last executing test programs: 2.395716489s ago: executing program 0: r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}, 0x101d0}], 0x400000000000181, 0x9200000000000000) r2 = dup3(r1, r0, 0x0) recvmmsg$unix(r2, &(0x7f00000082c0)=[{{0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000006100)=""/4096, 0x1000}], 0x1}}], 0x2, 0x0, 0x0) 2.187443736s ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000040), &(0x7f0000001540)=""/152}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r5, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002c40)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 2.177741266s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) 2.096848417s ago: executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000400)=0x13) poll(&(0x7f0000000180)=[{r0, 0x400f}, {r0, 0x6}], 0x2, 0xe7f5) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0x3d17, 0x0, 0x0, 0x0, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0xa) 2.083200559s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b7080000011100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x5, 0x12}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000380), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) close(r3) 2.009433158s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af04, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x8000000, 0x20, 0x190a, r0, 0xadc, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='block_plug\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1700000200006f000000181100deff0000f6ff0000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) kcmp(0x0, 0x0, 0x2, r2, r4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = getpid() sched_setscheduler(r5, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]}) 1.91191265s ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000b4000040"]) 1.551280955s ago: executing program 0: mkdir(&(0x7f0000002880)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0\x00') chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00') umount2(&(0x7f0000000240)='./file0/../file0/../file0\x00', 0x3) unshare(0x22020400) 1.529709118s ago: executing program 0: socket(0x1, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000005c0)={0x36d12f2c052e8a2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "0004"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000d00)={0x44, &(0x7f0000000300)=ANY=[@ANYBLOB="000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 1.184500342s ago: executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xe1, &(0x7f00000003c0)='\xc7i\x8b\xd5\xf5\xb0\xf1\xd5\xbc\xc0\x12\x175~\x17\xdb\xce\x94\x88\v{|i\xe1\xd0\x02\x17#\xd4uK\t\"\x98Q\x93\x14&#\x92\x0eV\x82}\xc6.\xdf\xf6\xd2\xde5\xa3\xc5\xe0\xd8\xd6\b\xdf\x7f\xfcFN\xa2iS\xe8x\x89.\xb9\x9d\xeb*;<\xc3\xd3#\f\x9bq\xef\xc8\xaa\x18mb\xf7\xb5\xc8\xceo\r\xc0\xc5\xa4zz\x96Whe\xe7$\x96\xbd\xeex\xa1\xec\xe2$\xf0\x17\xff\xed\xcf\xb1\x1f\xbe\xdcjJ\x14\xd8\x11\xa4\xac\xb1e>m\xe0\xb6\x18\xee9&\xa3W\xd5\x92\xcfd?\x9drz=!\x80P\x9b\xa1V\x95\xa2\xc8f>\xaa\xad\x87\xafg\x04?eI\xf6\xbc\x1b\xd0Lk\xa4\t\x01\xcd\x02\x8c\x18\xc5\xd0\x8c~\xf9f\xd0\xe0\xea\x11\x06\xca\f\xf9\x99Y8\x1b/\x15w\x93\xe8\v{\xb8\xae\x00'/225}, 0x30) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0x6}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000540)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a0000000000000000000000800000010000000000"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xb, 0xe, &(0x7f0000003fc0)=ANY=[@ANYBLOB="b70200000f0e1d07bfa300000000000024020000fffeff7f7a03f0fff8ffffff79a4f0ff00000000b7060000d0b68af1de640300000000007502faff07cd10020404000003007d60b70700000d1000006a0a00fe000000188500000008000000b70000000604002995000000000000001da5ad3548ebb63d18db6a1c72821c9b767ac8328fbcd5c5e4a5ad1059b5725ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1aa503b8de7ab9a780001000000000000d4bf20c2bd152d814f01f2cd539e030b0000000000007f4133b08e6e497640000000aea5cac0ceafdb9a2eeb02a1f5104d16ddb64963d84d91004cd5817e0b7f005e6ee7a39e2f0b5a18ed786b783ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a62d79b4c03e53466fa4f22d8c19f958e8b34de3535e7dacf1b13f7e875d1843c2288e7ff949a7a48ce18799ee53de177a81ea67a8f84538a9a311c754e5ab59a43f56d2085786e7ec07d78917f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d34a442bc098f4fcc96623b7c373b0ef04d55b846b094b0d6c7a75a76d445e0dcdf72c7ef97e08200000007b6e09a6a7caffff0000141f65e7d9ebe3be70c4364333af9a9d91c3e41ac37a63f85ad8254479c12f7c84fa5df32b70a80cce69cf30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48eb19767e00b75041739952fe87fde27ce0172f497e251f5b102893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7686bc2e1b45577c205c70631e8ad585951950e851250540593e61860b69a521f4e210b6494e3ab2d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7f58bde38b44ab13d980c894e00009338923789a1edcd8043fe83919088383268324a25df14010c8ea79c0d93ca77fd6c7ee30ea3aad2c6d6b8c97c00eaa00ff9bc46e1cfecbdc0e4ffac53e8f76c8b556306b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404a0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37d2fe7a60b903d2d9fe9c151c2fcc8dc389671c2d08b6e2641500568445b00cee4585af04fa69e0380be0d66649dcf3bf8a9066e5961197332c5c9da52b573109ea8b308ff070000aab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628ebe757bae30b356521df06f995cb57f97052fc4158250ccecfb47ea8faf509593fadc76e5d3c6840ad05a57af1ede94d87590ce90a0a7579766f847ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6c9eb0dcca5303eed6689ea910900785f61278dde47e6672e93a314a5f60e7b682bf0cacde21f6090f4fb311afd7f8b48f3f0d8c66449d8687dcf2d0f76668b2b9bf8b32b518e01ffb985f8054d37959c529e99b7daf32acfed749d516d014cef5f98126324e202badc1e5c20d69e576a770000000000005addc0103756b894418e4591c624a9b2ccabbfb85ad413d923b0c901973cd7c9d197d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe84f483b15f45b9a1d3af087047c568aef1d8659c6146a793026ebfc0bb5ec10b6290dc757a4903a88fb2c035f9349b6d2f0c051b8b775152786118a1020000fc19928ccb713ff09e179c308fbe9bc543dcf43f731074d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad10e5e9d26631c2f1db3a2882f6e130a79517a88de7596429a20793e12616aa32b3e720c6521fbe933321adde8ca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9605a504bca38627df469cebb7db08358e1e5ab17eea477b1754f78f45468c9568471647f8bc03d11811ac6eec1741ceb39a3ecd043c325fcabbab3d12f6a759f7ce11dafa387a8077db8a2230d2014a57bc8dd47741270000008000000000b2eebd5e1626cab98499328ff024a240199993433ceb5be20427a32df7047d63010dfc6a461517ad48ff64042e84c85c899fd11c6320a8d8fc0e78c15a5a4dd567f91dd943f6c2b32d094a461a990000000000000000000000000000000000000000000200000000000000000000b385c644a4a170e6dc9e9e546bfa049d025b319abd87fd85481743db5d6c2cb6a204d4d888dd4140c8edb598a36e21ad132bf6b88c99c5a5ed047d6589c10a5f6633b01813fc5cd7d048469a966bbfb300fd772cbadf2cf26899bfd15e7d9408026a92f13f11d1c9832259b2f97227f84a3bb96253717a1f7ac091d0f4632f638b09a0307ff31729857f9e6fe9f19e481a3f77cead663f42456e080952636515c758f1047b2148944133a492ef20a1778088c42094903d6ece2497b99fc745c420b035ff7961484a0f62a2d957ae2e47ff1ea8a059f2d03bf9c3e8d2b16ab409de762522f6008de48bb70b698c5c9867437ac3127fad4bd699acaad78a5f66c7fc7d46e048082a0af61e6b052e473ed26b0309080ea10e985703b292c7336112b1f35c3b069363869dce725d8da75dcec76dcfa0c052feecee18c64c4600a0bc3d4945d4b918865bb7a8a726a500689cbd9a84d07846417796f2a85e7a41d27d64b10f8e970469cf495b4a1b4ea8b5322f78e9f3048351b550c59a634b47981420081ea4da18b9d318fa001ce660b28bbcf3c1a8893d130b26d25e491f478ae4f95f71ea8897b32858f78d6e25537b959b69a04c5507008b8453f08a5ae1b3b4d8c83053c57637a98ef57e5fa51971eba5e287e9d10cba734336703def181022cb9f1e62079c48c13fe1659b157e5d9de7bfb929e715ed1a9a505a04a8d8474482295afbb9de90de2e918522cac2d5b5ac09d1fdc4147d6393a684ad7234ecb65d0008000000000000560ad146e8b9e9cd9b050edb1f6735c90a76b1ba4dbdee34d0b6750f25ba7251944ada7766c301c65e56351d009a568c782f4438ecba9bee47f25286300e83bd1853076ad52eac84029335b86e7f21e39a1af3d070abef94bc0827db0046dcb7d63bf64bf801c836a40b0100d0961533737c57e9b7337b981a99f63f600f90647703f0640f6594dd9f26436024a1f90f174769bad5a283271e6d7f49dec90a05bd771dd0502dc2170ccf98ade27e858eb5686ac900000000ae1bc4246ae316c6af10bf02088b4bb2ac89c96e58578dc50eddbf01ece3cb8a363ecbeb8198997115d7151f691a2a755d8233e006dd38ed5ba350bd6aad3bf6f5108083f0100f8a20be455d16134d65ce69c4b906b76427224b69750b779d81eb6e37e1db62b1788ff918433787f8026ef5c518113d48419a14a2bd8d4afff527513a2efc8403be48e494b3de33b1deefd9d902e8dc868f30161c2cd13b21b0a20362181186ff8cf4c8d58d74822f92554287ee157e9f1597c3e2e238f382a91bf48b4de88363c841bd7a8cddae3344295bd3d434d9ecf74634ffc9539010f0d36e672b9d668cc6762c0b25e4a22afb4d184ba84498b1367e4b31faf75f1b3dcecfd80c57015d8cd16171507add30833865fc1a42780e9d57bb14a6ebea4018d26e18747546fc7a4a619753fd9ba9c18e746aa9ea132058eb90f9b80549473eea2fb9bc43d38d8719a1cca094bd933ceef87a3ec0c2ac70d5f843425100950000009e000000000008000018779600e4283095c203b1f2ae5ed34f5b7e77278f7ded9f030000002e050000009f95a59418f612dfa87c654043da1a59c3c43c7884ab65d4b34984afe30c67179c4f5a3ba0e491f2b942b754a3c0d5b878c4ad63591c3fc7d3a4d4296d4bab0a88e55ff9c2536654bb2f83e8015fac216119e8ce582698938c9a331a974087b71f07e50300f7ff00d03bf057b408c86a1165bd9a1bdbf3dff88c9b2173a75d5fc82dce6d8a3f297231e33588d7cf183109c1118d94a41d48f8efcf193ff2699a76973f3f1ec1cff64a1b912ededeb080f9a241