[  192.019676][ T7519] ntfs: (device loop5): ntfs_truncate(): Cannot truncate inode 0x43, attribute type 0x80, because the conversion from resident to non-resident attribute failed with error code -5.
[  192.045261][ T4495] usb 5-1: config 0 descriptor??
[  192.106077][ T4495] visor 5-1:0.0: Sony Clie 3.5 converter detected
[  192.162335][ T5698] ntfs: (device loop5): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  192.243443][ T7516] loop2: detected capacity change from 0 to 32768
[  192.544507][ T4495] usb 5-1: clie_3_5_startup: get interface number failed: -71
[  192.553188][ T4495] visor: probe of 5-1:0.0 failed with error -71
[  192.619102][ T4495] usb 5-1: USB disconnect, device number 10
[  192.681339][ T7526] loop5: detected capacity change from 0 to 8192
[  192.788272][ T7526] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  192.827667][ T7536] input: syz0 as /devices/virtual/input/input17
[  192.834541][ T7526] REISERFS (device loop5): using ordered data mode
[  192.852670][ T7526] reiserfs: using flush barriers
[  192.873042][ T7526] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  192.891582][ T7526] REISERFS (device loop5): checking transaction log (loop5)
[  192.905304][ T7526] REISERFS (device loop5): Using r5 hash to sort names
[  192.914846][ T7526] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  193.124454][ T7202] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  193.147116][ T7544] device macvlan3 entered promiscuous mode
[  193.161635][ T7544] bridge0: port 3(macvlan3) entered blocking state
[  193.168813][ T7544] bridge0: port 3(macvlan3) entered disabled state
[  193.354370][ T4495] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  193.524541][ T7202] usb 2-1: config index 0 descriptor too short (expected 69, got 36)
[  193.548672][ T7542] loop2: detected capacity change from 0 to 32768
[  193.571597][ T7202] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.593781][ T7542] XFS: ikeep mount option is deprecated.
[  193.663539][ T7542] XFS (loop2): Mounting V5 Filesystem
[  193.729048][ T7542] XFS (loop2): Ending clean mount
[  193.736801][ T4495] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  193.747580][ T4495] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.759242][ T7542] XFS (loop2): Quotacheck needed: Please wait.
[  193.763922][ T4495] usb 4-1: config 0 descriptor??
[  193.798705][ T7202] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  193.808139][ T4495] gspca_main: spca508-2.14.0 probing 8086:0110
[  193.812234][ T7202] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.823829][ T7202] usb 2-1: Product: syz
[  193.835532][ T7202] usb 2-1: Manufacturer: syz
[  193.844859][ T7542] XFS (loop2): Quotacheck: Done.
[  193.850636][ T7202] usb 2-1: SerialNumber: syz
[  193.875860][ T7202] usb 2-1: config 0 descriptor??
[  193.903319][ T7542] XFS (loop2): User initiated shutdown received.
[  193.924868][ T7554] syz.4.1093 (7554): drop_caches: 1
[  193.933849][ T7542] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:491).  Shutting down filesystem.
[  193.956182][ T7202] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  193.963853][ T7542] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  193.984188][ T7552] syz.4.1093 (7552): drop_caches: 1
[  193.993933][ T4189] XFS (loop2): Unmounting Filesystem
[  194.034641][ T4495] gspca_spca508: reg_read err -32
[  194.090921][ T4495] gspca_spca508: reg_read err -32
[  194.211070][ T7552] syz.4.1093 (7552): drop_caches: 1
[  194.325861][ T7565] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1096'.
[  194.354574][ T4495] gspca_spca508: reg_read err -71
[  194.384526][ T4495] gspca_spca508: reg_read err -71
[  194.414685][ T4495] gspca_spca508: reg write: error -71
[  194.420263][ T4495] spca508: probe of 4-1:0.0 failed with error -71
[  194.478781][ T4495] usb 4-1: USB disconnect, device number 11
[  194.709733][ T7575] loop5: detected capacity change from 0 to 2048
[  194.785447][ T4232] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  194.820813][ T7575] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  194.825816][ T7202] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71
[  194.836495][ T7575] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.883061][ T7575] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: none.
[  194.897180][ T7202] gspca_pac7302: probe of 2-1:0.0 failed with error -71
[  194.909333][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  194.909382][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  194.954516][ T7202] usb 2-1: USB disconnect, device number 11
[  194.957750][ T7575] EXT4-fs (loop5): re-mounted. Opts: . Quota mode: none.
