last executing test programs:

3m24.516134116s ago: executing program 32 (id=5):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), 0x0}, 0x20)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})

3m24.460537804s ago: executing program 33 (id=6):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
lsetxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0, 0x1)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x9, 0x5, 0x81, 0xffffffff})
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=""/246, 0xf6)

3m10.335006694s ago: executing program 2 (id=60):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmmsg(r1, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m9.886245955s ago: executing program 2 (id=61):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000600)="d387c80c62b0bd39aa0dc37b5db9bbc4305605ef2840e6ee4ec6596b4856b63943c877c09aa1f45b0172040464b86a103a0ea373631cd1da1c766ab8f4", 0x3d}], 0x1, &(0x7f0000000b40)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x80}], 0x1, 0x851)
recvmsg(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/5, 0x5}, {&(0x7f0000000300)=""/54, 0x36}], 0x2}, 0x40)

3m9.51373482s ago: executing program 2 (id=64):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000200))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0xa2c25)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000340)=0xe)
writev(r2, &(0x7f0000000300)=[{&(0x7f0000000280)="8f", 0x1}], 0x1)

3m9.248951971s ago: executing program 2 (id=66):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000600)='./cgroup\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101090, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

3m9.05847674s ago: executing program 2 (id=68):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x9, 0x4, 0xfe, 0x2, 0x3, 0x0, 0x5, 0x0, 0x0, 0xfc, 0x3, 0x0, 0x0, 0x5}, 0xe)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x8, 0x4)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)

3m7.350265085s ago: executing program 2 (id=72):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2)
write$binfmt_misc(r1, &(0x7f0000000140)="df797b14b6fd91b818cfe4e10919fd8c762ac2452bd4a5d49629b0de2506d9090a", 0x21)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

3m6.735928947s ago: executing program 34 (id=72):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2)
write$binfmt_misc(r1, &(0x7f0000000140)="df797b14b6fd91b818cfe4e10919fd8c762ac2452bd4a5d49629b0de2506d9090a", 0x21)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

2m58.817288485s ago: executing program 0 (id=103):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x1, 0x3, 0x5, 0x5, @f={0xcd, 0x3, 0x6, 0x2, 0x1, 0x1, 0x6, {0x3, 0x1, ','}, 0x6, 0xf, 0xfc, 0x70, 0x1, 's'}}, 0x13)

2m57.649916454s ago: executing program 0 (id=109):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x6, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xbf29b0e121e60b4f, 0xb, 0x0, 0x0)

2m57.038687045s ago: executing program 0 (id=112):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000fefffe7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c9be17044171e1d3d7b1efd036d7af273bce36015779c4cef58fa35d17c668a4b63e069efb29797573b8538e31ec24925095a163b9d4e76be2661f2a395e41f7e31a8021e00b00104e0801d4de36e5fdc6c42a7b3ff13f2360a6e231fd223bc33091dd61258a1fda45991fbdce6793c8a4785ee8b60092659b941bbd694dff0f0000000000003a45404b04bf97c4fea679c032b363956cd8bac9626b5db1b07a0bd7cc85e961506a35a04617dc0200379e731d3a8d8feac94a4ee293001f6ce7d5b40bf2a7f9be8173a9639a79fae885d05afe042c0e7821d406c967379e7521292d24d6c8034f2fc7c855a8945e9bce678ee9a015abc9daac8876623db56346916674ceb55f60b493f2f4d736acb2f206fc538450a676d71c01175b8454eb92567e8f8a707b590d7219288e23ee0800000000000010a49fc8f4ff0300000000000000000000cb947d6017ad27714772ad790af252e648ef8c313c604324f5b306000000000000cf327a00000000000000080a70162bba30ad7804fa4140f1a754ffff000000ab744d306619dfb3a37d897662bee00189f43da46a908a235c84cbad335fd1d2f2ef93a6a70c8b8ece0e243eab05a34ab0a7e7e497065e5e282e284f8d5e8852a265d528075214af000000000070d42182d8f3a347d48289a8b29b911ac473c5fa02bb0e24e5b7b238e27263a23c0b865f75331d888c72df1da4b290582f00024227f03204add786a87b23ceb17c25810e769fe2d6a7bd8e504843b66b1a8c7b364bd2194ba9c8f60ac0c9b18d8c1b9e1a736825c91b4dff0000c1c5dcffa295c2930000000000235d84b0193a5ea7c77cdb7de9ce1a59ab4158097b4dd13ebfaf4425c6855530b56a3320d85c8fe85f667998b1a7e589f486c107761108e4e230419fd27b6ad9c10b25c6b6ed84badbb970dcf133279dd355e41de944564bdab99c5c712a9fbc8e9691c775bb94f746505e1e748cf1710d52468b4b1625ce21612ed5e807dfb5f19f3267e5366b2c0b2a0be49ae476263c9407ac6c596bf3cf66204984f5aebf93d1caa220ea6969cea852fe9a7d1eee13f1f48722a69ad9fb850bd093a302b9250245900ad5c8e5f20ddf77ee3d5a168964fad1aa7347d36c502d02b1d96d753ef6fc354fc126070060c65c147651fca62c0a06939f40c90ebc3042e753fe91b5770b24f25c558736dd7e1e9fb214cbb04c5c6ee4c970b320ba6fb6ef4615f4092de54c519f4622e1224153463ea80248a45a95a189958f586d606dcaa9aac656cf95a2d35225cfb0e6f47486d5cbb04a590116d4de92e203e107d68728a189b0d537d2442beab2f8ce7b2dd357200dcd139e47267012fc2a2b6bad79be429d1ddaccbe0139f16ca1b9bc1103000000ed1ece54cfdbe04670bee9b42fe3dc42033997e2e700b6edb2b49b5f2f6001ee0a9e5d1bee199ce9124a5cb479040000000000000049ead5b02d5ea1dcf6cdcf332fe94b3c1932d8d391754774a32c9b7e6ca4023bce2c7281d27a2cb62383ab3a3bb535650fbfb96c89936855eb7a485698f0d20c3eedd6123ef8f218d52ea2c346f80acb8b9a71856d2f2d1a7c6f45ee127b6a1d1ac1e243ed02e49e8aafe835919564af915965a050c37ceff855bd2dec3452c7c38f5dbf1ff1ff00020000000000006a1a029ea6540b40b2f797813af2c7d4ed235c2dc5f1dbbfcc52b2f55fd3f9f100c4891d0cb4c10ed01489bf235c45822594d7a6edc9d1270a7819fc0c597fdfb4d7842da1b411346297a40bbf221bbf63ad3822575dcc01a3c34b5aa4e3750400000000000000fc0fd9c746cf0ed4b0343d00a154e6a869346256ffbd666a34414ab0f40bec45b1c24f02ac9bc20e69201968537dd4dc61323c8b6d3643183631664eeca616696fb30fe89c8bdb15037c801fca4a9c220fec5d14582a00b62548ddf2599e5ffc5330cefb8903d276eae21b0b4b20100ead8256636c7e754185e815dd21445cc965a0526da38021a3e540949494ef3041cfa5067f556a0af5c19d27ff4f61fa7762d7963c96853709e773f14c47eef784cb145ae9d6d37fc7b5d83e05ac773fcc429eae6826a9d207d4c39df8eed9cc2ae3f68df1c6495a82d02939b448bf8038521057714e6e6405000000be9e0b0025d16b7eff573f78364ed70a62a7b1e55311dc0193d47f9ecc8c7ad268dc6e2e75f8cc83315411bd6c6b88e1850ee757ac2f9e4d6ac510003717d5847a19e750db92d33d6bdc434d0b52b2eb4b1790459e35122f46b205120a54bf657da9fd55d43a89e333481de468f5984a69509e9eac7a5b39c004396e8cb3ab037fd62fa43f259f13ebc4b590e9ea07ea37689049c799cd444d45dabe3e3cf086768daa6816c37793d17a284d2828f5eab2d3d0bedd5334b7bb4c983fa9cd4bd86f0ad227901e83ef4871695380d25bea2929fa66382af6ddb89917ab100046151bd08fce74247955247daa1ea75139b9ce3771526503c7db3a4b3ff39301986c1fd9b5c42d39e768946c9a7ee8dd081bfb6ea5fa132ebdbe72d02ce9f2000000006f63ae8311afc4943c963d39e42c54a3f52d121bfb425fe268892f654febdaee43e95b5ae6749275e1ad8b8b279e1ae296e03a8d9386d8e199dc1f00000008000000000000000026c43493c622f041b47d329b248e8ccd92e9b17007ba2578eefcb59f50343722e6cba3be72fd037eb5fa243a395b5c83376a14414b32c2e8a33de8000000003927da2bec76f4e15c8bf3715c5bfe7b3617d0fcf9b5861554b5b76b8ae69c644a48931306a16cff8a38ea95553867e2c5fb1e99b1802e616345871b4611627874cfbe30fa5793c873ae6f75427f3eeda690147b9615b096d967c2d7f5ddf725f0544f8750a5ed04d6ca0f223506fec5d5e65b467c59459f6113cf41c174a63a17fc79d0b777a0c903c0d2e7f79b6f9ce68a3b72315407040f6a09cadc25e87b7c6b4a3079c7989b4cf04b2581b555fa9a2d74392939b4dbaa9e620e22ab975ac3a5a329157762c1f29075fbdd39451a56b97c90e4fde6782a7c78e7fbe8400054dcafcd51e9eef2d2ea10a3f2636ac2239cef5d8505060de55f472aa89cb8e0188f2ee96cb1ae8dee3c03d0a942c6289cbc4499cea402bd0550520f4aae98c436f18a667ae4efeb5e6a4b1b3f53536145a87578ead8ec76b17acd9d9629449714ed1302714c3519fdd8529b5a86ce2fabb7f285fe73730000000000000000000000000000000073b6f8e9255567374cb2cc80be58fca5b1dc50d85342e56beda632edb7f0a4abcabae102fadfbffecc6b1549315dda8e09d18a7fe5e1574e4fad426b6ca211da39a16dffdd661a20b20c390e00004b002cd83b754c3d32819c823027b3cf8f8da6e63d099712be370bb2aa06debff931ea0a2e7aa0390000000000000045b6720d74c470d49e1e97d1668bb75ad994089d723c2eeaad3f857937fa3df615121a1841ed452dd395788e1a82efda18b41c06c948ef44af8500fbe1ee0828a3b047afb80435935b0f99b381dcf101e9a1593bdaab3bc88c70bf56995a4790a339e1b62516356644ed7df6db419d0976a5169e68e8bd4712552c5ec03f2818c17c4a5bf1e5ecd9bb40074a63c66b61f4779226a99dc5ff9c442e93991570797493569e6f9ccd6d73bcbce41022e2731fc61b6bf0188c74a21471332a546ffe8e9dd738aa2ca782ff5a547a1ad7c348c59ff99d1496404eafcd0333df8f2801d39ad0c82735af24b819efc2fd67c6a53835f0af6a51d1b9123f4b9af7fa2ee2ebf4bc2973cf04380b41aa7577e35bcd28446bfcea19aa85440fe0fdce12e53da7b8842b7527a34d1bcb16fcdc84f2c46a78c01c2ff463cdd0d65267b0822e899e893514a02acd8c21583d181224175d08ff75223da84d53656eb7ab46ad442d70c67a6010029329924b8b39e6dc4b2077a4b9645d8e0a445ae2c7be53d66007d491ab0f6851a2cc1cffeed15f586a035c1a2888c56f43"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="0200000004000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x17, 0xfffffffffffffd85, &(0x7f00000000c0)="b9ff03030018698cb89e40f065586000000e00001100630677", 0x0, 0x100, 0x2000000, 0x0, 0x0, &(0x7f0000000440)}, 0x28)

2m56.404727363s ago: executing program 0 (id=114):
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000140)='./file0\x00', 0x81c04a, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d69736f383835392d312c666d61736b3d30303030303030303030303030303030303030303036362c6e6f6e756d7461696c3d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030332c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c636865636b3d7374726963742c757466383d302c756e695f786c6174653d312c756e695f786c6174653d302c666c7573682c757466383d302c726f6469722c747a3d5554432c00e696e27e745267d0e7f7d60cf64c4d116172285e0a94b37c3f04b4e454913b1615b6c103a4be033c3f79c81a7a0dc9f3282eb2b984b8df829f11f7b15ceaa2ddb341548691e92d41d923144fa5f6aa8b37c7698e74a04d87cb16f3c338160646d1719f9aa1097cb78032fa4c9c60c14840662537510c0ac9f95a646f5231c0c9eb096b898803099b3050797137354ed2fb2a3dd97ad790f0758b4561eb7180b4b366c9ac840ca3d57727827ab961af0bb24ac6b14796d3bedfa4addb1c2f59217a563ca0a3729d45669905a6f0f3dbf3fd22ab36dfe7cf80913ecb4656ca"], 0x6, 0x2d9, &(0x7f0000000580)="$eJzs3b+LHHUUAPA3e7M//AG7hZUIDmhhFXJpbTZIAuJVhi3UQg+TgNwuQgIHijimEjv/Af8CQfB/sLWxsxT8AywjBEZmdmZ3Nju7uYh7ovl8mrzM9735vtkZ7uaKe/fRK4uz21ncffDFbzEaJdGbxjQeJjGJXjS+ig3TbwMA+C97WBTxR7HUsfzrNzvqkogYHbg3AOAwnvD9v5auwx8vpS0A4IBuvff+O9dPTm68m2WjuLn4+nxW/mRf/rtcv343Pol53ImrMY5HEdWLQj+qt4UyvFkURZ5mpUm8vsjPZ2Xl4sOf6/P/9GIdHMc4JlW0etuo6t8+uXGcLbXq87KP5+v9p+X+12IcL62KN+qvddTHbBBvvNbq/0qM45eP49OYx+2qiXX9l8dZ9lb5ivNB2V5Zn+Tns2GVt1YcNZvnl3h/AAAAAAAAAAAAAAAAAAAAAAD4f7pSz84ZRjW/pzxUz985elT+px9ZY7I5n2dZnzQnas8HKooiL+K7Zr7O1SzLijpxXZ/Gy2l7sCAAAAAAAAAAAAAAAAAAAAA8u+5/9vnZ6Xx+515nUIx3LnUGzTSANCL+vBVxsartYNo68mrsTx7We57O57063MxJ20fiqMlJIva2EelqmMHfvIoLB89t9VwH3//QVTXYvHFptHJGT960373XPxk0T9fZaRKdOcNVz6PlQ1INgljnDKKrqhki0bpxg11tFPE0j9+gc2m8r6rsZfs8L1RBvuOTL4NI9jX25u/LK6yPJI9fxaD6VDvL+3UQXY1Vz0b3vXgsiNGyfPtrRWJaBwAAAAAAAAAAAAAAAAAAHNT6t387Fh/sLe0Vw4O1BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACXav33/58iyOviCyQP4t79f/kSAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAb8FQAA//9LTF1m")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
ftruncate(r0, 0x81fd)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}])

2m55.900529837s ago: executing program 0 (id=116):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_migrate_pages\x00', r1, 0x0, 0x9}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

2m55.142785667s ago: executing program 0 (id=119):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0)

2m54.65008641s ago: executing program 35 (id=119):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0)

1m16.613792291s ago: executing program 8 (id=571):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

1m13.691308619s ago: executing program 8 (id=582):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x24, r1, 0x1, 0x70bd27, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c045}, 0x0)

1m11.681416603s ago: executing program 8 (id=589):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x206, 0x3601)
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522)
ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r1, 0x5521)

1m11.275945596s ago: executing program 8 (id=592):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260)

1m10.949757392s ago: executing program 8 (id=595):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001840)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xfffffc00, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x3, 0x9, 0xc}, 0x10, 0x2469, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x878}, 0x94)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x6, 0x6, @remote}, 0x14)
sendmmsg$sock(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x30}}], 0x2, 0x20004874)

1m10.255548178s ago: executing program 8 (id=601):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

1m9.487981099s ago: executing program 36 (id=601):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

30.352776692s ago: executing program 4 (id=905):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x230b, 0x400000000000005})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
ppoll(&(0x7f0000000740)=[{r1, 0x42a9}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})

29.921629691s ago: executing program 4 (id=910):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

29.433751273s ago: executing program 4 (id=914):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x14)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000080)='./file0\x00')
r0 = inotify_init1(0x800)
inotify_add_watch(r0, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')

28.886817422s ago: executing program 4 (id=917):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
umount2(&(0x7f00000000c0)='./file0/file0/../file0\x00', 0x1)

28.633836322s ago: executing program 4 (id=920):
r0 = socket$kcm(0xa, 0x2, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e20, 0x3, 'ovf\x00', 0x1, 0x80005, 0x6f}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x2, 0xcd}}, 0x44)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

28.273505034s ago: executing program 4 (id=925):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
readahead(r0, 0x8, 0x7f)

27.820609755s ago: executing program 37 (id=925):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
readahead(r0, 0x8, 0x7f)

9.567157185s ago: executing program 1 (id=1069):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x800)
r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec29, 0x800, 0x1, 0x40000337}, &(0x7f0000000dc0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0)

8.924277694s ago: executing program 1 (id=1076):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
ftruncate(r0, 0xc17a)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2720, 0x0, &(0x7f0000000000))