e07709e6dd6a3a7e18200c9e80b9634e6f0c4d000000000000000000000000000000005e50e77d04fcf8931ad07b38a39957e6b3a3c909000000e9d694e483e848fe0d00ee7c7d6cc30932a9575aa8808d10a4963560250bb4e60e88c726f63662cb143daf4b9ebd0774998a59fbb42dc35f12452cca456a12b7d15cf3ce7ea350e9510e96527cde622998e83e65b235c284542d48052eb15e6600733ca32436f9e705dff00f08df1115175628a327876dea291480c2dde8a59d1856eed2b502965038af0d56e49e0e2e9cb0e25104805f386d460e212c27ac7bafe6a0078f8648ff9f1e0257338ae58457fb27b29430cc9ac6a33ea11b88ae8bc95dffa293aa69d6d47f89b28a25a7ec2fce6691549990f93d1f02e1b619813699303b6b1260d5537e85315551adabe00c98282795dc5547aab3dcbd82a06e7f00c8160af19f1fc456b5fc4f099814631024b734c0cd8843c5cb124a21092e6cdd8aa2f4d3f93e92c6d850898890d9449e3f499af92be74ba8ba7928feabbd99d6288dece7513c50b973bab87214415078857d18032ab5adb8d4bf32405cc5f63eba7e60bcd0098fd7957943b3c4cf13de4e049e06ad7ebc236d1088c99d35f40555364ff86cab4542261999bccd3269e51d10900a1c05696b47ff33a159abce6bb1d69193bd01f59f1d3f431b4e0868db623cb8375baa50785b8fcd37ce4c52abe43c1e3368735022e7cc7a9b397b494d0183cbd8dae2ba19b32adc91444f519ad33f7f2680e3cf7ecd3cfc67816eb66b1faa78dd8e3f7e233b6048c53813e6b508dfc713583d8ef8f9cfff5cdae59aa7aca654b1740c90eb75ca000000000000000000000000000000000000000000faa13c07b5f590ee4c8bfbd828e912b150dde95dafe80ee043a107bde9c0bb87155691d640fd000000e4a2d2aa0607b026f78417471e6ea0d10000309b29d0dae2d2c9c730ac21040000000000000009775f86a9e6d5b6c7b3c5d10177a873edb630fdf9b1e11005a1ce41d04a2ad3f5d25a1595e7609849033d2e86ac682f2f0cde376f50a88a3ab5e83f56e43a07641b82c077fa1479b79e85c71a9c00000000000000078ce7c4ab383dac0325fa7f4ffb201c479265ff572dd061679c0000000000000f4f6b4ef8eb757ac80dc44711ae17816e32e38d7c894ab51238b2d7051ee26121404c0ade6faea7e72449cf38be7173b066f3a7835a31f1516c4cb1fda57ec8c19bc2800e246c1b64cf278c7afb3c9a5e346bdb259ac6788eefd5086e45554c8e2bdde8a3ac990dd929277a6af1876940c7c012f4b7d3d7aa68f2f07d83e925b326b05f130000000000000000000000000000000003572023092306e73a16f4b362f725b22b32be04e53a2219e3b08d75537c158ea4c4821d17d3b844dbe87408c34bb0f26ba43bd4530000769d45b93b8f2b6c194afc197f77bfb136dfd38c265479bd4f74b9d0b5c2f37eaacb2894370ab02abe06b823a2753ca82ea8888f2a5063212212772dcc541de26c97c1312fc247b56a9cd3e05bcb8bc93363edfa05f9c76e94190f917c3af6884c8742371f25eb0000000000000000000000004ae9afd11c62a57a29a163acc55ca9fe6da9ce6d59bdd87adec5ba4052a5edcd9999720e8b2a08b69f79f78c78b9f720bcf6a2ab411d420db8231780cdf52d44985768353ce1bc587700adf3a307ff11be0ca772f1bcc565070ef9345c2d55f0506d9059fff65ca75c9809c8e5e423f6f210a195e9b59a08c43dab5b025b1dc33cfdafe62aa8f13c38341267a920fc0be4e61fe9d8bed61524ad62896e3dfba3091cf028cdb3fabb530f1d0d4bdf391c5dda4b8b248ea58cb56aed4d968d506a108626e2423c506cc11bc2ec9de3b793fec489d08085e8c582cf6fc06c20eb57f7a1ba7315c67bd0e50f529a01211f8add5f28fd65fcd373982ae902e67966990cf34be5ed5dcf39b9e44fb0165fa40fcc5643678bab244a3a76f43dd267db562efe5156b85f6e909066b8f37b81b756eeeeee4598195e70d74bd1e221c5e0cf111b816f8bd5c2ac451fabd160815b9e81b9c4abffef4b12d82e401a0cce36fbfedaec4ab6a89e128ef71e63f2239792338e87e4c7d571d6e4bc165ea1d476531b4ddfbb698101e8563f7c25b4d527240dafb074437aa96f66e293df5e132fa95aa09c08ee57f089afc0522b438480aa3dc9f41330dcd3b25703feb85777de8fd5ac57464a31ae5924745f797a0c852ddf67e01dd5736b4826e16f885afb91b6a7f226e0d0aaabd0c01a8262cb35e501ddb3c191797560c91717a2215012da9e717ec8d65887138e3bc3886e5b6f3058e58fb4320338d6413ce94012c293e0042a2f5dd86b78d05efd9e44bbbccfae8b9361072af38c1aa3c030196d72d01a160a19c0060900e8bb2f3613a7ddacf2b878aa6b2952556d79bd183ae195e14d32ffd398ae01dbd20b034da17f5a78ceb03a16e39181a07b14e54f4e2061049569046877b9f5478106f6ac76e56213ec2e85a4dcd5960ad486e7c05a21e52e5c688c1f315169452b1b6a795dd837867899c64a04ec08a4b2d5455d93f6d5baf14ffced8576bfde19de2903835607505b4af824a0a69aee28fe65683dc83c19f6d253a5824442530c85d354c05c8b95030e629fb817697f746b9dd02fb40edf4f9886a758e0741ca2711e425f2f5be70a7fa600718fa7af2eb416a2b774f5d36f5632d791e0ba01f58f2165e6d5e564aef11dbc558170cf47c5934d41f558b02dc04d3ae4aee08aa5ad7d1e5ad92cdb90db79e73524d97ca3ce0828513c74fb0a1543eba7d17d37cc1f1f2d937bfd5fafeb23f691b326554b92d8b97e76e2cbbcb858a16287c2090727334096e574b6bb937ec9f048e041f178e8d3a3543c6862fc8b63f968501fabd17cbc81db1ad47d37d3fe02190fde2af3ac5c9a2d64ec4db0c8b211dbdf4d7b7c01248de7269c0b8d4c374d9fecb9fdff846c4e57d7d976c3f571474e4f65a87954e31e67c8cf6ac7823451b448ec90ca0b36405f6d2eef4055b5d2f4dad1aa89216f6d89bd43c4de92d8f61781a9349626fb65952dfa3c68aada76c3105d65bde2bddb981f753407c7696b767aeb3707606d0d9930b79f449557d6c3088c740f2a08c68b67f8dbbf93da08544ca26db1b58baae17c091f9bc28042630d76248e4d9d326ee62fd6e5d9bedee38b0e8da3cff3ba22e92e800b28c26901cd1a32b7aae2d762e776d66f08d78666364a2fc154fadfd105b28495e8702400a53f5191908b98a4d109a9d44107369cdf864fa8be46f52d88b01bcd795025a90669e55fc634692e554fe3a73ae6db0a5aa706c83061ba3b99aa992947346327a2521d3d4294115d9c4b44f949ae465d5aa24e3911520658e542e85023552e91dd39d98065dabfec69691c868bfc45f5830de8089ae1074b6ff56b7dd8e9029b7e5ab8e500b970cb391b14302315f99ab3bc102fbcc8d911c931c662c2a53c7a7bce275bb76b4096ee6d21acb49b088c7b7e05f70e6ed4cade99d907717b43b958390caec36fdb71fb1a5f374e86d3181ae12d12ff6a279e2047d26803cf7b1684c561ee8ff8250230e5de4171803ec2f03615f231d51f8a005a1487fb51b657a7b7f352adbd86fe56bd9bd02063b2bad542ca2ca3b61b8946abb3012c87cfa11e6df516ae4f29577dfda12068197eafdf0e343738778335ea5491cdcd7fe699a075425c9a35a731d63c2f7d3260ca187e2959223dc1a70f55ce9d02ff56e0410e3bf5"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600034000000000060005"], 0xe4}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0xa8, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x84, 0x8, 0x0, 0x1, [{0x80, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x58, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r8}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0xa8}}, 0x0) ioctl$sock_bt_hci(r0, 0x400448e4, &(0x7f00000004c0)="15eeaa73110e4513b500ced7f63d70b09a4256cc8f2f99e3003f68963348875566c12402c22776e1c6cd8a8a196373ef75dbe09a1738d7989d9cd801a93d5acacbd042106741c7b549883637a5f7e13b64ca445d75d853d7812f01ce416313baf5d9954efb5769d8e219374a6c7d7081fe46e25fdeaecadbc50b7d65978ea0b3960c29050177020ff5c08460619074c05a445d214a97b003f420145bb53960910000f032c42662e19481bb7c5ec210eba13649faf89011ba025d8deb09002a09d0e25dede4f700000000000000000000000000000000ce3d87498062683de8fa5df80255c684376ff6459da1000000fda4c2765d7732f86b175f1955f9f6ae540f7d1b28a183576434de2307d9b5b24e0e2a9791b23a88a96e25963a88a28de882a1a131c104967aa1831d9940a301e3bb54dcba1600eccb348f28e9c0e17536342fc8fd00e7ec4af8f36a09a64650107029efac8093bb90d718914e0a1f5b5779a13ec7b61c00d38fec2cffed2426a2c13b42c05af2fe93386d7157c4326e43bf461b01cc7cc842b8b772cd069ad1dfb9a76cb0197adb3462a9872ba3185b165ce82405358b53ed07462c5d7560e839a55f779d00000000000000000000001baa017700"/465) 1.139288187s ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = dup2(r0, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) getxattr(0x0, 0x0, 0x0, 0x0) 1.137993367s ago: executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, 0x0, 0x55) 1.130087418s ago: executing program 2: syz_mount_image$f2fs(&(0x7f00000001c0), &(0x7f00000105c0)='./file1\x00', 0x121805a, &(0x7f0000000340)=ANY=[], 0x21, 0x10617, &(0x7f0000010600)="$eJzs3E2PU9UfB/BfGWCAP38khgd33sSYzCR2QoeBSEwMKkRNgBAfFm7UTntpCm3vOC1lZK2JC98GO+PGhRu3btz5IkyMcaOJO42m954hjGEhTKFVPp/kzvfc09Nfz2lm0dM7cwN4Yh3Nfvu1FkfiYEQsRMThiLJdS0fpfBXPRMSzEbHnnqOW+u927I+IQxFxZFK8qllLD3350dd/jG9f+uzOSz+9f+7OL7XZrRqYtecjor9RtW/1qyw6VV5P/c1xt8z+2jhl9UD/RjovqryVr5cVbjW3xzXLPN2pxhcbN4eTvNZrtibZ6V4r+zcG1QsOx53tOuUTrjc3y/N2vl5md1iU2bldzWsr5e3hqKrTTvU+LsvHaLSdVX++lVfr2bhRZmswSv1V3aKdb01ynDK9XLSKXrucx/pDv81z71J3cHMrG+ebw24xyM6sNF5caZytNzaLdj7K1+rNfvvsWrbU6U2G1Ud5s3++UxSdXr7SKvrL2VKn1ao3GtnShXy92xxkjcbK6ZVT9TPLqfVC9vqVd7NeO1ua5Kvdwc1RtzfMrhWbWfWM5Wx15fS55ey5Rvb25avZ1bcuXrx89Z0PLrx35ZXLb76WBm1Pa7H8nRjla9nS6qnV1XrjVH21sfw41v/9N/Ow/rvTmuL6YVd8kgR4YPb/wCzY/+/c/y/a/8/9/v9R7H+f9PXDrvgkCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxPph31dvlI2j1fn/Uv//U9fTEXEyIk5ExPGI+PM+FmL/jprHIqKW2vcbv+9vc/i2FmWFyXMW03EoIs6n4/enHvW7AAAAAP9dX3z3yacRC5Nm+ePlWU+Ixyl9aXNgWvXKr3z2TqvasYjFvbE1pWrHU8npOBER+47+PKVqJyNiz+EPd1nl4IMMXtgRB+6JWhV7djkbAABgDu3cCUxt9wYAAMDc+XzWE2A2yuu16W/x07XgxSrSBcGDO84AAACAf6HarCcAAAAA/GMP+7+65f5/2vf/+zFNx/3/AAAAYD5U9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Iude0lRIwjjAP5pp2OeRIKPq7gKWbrwEDlCljlAcpvsPENAPIfZzREGHayuYWgRRuju6VF+P2jrQfv3U1fVBQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJf+l+vl3+3vP01z9odm2vk2AAAAwDm7cr1MnXE1/pjnP+eprxExj4hZREwj4tzavYi3tcxJRAxy/9z95UkN/yJSwvE9o3x9iIjv+br/0vWvAAAAALdru1msIopjN71867sgXlJ+aPOurbz0yOdNW2mTFParpbTpY2QrZhFRju9aSptHxPDTj5bSLlLkpvbfp8GgaobPZ1xwCwAA8KoUteZp9Xa6Rw8AAMC1+9l3AfQj7dfmdX7eCx5VTd4WfF8bAQAAAFdo0HcBAAAAQOfS+t/5fwAAAHDbqvP/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NKuXC+3m8Wqac7+0Mwln1GcTgybVg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwwP68nEAIhEEY7F3fOQ3mH5Y0aAwerALh4288DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwLb/7y/+JqXEmmXttLD2PJGunxtapsXduHP1hvP0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn/uTiAEgiAM9p3/OS3mH5Y0aAwiVMHCxwzzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf9Ltf/k9MjTPJ3Glj6XgkWbtqbF019h40jh6Mt38DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdite9uEgTCOw68vsRK3yQjprXzMkCZVBCPwISFZ8gwMwEI0VLQWi8AKIOFzTWcKnqf5/QtbuusOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeEznm188RUQRaZgp0t/6/fgcEWWkTdf9vlxnsT0d2td+Tnf7/zzfYvJRRUQVxRjXAQAYXT207p9Ly1Wz+Mz9yv3O/cmtZ20zz/+Vdzw7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdu7fNYolDgD4XO5HLi/V48Er3rOIKCSNnhd/XSCWQkQQGwvLkFxCyEXDXQQTBIn/gWBlZ69VWv8GewsLrQQJoiKCTWTv9ryNnBij2T3i5wNz851JZncmxcL3ZjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA325thtBvnQgj/FXpx5Pm7O3P96jcfnv3bLdefFlaT14wuUQwhLCw16qdSXMuga61vLM82GvXmgQTFUK43W8Op3Ov3zbnjZ4f/c2EAJp9xEMI+hz88kv3kD18QPfSWQ35/w/s8LAopPpgAADh0inGJ8vqXxa2ZqC83HcLOo935/3giDnvM/z89vncpea9k/l9NbYWDr7K2slpprW+cWFqZXawv1m9Up6bOnK2dPzdZrbS/K6n4xgQAAIBfU4pLMv8fmm7v/+e7vxP97K9EHPaY/9+6fPX/qK8cjxmJ6z88/3/7bUdv06/bU059UgAAAITw99jH97k+/blSKdyeXVtrVjufX9uTnc8Mpvpj13Y3h9tlLG518v/8dAbzAgAAAFK3vZkbDSFsddvzcd13/3+iNy65///iQeFK8pr5+AzAwlKjfnLuZmM+lZUMvtbO3RAO+G3krNcIAABANkpxPRKX5Pn/Yvv8f+8fTQ2FECaOdeJubyL/Pxq+c/5//PiT18l75hPv/59OZZWDa6jW+Xu061oIhVrWMwIAAOAwK8clyv9fFbdmmp/vXyw5/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAXduweJWIgCgBwsrPRSlwQbGw8gWhntWAheA9REDyCV/AO3sF7pBQtrWULsbCVN8noss2CReLP98HkvYQh8zJV3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAay1OvvIUl1mXT/pnj6835xGfVmJ4eWt3Y0ReD1n0L1Qfj10BAAAA/0Eq/X1VVc/N/VnEyTz3/02ZEz3/3VaXl35+te8vsfT+MfbSw/vnQrNunXjp5dX1xeFgX/jzba+dMc07n89eUjmE2Vk0eT/r27Y93cjp5gDFAgDfclBin5T/oYhHYxYGwF+2v3wz7Ue11P+n+Sh1AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzqIwAA///ZPWVS") openat(0xffffffffffffff9c, &(0x7f0000002540)='./file1\x00', 0x42, 0x0) 1.129582759s ago: executing program 4: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000140)={0x1, r1}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000940)) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000080)={'syz1\x00'}, 0x45c) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) ioctl$UI_SET_PROPBIT(r2, 0x5501, 0x0) write$input_event(r2, &(0x7f00000005c0), 0x200005d8) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xffffffffffffffff}}}, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000"], 0x0}, 0x90) 1.061014317s ago: executing program 3: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000000), &(0x7f0000048000), 0x0) 973.362078ms ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv6_delrule={0x30, 0x18, 0x1, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, 0xff, 0x3, 0x0, 0x6}, [@FRA_DST={0x14, 0x1, @mcast2}]}, 0x30}}, 0x0) 903.997747ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000050000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) 877.97469ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x6}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_BMAP(r4, &(0x7f0000000280)={0x18}, 0x18) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',privport,access=', @ANYRESDEC=r5]) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0x2) 842.258995ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_kthread_work_queue_work\x00', r1}, 0x10) socketpair(0x11, 0xa, 0x0, &(0x7f0000001080)) 796.3856ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) 732.266378ms ago: executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r2}, 0x10) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000022d900060000000077f2ab26850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r4}, 0x10) syz_usb_control_io(r3, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) ftruncate(r5, 0xc17a) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket$unix(0x1, 0x1, 0x0) getsockopt$sock_buf(r8, 0x1, 0x1c, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r7}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r6}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20) r9 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000240)={0x0, 0x0, 0x2, "0fdc"}, 0x0, 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) 376.922063ms ago: executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000400)=0x13) poll(&(0x7f0000000180)=[{r0, 0x400f}, {r0, 0x6}], 0x2, 0xe7f5) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0x3d17, 0x0, 0x0, 0x0, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0xa) 229.576002ms ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = dup2(r0, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) getxattr(0x0, 0x0, 0x0, 0x0) 219.729373ms ago: executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xe1, &(0x7f00000003c0)='\xc7i\x8b\xd5\xf5\xb0\xf1\xd5\xbc\xc0\x12\x175~\x17\xdb\xce\x94\x88\v{|i\xe1\xd0\x02\x17#\xd4uK\t\"\x98Q\x93\x14&#\x92\x0eV\x82}\xc6.\xdf\xf6\xd2\xde5\xa3\xc5\xe0\xd8\xd6\b\xdf\x7f\xfcFN\xa2iS\xe8x\x89.\xb9\x9d\xeb*;<\xc3\xd3#\f\x9bq\xef\xc8\xaa\x18mb\xf7\xb5\xc8\xceo\r\xc0\xc5\xa4zz\x96Whe\xe7$\x96\xbd\xeex\xa1\xec\xe2$\xf0\x17\xff\xed\xcf\xb1\x1f\xbe\xdcjJ\x14\xd8\x11\xa4\xac\xb1e>m\xe0\xb6\x18\xee9&\xa3W\xd5\x92\xcfd?\x9drz=!\x80P\x9b\xa1V\x95\xa2\xc8f>\xaa\xad\x87\xafg\x04?eI\xf6\xbc\x1b\xd0Lk\xa4\t\x01\xcd\x02\x8c\x18\xc5\xd0\x8c~\xf9f\xd0\xe0\xea\x11\x06\xca\f\xf9\x99Y8\x1b/\x15w\x93\xe8\v{\xb8\xae\x00'/225}, 0x30) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0x6}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000540)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a0000000000000000000000800000010000000000"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xb, 0xe, &(0x7f0000003fc0)=ANY=[@ANYBLOB="b70200000f0e1d07bfa300000000000024020000fffeff7f7a03f0fff8ffffff79a4f0ff00000000b7060000d0b68af1de640300000000007502faff07cd10020404000003007d60b70700000d1000006a0a00fe000000188500000008000000b70000000604002995000000000000001da5ad3548ebb63d18db6a1c72821c9b767ac8328fbcd5c5e4a5ad1059b5725ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1aa503b8de7ab9a780001000000000000d4bf20c2bd152d814f01f2cd539e030b0000000000007f4133b08e6e497640000000aea5cac0ceafdb9a2eeb02a1f5104d16ddb64963d84d91004cd5817e0b7f005e6ee7a39e2f0b5a18ed786b783ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a62d79b4c03e53466fa4f22d8c19f958e8b34de3535e7dacf1b13f7e875d1843c2288e7ff949a7a48ce18799ee53de177a81ea67a8f84538a9a311c754e5ab59a43f56d2085786e7ec07d78917f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d34a442bc098f4fcc96623b7c373b0ef04d55b846b094b0d6c7a75a76d445e0dcdf72c7ef97e08200000007b6e09a6a7caffff0000141f65e7d9ebe3be70c4364333af9a9d91c3e41ac37a63f85ad8254479c12f7c84fa5df32b70a80cce69cf30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48eb19767e00b75041739952fe87fde27ce0172f497e251f5b102893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7686bc2e1b45577c205c70631e8ad585951950e851250540593e61860b69a521f4e210b6494e3ab2d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7f58bde38b44ab13d980c894e00009338923789a1edcd8043fe83919088383268324a25df14010c8ea79c0d93ca77fd6c7ee30ea3aad2c6d6b8c97c00eaa00ff9bc46e1cfecbdc0e4ffac53e8f76c8b556306b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404a0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37d2fe7a60b903d2d9fe9c151c2fcc8dc389671c2d08b6e2641500568445b00cee4585af04fa69e0380be0d66649dcf3bf8a9066e5961197332c5c9da52b573109ea8b308ff070000aab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628ebe757bae30b356521df06f995cb57f97052fc4158250ccecfb47ea8faf509593fadc76e5d3c6840ad05a57af1ede94d87590ce90a0a7579766f847ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6c9eb0dcca5303eed6689ea910900785f61278dde47e6672e93a314a5f60e7b682bf0cacde21f6090f4fb311afd7f8b48f3f0d8c66449d8687dcf2d0f76668b2b9bf8b32b518e01ffb985f8054d37959c529e99b7daf32acfed749d516d014cef5f98126324e202badc1e5c20d69e576a770000000000005addc0103756b894418e4591c624a9b2ccabbfb85ad413d923b0c901973cd7c9d197d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe84f483b15f45b9a1d3af087047c568aef1d8659c6146a793026ebfc0bb5ec10b6290dc757a4903a88fb2c035f9349b6d2f0c051b8b775152786118a1020000fc19928ccb713ff09e179c308fbe9bc543dcf43f731074d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad10e5e9d26631c2f1db3a2882f6e130a79517a88de7596429a20793e12616aa32b3e720c6521fbe933321adde8ca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9605a504bca38627df469cebb7db08358e1e5ab17eea477b1754f78f45468c9568471647f8bc03d11811ac6eec1741ceb39a3ecd043c325fcabbab3d12f6a759f7ce11dafa387a8077db8a2230d2014a57bc8dd47741270000008000000000b2eebd5e1626cab98499328ff024a240199993433ceb5be20427a32df7047d63010dfc6a461517ad48ff64042e84c85c899fd11c6320a8d8fc0e78c15a5a4dd567f91dd943f6c2b32d094a461a990000000000000000000000000000000000000000000200000000000000000000b385c644a4a170e6dc9e9e546bfa049d025b319abd87fd85481743db5d6c2cb6a204d4d888dd4140c8edb598a36e21ad132bf6b88c99c5a5ed047d6589c10a5f6633b01813fc5cd7d048469a966bbfb300fd772cbadf2cf26899bfd15e7d9408026a92f13f11d1c9832259b2f97227f84a3bb96253717a1f7ac091d0f4632f638b09a0307ff31729857f9e6fe9f19e481a3f77cead663f42456e080952636515c758f1047b2148944133a492ef20a1778088c42094903d6ece2497b99fc745c420b035ff7961484a0f62a2d957ae2e47ff1ea8a059f2d03bf9c3e8d2b16ab409de762522f6008de48bb70b698c5c9867437ac3127fad4bd699acaad78a5f66c7fc7d46e048082a0af61e6b052e473ed26b0309080ea10e985703b292c7336112b1f35c3b069363869dce725d8da75dcec76dcfa0c052feecee18c64c4600a0bc3d4945d4b918865bb7a8a726a500689cbd9a84d07846417796f2a85e7a41d27d64b10f8e970469cf495b4a1b4ea8b5322f78e9f3048351b550c59a634b47981420081ea4da18b9d318fa001ce660b28bbcf3c1a8893d