[  194.988923][ T7575] EXT4-fs error (device loop5): __ext4_new_inode:1076: comm syz.5.1101: reserved inode found cleared - inode=1
[  195.032651][ T7583] device bridge0 entered promiscuous mode
[  195.036355][ T4232] usb 5-1: Using ep0 maxpacket: 16
[  195.039479][ T7583] device macvlan2 entered promiscuous mode
[  195.052076][ T7583] bridge0: port 3(macvlan2) entered blocking state
[  195.062709][ T7583] bridge0: port 3(macvlan2) entered disabled state
[  195.072947][ T7583] device bridge0 left promiscuous mode
[  195.174692][ T4232] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  195.199305][ T7585] loop5: detected capacity change from 0 to 64
[  195.343003][ T7591] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  195.351474][ T4232] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  195.361927][ T4232] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.373519][ T7589] loop3: detected capacity change from 0 to 4096
[  195.382615][ T4232] usb 5-1: Product: syz
[  195.394418][ T4232] usb 5-1: Manufacturer: syz
[  195.401902][ T4232] usb 5-1: SerialNumber: syz
[  195.461502][ T4232] usb 5-1: config 0 descriptor??
[  195.506907][ T4232] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  195.534497][ T4232] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  195.795786][ T7597] syz.2.1108 (7597): drop_caches: 1
[  195.797165][ T7593] syz.2.1108 (7593): drop_caches: 1
[  195.864433][ T4497] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  195.888205][ T7593] syz.2.1108 (7593): drop_caches: 1
[  196.154474][ T4232] em28xx 5-1:0.0: chip ID is em2874
[  196.224650][ T4497] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  196.239421][ T4497] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 247, changing to 7
[  196.274306][ T4497] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 42566, setting to 1024
[  196.426015][ T7613] device macvlan3 entered promiscuous mode
[  196.445432][ T7613] bridge0: port 3(macvlan3) entered blocking state
[  196.454562][ T4497] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  196.464088][ T4497] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.473076][ T7613] bridge0: port 3(macvlan3) entered disabled state
[  196.504533][ T4232] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  196.513524][ T4232] em28xx 5-1:0.0: board has no eeprom
[  196.519449][ T4497] usb 4-1: Product: syz
[  196.523751][ T4497] usb 4-1: Manufacturer: syz
[  196.529514][ T4497] usb 4-1: SerialNumber: syz
[  196.539832][ T4497] usb 4-1: config 0 descriptor??
[  196.588305][ T4497] usb 4-1: 0:0 : invalid sync pipe. bmAttributes d1, bLength 9, bSynchAddress 97
[  196.644373][ T4232] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  196.652236][ T4232] em28xx 5-1:0.0: dvb set to bulk mode.
[  196.675906][ T5296] em28xx 5-1:0.0: Binding DVB extension
[  196.687198][ T4232] usb 5-1: USB disconnect, device number 11
[  196.704651][ T4232] em28xx 5-1:0.0: Disconnecting em28xx
[  196.920182][ T5296] em28xx 5-1:0.0: Registering input extension
[  197.054791][ T4497] usb 4-1: USB disconnect, device number 12
[  197.100642][ T7621] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  197.114414][ T5296] rc_core: IR keymap rc-pinnacle-pctv-hd not found
[  197.121645][ T5296] Registered IR keymap rc-empty
[  197.161029][ T5296] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  197.186889][ T5296] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input18
[  197.224540][ T5296] em28xx 5-1:0.0: Input extension successfully initialized
[  197.232136][ T4232] em28xx 5-1:0.0: Closing input extension
[  197.275943][ T4232] em28xx 5-1:0.0: Freeing device
[  197.631344][ T7648] device macvlan3 entered promiscuous mode
[  197.674514][ T7648] bridge0: port 3(macvlan3) entered blocking state
[  197.698933][ T7648] bridge0: port 3(macvlan3) entered disabled state
[  197.895917][ T7639] syz.1.1123 (7639): drop_caches: 1
[  197.967978][ T7635] syz.1.1123 (7635): drop_caches: 1
[  198.229532][ T7635] syz.1.1123 (7635): drop_caches: 1
[  198.372149][ T7652] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.426801][ T7654] loop1: detected capacity change from 0 to 1024
[  198.473646][ T7654] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869)
[  198.523008][ T7654] EXT4-fs (loop1): invalid journal inode
[  198.596353][ T7654] EXT4-fs (loop1): can't get journal size
[  198.615935][ T7654] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,noauto_da_alloc,nombcache,,errors=continue. Quota mode: writeback.