8.611907028s ago: executing program 1 (id=1077):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
syz_mount_image$bcachefs(&(0x7f0000000200), &(0x7f0000000000)='./file1\x00', 0x1800402, &(0x7f0000000540)=ANY=[@ANYBLOB="6a6f75726e616c5f7472616e73616374696f6e5f6e616d65732c6d657461646174615f636865636b73756d3d63726336342c7f6174615f636865636b73756d3d6372633332632c6673636b2c6a6f75726e616c5f666c7573685f64697361626c65642c726174656cd6ee984c5f6572726f72732c7265636f766572795f706173735f6c6173743d7365745f6d61795f676f5f72772c7265636f6e7374727563745f616c6c6f632c6e6f5f646174615f696f2c7374725f686173683d736970686173682c000f456c33737c01c96a485301f57184319607791e0389515818ee65b05741a83e2d3412b274e683f19cb37b6975e95e26fbf8", @ANYRES16=0x0, @ANYRES32, @ANYRESHEX=0x0, @ANYRES32], 0x1, 0x5962, &(0x7f0000001400)="$eJzs3W2QXFXdIPB7u3syPTOZZBJAIshkCEQR1Ex4K3wpja5vBUjFwlLCRmEgE4xOQioZBAJKcMGFAiy0tBT1A7pILRotqmCFSIm8bMIqSrG61BZSq/ugH7SQh5RAHsrycZ6a6Xs63Xf6zu3p7skL/H6VzO17+vT/nnvu6dv3f7pnOgIAAOA1Yff1W/eec9QHfvnF0Zev+fBPN14b9RWnysuhwkCyvOJAtZD9qbu0ZGqZHhdvuuoHfxq6+H2/uLv3+6/sWnfs+t+9/7CLH/jMmTtv+/bDL/Xf+89n8+KG8XTivvX4+TiKyj/b8/Uv7Xr8yMmyOIqiYjywPYoWxYsfXhSnQgz/PYqidcnKktSd97x8yvrJ5bU3ddeVL0zVM95f28rJONu29/KTot+/d811v1764x917Xhu+74qcblmPEXRggtrH98VRVFP8n9SGG1hPIZBuzqKot6ax52R067jmmz/ioz1o5PlvGTZlxMn3L8stV5I1UuvB12pZW/O9tqV1Y5W6+WZn1pPn4zaldXOUL4oWd6XLE+cZfxi8r8cR4U4KlWbPxbvGyNRzXGLo3jqWJar64XqsY2S/U+tx6n1Qmq92JXar6ntJgOtGMf15aFeqjycjktJ+bG15+oGzs0of32yLCdP1FfCepS+UdE37UZ1v6aEdu2ZoS37Q6HmHNSovHrgk4PRl5T1xYunPWaigXDfrjU3Ly+ufWT3QEY74rvjJH7cUvxtv1o0/1M/vPGy9Ot6Nf6FhSR+oaX4fzjriRfOv/F738qMf2uIX2wp/skP9j5/1qPXL8vsnz2hf0otxR959rFblh5+0Y7M9t8e4pdbir9q5xPd/XsffCiz/cOhf3paiv/MOz/4x7ueuv+5zPhRiN/bUvy1Ozd/uXtw7wmZ8R8K/dPX2vh5ccfpTw8O/nkoK/6TIX5/S/Hv3H7bO+5YeNOZmcd3deifgZbin338A9fN33v/MVnnzvj2Tr1yArw2HZZcY92QrLeaZ7arJl/45lCpcs03P/nf38kNpS4+J7ezoJPxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCKoiNO+l8f+pePDzxfSta7kxvPFCrLUD4viuKeKIq2jo9sGd+w6ZKhz1x62ZZNI2NDI+NDo5vGt1w5dOpbhraMbh4buXLy3uG3nlJ53OIorizjY6Ztu3tiYqIwUF8Wtvefjt/x++Vn/OWvUTR8xG8HS5ntX3HbxjsOb/AzJV418Z6Nl53z29O+m+zXQNKugQbtmpiYmIgy2vWv5/3jjq/u+dMJUTT8upna9dgz7/55XYOmCvbFSRS6o0qDuuPehu2otjppT+iv0voNY6PDM/fv5OOLGfvxn6967u/rr/jKPyr9W87cjyb7t2fVxFjhG2vO/vdvXF0pyGvXgTruef0d9iK0L/RfOenvBcl+LcjYr1LGfl3/64ee+tlRN760PRouvbh0+rbz9qsrGQBd8eub2m7YQm+8qK68nNQPRzw8bsX4xs0rtl657a0bNo5cMnrJ6Ka3rzx15enDp51+2oqpPV/R4f0P239jk/u/f8bTws9tvy/8bG485bUrrz8m25XfH7Utynr+9Z77pa+9/bZHz6kU5I3zULt6PkmWvZPHeWVUM96m91Wj/crrhyiKhhr1wwsvnRkd+X83XJd3Hqo9MrU/U+JVE48v+9t3z/jOkndVCvbLeb62QbXn+e5qtdzzfLXV+9oz1V/l5HhMHOj+LU79nNa/3ckd3XFfw3atfPzRrpt3//Xz1fbNmxddMTI+vmVl5ef8pKXz46MbtitdGvZraWhUMj6rw7TBeJ3UFVXalz5/hurpXu1L7uuLFzfcr7Rw3641Ny8vrn1kd1ZPx3dXttgT9VeW8Rsyao6lHlisNrjR9g/W51/e+Bj80Hfu/fi9Pzm1bnz0JBXGt5yct19xxn79+Kk7v/b9r/zXn3Ruvz707icG/vb/Pr28UnBAzyv75J5Xqq1O2hPXnldOjqK859/SqPF+ZD7/Co33J+/5l97OvvqN4w2l1vuiYkvP15Mf7H3+rEevX5b5fN3T7PP16rq1Ys7z9WAZP+nnV1yqb8fcPb/qBkq8auIXNxy2/eFrVh9VKcgb19Xajcb1KU3kHxn79fPznx68dOi//J/OnTd+8JZ7LvjdyKovVApaP+6hLZ057uWkf8sZ/Vttdcg7a/v3bRdfOrauUn4Arn8b7XyD699kmZP/hFPJ1iu3fXZkbGx0y9bm9qvZ19OwnXQvt/p6Gs5ui3P2qzBtv+buRjP91ezzLbR/Xcv9Vf9864vill4Xtv1q0fxP/fDGywamPSrZ0IWFJH6hpfh/OOuJF86/8Xvfyox/a4hfain+yLOP3bL08It2ZMa/PU7il1uKv2rnE939ex98KDP+cGh/T0vxn3nnB/9411P3P5cZPwrx+1rr/xd3nP704OCfM+M/GSfbmbxGiqJ7Xj5lfWU9jrqS51toR1ddu6L0epxaL6TWi7XxCpW51mpBMY7ry0O9pPzYmsc28omM8nAVVl5SWb4S1qP0jZnLDzaFurR7ennedSoAwKtdeP8/XJOG9/9Hkwul7JkG2KfdPGxJRtyQh+2bz5lXd/+SJH54fJgHHHxbNDy5vHaocqE/2/cRwvMhPc8ZtnPCcfUxWp3nzJt/X5ZaD+2qzJeXavLQxPS8phQ1Mf8+fTszz7+ndj9/fnzohmnNGqqZt0ofv65kxqzR5x1S7S1NRsgaH+l5sfB5jsEF0eqp7TU5PtKfownHIf05mrCdo1InzlY/R9Pu+AjNnmF8TDU5//2N6ccvmqF/9x2/xtHSx28Wx7s8WX+u35/twLxhw1Pa/ps3nNv3w8xLZsRPnmD7a94wmO28YSgP+1Fqcj7x4xnlnZpPDKeL0K49M7RlfzCfCLxahfw/vEZM5v+TF+D/lqqXdx2avmoM8TI/J1Rs3J68vGP65/R6W3odX7tz85e7B/eekHmd81Czn/vZXLfWm/O5n7x+XJ5az+3HjAmavHwvvZ28fk9/LqMv6m+p3+/cfts77lh405mZ/b668kKa3+9fq1vrz+n3QyBfaBxfvnDA8oXSIfQ5hrz5swOWjyQffJqrfORjGeWzzUd6p92o7teUQy4f6dq/7QIADh0h/6++f5bk//8/VEiuI/Ly1hNT6yFew7z1vv+W2Z6svPUjyfKKVP2+5DcqZnvdfPbxD1w3f+/9x2TmLbc3m4f+97q1gdw8tL28OTOPWN2Zz4tn5hHVPKu9PDGz/dU8sb08PTN+NU9vL4/O7J9qHt3ePEBm/Oo8wKH9vljufF1qY2G12fm6V20enfz67Fzl0edmlM82j+6bdqO6X1MOxjy6p0G5PBoAeLUK+X+4jAv5/6Opeu2+z56ZF3Touj3990Cq8Z/cX3nlXOd9c523znVeP9fzEod6XjzX80JzO0/2ms+Lk42+mvLiRuXyYgCAQ1vI/8N7INn5f3v5SaP8rasuP+l8fj5ZS34uP58pfsfet86If/DMf8n/vS+eT/4PAPDqFvL/8GuP4e///c9kPf13672PnhFfni5Pn2n8NJ2nd36eLfI5gAM7D1DzAXPzAAAAHAhdU5nS9N+z/2SyTP+efdbv5Z+fUb9ZpeTy+KLxLaOjF1y2ed3I+OgFmy5dN7r1gsu3bBgfH91Uqddu3piZtyR5Y1dUSvqjcb103rYw+XsICzP+HkK6fgh79NSN6X/HL73Znpy/I7Dv+DXX3qzjV5ihfqPxkXW8s+J/IqN+UD3+F3/65AvWb71gw6YN4xtGxjZsG62vN5m19s7iezNDt8zq+1JTP6YpzP77O2fTjr9ktqMwrR1dSX9kfT97nGrHoqQli7K+/yCj3b/831/93PET/7grioaPKL6hrf6LV038j/NGPzK++7ebJ9tfmLH91ZpJu/K+rzRdP+xPaezSreMnrb/0sk3pb5RsTZjPKFTX52g+I3n6F5ucn1ibUT7bzykUp904ODU9PwEAQJ3w/n+4ng3vH34luYAK5c3n6e29f5yZpw83l6env5csL09P1w/722yeXm4zT09vPy9Pb1S/UZ6elXdnxf9YRv3Zan6ctPc5j8xxcmFz4yT9fQZ54yRdf7bjJG5znKS3nzdOGtVvNE6yjntW/I9m1M/S/Hho73M5mePh1ubGw5tT63njIV1/tuOh0OZ4SG8/bzw0qt9oPGQd36z452TUb1b9+JgcGFPjYvSCyy/d8tmaenP9/Rftty8+/qKMGM2cz/K+/6NVzbd/bj/3Nfftn9vPlXW8/amp1HY/V5bZ/ifbmwlrvv/n9vtdWrXf5muTD5vlff4sbx53TUb5bOdx5027cXAyjwsHTsj/w9s9If+/KVl2+m2glvO+yRehg+J70g697zGL9uvn7+f2Osbr+QwbOwh4PQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoTndpydRy9/Vb955z1Ad++cXRl6/58E83Xvumq37wp6GL3/eLu3u//8qudceu/937D7v4gc+cufO2bz/8Uv+9/3w2N/DA1M/SiclqOYri5+MoKv9sz9e/tOvxIyfL4iiKivHA9ihaFC9+eFGcijD89yiK1lXbWX/nPS+fsn5yee1N3XXlC1NB0vsV9RVDe2rbGUVXhIKu3F3j0FFOxtm2vZefFP3+vWuu+/XSH/+oa8dz2/dVics14ymKFlxY+/jJ0dCT/J8URtuS8OBkuTqKot6ax52R067jmmz/ioz1o5PlvGTZlxMn3L8stV5I1UuvB12pZW/O9tqV1Y5W6+WZn1pPn4zaldXOUL4oWd6XLE+cZfxi+B9HhTgqVZs/Fu8bI1HNcYujeOpYlqvrhbozX5w6E8ZRFKfWC6n1Yldqv6a2mwy0YhzXl4d6qfJwOi4l5cfWnqsbODej/PXJspw8UV8J61H6RkXftBvV/ZoS2rVnhrbsD4Wac1Cj8uqBTw5GX1LWFy+e9piJBsJ9u9bcvLy49pHdAxntiO+Ok/hxS/G3/WrR/E/98MbLlmTFv7CQxC+0FP8PZz3xwvk3fu9bmfFvDfGLLcU/+cHe58969Pplmf2zJ/RPqaX4I88+dsvSwy/akdn+20P8ckvxV+18ort/74MPZbZ/OPRPT0vxn3nnB/9411P3P5cZPwrxe1uKv3bn5i93D+49ITP+Q6F/+lobPy/uOP3pwcE/D2XFfzLE728p/p3bb3vHHQtvOjPz+K4O/TPQUvyzj3/guvl77z8m69wZ396pV06A16bDkmusG5L1VvPMdtXkC98cKlWu+eYn//s7uaGUye0smMP4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8Ov3m6lM/ed57PrqmFEdRnFFnooFwX3HeqlVDLWx35NnHbll6+EU7asuWtBAHAAAAyBfy8EK1pBwtiS6Pe6KjG9YPcwRHh7W4vjw9hxDipOcIWo1T6FCcYofilDoUp6tDceZ1KE53h+KUc+KUo+bi9MwQpzQ5KppsT++M7Wk+Tl+H4szvUJz+DsVZ0KE4CzsUZ2DGOM2Pw0UdirO4Q3EO61CcwzsU54gOxXldh+Ic2aE46TnleKK7Jk7+OOxPah6V1Z6pG8XcOKW4WL2j0Xz6kcl2jmlzO3052+nPez1ucjs9TW7nuNTjCrPcTrnJ7byxze3ETW7nzW1up5CznTBur0i3L2wnrDU5/q/sUJxtHYpzVYfiXN2hOJ/vUJwvdCjONW3GAWhWyP/35XsDUXfpXVFvcsZJzwKEfHfp1M/pr3dZJ6QQ7w2p8nl58dKJeire0tm2Lz2BkIq3LFXeVRevVM1HZohXro23PHVn7v6mJxRS7TsxVd6dFy89sQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc+g3V5/6yfPe89E1URxN/mtoooFwX3HeqlVDLWx315qblxfXPrK7tqy71EIgAAAAIFfIw7uqJeWou7Qy6o7n1dUrJ/MA5WS9OFBZDi6IVk8u46HC1HpvvGjGx5WSx60Y37h5xdYrt711w8aRS0YvGd309pWnrjx9+LTTT1uxfsPY6HDlZxR1N4g3L1kmpqYftl657bMjY2OjW7ZWCtPtX5K0Y0nUU/e4wbdFw5PLa5P2L85pf2Ha9ubuRu7BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/oNd+wt186zjAP68SU6Sna0usn9ZWU9D/4yqw7X1TDodywuCha0tPQwkmR5HcS0OT9eytaPOuBXcZosibBRKpRdW6nBzeLM/boj7Q6EyqwXPscg2dBd6oWw66UYvpCPSc/LmJDlJc4yj3ernc5E3eZ7f8/zeJxcHvu8JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwjk3WRscr5bHqcBRC1KOm3kUyl87GcWmAvl95YfsPciOnVrSO5TIDbAQAAAD0leTwoeZIPuQy6ZAOV09/WhJaJsJs7gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/TNZGxyvlserFUQhRj5p6F8lcOhvHpQH6vvnuU599bWTkb61jxQH2AQAAAPpLcniqOZIPxbA0DEVXt9UlzwYWdqzvrEv2WTTPus5nB73qls6z7tp51n2iT92GxnVXAAAAgI++JP9nmiOFkMss6Jb/14Z55PrkOcHijrp04zrIbwUAAACA/02S/3PNkWLIZYrNvD7fvL+koy5Z3+//9sn65T3W9/t//vrG1f/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCjY7I2Ol4pj1XTUQhRj5p6F8lcOhvHpQH6rn5x+B+3Hnl4SetYLjPARgAAAEBfSQ6fjd75kMsMh6Fw8XTuH1l78JkvPfPcaAhhJuZns2HXph077lk985rUrTp2ZOj7R9/+9py6VTOv5+2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB2ayNjpeKY9VL4pCiHrU1LtI5tLZOC4N0PeNz3/xL0+ceP6t1rHiAPsAAAAA/SU5fDb750MxZEM2XDn9qTXrn5HqWN/rmQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw4bj3m/d/Y9PExOZ7vPHGG2+ab873XyYAAOCDtjhEof5fumrj+b5rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2CyNjpeKY9V81EIUY+aehfJXDobx6UB+sYvHM8tOPXiy61jxQH2AQAAAPpLcvhs9s+HYhgKQ+GK6U/dnglM5//CObxJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ENlsjY6XimPVRdEIUQ9aupdJHPpbByXBuj7+O4Dnzt86fduaR3LZQbYCAAAAOgryeHZ5kg+5DKfDLlwTePzRPuCKN24dn8uMLtue9uy4Xmvq7WtS8973Z6Ok2Uap5lZl0/2K8xcm+tKc9eVWtYVQ7N9qW1d2Ne2akGf+wwAAABwHiX5P9ccKYRcJteSc3/aVl+QcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHiZro+OV8lg1ikKIetTUu0jm0tk4Lg3Q9/7ffvySr/5s787WseIA+wAAAAD9JTl8NvvnQzEsCh8Li6Zzfyi01yd1/6ycPvzYv/66IoSVV06NZDq3/VHy5tdv3PxS50sIqfbqVAiXNvpFPfr95veP3besfvqJEFZekb5mTr9w9n7tW8b1Zyub1+84OrW9z5cDAAAAF4gk/w81Rwohl7m7Z/5Pknef/N80HcAvvW/3Ly5vvDYSeceKVKHRL9Wj3xeWPfXn5Wv+/vaZ/H+2ftcf2Hr48raGMyMdorhe3rpzw9QNh1LJqWf6pzv6J9/Ll7/11r+37Hr09Ez/fMg3xhdmuvWf+9rhorg+kdpfXff+/lp7/0yP8z/8u5dP/Grh3vfO9H938XCz/7VnOf/Z+w/f9si+Gw8c2dDeP4RQ6tb/nfduCVf98a6HOs8/3LFx6zff+tohiuvHlpw8tOZg8ab2/lFH/+T7//mJx/f95NHvPpf0T34rsmLpfPunOvq/uuey3a88uHFhe/9Uj/O/dPtrI9tK3/lD5/nvbNs10/Mu5p7/yeuevuP1TfEDnVMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXlsna6HilPFZNRSFEPWrqXSRz6Wwclwbo++atx9+5fe+Pf9g6VhxgHwAAAKC/JIfPZv98KIZsyIbh6dz/bGXz+h1Hp7aHwsxs1LhmJrbdu+NTW7btvPvO9g2vT53L2wcAAADmIcn/meZIIeQyy8JQI/+Xt+7cMHXDoVSS/1NJ/t9y18TmlaFZ9+qey3a/8uDGhc3nBCFM/ywgf6buM7N1a28+Xjj5p68v71q3erbu2JKTh9YcLN6U1IXWulWh+XziyeuevuP1TfEDzftrrfv017ZNNB5PJPsO3/bIvhsPHNnQPEfjOtzYN6mbSO2vrnt/fy2pSzeu+ca5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC5Jmuj45XyWDWkQ4h61NS7SObS2TguDdB33bJfPnTJqecXtY7lMgNsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyHHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzXX4hUVRwH8HNmdttxZ1d3NciK1tWKwh6Sgoh6qagIjRB6MiQszYcoCCIKe2gNjcSKXoKsF4kKqi2Egtwk0WKN/kkvPVRQYD0EIi2Ug/RQsTPnjrPXuU3etaD6fOBy9px77/f+7r1nzuwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL/KQN/SZnto+4ON28676ZPH7zn+2C3v3b/1kkdf/2F84w0f7xl85cT0puWbv75xycZ9966e2vXiwV+G3/ntSM/gR1rNytSthRCPxRBq788898T0p+fMjsUQQjWOTIQwGhcfHI25hFW/hhA2teucu/Pt41dunm237hyYM74oF5K/r1CvZvW0jMytl/+WWppnWxoPXxa+vX7dts+XvfVm/+TRiZOHxFrHfAph4YbO8/tDCAvSNiubbUuzk1O7NoQw2HHe1T3quvAv1n95Qf/81J6V2nqPnGz/ily/kjsu38/059rBHtebr6I6yh7Xy1Cun1+M5quozmx8NLXvpnblaeZXsy2GSgx97fLviyfnSAihvYrGEJvvstbuV9rvNqT7z/Vjrl/J9av9uftqXjdNtGqMc8ez43Lj2XLcl8aXd67VXdxeMH5uamvpg3oi64f8Hy31U/5o31dTVtfMn9TyT6h0rEHdxtsvPr2Mehqrx+op5/zeRbZvet1TF1fXf3BopKCOuCem/JjyF59W/pbPRofufGPHQ0uL8jdUUn6lVP53aw7/dMeOl14ozH82y6+Wyr9i/+CxNR9uX1H4fGay59NXKv+uIx89vezsuye7vetm/u4sv1Yq/7qpwwPDjf0HCutflT2fBaXyv7n25u9f+3Lv0cL8kOUPlspfP/XAMwNjjUsL8w+0Pgr15gwtMX9+nrzqq7GxH8eL8r/Inv9wl/zYM//ViV3XvLxo5+rC+bk2ez4jpeq/9aJ924Yaey8oWjvj7jP1zQnw/7Qk/Y/1ZOqX/Z05Xx2/F54f72t9Aw2lbfhMXihn9joL/8Z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A924IAEAAAAQND/1+0IFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngoAAP//V8UipA==")
creat(&(0x7f0000000180)='./file2\x00', 0x71283578ac7c5cd)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)

7.242043321s ago: executing program 1 (id=1081):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/11], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x2f, 0xe, 0x0, &(0x7f0000000300)="14fd54ab72df97e6256c00000000", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.90672071s ago: executing program 9 (id=1102):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000340)={@local, @random="b9890c6f9ebb", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x40, 0x2, 0x0, 0x932, {[@sack={0x5, 0x2}, @timestamp={0x8, 0xa, 0x200, 0xb}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

4.546668396s ago: executing program 9 (id=1108):
r0 = syz_io_uring_setup(0x39, &(0x7f0000001800)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000001880)=<r2=>0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000780)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0, 0x10042})
io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0)

4.261269242s ago: executing program 9 (id=1110):
unshare(0x22020600)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
preadv2(r2, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/4, 0x4}], 0x1, 0xffffff80, 0x5, 0x15)

3.951995931s ago: executing program 9 (id=1113):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={0x0})

3.764093032s ago: executing program 5 (id=1116):
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file0\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x28f, &(0x7f0000002940)="$eJzs3U1rE0Ecx/HfbJImtqVuH0QQT9WCJ+nDRbwUJO/AiydRmwjFUEErqCf1LL4A730LvgCPnsSz4K0nX0BukZmdNZtkN5uGppuk3w8kbLrzn4fsbGf+KSUCcGk9qP852Tu1DyOVVJJ0Xwok1aSypGu6XntzdHx43Go2hlVUchH2YRRFmoEyB0fNtFAb5yK80L4qazn5M0xG7bc+FN0HFM/d/SkCqervTne+duE9m4zLPulNW2291UrR/QAAFMuv/4Ff55f9/j0IpC2/7Peu/zO+gLaL7sCEfc85n1j/XZbVMfb6XnWnuvmeS+HKqvigk73TtLoWc9paUDSzejaYJi+rdH0Jrjw/bDXvHrxsNQJ90r5X6RbbcM+NaOrG4pzWHn8crHrT56Yj5pfJ2s5myY2hYsewm+x/osj6ObboM+7ht6b5YX6axybUVzX+7//KHWMvk7tSYd+Vivq/nV2jG+WCXKmMUa66Rm74FkYZZUkZGYniGbXadwHDvH66qLW+qGh0OzlR66lRuzlRG/1R3dmcHTlp5ot5ZDb1V99UT+z/A/tub2mUO9OWcSX9zBg6nrIrGbrZGc/Pm6klg3FHhDF81jPd08rrd+9fPG21mq/m9sDeiYOn7AoyLT28+IN4EkxLf+b2wL7JhbQerzvj15P9q4OP5edH96KfMZBJMC/svstE+V8iX9l2mzX7FPbu06vJ2E5e5YkadzJygzX3vJidwfUwLr9ZSvnr4mCLQ3OuW3ek26O0GAl9P6fP/jhBpq5fesLn/wAAAAAAAAAAAAAAAAAAALPm/P7loKasU0WPEQAAAAAAAAAAAAAAAAAAAACAWZfy/b/VQr//96GiV3z/LzBx/wIAAP//nY5x9w==")
mkdir(&(0x7f0000000040)='./bus\x00', 0x40)
syz_mount_image$exfat(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x4800, 0x0, 0x1, 0x0, &(0x7f0000000000))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0xad0c24, &(0x7f00000002c0)=ANY=[], 0x1, 0x0, &(0x7f0000000000))
renameat2(r0, &(0x7f0000000240)='./bus/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x0)

3.548745096s ago: executing program 9 (id=1118):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x200)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550d, 0x0)

3.197549015s ago: executing program 5 (id=1123):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000020c0), 0x0, 0x82c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x1}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0x80184132, &(0x7f0000000180))

3.134763627s ago: executing program 7 (id=1124):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x20000006, 0x4)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

2.701858149s ago: executing program 6 (id=1128):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYBLOB="180800000600000000000000000000008510"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x18, &(0x7f0000001840)=ANY=[@ANYBLOB="180000009a010000000000000500000018110000d5903d0fe25ee49d69c127a073c160a2e47ba3c3e5dd5f4ef66aede2387e24f6a5867909d956a80475a81b48eb04a23fd18dec90db36f40eebdcd557a2323c2f6312963b330c7b2b762675577d309b6e97d5c60c2e7909bd1126fd0d8067883f546b874a3def588f8141dd1f7b18446fcef0f36c55ee16878fe632cb3ac4fab8b89cbc7caabe65831a1bedf5ee7f49416e9c2601b720b77b977da661a230b65c1782240b463b9e4aa74f783504234fd4da8e69fc24dcbfe03362320b4b1ab91d5cfa7b694fe192785f68592068", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0x8, 0x472, 0x5}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x1, 0xffffffffffffffff], &(0x7f0000001700)=[{0x4, 0x3, 0x5, 0x3}], 0x10, 0xb}, 0xe4)

2.701412253s ago: executing program 7 (id=1129):
r0 = landlock_create_ruleset(&(0x7f0000000080)={0x9008, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = syz_clone(0x11, 0x0, 0xb, 0x0, 0x0, 0x0)
r2 = getpgid(r1)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x0, 0x0, 0x4)

2.318180145s ago: executing program 6 (id=1130):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000080)="b409f0", 0x3}], 0x1)
splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0)
splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0)

2.317165558s ago: executing program 5 (id=1131):
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8)
r0 = gettid()
timer_create(0x2, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000880)={{}, {0x0, 0x989680}}, 0x0)
timer_settime(r1, 0x1, &(0x7f0000000200)={{0x77359400}, {0x0, 0x989680}}, 0x0)

2.159210988s ago: executing program 3 (id=1132):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000840)='{', 0x1}], 0x1}, 0x20048843)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4c24, @empty}}, 0x6, 0x6}, 0x90)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0xf, @empty, 0x8005b}}, 0x104, 0x6, 0xf06, 0xe, 0xb4, 0x5d, 0x1}, 0x9c)

2.158283986s ago: executing program 7 (id=1133):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80c42, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x10000, 0x2, 0x802ce}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x400)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0xfff, 0x7, 0x10, 0xfff7fff5, 0xe, "262176cf2c9b385e6c136b700c94d8c036e0ff"})

1.968787002s ago: executing program 6 (id=1134):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0\x00')

1.658828287s ago: executing program 7 (id=1135):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x110, &(0x7f0000000080)=0x80000001, 0x0, 0x4)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000400)={&(0x7f000092b000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x1000})

1.633529492s ago: executing program 5 (id=1136):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r1 = gettid()
r2 = syz_open_procfs(r1, &(0x7f0000000040)='timerslack_ns\x00')
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000180)={0x30}, 0x30)

1.539634219s ago: executing program 6 (id=1137):
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x1411, 0x803, 0x70bd28, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x400a004}, 0x4040004)
r0 = gettid()
timer_create(0x1, &(0x7f0000000800)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000000000)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000880)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
rt_sigaction(0x14, &(0x7f0000000140)={0x0, 0x40000000, 0x0, {[0xd]}}, 0x0, 0x8, &(0x7f0000000280))

1.233847269s ago: executing program 6 (id=1138):
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket(0x1e, 0x4, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x10, 0x8, 0xfb, 0x8001, {{0x5, 0x4, 0x3, 0x5, 0x14, 0x65, 0x0, 0x2, 0x29, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x29, 0x9, 0x8, 0x800, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x2e}, 0x10, 0x0, 0xe7, 0x2}})

1.120824029s ago: executing program 3 (id=1139):
r0 = socket(0x200000100000011, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="34000000020000010000012a00000000d96e6c8d5e85080045"], 0x34}], 0x1}, 0x0)

982.025225ms ago: executing program 5 (id=1140):
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x6)
r1 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0)
r2 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000080)=0x13)
ioctl$int_in(r2, 0x5452, &(0x7f0000000140)=0x6)

981.001396ms ago: executing program 1 (id=1141):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

764.799543ms ago: executing program 3 (id=1142):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x5)
fallocate(r0, 0x0, 0x0, 0x10fff9)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0xc, r1, 0x18, 0x0, 0x2})

667.387435ms ago: executing program 5 (id=1143):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0x480, &(0x7f0000000000), 0x1, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
pwrite64(r0, &(0x7f0000000880)='u', 0x1, 0x83)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x2, 0x96)
ioctl$FIBMAP(r1, 0x1, &(0x7f00000000c0)=0x100)

537.730085ms ago: executing program 6 (id=1144):
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

536.76308ms ago: executing program 7 (id=1145):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x4000, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
read$FUSE(r0, &(0x7f00000029c0)={0x2020}, 0x2020)

426.091488ms ago: executing program 1 (id=1146):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
setresuid(0x0, 0xee00, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r1, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1})

374.800292ms ago: executing program 3 (id=1147):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0}, 0x90)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r1, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0/file0\x00'}, 0x60, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0, 0x2c}], 0x2, 0x0, 0x0, 0x1}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0)

228.504336ms ago: executing program 7 (id=1148):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(r1, 0xb)
close(0x3)

221.953036ms ago: executing program 3 (id=1149):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x0, 0x0, 0xf5000000}, 0x0)