130b26d25e491f478ae4f95f71ea8897b32858f78d6e25537b959b69a04c5507008b8453f08a5ae1b3b4d8c83053c57637a98ef57e5fa51971eba5e287e9d10cba734336703def181022cb9f1e62079c48c13fe1659b157e5d9de7bfb929e715ed1a9a505a04a8d8474482295afbb9de90de2e918522cac2d5b5ac09d1fdc4147d6393a684ad7234ecb65d0008000000000000560ad146e8b9e9cd9b050edb1f6735c90a76b1ba4dbdee34d0b6750f25ba7251944ada7766c301c65e56351d009a568c782f4438ecba9bee47f25286300e83bd1853076ad52eac84029335b86e7f21e39a1af3d070abef94bc0827db0046dcb7d63bf64bf801c836a40b0100d0961533737c57e9b7337b981a99f63f600f90647703f0640f6594dd9f26436024a1f90f174769bad5a283271e6d7f49dec90a05bd771dd0502dc2170ccf98ade27e858eb5686ac900000000ae1bc4246ae316c6af10bf02088b4bb2ac89c96e58578dc50eddbf01ece3cb8a363ecbeb8198997115d7151f691a2a755d8233e006dd38ed5ba350bd6aad3bf6f5108083f0100f8a20be455d16134d65ce69c4b906b76427224b69750b779d81eb6e37e1db62b1788ff918433787f8026ef5c518113d48419a14a2bd8d4afff527513a2efc8403be48e494b3de33b1deefd9d902e8dc868f30161c2cd13b21b0a20362181186ff8cf4c8d58d74822f92554287ee157e9f1597c3e2e238f382a91bf48b4de88363c841bd7a8cddae3344295bd3d434d9ecf74634ffc9539010f0d36e672b9d668cc6762c0b25e4a22afb4d184ba84498b1367e4b31faf75f1b3dcecfd80c57015d8cd16171507add30833865fc1a42780e9d57bb14a6ebea4018d26e18747546fc7a4a619753fd9ba9c18e746aa9ea132058eb90f9b80549473eea2fb9bc43d38d8719a1cca094bd933ceef87a3ec0c2ac70d5f843425100950000009e000000000008000018779600e4283095c203b1f2ae5ed34f5b7e77278f7ded9f030000002e050000009f95a59418f612dfa87c654043da1a59c3c43c7884ab65d4b34984afe30c67179c4f5a3ba0e491f2b942b754a3c0d5b878c4ad63591c3fc7d3a4d4296d4bab0a88e55ff9c2536654bb2f83e8015fac216119e8ce582698938c9a331a974087b71f07e50300f7ff00d03bf057b408c86a1165bd9a1bdbf3dff88c9b2173a75d5fc82dce6d8a3f297231e33588d7cf183109c1118d94a41d48f8efcf193ff2699a76973f3f1ec1cff64a1b912ededeb080f9a241e07709e6dd6a3a7e18200c9e80b9634e6f0c4d000000000000000000000000000000005e50e77d04fcf8931ad07b38a39957e6b3a3c909000000e9d694e483e848fe0d00ee7c7d6cc30932a9575aa8808d10a4963560250bb4e60e88c726f63662cb143daf4b9ebd0774998a59fbb42dc35f12452cca456a12b7d15cf3ce7ea350e9510e96527cde622998e83e65b235c284542d48052eb15e6600733ca32436f9e705dff00f08df1115175628a327876dea291480c2dde8a59d1856eed2b502965038af0d56e49e0e2e9cb0e25104805f386d460e212c27ac7bafe6a0078f8648ff9f1e0257338ae58457fb27b29430cc9ac6a33ea11b88ae8bc95dffa293aa69d6d47f89b28a25a7ec2fce6691549990f93d1f02e1b619813699303b6b1260d5537e85315551adabe00c98282795dc5547aab3dcbd82a06e7f00c8160af19f1fc456b5fc4f099814631024b734c0cd8843c5cb124a21092e6cdd8aa2f4d3f93e92c6d850898890d9449e3f499af92be74ba8ba7928feabbd99d6288dece7513c50b973bab87214415078857d18032ab5adb8d4bf32405cc5f63eba7e60bcd0098fd7957943b3c4cf13de4e049e06ad7ebc236d1088c99d35f40555364ff86cab4542261999bccd3269e51d10900a1c05696b47ff33a159abce6bb1d69193bd01f59f1d3f431b4e0868db623cb8375baa50785b8fcd37ce4c52abe43c1e3368735022e7cc7a9b397b494d0183cbd8dae2ba19b32adc91444f519ad33f7f2680e3cf7ecd3cfc67816eb66b1faa78dd8e3f7e233b6048c53813e6b508dfc713583d8ef8f9cfff5cdae59aa7aca654b1740c90eb75ca000000000000000000000000000000000000000000faa13c07b5f590ee4c8bfbd828e912b150dde95dafe80ee043a107bde9c0bb87155691d640fd000000e4a2d2aa0607b026f78417471e6ea0d10000309b29d0dae2d2c9c730ac21040000000000000009775f86a9e6d5b6c7b3c5d10177a873edb630fdf9b1e11005a1ce41d04a2ad3f5d25a1595e7609849033d2e86ac682f2f0cde376f50a88a3ab5e83f56e43a07641b82c077fa1479b79e85c71a9c00000000000000078ce7c4ab383dac0325fa7f4ffb201c479265ff572dd061679c0000000000000f4f6b4ef8eb757ac80dc44711ae17816e32e38d7c894ab51238b2d7051ee26121404c0ade6faea7e72449cf38be7173b066f3a7835a31f1516c4cb1fda57ec8c19bc2800e246c1b64cf278c7afb3c9a5e346bdb259ac6788eefd5086e45554c8e2bdde8a3ac990dd929277a6af1876940c7c012f4b7d3d7aa68f2f07d83e925b326b05f130000000000000000000000000000000003572023092306e73a16f4b362f725b22b32be04e53a2219e3b08d75537c158ea4c4821d17d3b844dbe87408c34bb0f26ba43bd4530000769d45b93b8f2b6c194afc197f77bfb136dfd38c265479bd4f74b9d0b5c2f37eaacb2894370ab02abe06b823a2753ca82ea8888f2a5063212212772dcc541de26c97c1312fc247b56a9cd3e05bcb8bc93363edfa05f9c76e94190f917c3af6884c8742371f25eb0000000000000000000000004ae9afd11c62a57a29a163acc55ca9fe6da9ce6d59bdd87adec5ba4052a5edcd9999720e8b2a08b69f79f78c78b9f720bcf6a2ab411d420db8231780cdf52d44985768353ce1bc587700adf3a307ff11be0ca772f1bcc565070ef9345c2d55f0506d9059fff65ca75c9809c8e5e423f6f210a195e9b59a08c43dab5b025b1dc33cfdafe62aa8f13c38341267a920fc0be4e61fe9d8bed61524ad62896e3dfba3091cf028cdb3fabb530f1d0d4bdf391c5dda4b8b248ea58cb56aed4d968d506a108626e2423c506cc11bc2ec9de3b793fec489d08085e8c582cf6fc06c20eb57f7a1ba7315c67bd0e50f529a01211f8add5f28fd65fcd373982ae902e67966990cf34be5ed5dcf39b9e44fb0165fa40fcc5643678bab244a3a76f43dd267db562efe5156b85f6e909066b8f37b81b756eeeeee4598195e70d74bd1e221c5e0cf111b816f8bd5c2ac451fabd160815b9e81b9c4abffef4b12d82e401a0cce36fbfedaec4ab6a89e128ef71e63f2239792338e87e4c7d571d6e4bc165ea1d476531b4ddfbb698101e8563f7c25b4d527240dafb074437aa96f66e293df5e132fa95aa09c08ee57f089afc0522b438480aa3dc9f41330dcd3b25703feb85777de8fd5ac57464a31ae5924745f797a0c852ddf67e01dd5736b4826e16f885afb91b6a7f226e0d0aaabd0c01a8262cb35e501ddb3c191797560c91717a2215012da9e717ec8d65887138e3bc3886e5b6f3058e58fb4320338d6413ce94012c293e0042a2f5dd86b78d05efd9e44bbbccfae8b9361072af38c1aa3c030196d72d01a160a19c0060900e8bb2f3613a7ddacf2b878aa6b2952556d79bd183ae195e14d32ffd398ae01dbd20b034da17f5a78ceb03a16e39181a07b14e54f4e2061049569046877b9f5478106f6ac76e56213ec2e85a4dcd5960ad486e7c05a21e52e5c688c1f315169452b1b6a795dd837867899c64a04ec08a4b2d5455d93f6d5baf14ffced8576bfde19de2903835607505b4af824a0a69aee28fe65683dc83c19f6d253a5824442530c85d354c05c8b95030e629fb817697f746b9dd02fb40edf4f9886a758e0741ca2711e425f2f5be70a7fa600718fa7af2eb416a2b774f5d36f5632d791e0ba01f58f2165e6d5e564aef11dbc558170cf47c5934d41f558b02dc04d3ae4aee08aa5ad7d1e5ad92cdb90db79e73524d97ca3ce0828513c74fb0a1543eba7d17d37cc1f1f2d937bfd5fafeb23f691b326554b92d8b97e76e2cbbcb858a16287c2090727334096e574b6bb937ec9f048e041f178e8d3a3543c6862fc8b63f968501fabd17cbc81db1ad47d37d3fe02190fde2af3ac5c9a2d64ec4db0c8b211dbdf4d7b7c01248de7269c0b8d4c374d9fecb9fdff846c4e57d7d976c3f571474e4f65a87954e31e67c8cf6ac7823451b448ec90ca0b36405f6d2eef4055b5d2f4dad1aa89216f6d89bd43c4de92d8f61781a9349626fb65952dfa3c68aada76c3105d65bde2bddb981f753407c7696b767aeb3707606d0d9930b79f449557d6c3088c740f2a08c68b67f8dbbf93da08544ca26db1b58baae17c091f9bc28042630d76248e4d9d326ee62fd6e5d9bedee38b0e8da3cff3ba22e92e800b28c26901cd1a32b7aae2d762e776d66f08d78666364a2fc154fadfd105b28495e8702400a53f5191908b98a4d109a9d44107369cdf864fa8be46f52d88b01bcd795025a90669e55fc634692e554fe3a73ae6db0a5aa706c83061ba3b99aa992947346327a2521d3d4294115d9c4b44f949ae465d5aa24e3911520658e542e85023552e91dd39d98065dabfec69691c868bfc45f5830de8089ae1074b6ff56b7dd8e9029b7e5ab8e500b970cb391b14302315f99ab3bc102fbcc8d911c931c662c2a53c7a7bce275bb76b4096ee6d21acb49b088c7b7e05f70e6ed4cade99d907717b43b958390caec36fdb71fb1a5f374e86d3181ae12d12ff6a279e2047d26803cf7b1684c561ee8ff8250230e5de4171803ec2f03615f231d51f8a005a1487fb51b657a7b7f352adbd86fe56bd9bd02063b2bad542ca2ca3b61b8946abb3012c87cfa11e6df516ae4f29577dfda12068197eafdf0e343738778335ea5491cdcd7fe699a075425c9a35a731d63c2f7d3260ca187e2959223dc1a70f55ce9d02ff56e0410e3bf5"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600034000000000060005"], 0xe4}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0xa8, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x84, 0x8, 0x0, 0x1, [{0x80, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x58, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r8}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0xa8}}, 0x0) ioctl$sock_bt_hci(r0, 0x400448e4, &(0x7f00000004c0)="15eeaa73110e4513b500ced7f63d70b09a4256cc8f2f99e3003f68963348875566c12402c22776e1c6cd8a8a196373ef75dbe09a1738d7989d9cd801a93d5acacbd042106741c7b549883637a5f7e13b64ca445d75d853d7812f01ce416313baf5d9954efb5769d8e219374a6c7d7081fe46e25fdeaecadbc50b7d65978ea0b3960c29050177020ff5c08460619074c05a445d214a97b003f420145bb53960910000f032c42662e19481bb7c5ec210eba13649faf89011ba025d8deb09002a09d0e25dede4f700000000000000000000000000000000ce3d87498062683de8fa5df80255c684376ff6459da1000000fda4c2765d7732f86b175f1955f9f6ae540f7d1b28a183576434de2307d9b5b24e0e2a9791b23a88a96e25963a88a28de882a1a131c104967aa1831d9940a301e3bb54dcba1600eccb348f28e9c0e17536342fc8fd00e7ec4af8f36a09a64650107029efac8093bb90d718914e0a1f5b5779a13ec7b61c00d38fec2cffed2426a2c13b42c05af2fe93386d7157c4326e43bf461b01cc7cc842b8b772cd069ad1dfb9a76cb0197adb3462a9872ba3185b165ce82405358b53ed07462c5d7560e839a55f779d00000000000000000000001baa017700"/465) 158.98504ms ago: executing program 4: syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x3000cd0, &(0x7f0000000440)=ANY=[], 0x1, 