[  198.758973][ T7656] loop3: detected capacity change from 0 to 8192
[  198.785566][ T7659] device veth0_macvtap left promiscuous mode
[  198.804910][ T7654] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 64: comm syz.1.1134: path (unknown): bad entry in directory: rec_len is too small for name_len - offset=0, inode=11, rec_len=12, size=1024 fake=0
[  198.839115][ T7659] macvtap0: refused to change device tx_queue_len
[  198.852475][ T7656] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  198.875282][ T7656] REISERFS (device loop3): using ordered data mode
[  198.894545][ T7656] reiserfs: using flush barriers
[  198.909835][ T7656] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  199.056023][ T7656] REISERFS (device loop3): checking transaction log (loop3)
[  199.058901][ T7654] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 73: comm syz.1.1134: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=83886080, rec_len=0, size=1024 fake=0
[  199.070901][ T7656] REISERFS (device loop3): Using r5 hash to sort names
[  199.121667][ T7656] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  199.282476][ T7672] loop4: detected capacity change from 0 to 2048
[  199.474726][ T7672] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  199.482073][ T4291] udevd[4291]: incorrect nilfs2 checksum on /dev/loop4
[  199.496539][ T7672] NILFS (loop4): mounting unchecked fs
[  199.596435][ T7672] NILFS (loop4): recovery complete
[  199.633500][ T7680] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  199.814433][ T6963] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  199.945024][   T23] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  200.215130][ T6963] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  200.225680][ T6963] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 247, changing to 7
[  200.238123][ T6963] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 42566, setting to 1024
[  200.264630][   T23] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  200.355032][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  200.365375][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  200.377012][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  200.404782][ T6963] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  200.414895][ T6963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.423488][ T6963] usb 3-1: Product: syz
[  200.428728][ T6963] usb 3-1: Manufacturer: syz
[  200.433776][ T6963] usb 3-1: SerialNumber: syz
[  200.441374][ T6963] usb 3-1: config 0 descriptor??
[  200.464671][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  200.475041][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  200.488050][ T6963] usb 3-1: 0:0 : invalid sync pipe. bmAttributes d1, bLength 9, bSynchAddress 97
[  200.497492][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  200.584948][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  200.594500][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  200.606379][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  200.714489][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  200.723942][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  200.747032][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  200.824748][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  200.834335][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  200.846100][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  200.911704][ T6963] usb 3-1: USB disconnect, device number 11
[  200.924482][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  200.933767][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  200.949414][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  201.034443][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  201.043609][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  201.058605][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  201.144772][   T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  201.154090][   T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  201.166865][   T23] usb 4-1: config 0 interface 0 has no altsetting 0
[  201.344716][   T23] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  201.355270][   T23] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  201.364477][   T23] usb 4-1: Product: syz
[  201.368749][   T23] usb 4-1: Manufacturer: syz
[  201.373703][   T23] usb 4-1: SerialNumber: syz
[  201.381135][   T23] usb 4-1: config 0 descriptor??
[  201.432151][   T23] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  201.687056][   T23] usb 4-1: USB disconnect, device number 13
[  201.704402][    C1] usb 4-1: yurex_control_callback - control failed: -71
[  201.714540][   T23] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  202.628376][ T7688] loop2: detected capacity change from 0 to 8192
[  202.759553][ T7688] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  202.774467][ T7688] REISERFS (device loop2): using ordered data mode
[  202.781719][ T7688] reiserfs: using flush barriers
[  202.835628][ T7688] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  202.853547][ T7688] REISERFS (device loop2): checking transaction log (loop2)
[  203.064907][ T7688] REISERFS (device loop2): Using tea hash to sort names
[  203.072416][ T7688] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  203.095233][ T7693] syz.3.1146 (7693): drop_caches: 1
[  203.110044][ T7694] syz.3.1146 (7694): drop_caches: 1
[  203.122953][   T26] kauditd_printk_skb: 6 callbacks suppressed
[  203.122971][   T26] audit: type=1800 audit(1757471922.666:28): pid=7688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1149" name="file1" dev="loop2" ino=4 res=0 errno=0
[  203.257586][ T7693] syz.3.1146 (7693): drop_caches: 1
[  203.835606][ T7723] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem
[  204.290996][ T7715] loop1: detected capacity change from 0 to 32768
[  204.301900][ T7719] loop5: detected capacity change from 0 to 40427
[  204.347130][ T7715] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  204.362649][ T7715] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  204.385359][ T7719] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x1ffff
[  204.419499][ T7715] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  204.444329][ T7719] F2FS-fs (loop5): invalid crc value
[  204.457541][ T4497] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  204.474321][ T4497] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  204.496007][ T7719] F2FS-fs (loop5): Found nat_bits in checkpoint
[  204.600183][ T4497] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 125ms
[  204.618438][ T4497] gfs2: fsid=syz:syz.0: jid=0: Done
[  204.624000][ T7715] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  204.714369][ T7719] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  205.007475][ T5698] attempt to access beyond end of device
[  205.007475][ T5698] loop5: rw=2049, want=45104, limit=40427
[  205.501424][ T7749] loop2: detected capacity change from 0 to 4096
[  205.619003][ T7749] ntfs: volume version 3.1.