205.748449ms ago: executing program 9 (id=1150):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$xfs(&(0x7f0000000800), &(0x7f0000000180)='./file0\x00', 0x10080, &(0x7f0000000000), 0x1, 0xb919, &(0x7f000000c140)="$eJzs3Q1sXWX9wPHTru1W+P9lEY1GJJQNNhBGaTvX8aK0ZWyUQUEmUB1vA8qYDGbYojCIFI0BJWQq8S3EyJuIgfiCM76AYWpgIIGNIAxEBRMZYMK7AdRAzek99669axv6bM/TjH0+yXruObe/s9v7vc+51tC1d/6iriyry0r6s2rXrTz6mebrO3/wzRn3HLr06prXSkc7phR3NxXbvYvttGzwZB357drSobrvrP1Fbb5TO/S8uzQ21rwny95X7HYU2/bS5tKW8ucNVCkOTy3fX1t5GDVfLf2paMw/fHnetHOGnif/xCzLDt7qC91J9XYumF88J9mQbpOKu2u23De4rSv9OeKPWXbE+mzU10flBTUR8sc59bQ1X3h8Ah/DDqO3c0F3Vf+Ool9NsR6bqtfgzqj6dX726S0riqewZuj1aEfT2zn/2Gz0dZz98y/f6B8oXTfrsyxryLJscpZlUya6B9tHZ1dbV37NL+8X2cvrf+pIr4vb/3vlz7Is+//ifeKQ8nsBsGPp7Go7coT13zDW+r/jmI03WP+w4+vu7GrL13rV+p8y1vqfcedRi4tvuttLU29P7BcBAAAAAIxo5SWrz1+yfHnfRW644YYblRsTfWUCYtuy6Cf6kQCppfifExP9NQIAAMDOrrun84VJNcMOTRq6s+eDfYPb2W/0nrf6znnHlbfF3QtHOOWwn/MfGBgYWHvq8rOK3clVPy87pXo4P/+ye5ZcXOw2Vf/8Qf3g0frszHOXLe87OP+rptdnF+c7Lfl5Z9RnX8t3WvOdmfXZrflO2+BOY7Yu3zno7BXLz8kP7Bf4jL27dPf0Z5OGFcuGvRqG9l92T/+vytsxTlk+2+C/AZD3f73lpjuq7isbpX/l/HuP9nPJbB/j63/VVeXtGKfcav1vXDqnZaT7Ru9fOf80/eMa4fo/rFH1db/q+t80wikr878+5evP5P1n/XTD1cWhundy/R9y/unV/QdPXrn+56fap3z9z99b9t2mJ2Mn1N1zxQtjrf+x+9d9qPi02iGzlbO1Ddzymbz/Xdd0PFocqh9n/33GWv81TVtdTxin7p4bBqrW/zj6ZzNHOGWlyf/N616b93/lrYceHnLfePrvW92/edUFn21eecnqWcsuWLK0b2nfhW2tc9pb21vmzp3TPHhJKH3ctidlJ7Jt6z/bpWqmJsv2rczPveyoTXn/P9948s3FoSnj7D9jzPV/5vDHyhDTarOGhuziJatWXdRS+ljebS19LH3aCP3H8f4/vfxNVGOxrcmyD1bm97/8tQPz/rdvevWm4lDDOPvPHKt/w5a/l0DbuP7PqZoZ1v+Bh/puzPuvPODD5xeHxvv+v9+Y67/f+t9W3T1V/4fPdpb3P/H1wzYHju/v+7+4UvRv3Ny+JnD8I/rHlaL/uufbbg0cP0D/uFL0v/ve5tMCxw/UP64U/T93/wGrA8dn6R9Xiv6znpi5e+D4QfrHlaL/Px6bPjtwvFn/uFL0P+Hp868MHD9Y/7hS9P/uSyuuDxxv0T+uFP1/P3D2/YHjrfrHlaL/ri8vfTFwvE3/uFL0X/XUpXsEjs/WP64U/X+78fLDA8c/qn9cKfpvXrfypMDxOfrHlaJ/84bPXxQ43q5/XCn6P//cD38TOD5X/7hS9G969qbvBY4fon9cKfpf+sZP/hU4fqj+caXof8ebtz0SOH6Y/nGl6P/gpl/OCBw/XP+4UvSve/znof+d5sf0jytF/zPuu/u8wPGP6x9Xiv7fWn/n8YHjR4zefyJ/xfi7R4r+A08f/3TgeIf1H1eK/nNeWhj6+2E79Y8rRf8LBhb8OHC8S/+4UvS/+eUjvxI4fqT+caXo/+RTZ1wWOD5P/7hS9H/vxsWLA8eP0j+uFP27153SGjg+X/+4UvTv37Do/YHjC/SPK0X/+c996a+B40frH1eK/muevfI/gePd+seVov+f3rj62sDxY/SPK0X/Pd9cszZwfKH+caXof9amazsDx4/VP64U/W97/NvnBo4fp39cKfq/fN91uwWO9+gfV4r+h6z/fug/tn68/nGl6H/NK5uuCxw/Qf+4UvSf9/YjdwWOf0L/uFL03+vFpx4NHD9R/7hS9H/s70++Gji+SP+4UvT/0UPrJweOf1L/uFL0P/N3fxjp94S8EyfpH1eK/oc9vKE7cPxk/eNK0f/Vvz1wYeD4KfrHlaL/7H/vcUvgeK/+caXo/9bre10ROP4p/eNK0f+Wzbs/Fzj+af3jStF/xfMf2BA4vlj/uFL0n3rvrocGjp+qf1wp+j9x/257Bo6fpn9cKfp/8YlJqwLHT9c/rhT9Fz42eVHg+Bn6AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/YwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLencBbPhf+Hz+zMkJIJaGxU3ZlSWXJWlpsIbJkly1kL7TI0kJSpLIv0aJQIUtFisiaSqWUFiVJUtn+jzFzNcZ7NPXv12jez+fjMffcc853js/9vM7ne4/7vec7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAt2mTNDVYbDEZOuHbIU+4/ca+171ry5FXPOG6hq16+w1HD7h9/6yrTT7h77GOTGDz+YKuMu2/4+E1GHn/BGcPHXRk+8ePOMGbMsJkHw2bPozpwi38y7FmGPhn/oGMHg8GwI8f/ecKYcR9WvvPOW//JY1XbZNW11hw3eeP/PNFtxIS7J9z+xOcjx/9ZacvBYKXNB5N9fkx96999+wNTewz/CzZZda11Juk/mND58e6Tru9Wkz7PL7ppl5Wmarj/kE1WXXPdca0nt47P2niVMx57fL8+8uTBYOQpg8HIUweDkadN7R78Z6y62rKrjdvnD10fX/2QoRcEaf8+bN4NNp1hMBiMGv99YuTpQ98LgP8tq6627KvD+h89dH9a/yvfOfOc1j/871tn1dWWHUz0On/8rYcM/f99XP93jVjvmKk3YgAAAOBf9eg9F1824Vjf8MFgnsEkx3sfN+HnAsPOu+KGG6baQJ8ZwnGyp/7OxP+YcZ2nP2fsYLDbRlN7KEwFw6b2AJiq9O+mfzf9u+nfTf9u+nfTv5v+3fTvpn83/bvp303/YpM5/j/L0OWqx274qgmbLrj87BtfMOnfH3fb9P/1UU810+rx/8FOw8a3HNd8p8Fg8PpV199wkcFgcMHGsy8/3+CJ+1YYd99Ks42YcIKARR7/uOBkHnjsxJczPPEY5z3++Os8dsqIYZMMYiKvW/2SA3bc5MGXTnq58OS/jifOL3HBOqvPOPReluGTbDS55+rQ4w99LZN2njD2RcaNfcm9d91jyb32P2DxnXbdeoftdthut2WXWW75ZZZfeoUVllty+5122W6p8R8nM2fjZ2X+KZmz0ZPO2T2rTjxnk35tk5uzsU8/Z48/4l3HbHzR0JyN/BfnbP6nn7OxOw2NdeyowVaPT824/+QCowb7jbuy9HQT7VvmGLftK2YbPhgc/Y8vdNxn0z3xHBx2yE7/gfOWTLicd8LlfPG8JRdO7rwlg6HzlgydMGHF8Rd7Xzq03aTvs55w8xSft2Tf1R6eb/CU92X9n/i3vv8/pdcKw56YqKGThkzYZnyvf5xnYmjaVpnoPBPLp3PJ/Cc9Zbxjhz/xvE7jnfC+uGGTzP/TvS9usMP2By04Iery4//Wo/92lLzvWPfxj5Nbz2MnuXy6fceIf3z6j1u3u27uSfcdr538EJ+0LobmaLpJNprcvmO/ra/aaeJ902T2HevuNOGNxv/Yd4z7z84/tO8YN/aFRg2OHndlmXFXFh41OHvclWUfvzJmcMW4K0tss/su2w57/PvVU54Hiwx70i88huftmpM8b6fg/DgrXzMYrHx1+romP51Zet6Ofprx5vdzD572/dyXbz3v+YPBYKYJX9eKQ2P/d6Txjnz68YbzTwye7vwTg1Nu2Oe0//B4n1hnjz/XJuymF5nM33nSOpvlKevs0BETrYwpfV2zbdh+/OdzPPFop253/bVDczRqksf9Z9+jh76W1H/oNd/Ehh0yGPZ0czO512FPmpuZn35upvT1yyITXmCMeZq5Wez+gxcdmpvR/+LcLDyZuZn49fDERg8GY548NyMHa4x7RTNhbhaakrmZ8T/zvJkhbD/+8wWfuOm2NQ5aYWhuwlzE7/9Dj7/Qvzg3w7Z64nmzwOP3zTd8MHr0YL+t9957z6XHfxy6usz4j0+/BheYkrmc/j8zl3NO2OsMf+rkPHHTzmc+tuy/uwYX+Ffncuxg+ND/c+806WL5z/Hzn276d9O/m/7d9O+mfzf9u+lfbDLH/8cO/VzwiGGnbzDhhzGjrnxw1r2n9ninsmn6+P+Evk86/r/3rA9eOXzwxH1Pe3x2/DbPyOOzy4+/OHDpoe0mPT444eYpPj77wFFXbzr47xyf/bcMrdUp+Lmh/X83/bvp303/bvp307/bv9p/5f+jcTB1WP/d9O+mfzf9u+nfTf9u+hebzPH/pYZ+D+DGvR4+fcKB0FF7bbjSQ1N7vFPZNH38f0LfJx3/f2ilDfcaPnjivqc9/j9+m47j/yvdccJhg2fw8f+hter4P/+E/t3076Z/N/276d9N/276d9O/m/7d9O+mfzf9u+lfbDLH/1cZ+j2AUbvNP//Q7wPcfO/hI6b2eKeyafX4v3//v5f9fzf9u+nfTf9u+nfTv5v+3fTvpn83/bvp303/bvp307/YhOP/g0n+2cM3el5E4fj//7bJ9F9P/6il//r6Ry39N9A/aum/of5RS/+N9I9a+r9J/6il/8b6Ry39N9E/aum/qf5RS/836x+19N9M/6il/+b6Ry3936J/1NJ/C/2jlv5b6h+19N9K/6il/9b6Ry3936p/1NJ/G/2jlv7b6h+19N9O/6il//b6Ry39d9A/aum/o/5RS/+d9I9a+u+sf9TS/236Ry39d9E/aum/q/5RS//d9I9a+u+uf9TSfw/9o5b+b9c/aum/p/5RS/+99I9a+u+tf9TS/x36Ry3999E/aum/r/5RS//99I9a+u+vf9TS/wD9o5b+B+oftfQ/SP+opf879Y9a+r9L/6il/8H6Ry39D9E/aul/qP5RS/936x+19H+P/lFL//fqH7X0f5/+UUv/w/SPWvq/X/+opf/h+kct/Y/QP2rpf6T+UUv/o/SPWvp/QP+opf8H9Y9a+n9I/6il/4f1j1r6H13Wf/QUbtfS/5iy/lOqpf9H9I9a+h+rf9TS/6P6Ry39j9M/aun/Mf2jlv4f1z9q6X+8/lFL/xP0j1r6f0L/qKX/ifpHLf0/qX/U0v9T+kct/T+tf9TS/yT9o5b+J+sftfQ/Rf+opf+p+kct/U/TP2rpf7r+UUv/M/SPWvqfqX/U0v8s/aOW/mfrH7X0/4z+UUv/c/SPWvqfq3/U0v+z+kct/T+nf9TS//P6Ry39v6B/1NL/PP2jlv5f1D9q6f8l/aOW/ufrH7X0v0D/qKX/hfpHLf2/rH/U0v8r+kct/b+qf9TS/yL9o5b+F+sftfS/RP+opf/X9I9a+l+qf9TS/zL9o5b+l+sftfS/Qv+opf/X9Y9a+n9D/6il/zf1j1r6X6l/1NL/Kv2jlv7f0j9q6X+1/lFL/2/rH7X0/47+UUv/a/SPWvpfq3/U0v+7+kct/a/TP2rpf73+UUv/7+kftfS/Qf+opf+N+kct/W/SP2rpf7P+UUv/W/SPWvrfqn/U0v/7+kct/W/TP2rp/wP9o5b+P9Q/aun/I/2jlv636x+19P+x/lFL/5/oH7X0/6n+UUv/O/SPWvr/TP+opf/P9Y9a+t+pf9TS/xf6Ry39f6l/1NL/Lv2jlv6/0j9q6f9r/aOW/r/RP2rp/1v9o5b+d+sftfT/nf5RS//f6x+19L9H/6il/x/0j1r636t/1NL/j/pHLf3v0z9q6f8n/aOW/vfrH7X0/7P+UUv/B/SPWvr/Rf+opf+D+kct/f+qf9TS/2/6Ry39/65/VNJ/zED/qKT/4GH9o5b+j+gftfR/VP+opf9j+kcl/YcN9I9a+g/TP2rpP1z/qKX/CP2jlv4j9Y9a+o/SP2rpP1r/qKX/dPpHLf2n1z9q6T9G/6il/wz6Ry39n6V/1NJ/Rv2jlv4z6R+19J9Z/6il/7P1j1r6z6J/1NJ/Vv2jlv6z6R+19H+O/lFL/9n1j1r6P1f/qKX/8/SPWvo/X/+opf8c+kct/V+gf9TSf079o5b+L9Q/auk/l/5RS/+59Y9a+s+jf9TS/0X6Ry39x+oftfSfV/+opf98+kct/efXP2rpv4D+UUv/BfWPWvovpH/U0n9h/aOW/ovoH7X0X1T/qKX/i/WPWvq/RP+opf9i+kct/RfXP2rpv0R7/4ceG2+Sm1v6L9nefzJa+i+lf9TSf2n9o5b+y+gftfRfVv+opf9L9Y9a+r9M/6il/3L6Ry39l9c/aum/gv5RS/8V9Y9a+r9c/6il/0r6Ry39X6F/1NL/lfpHLf1fpX/U0n9l/aOW/qvoH7X0X1X/qKX/avpHLf1frX/U0n91/aOW/mvoH7X0X1P/qKX/WvpHLf3X1j9q6b+O/lFL/9foH7X0f63+UUv/dfWPWvq/Tv+opf/r9Y9a+r9B/6il/xv1j1r6r6d/1NJ/ff2jlv4b6B+19N9Q/6il/0b6Ry3936R/1NJ/Y/2jlv6b6B+19N9U/6il/5v1j1r6b6Z/1NJ/c/2jlv5v0T9q6b+F/lFL/y31j1r6b6V/1NJ/a/2jlv5v1T9q6b+N/lFL/231j1r6b6d/1NJ/e/2jlv476B+19N9R/6il/076Ry39d9Y/aun/Nv2jlv676B+19N9V/6il/276Ry39d9c/aum/x+T7j/mvjOsZqqX/263/qKX/nvpHLf330j9q6b+3/lFL/3foH7X030f/qKX/vvpHLf330z9q6b+//lFL/wP0j1r6H6h/1NL/IP2jlv7v1D9q6f8u/aOW/gfrH7X0P6St/xT+VkNL/0Pb+k+hlv7v1j9q6f8e/aOW/u/VP2rp/z79o5b+h+kftfR/v/5RS//D9Y9a+h+hf9TS/0j9o5b+R+kftfT/gP5RS/8P6h+19P+Q/lFL/w/rH7X0P1r/qKX/MfpHLf0/on/U0v9Y/aOW/h/VP2rpf5z+UUv/j+kftfT/uP5RS//j9Y9a+p+gf9TS/xP6Ry39T9Q/aun/Sf2jlv6f0j9q6f9p/aOW/ifpH7X0P1n/qKX/KfpHLf1P1T9q6X+a/lFL/9P1j1r6n6F/1NL/TP2jlv5n6R+19D9b/6il/2f0j1r6n6N/1NL/XP2jlv6f1T9q6f85/aOW/p/XP2rp/wX9o5b+5+kftfT/ov5RS/8v6R+19D9f/6il/wX6Ry39L9Q/aun/Zf2jlv5f0T9q6f9V/aOW/hfpH7X0v1j/qKX/JfpHLf2/pn/U0v9S/aOW/pfpH7X0v1z/qKX/FfpHLf2/rn/U0v8b+kct/b+pf9TS/0r9o5b+V+kftfT/lv5RS/+r9Y9a+n9b/6il/3f0j1r6X6N/1NL/Wv2jlv7f1T9q6X+d/lFL/+v1j1r6f0//qKX/DfpHLf1v1D9q6X+T/lFL/5v1j1r636J/1NL/Vv2jlv7f1z9q6X+b/lFL/x8MBoPRU2tMz2At/X9o/Uct/X+kf9TS/3b9o5b+P9Y/aun/E/2jlv4/1T9q6X+H/lFL/5/pH7X0/7n+UUv/O/WPWvr/Qv+opf8v9Y9a+t+lf9TS/1f6Ry39f61/1NL/N/pHLf1/q3/U0v9u/aOW/r/TP2rp/3v9o5b+9+gftfT/g/5RS/979Y9a+v9R/6il/336Ry39/6R/1NL/fv2jlv5/1j9q6f+A/lFL/7/oH7X0f1D/qKX/X/WPWvr/Tf+opf/f9Y9a+j+kf9TS/2H9o5b+j+gftfR/VP+opf9j+kcl/R//VP+nauk/TP+opf9w/aOW/iP0j1r6j9Q/auk/Sv+opf9o/aOW/tPpH7X0n17/qKX/GP2jlv4z6B+19H+W/lFL/xn1j1r6z6R/1NJ/Zv2jlv7P1j9q6T+L/lFL/1n1j1r6z6Z/1NL/OfpHLf1n1z9q6f9c/aOW/s/TP2rp/3z9o5b+c+gftfR/gf5RS/859Y9a+r9Q/6il/1z6Ry3959Y/auk/j/5RS/8X6R+19B+rf9TSf179o5b+8+kftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/hfWPWvovon/U0n9R/aOW/i/WP2rp/xL9o5b+i+kftfRfXP+opf8S+kct/ZfUP2rpv5T+UUv/pfWPWvovo3/U0n9Z/aOW/i/VP2rp/zL9o5b+y+kftfRfXv+opf8K+kct/VfUP2rp/3L9o5b+K+kftfR/hf5RS/9X6h+19H+V/lFL/5X1j1r6rzKZ/rMt+d8a2DNTS/9Vrf+opf9q+kct/V+tf9TSf3X9o5b+a+gftfRfU/+opf9a+kct/dfWP2rpv47+UUv/1+gftfR/rf5RS/919Y9a+r9O/6il/+v1j1r6v0H/qKX/G/WPWvqvp3/U0n99/aOW/hvoH7X031D/qKX/RvpHLf3fpH/U0n9j/aOW/pvoH7X031T/qKX/m/WPWvpvpn/U0n9z/aOW/m/RP2rpv4X+UUv/LfWPWvpvpX/U0n9r/aOW/m/VP2rpv43+UUv/bfWPWvpvp3/U0n97/aOW/jvoH7X031H/qKX/TvpHLf131j9q6f82/aOW/rvoH7X031X/qKX/bvpHLf131z9q6b+H/lFL/7frH7X031P/qKX/XvpHLf331j9q6f8O/aOW/vvoH7X031f/qKX/fvpHLf331z9q6X+A/lFL/wP1j1r6H6R/1NL/nfpHLf3fpX/U0v9g/aOW/ofoH7X0P1T/qKX/u/WPWvq/R/+opf979Y9a+r9P/6il/2H6Ry39369/1NL/cP2jlv5H6B+19D9S/6il/1H6Ry39P6B/1NL/g/pHLf0/pH/U0v/D+kct/Y/WP2rpf4z+UUv/j+gftfQ/Vv+opf9H9Y9a+h+nf9TS/2P6Ry39P17W/5Ap3K6l//Fl/adUS/8T9I9a+n9C/6il/4n6Ry39P6l/1NL/U/pHLf0/rX/U0v8k/aOW/ifrH7X0P0X/qKX/qfpHLf1P0z9q6X+6/lFL/zP0j1r6n6l/1NL/LP2jlv5n6x+19P+M/lFL/3P0j1r6n6t/1NL/s/pHLf0/p3/U0v/z+kct/b+gf9TS/zz9o5b+X9Q/aun/Jf2jlv7n6x+19L9A/6il/4X6Ry39v6x/1NL/K/pHLf2/qn/U0v8i/aOW/hfrH7X0v0T/qKX/1/SPWvpfqn/U0v8y/aOW/pfrH7X0v0L/J5lnwmVL/6/rH7X0/4b+UUv/b+oftfS/Uv+opf9V+kct/b+lf9TS/2r9o5b+39Y/aun/Hf2jlv7X6B+19L9W/6il/3f1j1r6X6d/1NL/ev2jlv7f0z9q6X+D/lFL/xv1j6bh/hPnHn6T/tE03P9J6/9m/aOW/rfoH7X0v1X/qKX/9/WPWvrfpn/U0v8H+kct/X+of9TS/0f6Ry39b9c/aun/Y/2jlv4/0T9q6f9T/aOW/nfoH7X0/5n+UUv/n+sftfS/U/+opf8v9I9a+v9S/6il/136Ry39f6V/1NL/1/pHLf1/o3/U0v+3+kct/e/WP2rp/zv9o5b+v9c/aul/j/5RS/8/6B+19L9X/6il/x/1j1r636d/1NL/T/pHLf3v1z9q6f9n/aOW/g/oH7X0/4v+UUv/B/WPWvr/Vf+opf/f9I9a+v9d/6il/0P6Ry39H9Y/aun/iP5RS/9H9Y9a+j+mf1TSf8RA/6il/zD9o5b+w/WPWvqP0D9q6T9S/6il/yj9o5b+o/WPWvpPp3/U0n96/aOW/mP0j1r6z6B/1NL/WfpHLf1n1D9q6T+T/lFL/5n1j1r6P1v/qKX/LPpHLf1n1T9q6T+b/lFL/+foH7X0n13/qKX/c/WPWvo/T/+opf/z9Y9a+s+hf9TS/wX6Ry3959Q/aun/Qv2jlv5z6R+19J9b/6il/zz6Ry39X6R/1NJ/rP5RS/959Y9a+s+nf9TSf379o5b+C+gftfRfUP+opf9C+kct/RfWP2rpv4j+UUv/RfWPWvq/WP+opf9L9I9a+i+mf9TSf3H9o5b+S+gftfRfUv+opf9S+kct/ZfWP2rpv4z+UUv/ZfWPWvq/VP+opf/L9I9a+i+nf9TSf3n9o5b+K/T2n+7p7mzpv2Jv/6fV0v/l+kct/VfSP2rp/wr9o5b+r9Q/aun/Kv2jlv4r6x+19F9F/6il/6r6Ry39V9M/aun/av2jlv6r6x+19F9D/6il/5r6Ry3919I/aum/tv5RS/919I9a+r9G/6il/2v1j1r6r6t/1NL/dfpHLf1fr3/U0v8N+kct/d+of9TSfz39o5b+6+sftfTfQP+opf+G+kct/TfSP2rp/yb9o5b+G+sftfTfRP9ofP/pB9N6/031j1rW/5v1j1r6b6Z/1NJ/c/2jlv5v0T9q6b+F/lFL/y31j1r6b6V/1NJ/a/2jlv5v1T9q6b+N/lFL/231j1r6b6d/1NJ/e/2jlv476B+19N9R/6il/076Ry39d9Y/aun/Nv2jlv676B+19N9V/6il/276Ry39d9c/aum/h/5RS/+3P6n/Sf/9cT1DtfTf0/qPWvrvpX/U0n9v/aOW/u/QP2rpv4/+UUv/ffWPWvrvp3/U0n9//aOW/gfoH7X0P1D/qKX/QfpHLf3fqX/U0v9d+kct/Q/WP2rpf4j+UUv/Q/WPWvq/W/+opf979I9a+r9X/6il//v0j1r6H6b/kMcem+hKS//36x+19D9c/6il/xH6Ry39j9Q/aul/lP5RS/8P6B+19P+g/lFL/w/pH7X0/7D+UUv/o/WPWvofo3/U0v8j+kct/Y/VP2rp/1H9o5b+x+kftfT/mP5RS/+P6x+19D9e/6il/wn6Ry39P6F/1NL/RP2jlv6f1D9q6f8p/aOW/p/WP2rpf5L+UUv/k/WPWvqfon/U0v9U/aOW/qfpH7X0P13/qKX/GfpHLf3P1D9q6X+W/lFL/7P1j1r6f0b/qKX/OfpHLf3P1T9q6f9Z/aOW/p/TP2rp/3n9o5b+X9A/aul/nv5RS/8v6h+19P+S/lFL//P1j1r6X6B/1NL/Qv2jlv5f1j9q6f8V/aOW/l/VP2rpf5H+UUv/i/WPWvpfon80Lfdf5R+3jvia/tG03H/i9X+p/lFL/8v0j1r6X65/1NL/Cv2jlv5f1z9q6f8N/aOW/t/UP2rpf6X+UUv/q/SPWvp/S/+opf/V+kct/b+tf9TS/zv6Ry39r9E/aul/rf5RS//v6h+19L9O/6il//X6Ry39v6d/1NL/Bv2jlv436h+19L9J/6il/836Ry39b9E/aul/q/5RS//v6x+19L9N/6il/w/0j1r6/1D/qKX/j57oP2LqjOsZqqX/7dZ/1NL/x/pHLf1/on/U0v+n+kct/e/QP2rp/zP9o5b+P9c/aul/p/5RS/9f6B+19P+l/lFL/7v0j1r6/0r/qKX/r/WPWvr/Rv+opf9v9Y9a+t+tf9TS/3f6Ry39f69/1NL/Hv2jlv5/0D9q6X+v/lFL/z/qH7X0v0//qKX/n/SPWvrfr3/U0v/P+kct/R/QP2rp/xf9o5b+D+oftfT/q/5RS/+/6R+19P+7/lFL/4f0j1r6P6x/1NL/Ef2jlv6P6h+19H9M/6ik/8iB/lFL/2H6Ry39h//T/p3nBWzpP8L6j1r6j9Q/auk/Sv+opf9o/aOW/tPpH7X0n17/qKX/GP2jlv4z6B+19H+W/lFL/xn1j1r6z6R/1NJ/Zv2jlv7P1j9q6T+L/lFL/1n1j1r6z6Z/1NL/OfpHLf1n1z9q6f9c/aOW/s/TP2rp/3z9o5b+c+gftfR/gf5RS/859Y9a+r9Q/6il/1z6Ry3959Y/auk/j/5RS/8X6R+19B+rf9TSf179o5b+8+kftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/hfWPWvovon/U0n9R/aOW/i/WP2rp/xL9o5b+i+kftfRfXP+opf8S+kct/ZfUP2rpv5T+UUv/pfWPWvovo3/U0n9Z/aNpuP+YiW4d+VL9o2m4/5PW/8v0j1r6L6d/1NJ/ef2jlv4r6B+19F9R/6il/8tr+k//L23d0n+lmv7/mpb+r9A/aun/Sv2jlv6v0j9q6b+y/lFL/1X0j1r6r6p/1NJ/Nf2jlv6v1j9q6b+6/lFL/zX0j1r6r6l/1NJ/Lf2jlv5r6x+19F9H/6il/2v0j1r6v1b/qKX/uvpHLf1fp3/U0v/1+kct/d+gf9TS/436Ry3919M/aum/vv5RS/8N9I9a+m+of9TSfyP9o5b+b9I/aum/sf5RS/9N9I9a+m+qf9TS/836Ry39N9M/aum/uf5RS/+36B+19N9C/6il/5b6Ry39t9I/aum/tf5RS/+36h+19N9G/6il/7b6Ry39t9M/aum/vf7RuP7njpn2+++gf9Sy/nfUP2rpv5P+UUv/nfWPWvq/Tf+opf8u+kct/XfVP2rpv5v+UUv/3fWPWvrvoX/U0v/t+kct/ffUP2rpv5f+UUv/vfWPWvq/Q/+opf8++kct/ffVP2rpv5/+UUv//fWPWvofoH/U0v9A/aOW/gfpH7X0f6f+UUv/d+kftfQ/WP+opf8h+kct/Q/VP2rp/279o5b+79E/aun/Xv2jlv7v0z9q6X+Y/lFL//frH7X0P1z/qKX/EfpHLf2P1D9q6X+U/lFL/w/oH7X0/6D+UUv/D+kftfT/sP5RS/+j9Y9a+h+jf9TS/yP6Ry39j9U/aun/Uf2jlv7H6R+19P+Y/lFL/4/rH7X0P17/qKX/CfpHLf0/oX/U0v9E/aOW/p/UP2rp/yn9o5b+n9Y/aul/kv5RS/+T9Y9a+p+if9TS/1T9o5b+p+kftfQ/Xf+opf8Z+kct/c/UP2rpf5b+UUv/s/WPWvp/Rv9oWu4//T9uHXmO/tG03H/i9X/uU/uP+q+O6xmqpf9nrf+opf/n9I9a+n9e/6il/xf0j1r6n6d/1NL/i/pHLf2/pH/U0v98/aOW/hfoH7X0v1D/qKX/l/WPWvp/Rf+opf9X9Y9a+l+kf9TS/2L9o5b+l+gftfT/mv5RS/9L9Y9a+l+mf9TS/3L9o5b+V+gftfT/uv5RS/9v6B+19P+m/lFL/yv1j1r6X6V/1NL/W/pHLf2v1j9q6f9t/aOW/t/RP2rpf43+UUv/a/WPWvp/V/+opf91+kct/a/XP2rp/z39o5b+N+gftfS/Uf+opf9N+kct/W+u63/rY1OyVUv/W+r6T5mW/rfqH7X0/77+UUv/2/SPWvr/QP+opf8P9Y9a+v9I/6il/+36Ry39f6x/1NL/J/pHLf1/qn/U0v8O/aOW/j/TP2rp/3P9o5b+d+oftfT/hf5RS/9f6h+19L9L/6il/6/0j1r6/1r/qKX/b/SPWvr/Vv+opf/d+kct/X+nf9TS//f6Ry3979E/aun/B/2jlv736h+19P+j/lFL//v0j1r6/0n/qKX//fpHLf3/rH/U0v8B/aOW/n/RP2rp/6D+UUv/v+oftfT/m/5RS/+/6x+19H9I/6il/8P6Ry39H9E/aun/qP5RS//H9I9K+o8a6B+19B+mf9TSf7j+UUv/EfpHLf1H6h+19B+lf9TSf7T+UUv/6fSPWvpPr3/U0n+M/lFL/xn0j1r6P0v/qKX/jPpHT/TfbNhgMA33n0n/qGX9z6x/1NL/2fpHLf1n0T9q6T+r/lFL/9n0j1r6P0f/qKX/7PpHLf2fq3/U0v95+kct/Z+vf9TSfw79o5b+L9A/auk/p/5RS/8X6h+19J9L/6il/9z6Ry3959E/aun/Iv2jlv5j9Y9a+s+rf9TSfz79o5b+8+sftfRfQP+opf+C+kct/RfSP2rpv7D+UUv/RfSPWvovqn/U0v/F+kct/V+if9TSfzH9o5b+i+sftfRfQv+opf+S+kct/ZfSP2rpv7T+UUv/ZfSPWvovq3/U0v+l+kct/V+mf9TSfzn9o5b+y+sftfRfQf+opf+K+kct/V+uf9TSfyX9o5b+r9A/aun/Sv2jlv6v0j9q6b+y/lFL/1X0j1r6r6p/1NJ/Nf2jlv6v1j9q6b+6/lFL/zX0j1r6r6l/1NJ/Lf2jlv5r6x+19F9H/6il/2v0j1r6v1b/qKX/uvpHLf1fp3/U0v/1+kct/d+gf9TS/436Ry3919M/Gtf/lsFgMK33X1//qGX9b6B/1NJ/Q/2jlv4b6R+19H+T/lFL/431j1r6b9Laf4anv7ul/6at/f+Jlv5v1j9q6b+Z/lFL/831j1r6v0X/qKX/FvpHLf231D9q6b+V/lFL/631j1r6v1X/qKX/NvpHLf231T9q6b+d/lFL/+31j1r676B/1NJ/R/2jlv476R+19N9Z/6il/9v0j1r676J/1NJ/V/2jlv676R+19N9d/6il/x76Ry39365/1NJ/T/2jlv576R+19N9b/6il/zv0j1r676N/1NJ/X/2jlv776R+19N9f/6il/wH6Ry39D9Q/aul/kP5RS/936h+19H+X/lFL/4P1j1r6H6J/1NL/UP2jlv7v1j9q6f8e/aOW/u/VP2rp/z79o5b+h+kftfR/v/5RS//D9Y9a+h+hf9TS/0j9o5b+R+kftfT/gP5RS/8P6h+19P+Q/lFL/w/rH7X0P1r/qKX/MfpHLf0/on/U0v9Y/aOW/h/VP2rpf5z+UUv/j+kftfT/uP5RS//j9Y9a+p+gf9TS/xP6Ry39T9Q/aun/Sf2jlv6f0j9q6f9p/aOW/ifpH7X0P1n/qKX/KfpHLf1P1T9q6X+a/lFL/9P1j1r6n6F/1NL/TP2jlv5n6R+19D9b/6il/2f0j1r6n6N/1NL/3Kr+ax8xpVu29P9sVf8p19L/c/pHLf0/r3/U0v8L+kct/c/TP2rp/0X9o5b+X9I/aul/vv5RS/8L9I9a+l+of9TS/8v6Ry39v6J/1NL/q/pHLf0v0j9q6X+x/lFL/0v0j1r6f03/qKX/pfpHLf0v0z9q6X+5/lFL/yv0j1r6f13/qKX/N/SPWvp/U/+opf+V+kct/a/SP2rp/y39o5b+V+sftfT/tv5RS//v6B+19L9G/6il/7X6Ry39v6t/1NL/Ov2jlv7X6x+19P+e/lFL/xv0j1r636h/1NL/Jv2jlv436x+19L9F/6il/636Ry39v69/1NL/Nv2jlv4/0D9q6f9D/aOW/j/SP2rpf7v+UUv/H+sftfT/if5RS/+f6h+19L9D/6il/8/0j1r6/1z/qKX/nfpHLf1/oX/U0v+X+kct/e/SP2rp/yv9o5b+v9Y/aun/G/2jlv6/1T9q6X+3/lFL/9/pH7X0/73+UUv/e/SPWvr/Qf+opf+9+kct/f+of9TS/z79o5b+f9I/aul/v/5RS/8/6x+19H9A/6il/1/0j1r6P6h/1NL/r/pHLf3/pn/U0v/v+kct/R/SP2rp/7D+UUv/R/SPWvo/qn/U0v8x/aOS/qMH+kct/YfpH7X0H65/1NJ/hP5RS/+R+kct/UfpH7X0H61/1NJ/Ov2jlv7T6x+19B+jf9TSfwb9o5b+z9I/auk/o/5RS/+Z9I9a+s+sf9TS/9n6Ry39Z9E/auk/q/5RS//Z9I9a+j9H/6il/+z6Ry39n6t/1NL/efpHLf2fr3/U0n8O/aOW/i/QP2rpP6f+UUv/F+oftfSfS/+opf/c+kct/efRP2rp/yL9o5b+Y/WPWvrPq3/U0n8+/aOW/vPrH7X0X0D/qKX/gvpHLf0X0j9q6b+w/lFL/0X0j1r6L6p/1NL/xfpHLf1fon/U0n8x/aOW/ovrH7X0X0L/qKX/kvpHLf2X0j9q6b+0/tE02n+uwST9l9E/mkb7P27i/svqH7X0f6n+UUv/l+kftfRfTv+opf/y+kct/VfQP2rpv6L+UUv/l+sftfRfSf+opf8r9I9a+r9S/6il/6v0j1r6r6x/1NJ/Ff2jlv6r6h+19F9N/6il/6v1j1r6r65/1NJ/Df2jlv5r6h+19F9L/6il/9r6Ry3919E/aun/Gv2jlv6v1T9q6b+u/lFL/9fpH7X0f73+UUv/N+gftfR/o/5RS//19I9a+q+vf9TSfwP9o5b+G+oftfTfSP+opf+b9I9a+m+sf9TSfxP9o5b+m+oftfR/s/5RS//N9I9a+m+uf9TS/y36Ry39t9A/aum/pf5RS/+t9I9a+m+tf9TS/636Ry39t9E/aum/rf5RS//t9I9a+m+vf9TSfwf9o5b+O+oftfTfSf+opf/O+kct/d+mf9TSfxf9o5b+u+oftfTfTf+opf/u+kct/ffQP2rp/3b9o5b+e+oftfTfS/+opf/e+kct/d+hf9TSfx/9o5b+++oftfTfT/+opf/++kct/Q/QP2rpf6D+UUv/g/SPWvq/U/+opf+79I9a+h+sf9TS/xD9o5b+h+oftfR/t/5RS//36B+19H+v/lFL//fpH7X0P0z/qKX/+/WPWvofrn/U0v8I/aOW/kfqH7X0P0r/qKX/B/SPWvp/UP+opf+H9I9a+n9Y/6il/9H6Ry39j9E/aun/Ef2jlv7H6h+19P+o/lFL/+P0j1r6f0z/qKX/x/WPWvofr3/U0v8E/aOW/p/QP2rpf6L+UUv/T+oftfT/lP5RS/9P6x+19D9J/6il/8n6Ry39T9E/aul/qv5RS//T9I9a+p+uf9TS/wz9o5b+Z+oftfQ/S/+opf/Z+kct/T+jf9TS/xz9o5b+5+oftfT/rP5RS//P6R+19P+8/lFL/y/oH7X0P0//qKX/F/WPWvp/Sf+opf/5+kct/S/QP2rpf6H+UUv/L+sftfT/iv5RS/+v6h+19L9I/6il/8X6Ry39L9E/aun/Nf2jlv6X6h+19L9M/6il/+X6Ry39r9A/aun/df2jlv7f0D9q6f9N/aOW/lfqH7X0v0r/qKX/t/SPWvpfrX/U0v/b+kct/b+jf9TS/xr9o5b+1+oftfT/rv5RS//r9I9a+l+vf9TS/3v6Ry39b9A/aul/o/5RS/+b9I9a+t+sf9TS/xb9o5b+t+oftfT/vv5RS//b9I9a+v9A/6il/w/1j1r6/0j/qKX/7fpHLf1/rH/U0v8n+kct/X+qf9TS/w79o5b+P9M/aun/c/2jlv536h+19P+F/lFL/1/qH7X0v0v/qKX/r/SPWvr/Wv+opf9v9I9a+v9W/6il/936Ry39f6d/1NL/9/pHLf3v0T9q6f8H/aOW/vfqH7X0/6P+UUv/+/SPWvr/Sf+opf/9+kct/f+sf9TS/wH9o5b+f9E/aun/oP5RS/+/6h+19P+b/lFL/7/rH7X0f0j/qKX/w/pHLf0f0T9q6f+o/lFL/8f0j0r6TzfQP2rpP0z/qKX/cP2jlv4j9I9a+o/UP2rpP0r/qKX/aP2jlv7T6R+19J9e/6il/xj9o5b+M+gftfR/lv5RS/8Z9Y9a+s+kf9TSf2b9o5b+z9Y/auk/i/5RS/9Z9Y9a+s+mf9TS/zn6Ry39Z9c/aun/XP2jlv7P0z9q6f98/aOW/nPoH7X0f4H+UUv/OfWPWvq/UP+opf9c+kct/efWP2rpP4/+UUv/F+kftfQfq3/U0n9e/aOW/vPpH7X0n1//qKX/AvpHLf0X1D9q6b+Q/lFL/4X1j1r6L6J/1NJ/Uf2jlv4v1j9q6f8S/aOW/ovpH7X0X1z/qKX/EvpHLf2X1D9q6b+U/lFL/6X1j1r6L6N/1NJ/Wf2jlv4v1T9q6f8y/aOW/svpH7X0X34K+t838//lwJ6ZWvqvYP1HLf1X1D9q6f9y/aOW/ivpH7X0f4X+UUv/V+oftfR/lf5RS/+V9Y9a+q+if9TSf1X9o5b+q+kftfR/tf5RS//V9Y9a+q+hf9TSf039o5b+a+kftfRfW/+opf86+kct/V+jf9TS/7X6Ry3919U/aun/Ov2jlv6v1z9q6f8G/aOW/m/UP2rpv57+UUv/9fWPWvpvoH/U0n9D/aOW/hvpH7X0f5P+UUv/jfWPWvpvon/U0n9T/aOW/m/WP2rpv5n+UUv/zfWPWvq/Rf+opf8W+kct/bfUP2rpv5X+UUv/rfWPWvq/Vf+opf82+kct/bfVP2rpv53+UUv/7fWPWvrvoH/U0n9H/aOW/jvpH7X031n/qKX/2/SPWvrvon/U0n9X/aOW/rvpH7X0313/qKX/HvpHLf3frn/U0n9P/aOW/nvpH7X031v/qKX/O/SPWvrvo3/U0n9f/aOW/vvpH7X031//qKX/AfpHLf0P1D9q6X+Q/lFL/3fqH7X0f5f+UUv/g/WPWvofon/U0v9Q/aOW/u/WP2rp/x79o5b+79U/aun/Pv2jlv6H6R+19H+//lFL/8P1j1r6H6F/1NL/SP2jlv5H6R+19P+A/lFL/w/qH7X0/5D+UUv/D+sftfQ/Wv+opf8x+kct/T+if9TS/1j9o5b+H9U/aul/nP5RS/+P6R+19P+4/lFL/+P1j1r6n6B/1NL/E/pHLf1P1D9q6f9J/aOW/p/SP2rp/2n9o5b+J+kftfQ/Wf+opf8p+kct/U/VP2rpf5r+UUv/0/WPWvqfoX/U0v9M/aOW/mfpH7X0P1v/qKX/Z/SPWvqfo3/U0v9c/aOW/p/VP2rp/zn9o5b+n9c/aun/Bf2jlv7n6R+19P+i/lFL/y/pH7X0P1//qKX/BfpHLf0v1D9q6f9l/aOW/l/RP2rp/1X9o5b+F+kftfS/WP+opf8l+kct/b+mf9TS/1L9o5b+l+kftfS/XP+opf8V+kct/b+uf9TS/xv6Ry39v6l/1NL/Sv2jlv5X6R+19P+W/lFL/6v1j1r6f1v/qKX/d/SPWvpfo3/U0v9a/aOW/t/VP2rpf53+UUv/6/WPWvp/T/+opf8N+kct/W/UP2rpf5P+UUv/m/WPWvrfon/U0v9W/aOW/t/XP2rpf5v+UUv/H+gftfT/of5RS/8f6R+19L9d/6il/4/1j1r6/0T/qKX/T/WPWvrfoX/U0v9n+kct/X+uf9TS/079o5b+v9A/aun/S/2jlv536R+19P+V/lFL/1/rH7X0/43+UUv/3+oftfS/W/+opf/v9I9a+v9e/6il/z36Ry39/6B/1NL/Xv2jlv5/1D9q6X+f/lFL/z/pH7X0v1//qKX/n/WPWvo/oH/U0v8v+kct/R/UP2rp/1f9o5b+f9M/aun/d/2jlv4P6R+19H9Y/6il/yP6Ry39H9U/aun/mP5RSf/pB/pHLf2H6R+19B+uf9TSf4T+UUv/kfpHLf1H6R+19B+tf9TSfzr9o5b+0+sftfQfo3/U0n8G/aOW/s/SP2rpP6P+UUv/mfSPWvrPrH/U0v/Z+kct/WfRP2rpP6v+UUv/2fSPWvo/R/+opf/s+kct/Z+rf9TS/3n6Ry39n69/1NJ/Dv2jlv4v0D9q6T+n/lFL/xfqH7X0n0v/qKX/3PpHLf3n0T9q6f8i/aOW/mP1j1r6z6t/1NJ/Pv2jlv7z6x+19F9A/6il/4L6Ry39F9I/aum/sP5RS/9F9I9a+i+qf9TS/8X6Ry39X6J/1NJ/Mf2jlv6L6x+19F9C/6il/5L6Ry39l9I/aum/tP5RS/9l9I9a+i+rf9TS/6Wx///8V/v/raX/y6z/qKX/cvpHLf2X1z9q6b+C/lFL/xX1j1r6v1z/qKX/SvpHLf1foX/U0v+V+kct/V+lf9TSf2X9o5b+q+gftfRfVf+opf9q+kct/V+tf9TSf3X9o5b+a+gftfRfU/+opf9a+kct/dfWP2rpv47+UUv/1+gftfR/rf5RS/919Y9a+r9O/6il/+v1j1r6v0H/qKX/G/WPWvqvp3/U0n99/aOW/hvoH7X031D/qKX/RvpHLf3fpH/U0n9j/aOW/pvoH7X031T/qKX/m/WPWvpvpn/U0n9z/aOW/m/RP2rpv4X+UUv/LfWPWvpvpX/U0n9r/aOW/m/VP2rpv43+UUv/bfWPWvpvp3/U0n97/aOW/jvoH7X031H/qKX/TvpHLf131j9q6f82/aOW/rvoH7X031X/qKX/bvpHLf131z9q6b+H/lFL/7frH7X031P/qKX/XvpHLf331j9q6f8O/aOW/vvoH7X031f/qKX/fvpHLf331z9q6X+A/lFL/wP1j1r6H6R/1NL/nfpHLf3fpX/U0v9g/aOW/ofoH7X0P1T/qKX/u/WPWvq/R/+opf979Y9a+r9P/6il/2H6Ry39369/1NL/cP2jlv5H6B+19D9S/6il/1H6Ry39P6B/1NL/g/pHLf0/pH/U0v/D+kct/Y/WP2rpf4z+UUv/j+gftfQ/Vv+opf9H9Y9a+h+nf9TS/2P6Ry39P65/1NL/eP2jlv4n6B+19P+E/lFL/xP1j1r6f1L/qKX/p/SPWvp/Wv+opf9J+kct/U/WP2rpf4r+UUv/U/WPWvqfpv8kxs9GS//T9Y9a+p+hf9TS/0z9o5b+Z+kftfQ/W/+opf9n9I9a+p+jf9TS/1z9o5b+n9U/aun/Of2jlv6f1z9q6f8F/aOW/ufpH7X0/6L+UUv/L+kftfQ/X/+opf8F+kct/S/UP2rp/2X9o5b+X9E/aun/Vf2jlv4X6R+19L9Y/6il/yX6Ry39v6Z/1NL/Uv2jlv6X6R+19L9c/6il/xX6Ry39v65/1NL/G/pHLf2/qX/U0v9K/aOW/lfpH7X0/5b+UUv/q/WPWvp/W/+opf939I9a+l+jf9TS/1r9o5b+39U/aul/nf5RS//r9Y9a+n9P/6il/w36Ry39b9Q/aul/k/5RS/+b9Y9a+t+if9TS/1b9o5b+39c/aul/m/5RS/8f6B+19P+h/lFL/x/pH7X0v13/qKX/j/WPWvr/RP+opf9P9Y9a+t+hf9TS/2f6Ry39f65/1NL/Tv2jlv6/0D9q6f9L/aOW/nfpH7X0/5X+UUv/X+sftfT/jf5RS//f6h+19L9b/6il/+/0j1r6/17/qKX/PfpHLf3/oH/U0v9e/aOW/n/UP2rpf5/+UUv/P+kftfS/X/+opf+f9Y9a+j+gf9TS/y/6Ry39H9Q/aun/V/2jlv5/0z9q6f93/aOW/g/pH7X0f1j/qKX/I/pHLf0f1T9q6f+Y/lFJ/zED/aOW/sP0j1r6D9c/auk/Qv+opf9I/aOW/qP0j1r6j9Y/auk/nf5RS//p9Y9a+o/RP2rpP4P+UUv/Z+kftfSfUf+opf9M+kct/WfWP2rp/2z9o5b+s+gftfSfVf+opf9s+kct/Z+jf9TSf3b9o5b+z9U/aun/PP2jlv7P1z9q6T+H/lFL/xfoH7X0n1P/qKX/C/WPWvrPpX/U0n9u/aOW/vPoH7X0f5H+UUv/sfpHLf3n1T9q6T+f/lFL//n1j1r6L6B/1NJ/Qf2jlv4L6R+19F9Y/6il/yL6Ry39F9U/aun/Yv2jlv4v0T9q6b+Y/lFL/8X1j1r6L6F/1NJ/Sf2jaa4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPw/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcFAAA///HjwC/")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x54)