0x1509, &(0x7f0000002d40)="$eJzs3Am4TmX3MPC17vveHDI8Sea97rV5kuEmSUJJMiRJEpI5IUmSJEkcMiUhCRlPkjlkTicd8zxkTjp5JUkSkinc33VUn7f3fft6p//n/b9n/a5rX+deZ++1nrXPup7z7L2v65xvuwyt1rB65XrMDP8M/esCf/6SCAAJADAAALIDQAAAZXKUyZG2P5PGxH/qRcT/kPrTr3YH4mqS+advMv/0Teafvsn80zeZf/om80/fZP7pm8xfiHRtZt5rZUu/mzz//19O/SvJ8vmfLuDv7ZD5/7fR/9DRMv/0Teafvsn80zeZf/pz5RYsuKp9iKtP3v/pm8xfiHTt3/5Mef3Zq/1MW7Z/YBNCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIf4/OOuvMADw6/pq9yWEEEIIIYQQQoh/H//+1e5ACCGEEEIIIYQQ//MQFGgwEEAGyAgJkAkywzWQBbJCNsgOMbgWcsB1kBOuh1yQG/JAXsgH+aEAhEBggSGCglAI4nADFIYboQgUhWJQHByUgJJwE5SCm6E03AJl4FYoC7dBOSh/+TXT3AmV4C6oDHdDFagK1aA63AM14F6oCfdBLbgfasMDUAcehLrwENSD+tAAHoaG8Ag0gsbQBJpCM2gOLf4gPyn738p/EbrDS9ADekIi9ILe8DL0gb7QD/rDAHgFBsKrMAheg8EwBIbC6zAM3oDh8CaMgJEwCt6C0TAGxsI4GA8TIAnehonwDkyCdx/JClNgKkyD6TADZsJ7MAtmwxx4H+bCPJgPSZkWwiJYDB/AEvgQkuEjWAofQwosg+WwAlbCKlgNa2AtrIP1sAE2wibYDFtgK3wC22A77ICdsAt2wx74FPbCZ7APPodU/OIfzD/z23zoioCAChUaNJgBM2ACJmBmzIxZMAtmw2wYwxjmwByYE3NiLsyFeTAPJmI+LIAFkJCQkbEgFsQ4xrEwFsYiWASLYTF06LAklsRSeNF7XxrLYBksi2WxHJbH8ng73o4VsSJWwkpYGStjFayC1bAa3oP34L1YE2tiLayFtbE21sE6WBfrYj2shw2wATbEhtgIG2ETbILNsBm2wBbYEltiK2yFbbANtsW22A7bYXtsjx2wA3bEjtgJO2Fn7IxdsAt2xRfwBXwRX8SX8CXsiVVUL+yNvbEP9sF+2B/74ys4EF/FV/E1HIxDcCi+jq/jGzgcT+MIHImjcBRWVGNwLI5DVhMwCZMwI0zESTgJJ+MUnILTcDrOwJk4E2fhbJyN7+NcnIfzcAEuwEW4GBfjEvwQkzEZl+IZTMFluBxX4EpchStxDa7FNbgeN+B63ISbcAtuwU/wE9yO23En7sTduBs/xU/xM/wMB2MqpuJ+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8gSfxBJ7CU3gaz+BZADiP5/ECXsBLeCntza/SGGVUBpVBJagElVllVllUFpVNZVMxFVM5VA6VU+VUuVQulUflUflUPlVAFVCkSLGKVEFVUMVVXBVWhVURVUQVU8WUU06VVCVVKVVKlValVRl1qyqrblPlVHnV2t2ublcVVRtXSd2lKqvKqoqqqqqp6qq6qqFqqJqqpqqlaqnaqraqox5UdVUv7If1VdpkGqoh2EgNxSaqqWqmmqs38FHVUg3HVqq1aqMeVyNxBLZTLV179ZTqoMZiR/WMGofPqs5qAnZRz6uu6gXVTb2ouqtWrofqqSZjL9VbTcM+qq/qp/qrWVhVpU2smnpNvZhxiBqqXleL8A01XL2pRqiRapR6S41WY9RYNU6NVxNUknpbTVTvqEnqXTVZTVFT1TQ1Xc1QM9V7apaareao99VcNU+DWqAWqkVqsfpALVEfqmT1kVqqPlYpaplarlaolWqVWq3WqLVqnVqvNqiNapParLaoreoTtU1tVzvUTrVL7VZ71Kdqr/pM7VOfq1T1hdqv/qQOqC/VQfWVOqS+VofVN+qI+lYdVd+pY+p7dVydUCfVD+qU+lGdVmfUWXVOnVc/qQvqorqkvAKNWmmtjQ50Bp1RJ+hMOrO+RmfRWXU2nV3H9LU6h75O59TX61w6t85j8up8Or8uoENN2mrWkS6oC+m4vkEX1jfqIrqoLqaLa6dL6JL6Jl1K36xL61t0GX2rLqtv0+V0eV3Bg75DV9R36kr6Ll1Z362r6Kq6mq6u79E19L26pr5P19L369r6AV1HP6jr6od0PV1fN9AP64b6Ed1IN9ZNdFPdTDfXLfSjuqV+TLfSrXUb/bhuq5/Q7fSTur1+SnfQT+uO+hndST+rO+vndBf9vO6qX9Dd9EV9SXvdQ/fUibqX7q1f1n10X91P99cD9Ct6oH5VD9Kv6cF6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6tx+ixepweryfoJP22nqjf0ZP0u3qynqKn6ml6up6h+/1Sac7fkf/O38gfdPnVt+it+hO9TW/XO/ROvUvv1nv0Hr1X79X79D6dqlP1fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qp/TP+hT+kd9Wp/RZ/Q5fV6f1xd++RmAQaOMNsYEJoPJaBJMJpPZXGOymKwmm8luYuZak8NcZ3Ka600uk9vkMXlNPpPfFDChIWMNm8gUNIVM3NxgCpsbTRFT1BQzxY0zJUxJc9O/nP9H/bUwLUxL09K0Mq1MG9PGtDVtTTvTzrQ37U0H08F0NB1NJ9PJdDadTRfTxXQ1XU030810N91ND9PDJJpE09u8bPqYvqaf6W8GmFfMQDPQDDKDzGAz2Aw1Q80wM8wMN8PNCDPCjDKjzGgz2ow1Y814M94k+exmoploJplJZrKZbKYOyG6mm+lmpplpZplZZo6ZY+aauWa+mW8WmoVmsVlslpglJtkkm6VmqUkxy8wys8KsMKvMKrPGrDHrzDqzwWwwm8wmk2K2mq1mm9lmdpgdZpfZZfaYPWav2Wv2mX0m1aSa/Wa/OWAOmIPmoDlkDpnD5rA5Yo6Yo+aoOWaOmePmuDlpTppT5pQ5bU6bs+asOW/OmwvmgrlkLqVd9gUqUIEJTJAhyBAkBAlB5iBzkCXIEmQLsgWxIBbkCHIEOYPrg1xB7iBPkDfIF+QPCgRhQIENOIiCgkGhIB7cEBQObgyKBEWDYkHxwAUlgpLBTUGp4OagdHBLUCa4NSgb3BaUC8oHFYLbgzuCisGdQaXgrqBycHdQJagaVAuqB/cENYJ7g5rBfUGt4P6gdvBAUCd4MKgbPBTUC+oHDYKHg4bBI0GjoHHQJGgaNAuaBy3+rfW9P537Mdcj7Bkmhr3C3uHLYZ+wb9gv7B8OCF8JB4avhoPC18LB4ZBwaPh6OCx8IxwevhmOCEeGo8K3wtHhmHBsOC4cH04Ik8K3w4nhO+Gk8N1wcjglnBpMC6eHM8KZ4XvhrHB2OCd8P5wbzgvnhwvCheGiEH++JIbk8KNwafhxmBIuC5eHK8KV4apwdbgmXBuuC9eHG8KN4aYyA38+NNwWbg93hDvDXeHucE/4abg3/CzcF34epoZfhPvDP4UHwi/Dg+FX4aHw6/Bw+E14JPw2PBp+Fx4Lvw+PhyfCk+EP4anwx/B0eCY8G54Lz4c/hRfCi+Gl0Kdd3Kd9vJMhQxkoAyVQAmWmzJSFslA2ykYxilEOykE5KSflolyUh/JQPspHBagApWFiKkgFKU5xKkyFqQgVoWJUjBw5KkklqRSVotJUmspQGSpLZakclaMKVIHuoDvoTrqT7qK76G66m6pSVapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqCE1pEbUiJpQE2pGzagFtaCW1JJaUStqQ22oLbWldtSO2lN76kAdqCN1pE7UiTpTZ+pCXagrdaVu1I26U3fqQT0okRKpN/WmPtSH+lE/GkADaCANpEE0iAbTYBpKQ2kYDaPhNJxG0EgaRW/RaBpDY2kcjacJlERJNJEm0iSaRJNpMk2lqTSdptNMmkmzaBbNoTk0l+bSfJpPC2khLabFtISWUDIl01JaSimUQstpOa2klbSaVtNaWkvraT1tpI20mTbTVtpK22gb7aAdtIt20R7aQ3tpL+2jfZRKqbSf9tMBOkAH6SAdokN0mA7TETpCR+koHaNjdJyO00k6SafoFJ2m03SWztJ5+oku0EW6RJ4SbCab2V5js9isNpvNbv8yzmPz2nw2vy1gQ5vL5v5NTNbaIraoLWaLW2dL2JL2pr+Ky9nytoK93d5hK9o7bSVbzmaCP49r2HttTXufrWXvt9XtPb+Ja9sHbB37iK1rG9t6tqltYJvbhvYR28g2tk1sU9vMNrdt7RO2nX3StrdPJXSwT/95bNPiJfZDu9aus+vtBrvXfmbP2nP2iP3Wnrc/2R62px1gX7ED7at2kH3NDrZDfhsD2FH2LTvajrFj7Tg73k74q3iqnWan2xl2pn3PzrKz/ypebD+wc22ynW8X2IV20eU4radk+5Fdaj+2KXaZXW5X2JV2lV1t1/zfXlfYTXaz3WL32E/tNrvd7rA77S67+3Kcdh777Oc21X5hD9tv7AH7pT1oj9pD9uvLcdr5HbXf2WP2e3vcnrAn7Q/2lP3RnrZnLp9/2rn/YC/aS9ZbYGTFmg0HnIEzcgJn4sx8DWfhrJyNs3OMr+UcfB3n5Os5F+fmPJyX83F+LsAhE1tmjrggF+I438CF+UYuwkW5GBdnxyW4JN/EpfhmLs23cBm+lcvybVyOy3MFvp3v4Ip8J1fiu7gy381VuCpX4+p8D9fge7km38e1+H6uzQ9wHX6Q6/JDXI/rcwN+mBvyI9yIG3MTbsrNuDm34Ee5JT/Grbg1t+HHuS0/we34SW7PT3EHfpo78jPciZ/lzvwcd+HnuSu/wN34Re7OL3EP7smJ3It788vch/tyP+7PA/gVHsiv8iB+jQfzEB7Kr/MwfoOH85s8gkfyKH6LR/MYHsvjeDxP4CR+myfyOzyJ3+XJPIWn8jSezjN4Jr/Hs3g2z+H3eS7P4/m8gBfyIl7MH/AS/pCT+SNeyh9zCi/j5byCV/IqXs1reC2v4/W8gTfyJt7MW3grf8LbeDvv4J28i3fzHv6U9/JnvI8/51T+gvfzn/gAf8kH+Ss+xF/zYf6Gj/C3fJS/42P8PR/nE3ySf+BT/COf5jN8ls/xef6JL/BFvsSeIcJIRToyURBliDJGCVGmKHN0TZQlyhpli7JHsejaKEd0XZQzuj7KFeWO8kR5o3xR/qhAFEYU2YijKCoYFYri0Q1R4ejGqEhUNCoWFY9cVCIqGd0UlYpujkpHt0RlolujstFtUbmofFQhuj26I6oY3RlViu6KKkd3R1WiqlG1qHp0T1QjujeqGd0X1Yruj0pHD0R1ogejutFDUb2oftQgejhqGD0SNYoaR02iplGzqHnUIno0ahk9FrWKWkdtosejttETUbvoyah99FTUIXr6yv6iwc+fpn+xPzHqFelfnpDdpxfGF8UXxz+IL4l/GE+OfxRfGv84nhJfFl8eXxFfGV8VXx1fE18bXxdfH98Q3xjfFN8c3xL3vnpGcJh2IwzGBS6Dy+gSXCaX2V3jsrisLpvL7mLuWpfDXedyuutdLpfb5XF5XT6X3xVwoSNnHbvIFXSFXNzd4Aq7G10RV9QVc8WdcyVcSdfctXAtXEv3mGvlWrs27nH3uHvCPeGeTPilcdfRPeM6uWddZ/ece84977q6F1w396Lr7l5yPVxPl+gSXW/X2/VxfVw/188NcAPcQDfQDXKD3GA32A11Q90wN8wNd8PdCDfCjXKj3Gg32o11Y914N94luSQ30U10k9wkN9lNdlPdVDfdTXcz3Uw3y81yc9wcN9fNdfPdfLfQLXSL3WK3xC1xyS7ZLXVLXYpLccvdcrfSrXSr3Wq31q116916t9FtdJvdZrfVbXXb3Da3w+1wu9wut8ftcXvdXrfP7XOpLtXtd/vdAXfAHXRfuUPua3fYfeOOuG/dUfedO+a+d8fdCXfSeX3K/ehOuzPurDvnzruf3AV30V1y3iXF3o5NjL0TmxR7NzY5NiU2NTYtNj02IzYz9l5sVmx2bE7s/djc2LzY/NiC2MLYotji2AexJbEPY8mxj2JLYx/HUmLLYstjK2IrY6ti3uffFvmCvpCP+xt8YX+jL+KL+mK+uHe+hC/pb/Kl/M2+tL/Fl/G3+rL+Nl/Ol/cVfGPfxDf1zXxz38I/6lv6x3wr39q38Y/7tv4J384/6dv7p3wH/7Tv6J/xnfyzvrN/znfxz8/7Zcq+u3/J9/A9faLv5Xv7l30f39f38/39AP+KH+hf9YP8a36wH+KH+tf9MP+GH+7f9CP8SD/Kv+VH+zF+rB/nx/sJPsm/7Sf6d/wk/66f7Kf4qX6an+5n+Jn+PT/Lz/Zz/Pt+rp/n5/sFfqFf5Bf7D/wS/6FP9h/5pf5jn+KX+eV+hV/pV/nVfo1f69f59X6D3+g3+c1+i9/qP/Hb/Ha/w+/0u/xuv8d/6vf6z/w+/7lP9V/4/f5P/oD/0h/0X/lD/mt/2H/jj/hv/VH/nT/mv/fH/Ql/0v/gT/kf/Wl/xp/15/x5/5O/4C/6S/I3a0IIIYQQfxf9B/t7/Y3vqV+2NL0BIOv2vIf+subGXD+v+6q9HWIA8FTPLvV/3erXT0xM/OXYFA1BoQUAELuSnwGuxMugDTwB7aE1lPqb/fVVFS5f9/2/6sdvBcgMkOnXnLTbo1/jK/Vv/p36jT/g362/7Of6CwCKFLqSk1b41/hK/dK/U39329+vf7n/TF8mAbT6s5wscCW+Ur8kPAZPQ/vfHCmEEEIIIYQQQvysrzrf9Q/uPy/fn+czv837Nf6j+/M/UOlf7V8IIYQQQgghhBB/7NkXuj35aPv2rTv9Ny8y/me08R+wQAD4D2hDFv/5i6v9m0kIIYQQQgjx73blov9qdyKEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQqRf//x/CFN/98FX+xyFEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKIq+3/BAAA//+0FVXr") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) signalfd(0xffffffffffffffff, 0x0, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f0000000a00)={'lo\x00', 0x101}) fsopen(0x0, 0x0) truncate(&(0x7f0000000000)='./file1\x00', 0xd7fe) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x7, 0x8, 0x8, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r5}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18001000ff010000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="e115000000000000b7080000000000007b8af8fffb47cbe6664b05fa9dc9d84f9f00000000bfa200000000000007020000f8ffffffb7031b4c4d7aae34b368fc254a70785bad000008000000b704000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r6}, 0x10) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000001000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r7}, 0x10) 155.649391ms ago: executing program 2: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x80000043, 0x0, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x43}}}, 0x10) 146.638982ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 108.504737ms ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv6_delrule={0x30, 0x18, 0x1, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, 0xff, 0x3, 0x0, 0x6}, [@FRA_DST={0x14, 0x1, @mcast2}]}, 0x30}}, 0x0) 64.363122ms ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) vmsplice(r2, &(0x7f0000000900)=[{&(0x7f00000005c0)="cb", 0x1}], 0x1, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000000)) close_range(r2, 0xffffffffffffffff, 0x0) 0s ago: executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5") r1 = open(&(0x7f00000001c0)='./bus\x00', 0x4a37e, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) ftruncate(r2, 0x2008002) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad122bc192, 0x4002011, r1, 0x0) fadvise64(r2, 0x0, 0x0, 0x4) kernel console output (not intermixed with test programs): 9][T17236] bridge0: port 3(gretap0) entered disabled state [ 573.737758][T17236] device gretap0 left promiscuous mode [ 573.743132][T17236] bridge0: port 3(gretap0) entered disabled state [ 573.755463][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 573.775873][ T1724] hid-multitouch 0003:0EEF:72D0.0055: unbalanced delimiter at end of report description [ 573.800797][ T1724] hid-multitouch: probe of 0003:0EEF:72D0.0055 failed with error -22 [ 573.816769][T20607] loop1: detected capacity change from 0 to 512 [ 573.830296][T20607] EXT4-fs (loop1): 1 orphan inode deleted [ 573.835927][T20607] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 573.844781][T20607] ext4 filesystem