[  205.809259][ T7743] loop1: detected capacity change from 0 to 32768
[  205.992519][ T7761] loop2: detected capacity change from 0 to 8
[  206.412416][ T7767] loop2: detected capacity change from 0 to 64
[  206.613479][ T7739] syz.4.1169 (7739): drop_caches: 1
[  206.613564][ T7738] syz.4.1169 (7738): drop_caches: 1
[  206.783751][ T7773] loop2: detected capacity change from 0 to 1024
[  206.799144][ T7775] loop5: detected capacity change from 0 to 1024
[  206.813526][ T7777] loop4: detected capacity change from 0 to 256
[  206.831884][ T7773] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869)
[  206.859883][ T7775] EXT4-fs (loop5): Ignoring removed nobh option
[  206.870885][ T7773] EXT4-fs (loop2): invalid journal inode
[  206.890911][ T7773] EXT4-fs (loop2): can't get journal size
[  206.906944][ T7775] EXT4-fs error (device loop5): ext4_ext_check_inode:501: inode #11: comm syz.5.1187: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  206.943597][ T7775] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.1187: couldn't read orphan inode 11 (err -117)
[  207.005027][ T7773] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,noauto_da_alloc,nombcache,,errors=continue. Quota mode: writeback.
[  207.028455][ T7775] EXT4-fs (loop5): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback.
[  207.116945][ T7773] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 64: comm syz.2.1188: path (unknown): bad entry in directory: rec_len is too small for name_len - offset=0, inode=11, rec_len=12, size=1024 fake=0
[  207.213748][ T7773] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 73: comm syz.2.1188: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=83886080, rec_len=0, size=1024 fake=0
[  207.238375][ T7775] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.1187: Invalid block bitmap block 0 in block_group 0
[  207.320864][ T7775] Quota error (device loop5): write_blk: dquota write failed
[  207.354433][ T7775] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  207.400637][ T7775] EXT4-fs error (device loop5): ext4_acquire_dquot:6209: comm syz.5.1187: Failed to acquire dquot type 0
[  207.482536][ T7801] loop2: detected capacity change from 0 to 128
[  207.563627][  T580] Quota error (device loop5): remove_tree: Getting block too big (0 >= 9)
[  207.619851][  T580] EXT4-fs error (device loop5): ext4_release_dquot:6245: comm kworker/u4:3: Failed to release dquot type 0
[  207.661406][ T7801] FAT-fs (loop2): error, corrupted directory (invalid i_start)
[  207.690041][ T7801] FAT-fs (loop2): Filesystem has been set read-only
[  207.906172][ T7809] loop5: detected capacity change from 0 to 2048
[  207.953828][ T7809] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  207.983734][ T7809] NILFS (loop5): mounting unchecked fs
[  208.025009][ T4774] udevd[4774]: incorrect nilfs2 checksum on /dev/loop5
[  208.066315][ T7809] NILFS (loop5): recovery complete
[  208.074106][ T7793] loop1: detected capacity change from 0 to 32768
[  208.145262][ T7817] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  208.426470][ T7825] loop3: detected capacity change from 0 to 1024
[  208.563031][ T7830] loop1: detected capacity change from 0 to 1024
[  208.607472][ T7825] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869)
[  208.630388][ T7825] EXT4-fs (loop3): invalid journal inode
[  208.648664][ T7830] EXT4-fs (loop1): Ignoring removed nobh option
[  208.655675][ T7825] EXT4-fs (loop3): can't get journal size
[  208.694708][ T7825] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,noauto_da_alloc,nombcache,,errors=continue. Quota mode: writeback.
[  208.700127][ T7830] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.1210: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  208.734838][ T7830] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.1210: couldn't read orphan inode 11 (err -117)
[  208.756191][ T7807] loop2: detected capacity change from 0 to 32768
[  208.789995][ T7825] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 64: comm syz.3.1208: path (unknown): bad entry in directory: rec_len is too small for name_len - offset=0, inode=11, rec_len=12, size=1024 fake=0
[  208.799570][ T7830] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback.
[  208.825525][ T7825] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 73: comm syz.3.1208: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=83886080, rec_len=0, size=1024 fake=0
[  208.913549][ T7807] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  208.934373][ T4232] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  209.044983][ T7830] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.1210: Invalid block bitmap block 0 in block_group 0
[  209.111565][ T7830] Quota error (device loop1): write_blk: dquota write failed
[  209.134562][ T7830] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  209.149044][ T7830] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.1210: Failed to acquire dquot type 0
[  209.184305][ T4232] usb 6-1: Using ep0 maxpacket: 8
[  209.203485][ T4189] ocfs2: Unmounting device (7,2) on (node local)
[  209.230884][  T580] Quota error (device loop1): remove_tree: Getting block too big (0 >= 9)
[  209.245498][  T580] EXT4-fs error (device loop1): ext4_release_dquot:6245: comm kworker/u4:3: Failed to release dquot type 0
[  209.301233][ T7846] loop3: detected capacity change from 0 to 128
[  209.308398][ T4232] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  209.324819][ T4232] usb 6-1: config 179 has no interface number 0
[  209.332331][ T4232] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  209.407222][ T4232] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  209.450163][ T4232] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  209.467059][ T7846] FAT-fs (loop3): error, corrupted directory (invalid i_start)
[  209.479116][ T7846] FAT-fs (loop3): Filesystem has been set read-only
[  209.488028][ T4232] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  209.518160][ T4232] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  209.554125][ T4232] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  209.567023][ T4232] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.594669][ T7832] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  209.724556][ T4497] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  209.770957][ T7858] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1220'.