0s ago: executing program 3 (id=1151):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x8, &(0x7f0000000180)={[{@nodiscard}, {@alloc_mode_def}, {@alloc_mode_def}, {@six_active_logs}, {@flush_merge}, {@fault_injection={'fault_injection', 0x3d, 0xb}}, {@discard}, {@adaptive_mode}, {@fsync_mode_posix}, {@block_mode}, {@memory_low}, {@two_active_logs}, {@fault_type={'fault_type', 0x3d, 0xfffffe}}]}, 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")

kernel console output (not intermixed with test programs):

-fs (loop8): Errors on filesystem, clearing orphan list.
[  172.887033][ T6849] EXT4-fs error (device loop7): ext4_map_blocks:814: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  172.964553][ T6852] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.997791][ T6849] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  173.072770][ T6849] EXT4-fs (loop7): This should not happen!! Data will be lost
[  173.072770][ T6849] 
[  173.147029][ T6859] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  173.213400][ T6866] netlink: 'syz.1.183': attribute type 15 has an invalid length.
[  173.221491][ T6866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.183'.
[  173.271682][ T6848] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  173.335573][ T6862] loop9: detected capacity change from 0 to 32768
[  173.369828][ T6859] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  173.429277][ T6848] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  173.456721][ T6866] netlink: 'syz.1.183': attribute type 15 has an invalid length.
[  173.461993][   T49] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  173.508657][ T6866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.183'.
[  173.531239][   T49] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  173.558931][ T6859] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  173.573805][   T78] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  173.599509][   T78] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  173.624802][ T6848] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  173.643537][ T6866] Zero length message leads to an empty skb
[  173.661198][ T6288] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.670907][ T5875] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  173.776539][ T6859] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  173.911460][ T6862] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  173.911511][ T6862]   allowing incompatible features above 0.0: (unknown version)
[  173.911533][ T6862]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  173.958270][ T6862] bcachefs (loop9): Using encoding defined by superblock: utf8-12.1.0
[  173.966565][ T6862] bcachefs (loop9): initializing new filesystem
[  173.982219][ T6862] bcachefs (loop9): going read-write
[  173.999863][ T6859] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  174.072945][ T6859] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #15: block 3: comm syz.7.181: lblock 3 mapped to illegal pblock 3 (length 1)
[  174.224637][ T6862] bcachefs (loop9): marking superblocks
[  174.247302][ T6862] bcachefs (loop9): initializing freespace
[  174.259507][ T6862] bcachefs (loop9): done initializing freespace
[  174.270444][ T6862] bcachefs (loop9): reading snapshots table
[  174.280369][ T6862] bcachefs (loop9): reading snapshots done
[  174.378853][ T6862] bcachefs (loop9): done starting filesystem
[  174.387649][ T6886] loop1: detected capacity change from 0 to 128
[  174.516659][ T6886] EXT4-fs (loop1): Test dummy encryption mode enabled
[  174.581933][ T6886] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  174.604598][ T6886] ext4 filesystem being mounted at /64/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  174.632639][ T6862] bcachefs (loop9): shutdown by ioctl type 2emergency read only at seq 2
[  174.641300][ T5935] bcachefs (loop9): going read-only
[  174.697490][ T5935] bcachefs (loop9): finished waiting for writes to stop
[  174.810793][ T6862] syz.9.182 (6862) used greatest stack depth: 18664 bytes left
[  174.947723][ T6886] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[  175.030946][ T6888] loop8: detected capacity change from 0 to 40427
[  175.049936][ T6888] F2FS-fs (loop8): Small segment_count (9 < 1 * 24)
[  175.056704][ T6888] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  175.201729][ T6466] bcachefs (loop9): shutting down
[  175.210190][ T5935] bcachefs (loop9): flushing journal and stopping allocators, journal seq 2
[  175.268741][ T6888] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  175.280163][ T6029] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  175.284827][ T6886] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  175.320233][ T5935] bcachefs (loop9): flushing journal and stopping allocators complete, journal seq 2
[  175.333738][ T6888] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  175.340800][ T6888] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  175.398536][ T5935] bcachefs (loop9): unclean shutdown complete, journal seq 2
[  175.479979][ T6888] syz.8.187: attempt to access beyond end of device
[  175.479979][ T6888] loop8: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  175.483154][ T5935] bcachefs (loop9): done going read-only, filesystem not clean
[  175.526115][ T6898] capability: warning: `syz.3.190' uses deprecated v2 capabilities in a way that may be insecure
[  175.842801][ T6288] syz-executor: attempt to access beyond end of device
[  175.842801][ T6288] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  175.904281][ T6466] bcachefs (loop9): shutdown complete
[  175.914780][ T5866] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  175.926641][ T6288] CPU: 0 UID: 0 PID: 6288 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  175.926688][ T6288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  175.926709][ T6288] Call Trace:
[  175.926721][ T6288]  <TASK>
[  175.926734][ T6288]  dump_stack_lvl+0x16c/0x1f0
[  175.926797][ T6288]  f2fs_handle_critical_error+0x624/0x9f0
[  175.926848][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.926892][ T6288]  ? f2fs_build_fault_attr+0x53/0x1f0
[  175.926945][ T6288]  f2fs_write_end_io+0x958/0xcf0
[  175.927001][ T6288]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  175.927059][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.927115][ T6288]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  175.927164][ T6288]  bio_endio+0x713/0x860
[  175.927228][ T6288]  submit_bio_noacct+0x306/0x1ed0
[  175.927290][ T6288]  __submit_merged_bio+0x33c/0x770
[  175.927348][ T6288]  __submit_merged_write_cond+0x319/0x3f0
[  175.927419][ T6288]  f2fs_write_cache_pages+0x2067/0x2570
[  175.927512][ T6288]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  175.927578][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.927624][ T6288]  ? __lock_acquire+0x62e/0x1ce0
[  175.927695][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.927738][ T6288]  ? __lock_acquire+0x62e/0x1ce0
[  175.927844][ T6288]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  175.927931][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.927967][ T6288]  ? mod_memcg_lruvec_state+0x389/0x5f0
[  175.928014][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.928054][ T6288]  ? __mod_zone_page_state+0xcc/0x1a0
[  175.928100][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.928142][ T6288]  f2fs_write_data_pages+0x4ad/0xd90
[  175.928202][ T6288]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  175.928264][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.928300][ T6288]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  175.928354][ T6288]  do_writepages+0x27a/0x600
[  175.928409][ T6288]  ? __pfx_do_writepages+0x10/0x10
[  175.928452][ T6288]  ? do_raw_spin_unlock+0x172/0x230
[  175.928492][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.928533][ T6288]  ? _raw_spin_unlock+0x28/0x50
[  175.928588][ T6288]  filemap_fdatawrite_wbc+0x104/0x160
[  175.928641][ T6288]  __filemap_fdatawrite_range+0xb9/0x100
[  175.928700][ T6288]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  175.928817][ T6288]  ? find_held_lock+0x2b/0x80
[  175.928864][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.928907][ T6288]  ? do_raw_spin_unlock+0x172/0x230
[  175.928947][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.928998][ T6288]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  175.929083][ T6288]  block_operations+0x2b0/0xfe0
[  175.929115][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.929165][ T6288]  ? arch_stack_walk+0xa6/0x100
[  175.929212][ T6288]  ? __pfx_block_operations+0x10/0x10
[  175.929339][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.929388][ T6288]  ? down_write+0x14d/0x200
[  175.929424][ T6288]  ? __pfx_down_write+0x10/0x10
[  175.929463][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.929506][ T6288]  ? rcu_is_watching+0x12/0xc0
[  175.929560][ T6288]  f2fs_write_checkpoint+0x2b8/0x4c60
[  175.929632][ T6288]  kill_f2fs_super+0x3c2/0x470
[  175.929668][ T6288]  ? __pfx_kill_f2fs_super+0x10/0x10
[  175.929702][ T6288]  ? lockdep_hardirqs_on+0x7c/0x110
[  175.929781][ T6288]  deactivate_locked_super+0xc1/0x1a0
[  175.929839][ T6288]  deactivate_super+0xde/0x100
[  175.929896][ T6288]  cleanup_mnt+0x225/0x450
[  175.929957][ T6288]  task_work_run+0x150/0x240
[  175.930000][ T6288]  ? __pfx_task_work_run+0x10/0x10
[  175.930037][ T6288]  ? srso_alias_return_thunk+0x5/0xfbef5
[  175.930079][ T6288]  ? __pfx___x64_sys_umount+0x10/0x10
[  175.930125][ T6288]  exit_to_user_mode_loop+0xeb/0x110
[  175.930163][ T6288]  do_syscall_64+0x41c/0x4e0
[  175.930196][ T6288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.930227][ T6288] RIP: 0033:0x7f7ffa38fed7
[  175.930253][ T6288] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  175.930283][ T6288] RSP: 002b:00007ffc24c09a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  175.930314][ T6288] RAX: 0000000000000000 RBX: 00007f7ffa411c05 RCX: 00007f7ffa38fed7
[  175.930336][ T6288] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc24c09b30
[  175.930357][ T6288] RBP: 00007ffc24c09b30 R08: 0000000000000000 R09: 0000000000000000
[  175.930387][ T6288] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc24c0abc0
[  175.930409][ T6288] R13: 00007f7ffa411c05 R14: 000000000002adb4 R15: 00007ffc24c0ac00
[  175.930462][ T6288]  </TASK>
[  176.412951][ T6288] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  176.446983][ T6901] block device autoloading is deprecated and will be removed.
[  177.349773][   T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  177.542719][   T10] usb 8-1: Using ep0 maxpacket: 16
[  177.550294][   T10] usb 8-1: config 0 has an invalid interface number: 232 but max is 0
[  177.584210][   T10] usb 8-1: config 0 has no interface number 0
[  177.634814][   T10] usb 8-1: config 0 interface 232 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.690228][   T10] usb 8-1: config 0 interface 232 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.710607][   T10] usb 8-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  177.730853][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.843588][   T10] usb 8-1: config 0 descriptor??
[  177.947104][ T6923] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  178.590399][   T10] usb 8-1: USB disconnect, device number 2
[  180.168438][ T6962] openvswitch: netlink: IPv4 tun info is not correct
[  180.858174][ T6948] loop8: detected capacity change from 0 to 32768
[  181.013013][ T6948] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  181.045460][ T6980] cgroup: fork rejected by pids controller in /syz1
[  181.225246][ T6948] XFS (loop8): Ending clean mount
[  181.295508][ T6948] XFS (loop8): Quotacheck needed: Please wait.
[  181.409913][ T6948] XFS (loop8): Quotacheck: Done.
[  182.261429][ T6288] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  182.528212][ T7016] loop3: detected capacity change from 0 to 4096
[  183.221232][   T78] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  183.281838][   T78] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.625170][   T78] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  183.672916][   T78] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.012024][ T7037] netlink: 'syz.6.226': attribute type 4 has an invalid length.
[  184.071283][ T7040] netlink: 'syz.6.226': attribute type 4 has an invalid length.
[  184.076172][   T78] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  184.151296][   T78] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.523629][ T7017] loop9: detected capacity change from 0 to 32768
[  184.645255][   T78] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  184.690752][ T7017] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  184.732677][   T78] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.022823][ T7017] XFS (loop9): Ending clean mount
[  185.067493][ T7017] XFS (loop9): Quotacheck needed: Please wait.
[  185.273017][ T7017] XFS (loop9): Quotacheck: Done.
[  185.493581][ T5180] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  185.505278][ T5180] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  185.519518][ T5180] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  185.576126][ T5180] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  185.594753][ T5180] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  185.819751][ T7079] loop8: detected capacity change from 0 to 512
[  185.875590][   T78] bridge_slave_1: left allmulticast mode
[  185.881294][   T78] bridge_slave_1: left promiscuous mode
[  185.897624][ T6466] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  185.955915][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.027776][ T7079] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.102830][ T7079] ext4 filesystem being mounted at /8/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.114070][   T78] bridge_slave_0: left allmulticast mode
[  186.119742][   T78] bridge_slave_0: left promiscuous mode
[  186.200493][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.212681][   T30] audit: type=1800 audit(1758149879.792:8): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.235" name="file1" dev="loop8" ino=15 res=0 errno=0
[  186.315579][   T30] audit: type=1800 audit(1758149879.852:9): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.235" name="file2" dev="loop8" ino=16 res=0 errno=0
[  186.788714][ T6288] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.682885][ T5180] Bluetooth: hci1: command tx timeout
[  188.368751][ T7107] loop9: detected capacity change from 0 to 32768
[  188.648257][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  188.669345][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  188.786130][   T78] bond0 (unregistering): Released all slaves
[  188.858761][ T7107] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  188.858810][ T7107]   allowing incompatible features above 0.0: (unknown version)
[  188.858832][ T7107]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  188.904687][  T840] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  189.062631][  T840] usb 7-1: Using ep0 maxpacket: 16
[  189.064747][  T840] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.064815][  T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  189.064864][  T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  189.064905][  T840] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  189.064948][  T840] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  189.066280][  T840] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  189.066327][  T840] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  189.066369][  T840] usb 7-1: Manufacturer: syz
[  189.072276][  T840] usb 7-1: config 0 descriptor??
[  189.552768][ T7107] bcachefs (loop9): Using encoding defined by superblock: utf8-12.1.0
[  189.570568][ T7107] bcachefs (loop9): initializing new filesystem
[  189.646752][ T7107] bcachefs (loop9): going read-write
[  189.658929][  T840] rc_core: IR keymap rc-hauppauge not found
[  189.696649][  T840] Registered IR keymap rc-empty
[  189.753943][ T7107] bcachefs (loop9): marking superblocks
[  189.756525][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  189.762644][ T5180] Bluetooth: hci1: command tx timeout
[  189.843074][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  189.881203][ T7107] bcachefs (loop9): initializing freespace
[  189.904995][  T840] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  189.970957][  T840] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input7
[  190.005631][ T7107] bcachefs (loop9): done initializing freespace
[  190.084287][ T7107] bcachefs (loop9): reading snapshots table
[  190.091654][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.120475][ T7107] bcachefs (loop9): reading snapshots done
[  190.133066][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.163792][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.197955][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.239923][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.283718][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.369869][ T7107] bcachefs (loop9): done starting filesystem
[  190.404393][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.460183][ T6466] bcachefs (loop9): shutting down
[  190.475053][ T6466] bcachefs (loop9): going read-only
[  190.480790][ T6466] bcachefs (loop9): finished waiting for writes to stop
[  190.516718][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.536821][ T6466] bcachefs (loop9): flushing journal and stopping allocators, journal seq 3
[  190.572747][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.622738][  T840] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  190.628068][   T78] hsr_slave_0: left promiscuous mode
[  190.675433][  T840] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  190.710932][   T78] hsr_slave_1: left promiscuous mode
[  190.724431][  T840] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  190.740042][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  190.792355][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  190.812752][ T6466] bcachefs (loop9): flushing journal and stopping allocators complete, journal seq 3
[  190.828946][  T840] usb 7-1: USB disconnect, device number 2
[  190.884725][ T6466] bcachefs (loop9): clean shutdown complete, journal seq 4
[  190.936892][ T6466] bcachefs (loop9): marking filesystem clean
[  190.954510][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  190.983311][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.984451][ T7162] netlink: 72 bytes leftover after parsing attributes in process `syz.8.255'.
[  191.157068][ T6466] bcachefs (loop9): shutdown complete
[  191.172881][   T78] veth1_macvtap: left promiscuous mode
[  191.212708][   T78] veth0_macvtap: left promiscuous mode
[  191.251803][   T78] veth1_vlan: left promiscuous mode
[  191.287863][   T78] veth0_vlan: left promiscuous mode
[  191.832887][ T5872] Bluetooth: hci1: command tx timeout
[  192.310643][ T7192] loop3: detected capacity change from 0 to 1024
[  192.719084][ T7198] loop8: detected capacity change from 0 to 1024
[  192.736639][ T7198] EXT4-fs: Ignoring removed bh option
[  192.787711][   T13] hfsplus: b-tree write err: -5, ino 4
[  192.840409][ T7198] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  192.987621][ T7198] EXT4-fs error (device loop8): ext4_xattr_set_entry:1660: inode #15: comm syz.8.265: corrupted xattr entries
[  193.031602][ T7198] EXT4-fs (loop8): Remounting filesystem read-only
[  193.041669][ T7198] EXT4-fs warning (device loop8): ext4_xattr_block_set:2189: inode #19: comm syz.8.265: dec ref error=-30
[  193.165167][ T6288] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.582041][   T78] team0 (unregistering): Port device team_slave_1 removed
[  193.717321][   T78] team0 (unregistering): Port device team_slave_0 removed
[  193.912663][ T5872] Bluetooth: hci1: command tx timeout
[  195.449137][ T7247] loop8: detected capacity change from 0 to 256
[  195.478663][ T7247] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  195.555429][ T7247] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  196.288522][ T7075] chnl_net:caif_netlink_parms(): no params data found
[  196.584407][ T5845] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  196.651593][ T7268] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  196.659337][ T7268] IPv6: NLM_F_CREATE should be set when creating new route
[  196.666621][ T7268] IPv6: NLM_F_CREATE should be set when creating new route
[  196.772746][ T5845] usb 10-1: Using ep0 maxpacket: 8
[  196.790449][ T5845] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.805122][ T5845] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.815385][ T5845] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  196.829564][ T5845] usb 10-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[  196.839950][ T5845] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.862462][ T5845] usb 10-1: config 0 descriptor??
[  197.255909][ T7075] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.311592][ T7075] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.342003][ T7075] bridge_slave_0: entered allmulticast mode
[  197.384385][ T7075] bridge_slave_0: entered promiscuous mode
[  197.410544][ T5845] sony 0003:1345:3008.0004: hiddev0,hidraw0: USB HID v80.04 Device [HID 1345:3008] on usb-dummy_hcd.9-1/input0
[  197.481026][ T7075] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.501363][ T5845] sony 0003:1345:3008.0004: failed to claim input
[  197.552272][ T7075] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.597576][ T7075] bridge_slave_1: entered allmulticast mode
[  197.643827][ T5845] usb 10-1: USB disconnect, device number 2
[  197.653912][ T7075] bridge_slave_1: entered promiscuous mode
[  197.865515][ T7297] netlink: 20 bytes leftover after parsing attributes in process `syz.8.299'.
[  197.892228][ T7075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  197.946780][   T78] IPVS: stop unused estimator thread 0...
[  197.961572][ T7075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.038558][ T7291] fido_id[7291]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[  198.080103][ T6743] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  198.101846][ T6743] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  198.194192][ T7075] team0: Port device team_slave_0 added
[  198.202415][ T6743] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  198.220454][ T6743] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  198.260861][ T7075] team0: Port device team_slave_1 added
[  198.461987][ T7075] batman_adv: batadv0: Adding interface: batadv_slave_0
[  198.491331][ T7075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.738285][ T7075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.825764][ T7075] batman_adv: batadv0: Adding interface: batadv_slave_1
[  198.876244][ T7075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.084579][ T7075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.184978][ T7311] loop6: detected capacity change from 0 to 512
[  199.357467][ T7311] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.424930][ T7311] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  199.567973][   T30] audit: type=1800 audit(1758149893.162:10): pid=7311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.303" name="bus" dev="loop6" ino=18 res=0 errno=0
[  199.798911][ T7075] hsr_slave_0: entered promiscuous mode
[  199.849553][ T7075] hsr_slave_1: entered promiscuous mode
[  199.874648][ T7075] debugfs: 'hsr0' already exists in 'hsr'
[  199.937501][ T7075] Cannot create hsr debugfs directory
[  200.225863][ T6021] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.293659][ T7329] loop8: detected capacity change from 0 to 40427
[  200.318291][ T7329] F2FS-fs (loop8): build fault injection rate: 14
[  200.324830][ T7329] F2FS-fs (loop8): build fault injection type: 0x3bfe8c
[  200.383451][ T7329] F2FS-fs (loop8): invalid crc value
[  200.397694][    C0] F2FS-fs (loop8): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  200.426344][    C0] F2FS-fs (loop8): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  200.515717][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.517525][ T7329] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  200.532690][ T7329] F2FS-fs (loop8): inject page alloc in f2fs_grab_cache_folio of f2fs_recover_fsync_data+0x49d/0x98b0
[  200.552880][ T7329] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  200.568344][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.577624][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.607304][ T7337] loop3: detected capacity change from 0 to 8
[  200.607511][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.688098][ T7329] F2FS-fs (loop8): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  200.704842][ T7329] F2FS-fs (loop8): inject inconsistent footer in sanity_check_node_footer of __get_node_folio+0x12d/0x1b0
[  200.718232][ T7329] F2FS-fs (loop8): inconsistent node block, node_type:0, nid:11, node_footer[nid:11,ino:3,ofs:2041,cpver:0,blkaddr:0]
[  200.748199][ T7337] SQUASHFS error: lzo decompression failed, data probably corrupt
[  200.755260][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.787548][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.816639][ T7337] SQUASHFS error: Failed to read block 0x91: -5
[  200.837963][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.865188][ T7337] SQUASHFS error: Unable to read metadata cache entry [8f]
[  200.884751][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.913308][ T7337] SQUASHFS error: Unable to read inode 0x7
[  200.960377][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  200.997385][ T6288] F2FS-fs (loop8): inject page alloc in f2fs_grab_cache_folio of f2fs_write_data_summaries+0xdc/0xc40
[  201.026184][ T7316] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  202.570887][ T7357] loop6: detected capacity change from 0 to 32768
[  202.628860][ T7357] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  202.639072][ T7357] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  202.728509][ T7357] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  202.737995][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  202.761311][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  202.799417][ T7075] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  202.899301][ T7359] loop3: detected capacity change from 0 to 32768
[  202.909970][ T7359] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  202.920354][ T7359] CPU: 0 UID: 0 PID: 7359 Comm: syz.3.317 Not tainted syzkaller #0 PREEMPT(full) 
[  202.920399][ T7359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  202.920420][ T7359] Call Trace:
[  202.920431][ T7359]  <TASK>
[  202.920444][ T7359]  dump_stack_lvl+0x16c/0x1f0
[  202.920506][ T7359]  sysfs_warn_dup+0x7f/0xa0
[  202.920549][ T7359]  sysfs_create_dir_ns+0x24b/0x2b0
[  202.920591][ T7359]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  202.920630][ T7359]  ? find_held_lock+0x2b/0x80
[  202.920685][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.920729][ T7359]  ? do_raw_spin_unlock+0x172/0x230
[  202.920775][ T7359]  kobject_add_internal+0x2c4/0x9b0
[  202.920822][ T7359]  kobject_init_and_add+0x11b/0x190
[  202.920863][ T7359]  ? __pfx_kobject_init_and_add+0x10/0x10
[  202.920911][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.920955][ T7359]  ? lockdep_init_map_type+0x5c/0x280
[  202.920990][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.921034][ T7359]  ? lockdep_init_map_type+0x5c/0x280