being mounted at /root/syzkaller-testdir719304903/syzkaller.X02fOC/0/bus supports timestamps until 2038 (0x7fffffff) [ 573.859796][T20607] EXT4-fs (loop1): unmounting filesystem. [ 573.882018][T17236] device bridge_slave_1 left promiscuous mode [ 573.888073][T17236] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.896316][T17236] device bridge_slave_0 left promiscuous mode [ 573.902412][T17236] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.911051][T17236] device veth1_macvtap left promiscuous mode [ 573.917206][T17236] device veth0_vlan left promiscuous mode [ 573.956631][T20613] loop2: detected capacity change from 0 to 256 [ 573.968460][T20613] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 574.011898][ T40] usb 4-1: USB disconnect, device number 45 [ 574.160574][T20615] overlayfs: failed to resolve './file0': -2 [ 574.360552][T20620] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 574.411974][T20622] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 574.556408][ T28] kauditd_printk_skb: 129 callbacks suppressed [ 574.556423][ T28] audit: type=1326 audit(1852353031.922:4707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20631 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x0 [ 574.857108][T20642] loop3: detected capacity change from 0 to 512 [ 574.878682][T20642] EXT4-fs (loop3): 1 orphan inode deleted [ 574.884757][T20642] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 574.893960][T20642] ext4 filesystem being mounted at /root/syzkaller-testdir3600037992/syzkaller.e65uve/70/bus supports timestamps until 2038 (0x7fffffff) [ 574.909269][T20642] EXT4-fs (loop3): unmounting filesystem. [ 575.547505][T20670] loop4: detected capacity change from 0 to 16 [ 575.591572][T20670] erofs: (device loop4): mounted with root inode @ nid 36. [ 576.052435][ T28] audit: type=1326 audit(1852353033.316:4708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 576.076912][ T28] audit: type=1326 audit(1852353033.316:4709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 576.100989][ T28] audit: type=1326 audit(1852353033.316:4710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 576.125704][ T28] audit: type=1326 audit(1852353033.316:4711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 576.149773][ T28] audit: type=1326 audit(1852353033.316:4712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 576.174144][ T28] audit: type=1326 audit(1852353033.316:4713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 576.198062][ T28] audit: type=1326 audit(1852353033.344:4714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 576.221928][ T28] audit: type=1326 audit(1852353033.344:4715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe4f747a627 code=0x7ffc0000 [ 576.246111][ T28] audit: type=1326 audit(1852353033.344:4716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20687 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe4f74402e9 code=0x7ffc0000 [ 576.309113][T20692] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 576.341462][T20695] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 576.541139][T20710] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. [ 576.863769][T20719] loop2: detected capacity change from 0 to 256 [ 577.125158][T20731] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 577.487994][T20744] loop3: detected capacity change from 0 to 512 [ 577.507923][T20744] EXT4-fs (loop3): 1 orphan inode deleted [ 577.513894][T20744] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 577.523106][T20744] ext4 filesystem being mounted at /root/syzkaller-testdir3600037992/syzkaller.e65uve/78/bus supports timestamps until 2038 (0x7fffffff) [ 577.538417][T20744] EXT4-fs (loop3): unmounting filesystem. [ 577.654957][T20755] serio: Serial port pts0 [ 577.818692][T20769] loop3: detected capacity change from 0 to 512 [ 577.867883][T20769] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 577.876808][T20769] ext4 filesystem being mounted at /root/syzkaller-testdir3600037992/syzkaller.e65uve/80/bus supports timestamps until 2038 (0x7fffffff) [ 577.911761][ T40] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 577.921221][T19699] EXT4-fs (loop3): unmounting filesystem. [ 578.179101][ T40] usb 5-1: Using ep0 maxpacket: 16 [ 578.206321][T20780] incfs_lookup_dentry err:-5 [ 578.211617][T20780] incfs: Can't find or create .index dir in ./file0 [ 578.222079][T20780] incfs: mount failed -5 [ 578.521302][ T40] usb 5-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 578.532905][T20794] syz-executor.3[20794] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 578.533273][T20794] syz-executor.3[20794] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 578.578543][ T40] usb 5-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 578.673553][ T40] usb 5-1: Product: syz [ 578.677634][ T40] usb 5-1: Manufacturer: syz [ 578.682121][ T40] usb 5-1: SerialNumber: syz [ 578.688933][ T40] usb 5-1: config 0 descriptor?? [ 578.735343][ T40] usb 5-1: selecting invalid altsetting 1 [ 578.742006][ T40] snd-usb-audio: probe of 5-1:0.0 failed with error -22 [ 578.847343][T20801] serio: Serial port pts0 [ 578.952558][ T4737] usb 5-1: USB disconnect, device number 48 [ 578.963138][T20808] loop2: detected capacity change from 0 to 512 [ 578.983038][T20808] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 578.991894][T20808] ext4 filesystem being mounted at /root/syzkaller-testdir3066071213/syzkaller.skO1SX/49/bus supports timestamps until 2038 (0x7fffffff) [ 579.019820][T20293] EXT4-fs (loop2): unmounting filesystem. [ 579.124803][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 579.124805][T20817] incfs_lookup_dentry err:-5 [ 579.124822][T20817] incfs: Can't find or create .index dir in ./file0 [ 579.124855][T20817] incfs: mount failed -5 [ 579.579501][ T40] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 579.836057][ T40] usb 1-1: Using ep0 maxpacket: 16 [ 579.943366][ T28] kauditd_printk_skb: 178 callbacks suppressed [ 579.943382][ T28] audit: type=1326 audit(1852353036.955:4895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12cf27cea9 code=0x7ffc0000 [ 579.973424][ T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 579.975161][ T28] audit: type=1326 audit(1852353036.955:4896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12cf27cea9 code=0x7ffc0000 [ 579.984239][ T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 580.008589][ T28] audit: type=1326 audit(1852353036.955:4897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12cf27cea9 code=0x7ffc0000 [ 580.017864][ T40] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 580.041689][ T28] audit: type=1326 audit(1852353036.955:4898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12cf27cea9 code=0x7ffc0000 [ 580.050766][ T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.075453][ T28] audit: type=1326 audit(1852353036.955:4899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12cf27cea9 code=0x7ffc0000 [ 580.082812][ T40] usb 1-1: config 0 descriptor?? [ 580.107443][ T28] audit: type=1326 audit(1852353036.955:4900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12cf27cea9 code=0x7ffc0000 [ 580.136616][ T28] audit: type=1326 audit(1852353036.955:4901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12cf27cea9 code=0x7ffc0000 [ 580.160629][ T28] audit: type=1326 audit(1852353036.955:4902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f12cf27a627 code=0x7ffc0000 [ 580.184584][ T28] audit: type=1326 audit(1852353036.955:4903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f12cf2402e9 code=0x7ffc0000 [ 580.208867][ T28] audit: type=1326 audit(1852353036.955:4904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20827 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f12cf27a627 code=0x7ffc0000 [ 580.851786][ T40] usbhid 1-1:0.0: can't add hid device: -71 [ 580.860229][ T40] usbhid: probe of 1-1:0.0 failed with error -71 [ 580.867562][ T40] usb 1-1: USB disconnect, device number 51 [ 580.945447][T20856] syz-executor.1[20856] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 580.945802][T20856] syz-executor.1[20856] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 581.279344][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 581.279378][ T9452] Bluetooth: hci0: command 0x1003 tx timeout [ 581.302405][T20861] loop3: detected capacity change from 0 to 256 [ 581.314609][T20861] exfat: Deprecated parameter 'utf8' [ 581.319942][T20861] exfat: Deprecated parameter 'utf8' [ 581.327884][T20861] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 583.096693][ T40] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 583.257067][ T360] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 583.353277][ T40] usb 5-1: Using ep0 maxpacket: 16 [ 583.481712][ T40] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 583.492594][ T40] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 583.502728][ T40] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 583.511751][ T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.520285][ T40] usb 5-1: config 0 descriptor?? [ 583.524325][ T360] usb 1-1: Using ep0 maxpacket: 16 [ 583.877225][ T360] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 