[  209.851214][ T5296] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input19
[  210.002047][ T7863] loop3: detected capacity change from 0 to 512
[  210.033539][ T7202] usb 6-1: USB disconnect, device number 4
[  210.034281][    C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  210.051966][ T7202] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  210.084720][ T4497] usb 5-1: config 0 has an invalid interface number: 98 but max is 0
[  210.104331][ T4497] usb 5-1: config 0 has no interface number 0
[  210.114606][ T4497] usb 5-1: config 0 interface 98 has no altsetting 0
[  210.139730][ T7863] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=684ec018, mo2=0002]
[  210.157184][ T7854] loop2: detected capacity change from 0 to 32768
[  210.173730][ T7867] loop1: detected capacity change from 0 to 2048
[  210.177674][ T7863] System zones: 0-2, 18-18, 34-34
[  210.192284][ T7863] EXT4-fs (loop3): orphan cleanup on readonly fs
[  210.201675][ T7863] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.1222: bad orphan inode 13
[  210.213727][ T7863] ext4_test_bit(bit=12, block=18) = 1
[  210.225701][ T7863] is_bad_inode(inode)=0
[  210.230035][ T7863] NEXT_ORPHAN(inode)=2130706432
[  210.231272][ T7854] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1217 (7854)
[  210.245972][ T7863] max_ino=32
[  210.251893][ T7863] i_nlink=1
[  210.256244][ T7863] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,discard,usrquota,noinit_itable,data_err=ignore,,errors=continue. Quota mode: writeback.
[  210.259214][ T7867] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  210.294852][ T4497] usb 5-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[  210.314085][ T4497] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.327481][ T4497] usb 5-1: Product: syz
[  210.331969][ T4497] usb 5-1: Manufacturer: syz
[  210.337747][ T4497] usb 5-1: SerialNumber: syz
[  210.348367][ T7867] NILFS (loop1): mounting unchecked fs
[  210.373979][ T4497] usb 5-1: config 0 descriptor??
[  210.394945][ T4326] udevd[4326]: incorrect nilfs2 checksum on /dev/loop1
[  210.405178][ T7854] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  210.425086][ T7863] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  210.447281][ T7854] BTRFS info (device loop2): force clearing of disk cache
[  210.471049][ T7854] BTRFS info (device loop2): enabling auto defrag
[  210.474544][ T7867] NILFS (loop1): recovery complete
[  210.494114][ T7854] BTRFS info (device loop2): max_inline at 0
[  210.508885][ T7863] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=684ec018, mo2=0002]
[  210.518125][ T7854] BTRFS info (device loop2): enabling disk space caching
[  210.527782][ T7869] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  210.564141][ T7854] BTRFS info (device loop2): disk space caching is enabled
[  210.573694][ T7854] BTRFS info (device loop2): has skinny extents
[  210.591314][ T7863] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  210.715821][ T4497] usb 5-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[  210.984039][ T7854] BTRFS info (device loop2): enabling ssd optimizations
[  210.997924][ T7854] BTRFS info (device loop2): clearing free space tree
[  211.053054][ T7854] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  211.104406][ T7854] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  211.164555][ T4497] usb 5-1: reset high-speed USB device number 12 using dummy_hcd
[  211.187737][ T7903] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1230'.
[  211.342153][ T7906] netlink: 'syz.5.1242': attribute type 4 has an invalid length.
[  211.410451][ T7906] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1242'.
[  211.550170][ T7912] netlink: 'syz.3.1233': attribute type 1 has an invalid length.
[  211.584108][  T154] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  211.584434][ T7912] netlink: 'syz.3.1233': attribute type 2 has an invalid length.
[  211.794657][ T4497] usb 5-1: [ueagle-atm] pre-firmware device, uploading firmware
[  211.859513][ T4497] usb 5-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  211.882788][ T7922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1239'.