[  202.921078][ T7359]  gfs2_sys_fs_add+0x208/0x440
[  202.921129][ T7359]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  202.921177][ T7359]  ? lockdep_init_map_type+0x139/0x280
[  202.921213][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.921256][ T7359]  ? alloc_workqueue_noprof+0x198/0x200
[  202.921321][ T7359]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  202.921393][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.921451][ T7359]  gfs2_fill_super+0x13f0/0x2d30
[  202.921508][ T7359]  ? __lock_acquire+0xb97/0x1ce0
[  202.921583][ T7359]  ? __pfx_gfs2_fill_super+0x10/0x10
[  202.921650][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.921693][ T7359]  ? set_blocksize+0x406/0x500
[  202.921741][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.921784][ T7359]  ? sb_set_blocksize+0x176/0x1d0
[  202.921827][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.921879][ T7359]  get_tree_bdev_flags+0x38c/0x620
[  202.921937][ T7359]  ? __pfx_gfs2_fill_super+0x10/0x10
[  202.921997][ T7359]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  202.922053][ T7359]  ? rcu_is_watching+0x12/0xc0
[  202.922099][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.922145][ T7359]  ? aa_get_newest_label+0xd2/0x250
[  202.922186][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.922229][ T7359]  ? apparmor_capable+0x114/0x1d0
[  202.922275][ T7359]  gfs2_get_tree+0x4e/0x280
[  202.922341][ T7359]  vfs_get_tree+0x8e/0x340
[  202.922388][ T7359]  path_mount+0x1513/0x2000
[  202.922437][ T7359]  ? __pfx_path_mount+0x10/0x10
[  202.922480][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.922526][ T7359]  ? kmem_cache_free+0x2d1/0x4d0
[  202.922586][ T7359]  ? putname+0x154/0x1a0
[  202.922633][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.922680][ T7359]  ? putname+0x154/0x1a0
[  202.922726][ T7359]  ? __x64_sys_mount+0x28d/0x310
[  202.922763][ T7359]  __x64_sys_mount+0x28d/0x310
[  202.922806][ T7359]  ? __pfx___x64_sys_mount+0x10/0x10
[  202.922845][ T7359]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.922904][ T7359]  do_syscall_64+0xcd/0x4e0
[  202.922942][ T7359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.922978][ T7359] RIP: 0033:0x7ffa7379034a
[  202.923006][ T7359] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.923040][ T7359] RSP: 002b:00007ffa746a8e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  202.923074][ T7359] RAX: ffffffffffffffda RBX: 00007ffa746a8ef0 RCX: 00007ffa7379034a
[  202.923098][ T7359] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007ffa746a8eb0
[  202.923121][ T7359] RBP: 000020000001f680 R08: 00007ffa746a8ef0 R09: 0000000000000000
[  202.923144][ T7359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000040
[  202.923167][ T7359] R13: 00007ffa746a8eb0 R14: 000000000001f7dd R15: 0000200000000380
[  202.923215][ T7359]  </TASK>
[  203.296288][ T7359] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  203.312253][ T7359] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  203.460830][ T7075] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  203.708977][ T7075] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  203.793693][ T7075] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  203.868039][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1106ms
[  203.893444][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  203.902415][ T7357] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  203.917300][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  203.929590][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  204.616036][ T7075] 8021q: adding VLAN 0 to HW filter on device bond0
[  204.722645][ T7075] 8021q: adding VLAN 0 to HW filter on device team0
[  204.890935][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.898180][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.150150][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.157387][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.316494][ T7395] process 'syz.8.323' launched './file1' with NULL argv: empty string added
[  205.376414][ T7363] loop7: detected capacity change from 0 to 32768
[  205.494194][ T7396] loop9: detected capacity change from 0 to 2048
[  205.609881][ T7363] JBD2: Ignoring recovery information on journal
[  205.672847][ T7396] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  205.841758][ T7363] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  206.335789][ T6029] ocfs2: Unmounting device (7,7) on (node local)
[  206.825770][ T7075] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.215485][ T7075] veth0_vlan: entered promiscuous mode
[  207.387774][ T7075] veth1_vlan: entered promiscuous mode
[  207.416861][   T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  207.610133][   T10] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  207.692353][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.724861][ T7075] veth0_macvtap: entered promiscuous mode
[  207.754017][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.775801][ T7075] veth1_macvtap: entered promiscuous mode
[  207.812656][   T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  207.858182][   T10] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  207.877636][   T10] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  207.908647][   T10] usb 8-1: Manufacturer: syz
[  207.951436][   T10] usb 8-1: config 0 descriptor??
[  208.208774][ T7075] batman_adv: batadv0: Interface activated: batadv_slave_0
[  208.295986][ T7075] batman_adv: batadv0: Interface activated: batadv_slave_1
[  208.402937][   T10] appleir 0003:05AC:8243.0005: unknown main item tag 0x0
[  208.419101][ T6743] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  208.477535][ T6743] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.532016][ T6743] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  208.552476][   T10] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0
[  208.611539][ T2986] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  208.855598][ T7460] input: syz1 as /devices/virtual/input/input8
[  209.159141][ T2986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.160052][ T7438] loop8: detected capacity change from 0 to 32768
[  209.192076][ T2986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.217068][ T7463] loop6: detected capacity change from 0 to 4096
[  209.273039][ T7438] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.335 (7438)
[  209.305221][ T7463] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  209.396028][ T7438] BTRFS info (device loop8): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  209.433781][ T7438] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm
[  209.441446][ T2986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.462181][ T2986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.475168][ T7463] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  209.662939][ T7463] ntfs3(loop6): Failed to load $Extend (-22).
[  209.691560][ T7463] ntfs3(loop6): Failed to initialize $Extend.
[  209.878060][ T7438] BTRFS info (device loop8): enabling ssd optimizations
[  209.918837][ T7438] BTRFS info (device loop8): enabling free space tree
[  209.922702][   T30] audit: type=1804 audit(1758149903.512:11): pid=7463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.343" name="/newroot/37/file1/bus" dev="loop6" ino=33 res=1 errno=0
[  210.466123][ T6288] BTRFS info (device loop8): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  210.528652][    T9] usb 8-1: USB disconnect, device number 3
[  210.736034][ T7517] loop3: detected capacity change from 0 to 1024
[  210.781295][ T7517] EXT4-fs: Ignoring removed mblk_io_submit option
[  210.978636][ T7517] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.246393][   T30] audit: type=1800 audit(1758149904.832:12): pid=7517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.354" name="file1" dev="loop3" ino=15 res=0 errno=0
[  211.836896][ T5875] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.542997][ T7570] netlink: 40 bytes leftover after parsing attributes in process `syz.1.367'.
[  213.682635][    T9] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  213.865741][    T9] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  213.887811][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  213.928181][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  213.940671][    T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  213.966116][    T9] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  214.032126][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.071117][    T9] usb 9-1: config 0 descriptor??
[  214.082639][ T6477] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  214.090293][  T840] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  214.110932][ T7590] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  214.282680][ T6477] usb 4-1: Using ep0 maxpacket: 8
[  214.288035][  T840] usb 8-1: Using ep0 maxpacket: 8
[  214.296270][ T6477] usb 4-1: config 2 has an invalid interface number: 31 but max is 0
[  214.317175][  T840] usb 8-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  214.332054][ T6477] usb 4-1: config 2 has no interface number 0
[  214.358705][  T840] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.383847][ T6477] usb 4-1: config 2 interface 31 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  214.443220][  T840] usb 8-1: config 0 descriptor??
[  214.448349][ T6477] usb 4-1: config 2 interface 31 has no altsetting 0
[  214.511306][ T6477] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  214.553252][ T6477] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.582231][ T6477] usb 4-1: Product: syz
[  214.604773][ T6477] usb 4-1: Manufacturer: syz
[  214.609530][ T6477] usb 4-1: SerialNumber: syz
[  214.619961][    T9] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd
[  214.704007][ T5845] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  214.722140][    T9] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  214.920130][ T5845] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  214.934264][  T840] magicmouse 0003:05AC:0269.0007: unexpected long global item
[  214.959279][   T24] usb 9-1: USB disconnect, device number 2
[  214.972653][ T5845] usb 7-1: config 0 interface 0 has no altsetting 0
[  214.985583][  T840] magicmouse 0003:05AC:0269.0007: magicmouse hid parse failed
[  215.009703][ T7616] fido_id[7616]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:047F:FFFF.0006/report_descriptor': No such device
[  215.065346][ T5845] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  215.075236][  T840] magicmouse 0003:05AC:0269.0007: probe with driver magicmouse failed with error -22
[  215.112441][ T6477] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22
[  215.130931][ T5845] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  215.177421][ T6477] usb 4-1: USB disconnect, device number 5
[  215.188214][ T5845] usb 7-1: Product: syz
[  215.192409][ T5845] usb 7-1: Manufacturer: syz
[  215.210704][  T840] usb 8-1: USB disconnect, device number 4
[  215.263975][ T5845] usb 7-1: SerialNumber: syz
[  215.322491][ T5845] usb 7-1: config 0 descriptor??
[  215.407233][ T5845] usb 7-1: selecting invalid altsetting 0
[  215.628069][ T5845] usb 7-1: USB disconnect, device number 3
[  215.655023][ T7627] netlink: 96 bytes leftover after parsing attributes in process `syz.9.385'.
[  215.852238][ T5864] udevd[5864]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  216.331559][ T7639] netlink: 'syz.1.390': attribute type 14 has an invalid length.
[  216.342879][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.390'.
[  216.501057][ T7639] netlink: 'syz.1.390': attribute type 14 has an invalid length.
[  216.540633][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.390'.
[  218.098252][ T7672] netlink: 'syz.8.401': attribute type 10 has an invalid length.
[  218.230257][ T7672] team0: Port device dummy0 added
[  218.774876][ T7684] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96
[  219.057336][ T7694] netlink: 'syz.7.409': attribute type 1 has an invalid length.
[  219.271667][ T7694] bond1: entered promiscuous mode
[  219.358890][ T7694] 8021q: adding VLAN 0 to HW filter on device bond1
[  219.806240][ T7703] loop6: detected capacity change from 0 to 2048
[  219.813702][ T7697] 8021q: adding VLAN 0 to HW filter on device bond2
[  219.868389][ T7697] bond1: (slave bond2): making interface the new active one
[  219.905006][ T7703] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  219.940319][ T7697] bond2: entered promiscuous mode
[  220.019075][ T7697] bond1: (slave bond2): Enslaving as an active interface with an up link
[  220.032237][ T7703] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  220.494418][ T5954] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  220.718381][ T5954] usb 9-1: config 220 has an invalid interface number: 76 but max is 2
[  220.732681][ T5954] usb 9-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  220.742108][ T5954] usb 9-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  220.838311][ T5954] usb 9-1: config 220 has no interface number 2
[  220.891985][ T5954] usb 9-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  220.965904][ T5954] usb 9-1: config 220 interface 0 has no altsetting 0
[  221.010806][ T5954] usb 9-1: config 220 interface 76 has no altsetting 0
[  221.059923][ T5954] usb 9-1: config 220 interface 1 has no altsetting 0
[  221.684019][ T5954] usb 9-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  221.722864][ T5954] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.730911][ T5954] usb 9-1: Product: syz
[  221.811551][ T5954] usb 9-1: Manufacturer: syz
[  221.835204][ T5954] usb 9-1: SerialNumber: syz
[  222.097462][ T5954] usb 9-1: selecting invalid altsetting 0
[  222.125039][ T5954] usb 9-1: Found UVC 7.01 device syz (8086:0b07)
[  222.181162][ T5954] usb 9-1: No valid video chain found.
[  222.182607][   T30] audit: type=1326 audit(1758149915.772:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7739 comm="syz.3.424" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffa7378eba9 code=0x0
[  222.245875][ T5954] usb 9-1: selecting invalid altsetting 0
[  222.276169][ T5954] usbtest 9-1:220.1: probe with driver usbtest failed with error -22
[  222.315119][ T5954] usb 9-1: USB disconnect, device number 3
[  223.181068][   T30] audit: type=1326 audit(1758149916.772:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  223.258431][   T30] audit: type=1326 audit(1758149916.772:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  223.317452][ T7772] Invalid ELF header magic: != ELF
[  223.380885][   T30] audit: type=1326 audit(1758149916.802:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  223.581068][   T30] audit: type=1326 audit(1758149916.802:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  223.729608][   T30] audit: type=1326 audit(1758149916.812:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  223.882982][   T30] audit: type=1326 audit(1758149916.812:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  223.931930][ T7783] netlink: 20 bytes leftover after parsing attributes in process `syz.7.437'.
[  223.995620][ T7783] netlink: 20 bytes leftover after parsing attributes in process `syz.7.437'.
[  224.062629][   T30] audit: type=1326 audit(1758149916.812:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  224.252626][   T30] audit: type=1326 audit(1758149916.812:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  224.361006][   T30] audit: type=1326 audit(1758149916.812:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.6.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x7ffc0000
[  224.783852][ T7794] tls_set_device_offload: netdev not found
[  224.870751][ T7795] input: syz0 as /devices/virtual/input/input10
[  226.493977][ T7826] netlink: 'syz.6.446': attribute type 10 has an invalid length.
[  226.573404][ T7826] team0: Port device dummy0 added
[  226.732752][   T24] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  226.962474][   T24] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  226.995327][   T24] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  227.165390][   T24] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  227.203626][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  227.211639][   T24] usb 9-1: SerialNumber: syz
[  227.480276][   T24] usb 9-1: 0:2 : does not exist
[  227.521892][   T24] usb 9-1: unit 16 not found!
[  227.605207][   T24] usb 9-1: USB disconnect, device number 4
[  227.824795][ T6036] udevd[6036]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  228.717481][   T48] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  228.912730][   T48] usb 7-1: Using ep0 maxpacket: 16
[  228.930331][   T48] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  228.953329][   T48] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  228.995772][   T48] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  229.032132][   T48] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  229.057499][   T48] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.067392][ T7842] loop1: detected capacity change from 0 to 32768
[  229.091122][   T48] usb 7-1: Product: syz
[  229.111663][   T48] usb 7-1: Manufacturer: syz
[  229.134578][   T48] usb 7-1: SerialNumber: syz
[  229.373199][ T7842] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  229.590443][   T48] usb 7-1: 0:2 : does not exist
[  230.391340][ T7075] ocfs2: Unmounting device (7,1) on (node local)
[  230.487122][   T48] usb 7-1: USB disconnect, device number 4
[  230.654268][ T5886] udevd[5886]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.030769][ T7897] loop8: detected capacity change from 0 to 256
[  231.206866][ T7897] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b14, utbl_chksum : 0xe619d30d)
[  231.408054][ T7903] loop7: detected capacity change from 0 to 128
[  231.521368][ T7903] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  231.541539][ T7910] loop1: detected capacity change from 0 to 256
[  231.606494][ T5180] Bluetooth: hci4: command 0x0406 tx timeout
[  231.691410][ T7903] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  232.065445][ T6029] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  233.244924][ T7937] loop1: detected capacity change from 0 to 8192
[  233.270816][ T7937] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  233.412687][   T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  233.741130][   T24] usb 7-1: Using ep0 maxpacket: 32
[  233.773247][   T24] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[  233.801873][   T24] usb 7-1: config 0 has no interface number 0
[  233.821659][   T24] usb 7-1: config 0 interface 184 has no altsetting 0
[  233.860489][   T24] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  233.887825][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.917055][   T24] usb 7-1: Product: syz
[  233.941898][   T24] usb 7-1: Manufacturer: syz
[  233.970743][   T24] usb 7-1: SerialNumber: syz
[  233.987062][   T24] usb 7-1: config 0 descriptor??
[  234.019868][   T24] smsc75xx v1.0.0
[  234.913814][ T7962] netlink: 14 bytes leftover after parsing attributes in process `syz.3.497'.
[  235.290222][ T7970] loop1: detected capacity change from 0 to 256
[  235.298973][   T24] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  235.373347][ T7970] exfat: Deprecated parameter 'utf8'
[  235.408759][   T24] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  235.451384][ T7970] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  235.487280][   T24] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  235.541036][   T24] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  235.685019][   T24] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  235.778435][   T24] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  235.822805][   T24] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -71
[  235.856288][ T5230] udevd[5230]: worker [5886] terminated by signal 33 (Unknown signal 33)
[  235.877632][   T24] usb 7-1: USB disconnect, device number 5
[  235.896519][ T5230] udevd[5230]: worker [5886] failed while handling '/devices/virtual/block/loop1'
[  236.086391][ T7978] loop1: detected capacity change from 0 to 2048
[  236.410709][ T5230] udevd[5230]: worker [6036] terminated by signal 33 (Unknown signal 33)
[  236.500567][ T5230] udevd[5230]: worker [6036] failed while handling '/devices/virtual/block/loop1'
[  236.502421][ T7978] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.533965][ T7985] loop8: detected capacity change from 0 to 1024
[  236.540591][ T7978] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.754927][ T7985] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.794388][ T7997] netlink: 4 bytes leftover after parsing attributes in process `syz.9.507'.
[  236.917419][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  236.917446][   T30] audit: type=1800 audit(1758149930.492:26): pid=7978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.503" name="file0" dev="loop1" ino=13 res=0 errno=0
[  237.094168][ T8002] vivid-007: =================  START STATUS  =================
[  237.111090][ T7992] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  237.151424][ T8002] vivid-007: Enable Output Cropping: true grabbed
[  237.181582][ T7978] fs-verity (loop1, inode 13): Error -4 building Merkle tree
[  237.214856][ T7985] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4182: comm syz.8.506: Allocating blocks 385-513 which overlap fs metadata
[  237.238199][ T8002] vivid-007: Enable Output Composing: true grabbed
[  237.250822][ T7985] EXT4-fs (loop8): pa ffff88803124ad98: logic 16, phys. 129, len 24
[  237.259379][ T7985] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5433: group 0, free 0, pa_free 8
[  237.286052][ T8002] vivid-007: Enable Output Scaler: true grabbed
[  237.292406][ T8002] vivid-007: Tx RGB Quantization Range: Automatic grabbed
[  237.304347][ T8002] vivid-007: Transmit Mode: HDMI grabbed
[  237.310062][ T8002] vivid-007: Hotplug Present: 0x00000000
[  237.315785][ T8002] vivid-007: RxSense Present: 0x00000000
[  237.321452][ T8002] vivid-007: EDID Present: 0x00000000
[  237.327104][ T8002] vivid-007: ==================  END STATUS  ==================
[  237.571033][ T6288] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.612303][ T7075] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.260250][ T8020] loop6: detected capacity change from 0 to 64
[  238.480983][ T8023] loop7: detected capacity change from 0 to 47
[  238.788454][   T30] audit: type=1804 audit(1758149932.372:27): pid=8020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.516" name=2F6E6577726F6F742F36382F66696C65302FF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFFFFF2FFFF
[  238.954334][ T8027] overlayfs: failed to resolve './file2': -2
[  239.820557][ T8042] netlink: 'syz.6.523': attribute type 2 has an invalid length.
[  239.862971][ T8042] netlink: 132 bytes leftover after parsing attributes in process `syz.6.523'.
[  240.450321][ T8047] loop9: detected capacity change from 0 to 4096
[  240.486854][ T8053] netlink: 4 bytes leftover after parsing attributes in process `syz.6.530'.
[  240.531249][ T8053] netlink: 'syz.6.530': attribute type 3 has an invalid length.
[  240.666334][ T8051] loop8: detected capacity change from 0 to 4096
[  240.673112][ T8056] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  240.715386][ T8051] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512).
[  240.815035][ T8051] ntfs3(loop8): Mark volume as dirty due to NTFS errors
[  240.900791][ T8051] ntfs3(loop8): Failed to load $Extend (-22).
[  240.962831][ T8051] ntfs3(loop8): Failed to initialize $Extend.
[  241.103446][    T9] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  241.115913][   T30] audit: type=1804 audit(1758149934.702:28): pid=8051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.529" name="/newroot/60/file1/bus" dev="loop8" ino=33 res=1 errno=0
[  241.283103][    T9] usb 8-1: Using ep0 maxpacket: 8
[  241.314110][    T9] usb 8-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  241.329947][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.358888][    T9] usb 8-1: Product: syz
[  241.370187][    T9] usb 8-1: Manufacturer: syz
[  241.400573][    T9] usb 8-1: SerialNumber: syz
[  241.431088][    T9] usb 8-1: config 0 descriptor??
[  241.490425][    T9] gspca_main: sq905-2.14.0 probing 2770:9120
[  241.697861][ T8071] loop9: detected capacity change from 0 to 512
[  241.815207][ T8071] EXT4-fs (loop9): Test dummy encryption mode enabled
[  241.822024][ T8071] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  241.888275][ T8071] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  242.122925][ T8071] EXT4-fs error (device loop9): ext4_orphan_get:1418: comm syz.9.536: bad orphan inode 131083
[  242.262248][ T8071] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.360769][ T8073] loop8: detected capacity change from 0 to 32768
[  242.421909][ T8073] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  242.430183][ T8073] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  242.534233][ T8073] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  242.545468][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  242.552253][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  242.612157][    T9] gspca_sq905: bulk read fail (-22) len 0/4
[  242.685605][    T9] sq905 8-1:0.0: probe with driver sq905 failed with error -5
[  242.792264][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 240ms
[  242.803237][ T6466] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.844956][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  242.850347][ T8073] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  242.925084][  T840] usb 8-1: USB disconnect, device number 5
[  243.248958][ T8087] cgroup: fork rejected by pids controller in /syz9
[  243.558447][ T8070] loop1: detected capacity change from 0 to 32768
[  243.719362][ T8070] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  243.866282][ T8070] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  243.986725][ T8098] loop6: detected capacity change from 0 to 64
[  244.048557][   T30] audit: type=1800 audit(1758149937.642:29): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.535" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  244.093709][ T8098] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  244.494306][ T7075] ocfs2: Unmounting device (7,1) on (node local)
[  244.757414][ T8111] input: syz0 as /devices/virtual/input/input11
[  245.238557][   T13] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.528749][   T13] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.881937][ T8127] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  245.915198][   T13] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.262439][   T13] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.812030][ T8144] overlayfs: failed to clone lowerpath
[  246.953383][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  246.959467][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  247.142363][   T13] bridge_slave_1: left allmulticast mode
[  247.173378][ T5873] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  247.198135][   T13] bridge_slave_1: left promiscuous mode
[  247.198183][ T5873] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  247.217119][ T5873] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  247.250082][ T5873] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  247.260484][ T5873] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  247.269260][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.380732][   T13] bridge_slave_0: left allmulticast mode
[  247.400845][   T13] bridge_slave_0: left promiscuous mode
[  247.413943][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.812811][ T5956] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  247.972861][ T5956] usb 9-1: Using ep0 maxpacket: 16
[  248.003716][ T5956] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  248.031580][ T5956] usb 9-1: config 0 has no interface number 0
[  248.050259][ T5956] usb 9-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  248.087484][ T5956] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.117110][ T5956] usb 9-1: Product: syz
[  248.137407][ T5956] usb 9-1: Manufacturer: syz
[  248.151007][ T5956] usb 9-1: SerialNumber: syz
[  248.188934][ T5956] usb 9-1: config 0 descriptor??
[  248.228759][ T5956] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  248.610473][ T8161] loop1: detected capacity change from 0 to 32768
[  248.663562][ T8161] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  248.748590][ T8161] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  248.868573][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.886003][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.920761][ T8151] loop7: detected capacity change from 0 to 32768
[  248.960760][   T13] bond0 (unregistering): Released all slaves
[  248.989292][ T8151] debugfs: 'B1DE653C5FFC4D88B33B244AAB9EB3E9' already exists in 'ocfs2'
[  249.011661][ T8151] JBD2: Ignoring recovery information on journal
[  249.180688][ T8163] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  249.240457][ T8151] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  249.304904][ T7075] ocfs2: Unmounting device (7,1) on (node local)
[  249.376105][ T5873] Bluetooth: hci3: command tx timeout
[  249.452438][ T5956] gspca_spca1528: reg_w err -71
[  249.481837][ T5956] spca1528 9-1:0.1: probe with driver spca1528 failed with error -71
[  249.533099][ T5956] usb 9-1: USB disconnect, device number 5
[  249.738907][ T6029] ocfs2: Unmounting device (7,7) on (node local)
[  250.046040][ T5956] libceph: connect (1)[c::]:6789 error -101
[  250.054504][ T5956] libceph: mon0 (1)[c::]:6789 connect error
[  250.337043][ T5956] libceph: connect (1)[c::]:6789 error -101
[  250.352711][ T5956] libceph: mon0 (1)[c::]:6789 connect error
[  250.378867][ T8192] netlink: 4 bytes leftover after parsing attributes in process `syz.8.582'.
[  250.420514][   T13] hsr_slave_0: left promiscuous mode
[  250.431169][   T13] hsr_slave_1: left promiscuous mode
[  250.438276][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  250.451055][ T8197] netlink: 4 bytes leftover after parsing attributes in process `syz.7.580'.
[  250.460209][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  250.469475][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  250.477104][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  250.535446][   T13] veth1_macvtap: left promiscuous mode
[  250.669971][   T13] veth0_macvtap: left promiscuous mode
[  250.684978][ T8181] ceph: No mds server is up or the cluster is laggy
[  250.698090][   T13] veth1_vlan: left promiscuous mode
[  250.718998][   T13] veth0_vlan: left promiscuous mode
[  251.410413][   T13] team0 (unregistering): Port device team_slave_1 removed
[  251.433004][ T5873] Bluetooth: hci3: command tx timeout
[  251.465611][   T13] team0 (unregistering): Port device team_slave_0 removed
[  251.908706][ T8193] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  251.984905][ T8203] netlink: 96 bytes leftover after parsing attributes in process `syz.3.584'.
[  252.509003][ T8152] chnl_net:caif_netlink_parms(): no params data found
[  253.378890][ T8152] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.414923][ T8152] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.422239][ T8152] bridge_slave_0: entered allmulticast mode
[  253.499201][ T8152] bridge_slave_0: entered promiscuous mode
[  253.512939][ T5873] Bluetooth: hci3: command tx timeout
[  253.598542][ T8152] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.649239][ T8152] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.702855][ T8152] bridge_slave_1: entered allmulticast mode
[  253.711104][ T8152] bridge_slave_1: entered promiscuous mode
[  254.988953][   T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  255.062596][   T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.507634][ T8152] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  255.556383][ T8152] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  255.593166][ T5873] Bluetooth: hci3: command tx timeout
[  255.635964][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  255.648323][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  255.656660][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  255.662847][  T840] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  255.675170][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  255.691789][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  255.704702][   T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  255.802061][   T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.952897][  T840] usb 2-1: Using ep0 maxpacket: 16
[  255.999639][  T840] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  256.076783][  T840] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  256.176250][  T840] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  256.192757][  T840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.200803][  T840] usb 2-1: Product: syz
[  256.239474][  T840] usb 2-1: Manufacturer: syz
[  256.251605][  T840] usb 2-1: SerialNumber: syz
[  256.273447][  T840] usb 2-1: config 0 descriptor??
[  256.326996][  T840] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  256.362666][  T840] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  256.646497][   T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  256.702992][   T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.793619][ T8152] team0: Port device team_slave_0 added
[  256.819839][ T8152] team0: Port device team_slave_1 added
[  256.857020][ T8283] input: syz1 as /devices/virtual/input/input12
[  256.965616][  T840] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  256.977176][  T840] em28xx 2-1:0.0: Config register raw data: 0xfe
[  256.983441][   T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  256.993859][  T840] em28xx 2-1:0.0: I2S Audio (3 sample rate(s))
[  256.993895][  T840] em28xx 2-1:0.0: No AC97 audio processor
[  257.030296][   T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.285010][ T8152] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.292059][ T8152] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.328321][ T8152] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  257.386792][ T8152] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.405604][  T840] usb 2-1: USB disconnect, device number 5
[  257.418941][ T8152] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.491378][ T8152] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  257.612877][  T944] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  257.740782][ T8152] hsr_slave_0: entered promiscuous mode
[  257.749872][ T8152] hsr_slave_1: entered promiscuous mode
[  257.766908][ T8152] debugfs: 'hsr0' already exists in 'hsr'
[  257.774677][ T8152] Cannot create hsr debugfs directory
[  257.785525][  T944] usb 8-1: Using ep0 maxpacket: 16
[  257.803672][  T944] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.832912][   T51] Bluetooth: hci2: command tx timeout
[  257.843757][ T8299] netlink: 'syz.6.624': attribute type 16 has an invalid length.
[  257.851661][  T944] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.866564][ T8299] netlink: 'syz.6.624': attribute type 2 has an invalid length.
[  257.871649][  T944] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  257.887678][  T944] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.899168][ T8299] netlink: 64086 bytes leftover after parsing attributes in process `syz.6.624'.
[  257.917570][  T944] usb 8-1: config 0 descriptor??
[  258.361864][  T944] konepure 0003:1E7D:2DB4.0008: unknown main item tag 0x0
[  258.411157][  T944] konepure 0003:1E7D:2DB4.0008: unknown main item tag 0x0
[  258.419612][   T13] bridge_slave_1: left allmulticast mode
[  258.422596][  T944] konepure 0003:1E7D:2DB4.0008: item fetching failed at offset 2/4
[  258.425598][   T13] bridge_slave_1: left promiscuous mode
[  258.455115][  T944] konepure 0003:1E7D:2DB4.0008: parse failed
[  258.461689][  T944] konepure 0003:1E7D:2DB4.0008: probe with driver konepure failed with error -22
[  258.462836][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.558356][   T13] bridge_slave_0: left allmulticast mode
[  258.565420][   T13] bridge_slave_0: left promiscuous mode
[  258.580378][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.613709][  T944] usb 8-1: USB disconnect, device number 6
[  259.451760][ T8323] loop7: detected capacity change from 0 to 8192
[  259.938945][   T51] Bluetooth: hci2: command tx timeout
[  260.094452][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  260.121260][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  260.165529][   T13] bond0 (unregistering): Released all slaves
[  260.266666][ T8343] kernel read not supported for file /!sel (pid: 8343 comm: syz.1.642)
[  260.300709][   T30] audit: type=1800 audit(1758149953.892:30): pid=8343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.642" name="!sel" dev="mqueue" ino=19479 res=0 errno=0
[  260.446830][ T8315] warning: `syz.6.630' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  261.012916][   T30] audit: type=1326 audit(1758149954.612:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8356 comm="syz.6.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x7fc00000
[  261.541212][   T30] audit: type=1326 audit(1758149955.132:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8356 comm="syz.6.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fd1b318eba9 code=0x7fc00000
[  261.658978][   T13] hsr_slave_0: left promiscuous mode
[  261.690056][   T13] hsr_slave_1: left promiscuous mode
[  261.713787][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  261.721220][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  261.722217][ T8378] loop1: detected capacity change from 0 to 4096
[  261.738843][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  261.754351][ T8381] overlayfs: failed to clone upperpath
[  261.767507][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  261.859972][ T8384] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  261.884973][   T13] veth1_macvtap: left promiscuous mode
[  261.890578][   T13] veth0_macvtap: left promiscuous mode
[  261.897004][   T30] audit: type=1800 audit(1758149955.472:33): pid=8378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.654" name="file1" dev="loop1" ino=15 res=0 errno=0
[  261.944069][   T13] veth1_vlan: left promiscuous mode
[  261.955179][   T13] veth0_vlan: left promiscuous mode
[  261.996411][   T51] Bluetooth: hci2: command tx timeout
[  262.083021][   T48] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  262.252695][   T48] usb 8-1: Using ep0 maxpacket: 32
[  262.276134][   T48] usb 8-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  262.312937][   T48] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.336039][   T48] usb 8-1: config 0 descriptor??
[  262.386539][   T48] gspca_main: sq930x-2.14.0 probing 041e:403c
[  262.887516][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  262.912322][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  262.940828][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  263.050992][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  263.079275][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  263.098945][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  263.305446][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  263.330703][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  263.346571][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.663'.
[  263.609937][   T48] gspca_sq930x: reg_w 0105 bf00 failed -71
[  263.622648][   T48] sq930x 8-1:0.0: probe with driver sq930x failed with error -71
[  263.660040][   T48] usb 8-1: USB disconnect, device number 7
[  263.795786][   T13] team0 (unregistering): Port device team_slave_1 removed
[  263.935127][   T13] team0 (unregistering): Port device team_slave_0 removed
[  264.072862][   T51] Bluetooth: hci2: command tx timeout
[  264.300238][ T8418] loop1: detected capacity change from 0 to 4096
[  264.415133][ T8418] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  264.507166][ T8418] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  264.663973][ T8426] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  264.734377][ T8418] ntfs3(loop1): Failed to load $Extend (-22).
[  264.740499][ T8418] ntfs3(loop1): Failed to initialize $Extend.
[  264.931661][   T30] audit: type=1804 audit(1758149958.512:34): pid=8418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.672" name="/newroot/62/file1/bus" dev="loop1" ino=33 res=1 errno=0
[  265.285165][ T8439] overlayfs: failed to resolve './file0': -2
[  265.359495][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  265.366657][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  265.817579][ T8449] loop1: detected capacity change from 0 to 1024
[  265.980080][ T8449] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  leaving read-only.
[  266.249234][   T13] team0 (unregistering): Port device dummy0 removed
[  266.527800][ T8470] input: syz0 as /devices/virtual/input/input13
[  266.663485][ T8272] chnl_net:caif_netlink_parms(): no params data found
[  267.238597][ T8272] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.286114][ T8272] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.315874][ T8272] bridge_slave_0: entered allmulticast mode
[  267.346559][ T8272] bridge_slave_0: entered promiscuous mode
[  267.403538][ T8491] pim6reg: entered allmulticast mode
[  267.460250][ T8272] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.498064][ T8272] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.531040][ T8272] bridge_slave_1: entered allmulticast mode
[  267.547617][ T8272] bridge_slave_1: entered promiscuous mode
[  267.608289][ T8491] pim6reg: left allmulticast mode
[  268.225885][ T8272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  268.284618][ T8272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  268.599476][ T8519] loop1: detected capacity change from 0 to 256
[  268.626712][ T8272] team0: Port device team_slave_0 added
[  268.626894][ T8521] loop7: detected capacity change from 0 to 1024
[  268.668448][ T8272] team0: Port device team_slave_1 added
[  268.673817][ T8521] EXT4-fs: Ignoring removed orlov option
[  268.698204][ T8519] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  268.705720][ T8152] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  268.730482][ T8521] EXT4-fs: Ignoring removed nobh option
[  268.747157][ T8521] EXT4-fs: Ignoring removed bh option
[  268.812062][ T8521] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.924100][ T8521] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4182: comm syz.7.713: Allocating blocks 481-513 which overlap fs metadata
[  269.021995][ T8152] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  269.055045][ T8152] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  269.076830][ T8152] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  269.101941][ T8272] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.123179][ T8521] EXT4-fs (loop7): pa ffff888054815828: logic 352, phys. 465, len 3
[  269.125490][ T8272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.131496][ T8521] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:5433: group 0, free 0, pa_free 1
[  269.186020][ T8272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.224580][ T8272] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.231550][ T8272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.258469][ T8272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.318608][ T6029] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.541964][ T8272] hsr_slave_0: entered promiscuous mode
[  269.573197][ T8540] kernel read not supported for file /¡sxt (pid: 8540 comm: syz.7.716)
[  269.581824][ T8272] hsr_slave_1: entered promiscuous mode
[  269.590532][ T8272] debugfs: 'hsr0' already exists in 'hsr'
[  269.596486][ T8272] Cannot create hsr debugfs directory
[  269.602990][   T30] audit: type=1800 audit(1758149963.172:35): pid=8540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.716" name=A17378741A dev="mqueue" ino=20583 res=0 errno=0
[  269.724465][ T8545] input: syz1 as /devices/virtual/input/input14
[  270.609870][ T8152] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.022163][ T8152] 8021q: adding VLAN 0 to HW filter on device team0
[  271.344801][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.352142][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.615924][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.623185][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.232927][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  272.242412][    T9] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  272.269793][    T9] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  272.622671][  T840] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  272.668386][ T8272] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  272.732013][ T8272] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  272.778423][ T8272] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  272.828003][  T840] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.835269][ T8272] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  272.884700][  T840] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  272.899601][  T840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.932148][  T840] usb 2-1: Product: syz
[  272.955666][  T840] usb 2-1: Manufacturer: syz
[  272.970517][  T840] usb 2-1: SerialNumber: syz
[  273.111669][ T8152] 8021q: adding VLAN 0 to HW filter on device batadv0
[  273.132411][ T8599] netlink: 68 bytes leftover after parsing attributes in process `syz.7.736'.
[  273.380544][ T8272] 8021q: adding VLAN 0 to HW filter on device bond0
[  273.491652][ T8272] 8021q: adding VLAN 0 to HW filter on device team0
[  273.540023][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.547245][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  273.648213][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.655452][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  273.722251][ T8605] netlink: 120 bytes leftover after parsing attributes in process `syz.7.738'.
[  274.046243][  T840] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  274.065148][  T840] cdc_ncm 2-1:1.0: dwNtbInMaxSize=2 is too small. Using 2048
[  274.108792][  T840] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  274.328352][  T840] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  274.392963][ T6477] usb 8-1: new full-speed USB device number 8 using dummy_hcd
[  274.413532][  T840] usb 2-1: USB disconnect, device number 6
[  274.420976][  T840] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)
[  274.422838][ T8622] fuse: Bad value for 'fd'
[  274.584792][ T6477] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  274.612257][ T8152] veth0_vlan: entered promiscuous mode
[  274.630800][ T6477] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.662854][ T6477] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  274.694831][ T6477] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.713959][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  274.723325][    T9] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  274.729428][    T9] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  274.732272][ T8152] veth1_vlan: entered promiscuous mode
[  274.753789][ T6477] usb 8-1: config 0 descriptor??
[  274.764485][ T8272] 8021q: adding VLAN 0 to HW filter on device batadv0
[  274.795695][ T6477] hub 8-1:0.0: USB hub found
[  274.820327][ T8152] veth0_macvtap: entered promiscuous mode
[  274.871104][ T8152] veth1_macvtap: entered promiscuous mode
[  275.009095][ T8152] batman_adv: batadv0: Interface activated: batadv_slave_0
[  275.029072][ T6477] hub 8-1:0.0: 1 port detected
[  275.070806][ T8152] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.131715][   T13] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  275.172026][   T13] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  275.232961][   T13] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  275.250060][   T13] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  275.672997][ T6477] hub 8-1:0.0: activate --> -90
[  275.875011][ T6477] hub 8-1:0.0: hub_ext_port_status failed (err = 0)
[  275.979120][ T8272] veth0_vlan: entered promiscuous mode
[  276.027063][ T8272] veth1_vlan: entered promiscuous mode
[  276.122397][ T8272] veth0_macvtap: entered promiscuous mode
[  276.139462][ T8272] veth1_macvtap: entered promiscuous mode
[  276.176360][ T8272] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.184527][ T6477] usb 8-1: USB disconnect, device number 8
[  276.218801][ T8272] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.274969][   T78] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.307413][   T78] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.321096][   T78] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.338460][   T78] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.581178][ T8653] netlink: 8 bytes leftover after parsing attributes in process `syz.6.753'.
[  276.597719][ T8653] netlink: 8 bytes leftover after parsing attributes in process `syz.6.753'.
[  276.873766][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  276.873926][    T9] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[  276.923732][    T9] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[  277.325587][ T8674] loop1: detected capacity change from 0 to 256
[  277.427065][ T8674] FAT-fs (loop1): Directory bread(block 64) failed
[  277.454676][ T8674] FAT-fs (loop1): Directory bread(block 65) failed
[  277.474200][ T8674] FAT-fs (loop1): Directory bread(block 66) failed
[  277.480882][ T8674] FAT-fs (loop1): Directory bread(block 67) failed
[  277.491685][ T8674] FAT-fs (loop1): Directory bread(block 68) failed
[  277.499694][ T8674] FAT-fs (loop1): Directory bread(block 69) failed
[  277.507170][ T8674] FAT-fs (loop1): Directory bread(block 70) failed
[  277.515540][ T8674] FAT-fs (loop1): Directory bread(block 71) failed
[  277.522155][ T8674] FAT-fs (loop1): Directory bread(block 72) failed
[  277.528737][ T8674] FAT-fs (loop1): Directory bread(block 73) failed
[  279.192762][    T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  279.192802][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  279.198954][    T9] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  279.416909][ T8711] raw_sendmsg: syz.3.777 forgot to set AF_INET. Fix it!
[  279.507091][ T8715] netlink: 'syz.6.779': attribute type 39 has an invalid length.
[  280.004614][ T8720] netlink: 'syz.3.782': attribute type 1 has an invalid length.
[  280.054734][ T8720] 8021q: adding VLAN 0 to HW filter on device bond1
[  280.085726][ T8724] bond1: (slave geneve2): making interface the new active one
[  280.095654][ T8724] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  280.887345][ T8746] netlink: 'syz.6.791': attribute type 10 has an invalid length.
[  280.895707][ T8746] netlink: 40 bytes leftover after parsing attributes in process `syz.6.791'.
[  280.905109][ T8746] dummy0: entered promiscuous mode
[  280.924017][ T8746] team0: Port device dummy0 removed
[  280.930177][ T8746] bridge0: port 3(dummy0) entered blocking state
[  280.936920][ T8746] bridge0: port 3(dummy0) entered disabled state
[  280.943599][ T8746] dummy0: entered allmulticast mode
[  281.355094][    T9] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  281.363398][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  281.368922][    T9] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  281.858708][   T30] audit: type=1326 audit(1758149975.452:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.6.802" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1b318eba9 code=0x0
[  281.968691][ T8771] netlink: 64 bytes leftover after parsing attributes in process `syz.6.802'.
[  283.432765][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  283.432871][    T9] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  283.450918][    T9] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  283.641459][ T2986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.685706][ T2986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.861180][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.902680][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.965433][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.021668][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.184262][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.224993][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.744903][ T8806] netlink: 14 bytes leftover after parsing attributes in process `syz.9.815'.
[  286.311174][ T8811] loop4: detected capacity change from 0 to 32768
[  286.516360][   T30] audit: type=1800 audit(1758149980.112:37): pid=8811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.817" name="file1" dev="loop4" ino=4 res=0 errno=0
[  286.547506][ T8846] loop1: detected capacity change from 0 to 128
[  286.618289][ T8846] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  286.695119][ T8851] netlink: 12 bytes leftover after parsing attributes in process `syz.6.834'.
[  287.434867][ T8865] netlink: 'syz.6.843': attribute type 12 has an invalid length.
[  287.473285][ T8865] netlink: 'syz.6.843': attribute type 29 has an invalid length.
[  287.556968][ T8865] netlink: 148 bytes leftover after parsing attributes in process `syz.6.843'.
[  288.302338][   T30] audit: type=1326 audit(1758149981.892:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8889 comm="syz.7.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b538eba9 code=0x7ffc0000
[  288.387654][   T30] audit: type=1326 audit(1758149981.902:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8889 comm="syz.7.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f77b538eba9 code=0x7ffc0000
[  288.521261][   T30] audit: type=1326 audit(1758149981.902:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8889 comm="syz.7.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b538eba9 code=0x7ffc0000
[  288.603163][   T30] audit: type=1326 audit(1758149981.932:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8889 comm="syz.7.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b538eba9 code=0x7ffc0000
[  288.780043][ T8874] loop4: detected capacity change from 0 to 32768
[  288.806747][ T8874] XFS: attr2 mount option is deprecated.
[  288.888843][ T8874] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  288.938513][ T8874] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  289.234718][ T8874] XFS (loop4): Ending clean mount
[  289.246173][ T8917] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  289.266421][ T8874] XFS (loop4): Quotacheck needed: Please wait.
[  289.282407][ T8917] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  289.401404][ T8874] XFS (loop4): Quotacheck: Done.
[  289.903726][ T8929] IPVS: Unknown mcast interface: »