[  212.019178][ T4232] usb 5-1: USB disconnect, device number 12
[  212.063521][ T4497] usb 5-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[  212.094042][ T4497] usb 5-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[  212.147001][ T4497] ==================================================================
[  212.155990][ T4497] BUG: KASAN: use-after-free in kernfs_add_one+0x4e6/0x6c0
[  212.163804][ T4497] Read of size 8 at addr ffff8880614e22e8 by task kworker/0:16/4497
[  212.172331][ T4497] 
[  212.174724][ T4497] CPU: 0 PID: 4497 Comm: kworker/0:16 Not tainted syzkaller #0
[  212.183214][ T4497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  212.194001][ T4497] Workqueue: events request_firmware_work_func
[  212.200462][ T4497] Call Trace:
[  212.203792][ T4497]  <TASK>
[  212.206847][ T4497]  dump_stack_lvl+0x168/0x230
[  212.211673][ T4497]  ? show_regs_print_info+0x20/0x20
[  212.212933][ T7932] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1254'.
[  212.217086][ T4497]  ? _printk+0xcc/0x110
[  212.231274][ T4497]  ? kernfs_add_one+0x4e6/0x6c0
[  212.236590][ T4497]  ? load_image+0x3b0/0x3b0
[  212.241593][ T4497]  print_address_description+0x60/0x2d0
[  212.247559][ T4497]  ? kernfs_add_one+0x4e6/0x6c0
[  212.253096][ T4497]  kasan_report+0xdf/0x130
[  212.257842][ T4497]  ? kernfs_add_one+0x4e6/0x6c0
[  212.262939][ T4497]  kernfs_add_one+0x4e6/0x6c0
[  212.267874][ T4497]  kernfs_create_dir_ns+0xda/0x120
[  212.274008][ T4497]  sysfs_create_dir_ns+0x120/0x280
[  212.279509][ T4497]  ? __lock_acquire+0x7c60/0x7c60
[  212.284854][ T4497]  ? sysfs_warn_dup+0xa0/0xa0
[  212.290055][ T4497]  ? firmware_fallback_sysfs+0x3e9/0xbc0
[  212.296257][ T4497]  ? request_firmware_work_func+0xac/0x1b0
[  212.302767][ T4497]  ? worker_thread+0xaa8/0x12a0
[  212.307755][ T4497]  ? do_raw_spin_unlock+0x11d/0x230
[  212.313010][ T4497]  kobject_add_internal+0x662/0xd00
[  212.318439][ T4497]  kobject_add+0x152/0x210
[  212.322897][ T4497]  ? kobject_init+0x1d0/0x1d0
[  212.327985][ T4497]  ? kobject_init+0x7f/0x1d0
[  212.332807][ T4497]  get_device_parent+0x380/0x3f0
[  212.338156][ T4497]  device_add+0x335/0xfb0
[  212.343011][ T4497]  firmware_fallback_sysfs+0x3e9/0xbc0
[  212.348989][ T4497]  _request_firmware+0xc86/0x12b0
[  212.354901][ T4497]  request_firmware_work_func+0xac/0x1b0
[  212.360934][ T4497]  process_one_work+0x863/0x1000
[  212.366694][ T4497]  ? worker_detach_from_pool+0x240/0x240
[  212.373185][ T4497]  ? lockdep_hardirqs_off+0x70/0x100
[  212.379041][ T4497]  ? _raw_spin_lock_irq+0xab/0xe0
[  212.380582][ T4236] kernel write not supported for file /sequencer (pid: 4236 comm: kworker/1:4)
[  212.384770][ T4497]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  212.384804][ T4497]  ? wq_worker_running+0x97/0x170
[  212.384827][ T4497]  worker_thread+0xaa8/0x12a0
[  212.384879][ T4497]  kthread+0x436/0x520
[  212.384897][ T4497]  ? rcu_lock_release+0x20/0x20
[  212.384914][ T4497]  ? kthread_blkcg+0xd0/0xd0
[  212.384935][ T4497]  ret_from_fork+0x1f/0x30
[  212.384971][ T4497]  </TASK>
[  212.384980][ T4497] 
[  212.384985][ T4497] Allocated by task 4497:
[  212.384994][ T4497]  __kasan_slab_alloc+0x9c/0xd0
[  212.385012][ T4497]  slab_post_alloc_hook+0x4c/0x380
[  212.385027][ T4497]  kmem_cache_alloc+0x100/0x290
[  212.385042][ T4497]  __kernfs_new_node+0xd6/0x680
[  212.464555][ T4497]  kernfs_new_node+0x148/0x250
[  212.466570][ T7926] loop1: detected capacity change from 0 to 8192
[  212.469889][ T4497]  kernfs_create_dir_ns+0x40/0x120
[  212.469920][ T4497]  sysfs_create_dir_ns+0x120/0x280
[  212.489411][ T4497]  kobject_add_internal+0x662/0xd00
[  212.495272][ T4497]  kobject_add+0x152/0x210
[  212.500057][ T4497]  get_device_parent+0x380/0x3f0