[  290.010774][ T8272] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  290.275434][ T8939] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.870'.
[  290.820797][ T8952] netlink: 96 bytes leftover after parsing attributes in process `syz.1.876'.
[  290.872759][   T48] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  290.962680][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  290.979971][ T5956] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  291.152672][ T5956] usb 10-1: Using ep0 maxpacket: 8
[  291.173223][ T5956] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  291.181570][ T5956] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  291.214860][   T48] usb 8-1: unable to get BOS descriptor or descriptor too short
[  291.222699][   T48] usb 8-1: no configurations
[  291.227311][   T48] usb 8-1: can't read configurations, error -22
[  291.233702][ T5956] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  291.252668][ T5956] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  291.286245][ T5956] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  291.320404][ T5956] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  291.338847][ T5956] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.586965][ T5956] usb 10-1: usb_control_msg returned -32
[  291.604864][ T5956] usbtmc 10-1:16.0: can't read capabilities
[  292.110624][ T8983] loop4: detected capacity change from 0 to 2048
[  292.185927][ T8983] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  292.364600][ T8993] usbtmc 10-1:16.0: usb_control_msg returned -32
[  292.567164][   T48] usb 10-1: USB disconnect, device number 3
[  292.688483][ T8998] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.281237][ T9016] bridge0: the hash_elasticity option has been deprecated and is always 16
[  293.298765][ T9016] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.308408][ T9016] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.550981][ T9025] loop1: detected capacity change from 0 to 256
[  293.662789][ T5956] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  293.836548][ T5956] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.876725][ T5956] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.895222][ T9034] netlink: 64 bytes leftover after parsing attributes in process `syz.3.908'.
[  293.914711][ T5956] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  293.945253][ T9034] netlink: 64 bytes leftover after parsing attributes in process `syz.3.908'.
[  293.972740][ T5956] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  294.012985][ T5956] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.051325][ T5956] usb 10-1: config 0 descriptor??
[  294.655698][ T5956] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  295.453406][ T5956] usb 10-1: USB disconnect, device number 4
[  296.490464][   T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.661999][ T9096] loop9: detected capacity change from 0 to 512
[  296.697660][ T9096] EXT4-fs: Ignoring removed nomblk_io_submit option
[  296.769305][ T9096] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  296.778042][ T9099] loop7: detected capacity change from 0 to 512
[  296.829069][ T9096] EXT4-fs (loop9): 1 truncate cleaned up
[  296.867617][ T9096] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  296.935666][   T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.985567][ T9099] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  297.037535][ T5873] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  297.047958][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  297.056061][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  297.065761][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  297.073746][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  297.146722][ T9099] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  297.454341][ T8152] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.529983][ T6029] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  297.617938][   T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.957841][   T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.053631][   T59] bridge_slave_1: left allmulticast mode
[  299.059346][   T59] bridge_slave_1: left promiscuous mode
[  299.072971][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.153295][   T59] bridge_slave_0: left allmulticast mode
[  299.159001][   T59] bridge_slave_0: left promiscuous mode
[  299.193501][ T5873] Bluetooth: hci2: command tx timeout
[  299.205785][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.323069][ T9163] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  299.613145][ T9168] overlayfs: refusing to follow metacopy origin for (/file1)
[  299.623033][ T9166] loop1: detected capacity change from 0 to 2048
[  299.689022][ T9166] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  300.442849][ T9176] loop9: detected capacity change from 0 to 32768
[  300.551674][ T9176] JBD2: Ignoring recovery information on journal
[  300.599079][ T9176] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  300.733418][   T30] audit: type=1800 audit(1758149994.332:42): pid=9176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.964" name="bus" dev="loop9" ino=17058 res=0 errno=0
[  300.808130][ T9176] OCFS2: ERROR (device loop9): ocfs2_reserve_local_alloc_bits: local alloc inode 76 says it has 9 used bits, but a count shows 8
[  300.822149][ T9176] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  300.832039][ T9176] OCFS2: File system is now read-only.
[  300.837552][ T9176] (syz.9.964,9176,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30
[  300.846616][ T9176] (syz.9.964,9176,0):ocfs2_reserve_clusters_with_limit:1172 ERROR: status = -30
[  300.855718][ T9176] (syz.9.964,9176,0):ocfs2_reserve_clusters_with_limit:1221 ERROR: status = -30
[  300.864799][ T9176] (syz.9.964,9176,0):ocfs2_lock_allocators:2775 ERROR: status = -30
[  300.873254][ T9176] (syz.9.964,9176,0):ocfs2_write_begin_nolock:1723 ERROR: status = -30
[  300.881577][ T9176] (syz.9.964,9176,0):ocfs2_dio_wr_get_block:2218 ERROR: status = -30
[  300.901332][ T9176] (syz.9.964,9176,0):ocfs2_dio_end_io:2400 ERROR: Direct IO failed, bytes = -30
[  300.914494][   T48] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  301.104282][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  301.122947][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  301.147635][ T8152] ocfs2: Unmounting device (7,9) on (node local)
[  301.172704][   T48] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  301.192372][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.261519][   T48] usb 2-1: config 0 descriptor??
[  301.273270][ T5873] Bluetooth: hci2: command tx timeout
[  301.713540][   T48] cm6533_jd 0003:0D8C:0022.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  301.857450][ T9207] overlay: filesystem on ./bus not supported
[  301.882383][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  301.939023][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  301.963588][   T59] bond0 (unregistering): Released all slaves
[  302.010796][ T9109] chnl_net:caif_netlink_parms(): no params data found
[  302.546862][  T944] usb 2-1: USB disconnect, device number 7
[  302.754051][ T9109] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.761397][ T9109] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.773947][ T9109] bridge_slave_0: entered allmulticast mode
[  302.782487][ T9109] bridge_slave_0: entered promiscuous mode
[  302.824776][   T59] hsr_slave_0: left promiscuous mode
[  302.831528][   T59] hsr_slave_1: left promiscuous mode
[  302.841903][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  302.849974][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  302.868427][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  302.881486][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  302.933758][   T59] veth1_macvtap: left promiscuous mode
[  302.939919][   T59] veth0_macvtap: left promiscuous mode
[  302.957581][   T59] veth1_vlan: left promiscuous mode
[  302.969944][   T59] veth0_vlan: left promiscuous mode
[  303.011893][ T9213] delete_channel: no stack
[  303.352978][ T5873] Bluetooth: hci2: command tx timeout
[  303.405885][ T9244] loop9: detected capacity change from 0 to 512
[  303.460747][ T9244] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  305.019558][ T9253] loop1: detected capacity change from 0 to 131072
[  305.031084][ T9253] F2FS-fs (loop1): Invalid log sectorsize (67108873)
[  305.038633][ T9253] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  305.057337][ T9253] F2FS-fs (loop1): invalid crc value
[  305.167716][ T9253] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  305.182719][ T9253] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  305.189788][ T9253] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  305.444407][ T5873] Bluetooth: hci2: command tx timeout
[  305.936298][ T9268] loop9: detected capacity change from 0 to 32768
[  306.037442][ T9268] JBD2: Ignoring recovery information on journal
[  306.130658][ T9268] ocfs2: Mounting device (7,9) on (node local, slot 0) with writeback data mode.
[  306.421068][   T59] team0 (unregistering): Port device team_slave_1 removed
[  306.565864][ T8152] ocfs2: Unmounting device (7,9) on (node local)
[  307.208867][   T59] team0 (unregistering): Port device team_slave_0 removed
[  308.000897][ T9312] loop1: detected capacity change from 0 to 128
[  308.060048][ T9316] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1016'.
[  308.134524][ T9312] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  308.165233][ T9312] ext4 filesystem being mounted at /117/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  308.434996][ T7075] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  309.067641][ T9109] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.076623][ T9109] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.086040][ T9109] bridge_slave_1: entered allmulticast mode
[  309.096239][ T9109] bridge_slave_1: entered promiscuous mode
[  309.106067][ T9303] netlink: 'syz.6.1012': attribute type 22 has an invalid length.
[  309.123120][  T944] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  309.125400][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1012'.
[  309.174534][ T9314] pim6reg: entered allmulticast mode
[  309.215532][ T3011] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  309.224880][ T9303] netlink: 'syz.6.1012': attribute type 22 has an invalid length.
[  309.272785][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1012'.
[  309.380271][ T9109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  309.464810][   T13] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  309.508881][   T13] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  309.612144][ T9109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  309.745374][  T944] usb 2-1: Using ep0 maxpacket: 8
[  309.764673][   T13] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  309.766039][  T944] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  309.826298][ T9109] team0: Port device team_slave_0 added
[  309.831549][  T944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.861929][  T944] usb 2-1: Product: syz
[  309.872046][  T944] usb 2-1: Manufacturer: syz
[  309.903216][  T944] usb 2-1: SerialNumber: syz
[  309.934325][  T944] usb 2-1: config 0 descriptor??
[  309.936708][ T9109] team0: Port device team_slave_1 added
[  310.150115][  T944] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  310.221131][ T9109] batman_adv: batadv0: Adding interface: batadv_slave_0
[  310.233018][ T5956] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[  310.240741][ T9109] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.298937][ T9109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  310.393358][ T9109] batman_adv: batadv0: Adding interface: batadv_slave_1
[  310.393754][  T944] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  310.420717][ T9109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.421228][ T5956] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.483435][  T944] usb 2-1: USB disconnect, device number 8
[  310.524988][ T9361] netlink: 'syz.7.1036': attribute type 1 has an invalid length.
[  310.532431][ T5956] usb 10-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00
[  310.538978][ T9109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.552049][ T5956] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.567572][ T9361] netlink: 128 bytes leftover after parsing attributes in process `syz.7.1036'.
[  310.586957][ T9361] netlink: 'syz.7.1036': attribute type 2 has an invalid length.
[  310.599134][ T5956] usb 10-1: config 0 descriptor??
[  310.627904][ T9361] netlink: 'syz.7.1036': attribute type 1 has an invalid length.
[  310.745857][ T9109] hsr_slave_0: entered promiscuous mode
[  310.766568][ T9109] hsr_slave_1: entered promiscuous mode
[  310.784749][ T9109] debugfs: 'hsr0' already exists in 'hsr'
[  310.790531][ T9109] Cannot create hsr debugfs directory
[  310.916309][ T9369] loop7: detected capacity change from 0 to 1024
[  310.950063][ T9369] EXT4-fs: Ignoring removed orlov option
[  310.974768][ T9369] EXT4-fs: Ignoring removed nomblk_io_submit option
[  311.057536][ T9369] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.113408][ T5956] pantherlord 0003:0810:0001.000B: item fetching failed at offset 5/7
[  311.159900][ T5956] pantherlord 0003:0810:0001.000B: parse failed
[  311.207670][ T5956] pantherlord 0003:0810:0001.000B: probe with driver pantherlord failed with error -22
[  311.280533][ T5956] usb 10-1: USB disconnect, device number 5
[  311.634846][ T6029] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.739377][ T9109] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  312.917296][ T9109] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  312.946045][ T9109] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  312.971564][ T9109] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  313.401747][ T9109] 8021q: adding VLAN 0 to HW filter on device bond0
[  313.526210][ T9109] 8021q: adding VLAN 0 to HW filter on device team0
[  313.569989][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  313.577245][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  313.604707][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  313.611963][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  313.887617][ T9442] loop9: detected capacity change from 0 to 512
[  314.021553][ T9442] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.056199][ T9442] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  314.151519][ T9448] loop7: detected capacity change from 0 to 512
[  314.308872][ T9448] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.332401][    C0] vkms_vblank_simulate: vblank timer overrun
[  314.397281][ T9448] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  314.461574][ T8152] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.609158][ T9463] 9pnet_fd: Insufficient options for proto=fd
[  314.851001][ T6029] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.869431][ T9109] 8021q: adding VLAN 0 to HW filter on device batadv0
[  315.332740][   T24] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  315.705264][ T9481] loop1: detected capacity change from 0 to 32768
[  315.799449][   T24] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  315.816972][   T24] usb 10-1: config 0 has no interfaces?
[  315.823078][   T24] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  315.834069][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.847692][   T24] usb 10-1: config 0 descriptor??
[  315.917747][ T9481] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  315.917796][ T9481]   allowing incompatible features above 0.0: (unknown version)
[  315.917818][ T9481]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  315.965247][ T9481] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  315.973655][ T9481] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  315.981981][ T9481] bcachefs (loop1): Version upgrade required:
[  315.981981][ T9481] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  315.981981][ T9481] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  315.981981][ T9481]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  316.093148][ T9481] bcachefs (loop1): dropping and reconstructing all alloc info
[  316.150575][ T9474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.187873][ T9481] bcachefs (loop1): accounting_read...
[  316.202358][ T9474] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.244731][ T9481]  done
[  316.247561][ T9481] bcachefs (loop1): alloc_read... done
[  316.255706][ T9481] bcachefs (loop1): snapshots_read... done
[  316.265818][ T9481] bcachefs (loop1): check_allocations... done
[  316.347236][ T9481] bcachefs (loop1): going read-write
[  316.358027][ T9474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.375684][ T9481] bcachefs (loop1): done starting filesystem
[  316.388700][ T9474] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.430966][ T9481] bcachefs (loop1): inode 536870913 truncated to 0 but i_blocks 24 (ondisk 24)
[  316.493165][ T9481] bcachefs (loop1): inode 536870912 i_sectors underflow: 8 + -24 < 0
[  316.517993][ T5963] usb 10-1: USB disconnect, device number 6
[  316.548154][ T9481] bcachefs (loop1): inode 536870912 i_blocks underflow: 8 + -24 < 0 (ondisk 8)
[  316.552386][ T3011] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  316.618882][ T3011]   u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
[  316.644244][ T7075] bcachefs (loop1): shutting down
[  316.677319][ T7075] bcachefs (loop1): going read-only
[  316.700448][ T9109] veth0_vlan: entered promiscuous mode
[  316.715795][ T7075] bcachefs (loop1): finished waiting for writes to stop
[  316.726730][ T3011] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  316.726803][ T3011]   u64s 5 type deleted 0:39:0 len 0 ver 0, , continuing
[  316.791244][ T9109] veth1_vlan: entered promiscuous mode
[  316.801822][ T7075] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11
[  316.938760][ T9109] veth0_macvtap: entered promiscuous mode
[  316.994048][ T3011] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  316.994078][ T3011]   u64s 5 type deleted 0:44:0 len 0 ver 0, , continuing
[  317.009202][ T9109] veth1_macvtap: entered promiscuous mode
[  317.077759][ T9109] batman_adv: batadv0: Interface activated: batadv_slave_0
[  317.092680][ T5963] usb 10-1: new full-speed USB device number 7 using dummy_hcd
[  317.104497][ T9109] batman_adv: batadv0: Interface activated: batadv_slave_1
[  317.123857][   T59] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  317.124121][   T59] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  317.124202][   T59] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  317.124263][   T59] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  317.276613][ T5963] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  317.285046][ T5963] usb 10-1: config 0 has no interface number 0
[  317.291246][ T5963] usb 10-1: config 0 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  317.304722][ T5963] usb 10-1: config 0 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  317.315001][ T5963] usb 10-1: config 0 interface 1 has no altsetting 0
[  317.330952][ T3011] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  317.330981][ T3011]   u64s 5 type deleted 0:48:0 len 0 ver 0, , continuing
[  317.345701][ T5963] usb 10-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  317.345748][ T5963] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.365549][ T5963] usb 10-1: config 0 descriptor??
[  317.403863][ T5963] hub 10-1:0.1: bad descriptor, ignoring hub
[  317.403904][ T5963] hub 10-1:0.1: probe with driver hub failed with error -5
[  317.408749][ T9511] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1085'.
[  317.453494][ T9512] trusted_key: syz.3.1086 sent an empty control message without MSG_MORE.
[  317.558113][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.570943][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.654603][  T944] usb 10-1: USB disconnect, device number 7
[  317.675321][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.732925][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.757617][   T59] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  317.757680][   T59]   u64s 5 type deleted 0:33:0 len 0 ver 0, , continuing
[  317.845742][ T7075] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 12
[  317.876967][ T7075] bcachefs (loop1): unclean shutdown complete, journal seq 13
[  317.944765][ T7075] bcachefs (loop1): done going read-only, filesystem not clean
[  318.085835][ T7075] bcachefs (loop1): shutdown complete
[  318.393576][ T9531] loop9: detected capacity change from 0 to 256
[  318.423338][ T9531] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  318.452866][ T9531] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[  318.539446][ T9531] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  318.613233][   T30] audit: type=1800 audit(1758150012.202:43): pid=9531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1095" name="file1" dev="loop9" ino=1048643 res=0 errno=0
[  319.017118][ T9546] openvswitch: netlink: Multiple metadata blocks provided
[  319.565837][  T840] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  319.631205][ T9564] loop7: detected capacity change from 0 to 128
[  319.763593][   T30] audit: type=1800 audit(1758150013.352:44): pid=9564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1109" name="file2" dev="loop7" ino=1048645 res=0 errno=0
[  319.793608][ T9559] overlayfs: failed to resolve './file0': -2
[  319.818166][ T9564] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000100)
[  319.850268][ T9564] FAT-fs (loop7): Filesystem has been set read-only
[  319.882944][ T9564] syz.7.1109: attempt to access beyond end of device
[  319.882944][ T9564] loop7: rw=0, sector=2065, nr_sectors = 8 limit=128
[  319.898666][ T9568] evm: overlay not supported
[  320.294248][ T9580] loop5: detected capacity change from 0 to 64
[  320.473141][  T840] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  320.742739][ T5956] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  320.928850][ T5956] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  320.948063][ T5956] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  320.989191][ T5956] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  321.008696][ T5956] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  321.021685][ T5956] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  321.044858][ T5956] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  321.056464][ T5956] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  321.097914][ T5956] usb 10-1: Product: syz
[  321.102362][ T5956] usb 10-1: Manufacturer: syz
[  321.139694][ T5956] cdc_wdm 10-1:1.0: skipping garbage
[  321.176639][ T5956] cdc_wdm 10-1:1.0: skipping garbage
[  321.202007][ T5956] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  321.223017][ T5956] cdc_wdm 10-1:1.0: Unknown control protocol
[  321.460022][   T24] usb 10-1: USB disconnect, device number 8
[  321.788613][ T9611] loop5: detected capacity change from 0 to 2048
[  321.889539][ T9611] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  321.934425][ T9611] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  322.153258][   T48] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  322.271004][ T9109] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.453472][   T48] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  322.493566][   T48] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  322.505122][   T48] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  322.523154][   T48] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  322.553275][   T48] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  322.584089][   T48] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  322.602908][   T48] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  322.631739][   T48] usb 10-1: Product: syz
[  322.647245][   T48] usb 10-1: Manufacturer: syz
[  322.692759][   T48] cdc_wdm 10-1:1.0: skipping garbage
[  322.698247][   T48] cdc_wdm 10-1:1.0: skipping garbage
[  322.727766][   T48] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  322.748132][   T48] cdc_wdm 10-1:1.0: Unknown control protocol
[  322.949819][  T840] usb 10-1: USB disconnect, device number 9
[  323.061879][ T9643] netlink: 'syz.1.1141': attribute type 4 has an invalid length.
[  323.151740][ T9644] netlink: 'syz.1.1141': attribute type 4 has an invalid length.
[  323.409149][ T9648] loop5: detected capacity change from 0 to 2048
[  323.521467][ T9648] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  323.568642][ T9657] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  323.642249][ T9659] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  323.690569][   T30] audit: type=1800 audit(1758150017.282:45): pid=9648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1143" name="file1" dev="loop5" ino=15 res=0 errno=0
[  323.715786][ T9647] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  323.772053][   T30] audit: type=1800 audit(1758150017.282:46): pid=9648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1143" name="file1" dev="loop5" ino=15 res=0 errno=0
[  323.885617][ T9664] ceph: No mds server is up or the cluster is laggy
[  323.897311][ T9648] ------------[ cut here ]------------
[  323.903835][ T9648] kernel BUG at fs/ext4/inode.c:2808!
[  323.913893][ T9648] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  323.920350][ T9648] CPU: 1 UID: 0 PID: 9648 Comm: syz.5.1143 Not tainted syzkaller #0 PREEMPT(full) 
[  323.929671][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  323.939748][ T9648] RIP: 0010:ext4_do_writepages+0x2bc6/0x3cf0
[  323.945788][ T9648] Code: ad 10 ff ff ff 48 c1 ea 03 80 3c 02 00 0f 84 23 e9 ff ff 48 8b bd 28 ff ff ff e8 65 92 a8 ff e9 12 e9 ff ff e8 2b 28 43 ff 90 <0f> 0b e8 23 28 43 ff 90 0f 0b 90 e9 0d e6 ff ff e8 15 28 43 ff 90
[  323.965432][ T9648] RSP: 0018:ffffc90003337490 EFLAGS: 00010287
[  323.971528][ T9648] RAX: 0000000000000903 RBX: ffff888045728050 RCX: ffffc900147b9000
[  323.979520][ T9648] RDX: 0000000000080000 RSI: ffffffff82787465 RDI: 0000000000000007
[  323.987517][ T9648] RBP: ffffc90003337660 R08: 0000000000000007 R09: 0000000000000000
[  323.995598][ T9648] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc900033376b8
[  324.003673][ T9648] R13: 0000000000000001 R14: ffff888045728298 R15: 0000000000400140
[  324.011660][ T9648] FS:  00007f7a89eee6c0(0000) GS:ffff8881247b3000(0000) knlGS:0000000000000000
[  324.020615][ T9648] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  324.027223][ T9648] CR2: 000000110c350372 CR3: 0000000032be0000 CR4: 0000000000350ef0
[  324.035214][ T9648] Call Trace:
[  324.038501][ T9648]  <TASK>
[  324.041434][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.047096][ T9648]  ? look_up_lock_class+0x59/0x150
[  324.052276][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.057970][ T9648]  ? register_lock_class+0x41/0x4c0
[  324.063218][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.068878][ T9648]  ? __lock_acquire+0xb97/0x1ce0
[  324.073858][ T9648]  ? __lock_acquire+0xb97/0x1ce0
[  324.078852][ T9648]  ? __pfx_ext4_do_writepages+0x10/0x10
[  324.084438][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.090347][ T9648]  ? ext4_writepages+0x37a/0x7d0
[  324.095440][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.101117][ T9648]  ext4_writepages+0x37a/0x7d0
[  324.105930][ T9648]  ? map_id_range_up+0x2ce/0x3b0
[  324.110907][ T9648]  ? __pfx_ext4_writepages+0x10/0x10
[  324.116252][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.121930][ T9648]  ? __pfx_ext4_writepages+0x10/0x10
[  324.127267][ T9648]  do_writepages+0x27a/0x600
[  324.131910][ T9648]  ? __pfx_do_writepages+0x10/0x10
[  324.137066][ T9648]  ? do_raw_spin_unlock+0x172/0x230
[  324.142307][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.147985][ T9648]  ? _raw_spin_unlock+0x28/0x50
[  324.152890][ T9648]  filemap_fdatawrite_wbc+0x104/0x160
[  324.158308][ T9648]  __filemap_fdatawrite_range+0xb9/0x100
[  324.163998][ T9648]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  324.170297][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.175958][ T9648]  ? ext4_reserve_inode_write+0x278/0x340
[  324.181741][ T9648]  ? __pfx___might_resched+0x10/0x10
[  324.187066][ T9648]  file_write_and_wait_range+0xca/0x140
[  324.192635][ T9648]  generic_buffers_fsync_noflush+0x76/0x310
[  324.198577][ T9648]  ext4_sync_file+0x896/0xf10
[  324.203282][ T9648]  ? __pfx_ext4_sync_file+0x10/0x10
[  324.208533][ T9648]  vfs_fsync_range+0x139/0x220
[  324.213351][ T9648]  ext4_buffered_write_iter+0x2e0/0x440
[  324.218936][ T9648]  ext4_file_write_iter+0xa4c/0x1d10
[  324.224322][ T9648]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  324.230116][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.235787][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.241466][ T9648]  vfs_write+0x7d3/0x11d0
[  324.245857][ T9648]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  324.251607][ T9648]  ? __pfx_vfs_write+0x10/0x10
[  324.256418][ T9648]  ? find_held_lock+0x2b/0x80
[  324.261193][ T9648]  __x64_sys_pwrite64+0x1eb/0x250
[  324.266270][ T9648]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  324.271892][ T9648]  ? srso_alias_return_thunk+0x5/0xfbef5
[  324.277589][ T9648]  do_syscall_64+0xcd/0x4e0
[  324.282115][ T9648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.288028][ T9648] RIP: 0033:0x7f7a88f8eba9
[  324.292449][ T9648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.312076][ T9648] RSP: 002b:00007f7a89eee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  324.320519][ T9648] RAX: ffffffffffffffda RBX: 00007f7a891d5fa0 RCX: 00007f7a88f8eba9
[  324.328503][ T9648] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000004
[  324.336486][ T9648] RBP: 00007f7a89011e19 R08: 0000000000000000 R09: 0000000000000000
[  324.344497][ T9648] R10: 0000000000000083 R11: 0000000000000246 R12: 0000000000000000
[  324.352525][ T9648] R13: 00007f7a891d6038 R14: 00007f7a891d5fa0 R15: 00007ffd6d452438
[  324.360568][ T9648]  </TASK>
[  324.363603][ T9648] Modules linked in:
[  324.367564][    C1] vkms_vblank_simulate: vblank timer overrun
[  324.373001][ T9665] loop9: detected capacity change from 0 to 65536
[  324.375402][ T9648] ---[ end trace 0000000000000000 ]---
[  324.410062][ T9648] RIP: 0010:ext4_do_writepages+0x2bc6/0x3cf0
[  324.471528][ T9665] XFS (loop9): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  324.508564][ T9648] Code: ad 10 ff ff ff 48 c1 ea 03 80 3c 02 00 0f 84 23 e9 ff ff 48 8b bd 28 ff ff ff e8 65 92 a8 ff e9 12 e9 ff ff e8 2b 28 43 ff 90 <0f> 0b e8 23 28 43 ff 90 0f 0b 90 e9 0d e6 ff ff e8 15 28 43 ff 90
[  324.557285][ T9665] XFS (loop9): Ending clean mount
[  324.602106][ T9648] RSP: 0018:ffffc90003337490 EFLAGS: 00010287
[  324.624539][ T8152] XFS (loop9): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  324.634283][ T9648] RAX: 0000000000000903 RBX: ffff888045728050 RCX: ffffc900147b9000
[  324.648943][ T9648] RDX: 0000000000080000 RSI: ffffffff82787465 RDI: 0000000000000007
[  324.657685][ T9648] RBP: ffffc90003337660 R08: 0000000000000007 R09: 0000000000000000
[  324.666884][ T9648] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc900033376b8
[  324.675507][ T9648] R13: 0000000000000001 R14: ffff888045728298 R15: 0000000000400140
[  324.683995][ T9648] FS:  00007f7a89eee6c0(0000) GS:ffff8881247b3000(0000) knlGS:0000000000000000
[  324.693102][ T9648] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  324.699854][ T9648] CR2: 00007ffec2ebff88 CR3: 0000000032be0000 CR4: 0000000000350ef0
[  324.713002][ T9648] Kernel panic - not syncing: Fatal exception
[  324.719712][ T9648] Kernel Offset: disabled
[  324.724105][ T9648] Rebooting in 86400 seconds..