[  212.505297][ T4497]  device_add+0x335/0xfb0
[  212.511257][ T4497]  firmware_fallback_sysfs+0x3e9/0xbc0
[  212.517152][ T4497]  _request_firmware+0xc86/0x12b0
[  212.522635][ T4497]  request_firmware_work_func+0xac/0x1b0
[  212.529023][ T4497]  process_one_work+0x863/0x1000
[  212.534911][ T4497]  worker_thread+0xaa8/0x12a0
[  212.540160][ T4497]  kthread+0x436/0x520
[  212.545773][ T4497]  ret_from_fork+0x1f/0x30
[  212.551132][ T4497] 
[  212.553680][ T4497] Freed by task 4232:
[  212.557859][ T4497]  kasan_set_track+0x4b/0x70
[  212.562628][ T4497]  kasan_set_free_info+0x1f/0x40
[  212.567915][ T4497]  ____kasan_slab_free+0xd5/0x110
[  212.573125][ T4497]  slab_free_freelist_hook+0xea/0x170
[  212.578928][ T4497]  kmem_cache_free+0x8f/0x210
[  212.584233][ T4497]  kernfs_put+0x319/0x490
[  212.589686][ T4497]  __kernfs_remove+0x9aa/0xc50
[  212.596841][ T4497]  kernfs_remove+0x1d/0x30
[  212.602291][ T4497]  __kobject_del+0xe1/0x2f0
[  212.607281][ T4497]  kobject_del+0x41/0x60
[  212.611629][ T4497]  device_del+0x8f8/0xa70
[  212.616144][ T4497]  usb_disconnect+0x573/0x8a0
[  212.621566][ T4497]  hub_event+0x1e9f/0x5560
[  212.626094][ T4497]  process_one_work+0x863/0x1000
[  212.631138][ T4497]  worker_thread+0xaa8/0x12a0
[  212.636089][ T4497]  kthread+0x436/0x520
[  212.640247][ T4497]  ret_from_fork+0x1f/0x30
[  212.645173][ T4497] 
[  212.648233][ T4497] The buggy address belongs to the object at ffff8880614e22b8
[  212.648233][ T4497]  which belongs to the cache kernfs_node_cache of size 168
[  212.664427][ T4497] The buggy address is located 48 bytes inside of
[  212.664427][ T4497]  168-byte region [ffff8880614e22b8, ffff8880614e2360)
[  212.678923][ T4497] The buggy address belongs to the page:
[  212.685137][ T4497] page:ffffea0001853880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x614e2
[  212.697767][ T4497] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  212.705518][ T4497] raw: 00fff00000000200 ffffea0000882dc0 000000140000000b ffff8880169e9b40
[  212.714287][ T4497] raw: 0000000000000000 0000000080110011 00000001ffffffff 0000000000000000
[  212.722978][ T4497] page dumped because: kasan: bad access detected
[  212.729589][ T4497] page_owner tracks the page as allocated
[  212.735932][ T4497] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 4185, ts 70292989657, free_ts 25767580333
[  212.752913][ T4497]  get_page_from_freelist+0x1b77/0x1c60
[  212.759369][ T4497]  __alloc_pages+0x1e1/0x470
[  212.767220][ T4497]  new_slab+0xc0/0x4b0
[  212.771584][ T4497]  ___slab_alloc+0x81e/0xdf0
[  212.776791][ T4497]  kmem_cache_alloc+0x195/0x290
[  212.782927][ T4497]  __kernfs_new_node+0xd6/0x680
[  212.788235][ T4497]  kernfs_new_node+0x148/0x250
[  212.793199][ T4497]  kernfs_create_dir_ns+0x40/0x120
[  212.799278][ T4497]  sysfs_create_dir_ns+0x120/0x280
[  212.805035][ T4497]  kobject_add_internal+0x662/0xd00
[  212.810703][ T4497]  kobject_init_and_add+0x122/0x190
[  212.816514][ T4497]  netdev_queue_update_kobjects+0x19c/0x3e0
[  212.823249][ T4497]  netdev_register_kobject+0x265/0x310
[  212.830114][ T4497]  register_netdevice+0x1019/0x16b0
[  212.835863][ T4497]  xfrmi_newlink+0x336/0x4c0
[  212.841918][ T4497]  rtnl_newlink+0x114c/0x17d0
[  212.847617][ T4497] page last free stack trace:
[  212.852907][ T4497]  free_unref_page_prepare+0x637/0x6c0
[  212.859225][ T4497]  free_unref_page+0x94/0x280
[  212.864275][ T4497]  free_contig_range+0x96/0xf0
[  212.869314][ T4497]  destroy_args+0x100/0xa20
[  212.874265][ T4497]  debug_vm_pgtable+0x318/0x370
[  212.879376][ T4497]  do_one_initcall+0x1ee/0x680
[  212.884634][ T4497]  do_initcall_level+0x137/0x1f0
[  212.889774][ T4497]  do_initcalls+0x4b/0x90
[  212.895007][ T4497]  kernel_init_freeable+0x3ce/0x560
[  212.900480][ T4497]  kernel_init+0x19/0x1b0
[  212.904811][ T4497]  ret_from_fork+0x1f/0x30
[  212.909403][ T4497] 
[  212.911908][ T4497] Memory state around the buggy address:
[  212.918181][ T4497]  ffff8880614e2180: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[  212.926675][ T4497]  ffff8880614e2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[  212.934993][ T4497] >ffff8880614e2280: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb
[  212.943671][ T4497]                                                           ^
[  212.953847][ T4497]  ffff8880614e2300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  212.962745][ T4497]  ffff8880614e2380: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[  212.972567][ T4497] ==================================================================
[  212.982156][ T4497] Disabling lock debugging due to kernel taint
[  213.048351][ T4497] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  213.055873][ T4497] CPU: 0 PID: 4497 Comm: kworker/0:16 Tainted: G    B             syzkaller #0
[  213.065274][ T4497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  213.076255][ T4497] Workqueue: events request_firmware_work_func
[  213.082887][ T4497] Call Trace:
[  213.086441][ T4497]  <TASK>
[  213.089595][ T4497]  dump_stack_lvl+0x168/0x230
[  213.094663][ T4497]  ? show_regs_print_info+0x20/0x20
[  213.100068][ T4497]  ? load_image+0x3b0/0x3b0
[  213.104780][ T4497]  panic+0x2c9/0x7f0
[  213.108698][ T4497]  ? bpf_jit_dump+0xd0/0xd0
[  213.113420][ T4497]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[  213.119974][ T4497]  ? _raw_spin_unlock+0x40/0x40
[  213.125139][ T4497]  ? print_memory_metadata+0x314/0x400
[  213.131256][ T4497]  ? kernfs_add_one+0x4e6/0x6c0
[  213.136409][ T4497]  check_panic_on_warn+0x80/0xa0
[  213.141445][ T4497]  ? kernfs_add_one+0x4e6/0x6c0
[  213.146668][ T4497]  end_report+0x6d/0xf0
[  213.151191][ T4497]  kasan_report+0x102/0x130
[  213.155870][ T4497]  ? kernfs_add_one+0x4e6/0x6c0
[  213.160919][ T4497]  kernfs_add_one+0x4e6/0x6c0
[  213.165771][ T4497]  kernfs_create_dir_ns+0xda/0x120
[  213.170974][ T4497]  sysfs_create_dir_ns+0x120/0x280
[  213.176584][ T4497]  ? __lock_acquire+0x7c60/0x7c60
[  213.182245][ T4497]  ? sysfs_warn_dup+0xa0/0xa0
[  213.187976][ T4497]  ? firmware_fallback_sysfs+0x3e9/0xbc0
[  213.195017][ T4497]  ? request_firmware_work_func+0xac/0x1b0
[  213.201078][ T4497]  ? worker_thread+0xaa8/0x12a0
[  213.206096][ T4497]  ? do_raw_spin_unlock+0x11d/0x230
[  213.211798][ T4497]  kobject_add_internal+0x662/0xd00
[  213.217216][ T4497]  kobject_add+0x152/0x210
[  213.222000][ T4497]  ? kobject_init+0x1d0/0x1d0
[  213.226781][ T4497]  ? kobject_init+0x7f/0x1d0
[  213.231540][ T4497]  get_device_parent+0x380/0x3f0
[  213.236839][ T4497]  device_add+0x335/0xfb0
[  213.241532][ T4497]  firmware_fallback_sysfs+0x3e9/0xbc0
[  213.247691][ T4497]  _request_firmware+0xc86/0x12b0
[  213.253353][ T4497]  request_firmware_work_func+0xac/0x1b0
[  213.259208][ T4497]  process_one_work+0x863/0x1000
[  213.264865][ T4497]  ? worker_detach_from_pool+0x240/0x240
[  213.270605][ T4497]  ? lockdep_hardirqs_off+0x70/0x100
[  213.276432][ T4497]  ? _raw_spin_lock_irq+0xab/0xe0
[  213.281910][ T4497]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  213.287908][ T4497]  ? wq_worker_running+0x97/0x170
[  213.293385][ T4497]  worker_thread+0xaa8/0x12a0
[  213.298328][ T4497]  kthread+0x436/0x520
[  213.302742][ T4497]  ? rcu_lock_release+0x20/0x20
[  213.307858][ T4497]  ? kthread_blkcg+0xd0/0xd0
[  213.312448][ T4497]  ret_from_fork+0x1f/0x30
[  213.316878][ T4497]  </TASK>
[  213.320271][ T4497] Kernel Offset: disabled
[  213.324837][ T4497] Rebooting in 86400 seconds..