583.885207][ T360] usb 1-1: config 0 has no interface number 0 [ 583.891139][ T360] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 584.149005][ T360] usb 1-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= f.88 [ 584.293414][T20953] loop1: detected capacity change from 0 to 1024 [ 584.304016][ T40] usbhid 5-1:0.0: can't add hid device: -71 [ 584.324770][ T360] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.332647][ T360] usb 1-1: Product: syz [ 584.336635][ T360] usb 1-1: Manufacturer: syz [ 584.341035][ T360] usb 1-1: SerialNumber: syz [ 584.346089][ T360] usb 1-1: config 0 descriptor?? [ 584.350263][ T40] usbhid: probe of 5-1:0.0 failed with error -71 [ 584.359011][T20953] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 584.368205][ T40] usb 5-1: USB disconnect, device number 49 [ 584.379728][T20914] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 584.656888][T20964] loop2: detected capacity change from 0 to 256 [ 584.666900][T20964] exfat: Deprecated parameter 'utf8' [ 584.672558][ T360] usb 1-1: invalid MIDI in EP 0 [ 584.675350][T20964] exfat: Deprecated parameter 'utf8' [ 584.680579][ T360] snd-usb-audio: probe of 1-1:0.2 failed with error -22 [ 584.684705][T20964] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 584.690048][ T360] usb 1-1: USB disconnect, device number 52 [ 584.922397][T20593] EXT4-fs (loop1): unmounting filesystem. [ 585.306832][T20988] loop4: detected capacity change from 0 to 256 [ 585.648813][T20996] loop1: detected capacity change from 0 to 256 [ 585.660260][T20996] exfat: Deprecated parameter 'utf8' [ 585.665567][T20996] exfat: Deprecated parameter 'utf8' [ 585.673482][T20996] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 586.275450][ T40] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 586.298834][T21008] loop1: detected capacity change from 0 to 1024 [ 586.307166][T21008] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 586.539146][ T40] usb 1-1: Using ep0 maxpacket: 16 [ 586.667476][ T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 586.678419][ T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 586.688066][ T40] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 586.697081][ T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.734699][ T40] usb 1-1: config 0 descriptor?? [ 586.749765][T21030] loop4: detected capacity change from 0 to 256 [ 586.757316][T20593] EXT4-fs (loop1): unmounting filesystem. [ 586.805592][T21030] exfat: Deprecated parameter 'utf8' [ 586.811025][T21030] exfat: Deprecated parameter 'utf8' [ 586.818698][T21030] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 587.191360][ T360] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 587.289436][T21041] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 587.334668][T21047] loop1: detected capacity change from 0 to 2048 [ 587.354258][T21047] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 587.415758][ T4737] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 587.479899][ T360] usb 3-1: Using ep0 maxpacket: 16 [ 587.512223][ T40] usbhid 1-1:0.0: can't add hid device: -71 [ 587.521080][ T40] usbhid: probe of 1-1:0.0 failed with error -71 [ 587.530501][ T40] usb 1-1: USB disconnect, device number 53 [ 587.832746][ T360] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 587.840727][ T360] usb 3-1: config 0 has no interface number 0 [ 587.846874][ T360] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 587.876291][ T4737] usb 5-1: Using ep0 maxpacket: 16 [ 588.046721][ T360] usb 3-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= f.88 [ 588.055880][ T360] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.063831][ T360] usb 3-1: Product: syz [ 588.067751][ T360] usb 3-1: Manufacturer: syz [ 588.072361][ T360] usb 3-1: SerialNumber: syz [ 588.077312][ T360] usb 3-1: config 0 descriptor?? [ 588.110682][T21026] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 588.231317][ T4737] usb 5-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 588.240610][ T4737] usb 5-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 588.248951][ T4737] usb 5-1: Product: syz [ 588.252985][ T4737] usb 5-1: Manufacturer: syz [ 588.257443][ T4737] usb 5-1: SerialNumber: syz [ 588.262810][ T4737] usb 5-1: config 0 descriptor?? [ 588.271863][T20593] EXT4-fs (loop1): unmounting filesystem. [ 588.303571][ T4737] usb 5-1: selecting invalid altsetting 1 [ 588.310949][ T4737] snd-usb-audio: probe of 5-1:0.0 failed with error -22 [ 588.389087][ T360] usb 3-1: invalid MIDI in EP 0 [ 588.394347][T21071] loop1: detected capacity change from 0 to 40427 [ 588.395872][ T360] snd-usb-audio: probe of 3-1:0.2 failed with error -22 [ 588.403270][T21071] F2FS-fs (loop1): invalid crc value [ 588.408622][ T360] usb 3-1: USB disconnect, device number 44 [ 588.415179][T21071] F2FS-fs (loop1): Found nat_bits in checkpoint [ 588.444645][T21071] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 588.467763][T21071] syz-executor.1: attempt to access beyond end of device [ 588.467763][T21071] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 588.521825][ T4737] usb 5-1: USB disconnect, device number 50 [ 588.643701][T21077] loop1: detected capacity change from 0 to 40427 [ 588.651856][T21077] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 588.659443][T21077] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 588.668531][T21077] F2FS-fs (loop1): invalid crc value [ 588.674984][T21077] F2FS-fs (loop1): Found nat_bits in checkpoint [ 588.705443][T21077] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 588.712462][T21077] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 588.784866][T21083] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 588.910073][T21087] syz-executor.1: attempt to access beyond end of device [ 588.910073][T21087] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 589.295569][T21104] loop0: detected capacity change from 0 to 512 [ 589.302639][T21104] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 589.314560][T21104] EXT4-fs (loop0): 1 truncate cleaned up [ 589.320177][T21104] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 589.333174][T21104] EXT4-fs (loop0): unmounting filesystem. [ 589.350722][ T360] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 589.437980][T21113] syz-executor.4[21113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 589.438032][T21113] syz-executor.4[21113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 589.449742][ T4737] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 589.485033][T20593] syz-executor.1: attempt to access beyond end of device [ 589.485033][T20593] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 589.735653][ T360] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 589.746587][ T4737] usb 3-1: Using ep0 maxpacket: 16 [ 589.751769][ T360] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 589.761526][ T360] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 589.770646][ T360] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.779250][ T360] usb 4-1: config 0 descriptor?? [ 589.885281][ T4737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 589.896023][ T4737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 589.905512][ T4737] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 589.914389][ T4737] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.922797][ T4737] usb 3-1: config 0 descriptor?? [ 590.002876][T15881] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 590.074703][ T28] kauditd_printk_skb: 77 callbacks suppressed [ 590.074717][ T28] audit: type=1326 audit(1852353046.430:4982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fe447cea9 code=0x7fc00000 [ 590.090593][T21129] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 590.220678][T21135] loop0: detected capacity change from 0 to 256 [ 590.231142][T21134] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 590.238976][T21134] FAT-fs (loop0): Filesystem has been set read-only [ 590.278795][T21139] loop4: detected capacity change from 0 to 2048 [ 590.293151][T21139] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 590.684150][T21147] overlayfs: failed to resolve './file0': -2 [ 590.727765][T15881] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 590.745405][T15881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 590.932963][T15881] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 590.942338][T15881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 590.950273][T15881] usb 2-1: SerialNumber: syz [ 591.103990][ T4737] usbhid 3-1:0.0: can't add hid device: -71 [ 591.109814][ T4737] usbhid: probe of 3-1:0.0 failed with error -71 [ 591.116375][ T4737] usb 3-1: USB disconnect, device number 45 [ 591.211747][T18420] EXT4-fs (loop4): unmounting filesystem. [ 591.236728][T21158] overlayfs: bad index found (index=index/00fb210001fef82ea27d104f0ca664b7480d948ec00e5ed7320200000000000000, ftype=2000, origin ftype=a000). [ 591.253710][ T360] uclogic 0003:256C:006D.0056: interface is invalid, ignoring [ 591.296989][T15881] usb 2-1: 0:2 : does not exist [ 591.301790][T15881] usb 2-1: unit 5: unexpected type 0x0b [ 591.308362][T15881] usb 2-1: USB disconnect, device number 47 [ 591.355750][T21160] loop4: detected capacity change from 0 to 40427 [ 591.364488][T21160] F2FS-fs (loop4): Found nat_bits in checkpoint [ 591.398479][T21160] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 591.409903][ T28] audit: type=1400 audit(1852353047.674:4983): avc: denied { ioctl } for pid=21159 comm="syz-executor.4" path="/root/syzkaller-testdir3263125129/syzkaller.Qot4cx/207/file0/memory.events.local" dev="loop4" ino=10 ioctlcmd=0xf510 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 591.445237][T18420] syz-executor.4: attempt to access beyond end of device [ 591.445237][T18420] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 591.472486][ T4737] usb 4-1: USB disconnect, device number 46 [ 591.577997][T21178] loop2: detected capacity change from 0 to 512 [ 591.586238][T21178] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 393: padding at end of block bitmap is not set [ 591.601059][T21178] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 591.609878][T21178] EXT4-fs (loop2): 2 truncates cleaned up [ 591.615408][T21178] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 591.628387][T20293] EXT4-fs (loop2): unmounting filesystem. [ 591.884415][ T316] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 591.924145][T21197] loop1: detected capacity change from 0 to 2048 [ 591.966352][T21198] loop2: detected capacity change from 0 to 512 [ 591.973801][T21198] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 591.983925][T21197] loop1: p1 < > p3 [ 591.985440][T21198] EXT4-fs (loop2): 1 truncate cleaned up [ 591.988116][T21197] loop1: p3 size 134217728 extends beyond EOD, truncated [ 591.993201][T21198] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 592.025518][T21198] EXT4-fs (loop2): unmounting filesystem. [ 592.269274][ T316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 592.280038][ T316] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 592.292648][ T316] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 592.301478][ T316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.309761][ T316] usb 5-1: config 0 descriptor?? [ 592.397547][ T40] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 592.445568][ T28] audit: type=1400 audit(1852353048.647:4984): avc: denied { bind } for pid=21208 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 592.445925][T21209] xt_CT: You must specify a L4 protocol and not use inversions on it [ 592.675520][ T40] usb 4-1: Using ep0 maxpacket: 16 [ 592.682845][T21217] syz-executor.0[21217] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 592.683134][T21217] syz-executor.0[21217] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 592.808046][ T28] audit: type=1326 audit(1852353048.928:4985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21190 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7fc00000 [ 592.835921][ T40] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 592.843711][ T28] audit: type=1326 audit(1852353048.928:4986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21190 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe4f747cea9 code=0x7fc00000 [ 592.855378][ T316] plantronics 0003:047F:FFFF.0057: No inputs registered, leaving [ 592.878120][ T28] audit: type=1326 audit(1852353048.928:4987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21190 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7fc00000 [ 592.886621][ T40] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 592.909319][ T28] audit: type=1326 audit(1852353048.937:4988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21190 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7fc00000 [ 592.942916][ T28] audit: type=1326 audit(1852353048.937:4989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21190 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7fc00000 [ 592.966972][ T40] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 592.975925][ T28] audit: type=1326 audit(1852353048.937:4990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21190 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7fc00000 [ 592.976622][ T40] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.000125][ T28] audit: type=1326 audit(1852353048.937:4991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21190 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7fc00000 [ 593.007842][ T316] plantronics 0003:047F:FFFF.0057: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 593.077211][ T40] usb 4-1: config 0 descriptor?? [ 593.563020][ T316] usb 5-1: USB disconnect, device number 51 [ 593.744564][ T40] usbhid 4-1:0.0: can't add hid device: -71 [ 593.750365][ T40] usbhid: probe of 4-1:0.0 failed with error -71 [ 593.757271][ T40] usb 4-1: USB disconnect, device number 47 [ 594.108025][ T4737] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 594.210754][T21238] loop3: detected capacity change from 0 to 256 [ 594.222678][T21237] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 594.230536][T21237] FAT-fs (loop3): Filesystem has been set read-only [ 594.245121][T21240] xt_CT: You must specify a L4 protocol and not use inversions on it [ 594.546401][ T4737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.557320][ T4737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 594.566936][ T4737] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 594.590074][ T4737] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.598667][ T4737] usb 3-1: config 0 descriptor?? [ 595.524042][T21268] loop0: detected capacity change from 0 to 256 [ 595.537201][T21267] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 595.538656][T21266] loop3: detected capacity change from 0 to 2048 [ 595.545293][T21267] FAT-fs (loop0): Filesystem has been set read-only [ 595.558790][T21266] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 595.572272][T21266] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 595.588451][T21272] xt_CT: You must specify a L4 protocol and not use inversions on it [ 595.661208][T19699] EXT4-fs (loop3): unmounting filesystem. [ 595.869048][T21287] loop3: detected capacity change from 0 to 40427 [ 595.878080][T21287] F2FS-fs (loop3): Found nat_bits in checkpoint [ 595.901647][T21287] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 595.909451][ T4737] uclogic 0003:256C:006D.0058: interface is invalid, ignoring [ 595.925632][T19699] syz-executor.3: attempt to access beyond end of device [ 595.925632][T19699] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 596.067869][T21299] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.4'. [ 596.101511][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 596.101527][ T28] audit: type=1326 audit(1852353052.071:5024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21304 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12cc07cea9 code=0x0 [ 596.135545][ T24] usb 3-1: USB disconnect, device number 46 [ 596.456625][T21317] loop0: detected capacity change from 0 to 40427 [ 596.465808][T21317] F2FS-fs (loop0): Found nat_bits in checkpoint [ 596.504043][T21317] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 596.531347][T19989] syz-executor.0: attempt to access beyond end of device [ 596.531347][T19989] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 596.611067][ T28] audit: type=1326 audit(1852353052.548:5025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5fe447cea9 code=0x0 [ 596.728025][ T28] audit: type=1326 audit(1852353052.660:5026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5fe447cea9 code=0x0 [ 597.052722][T21334] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.4'. [ 597.158772][T21350] device pim6reg1 entered promiscuous mode [ 597.197917][T21354] loop4: detected capacity change from 0 to 256 [ 597.210569][T21354] FAT-fs (loop4): Directory bread(block 64) failed [ 597.216911][T21354] FAT-fs (loop4): Directory bread(block 65) failed [ 597.223371][T21354] FAT-fs (loop4): Directory bread(block 66) failed [ 597.229824][T21354] FAT-fs (loop4): Directory bread(block 67) failed [ 597.236238][T21354] FAT-fs (loop4): Directory bread(block 68) failed [ 597.243057][T21354] FAT-fs (loop4): Directory bread(block 69) failed [ 597.249408][T21354] FAT-fs (loop4): Directory bread(block 70) failed [ 597.255738][T21354] FAT-fs (loop4): Directory bread(block 71) failed [ 597.262152][T21354] FAT-fs (loop4): Directory bread(block 72) failed [ 597.268407][T21354] FAT-fs (loop4): Directory bread(block 73) failed [ 597.302270][T21358] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.4'. [ 597.320544][T21360] loop4: detected capacity change from 0 to 512 [ 597.326990][T21360] EXT4-fs: quotafile must be on filesystem root [ 597.427042][T21365] tipc: Failed to remove unknown binding: 66,1,1/0:2757701005/2757701007 [ 597.435347][T21365] tipc: Failed to remove unknown binding: 66,1,1/0:2757701005/2757701007 [ 597.443932][ T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 597.532052][T21381] device pim6reg1 entered promiscuous mode [ 597.640692][T21386] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.4'. [ 597.664843][T21392] loop2: detected capacity change from 0 to 512 [ 597.671772][T21392] EXT4-fs: quotafile must be on filesystem root [ 597.679231][T21390] tipc: Failed to remove unknown binding: 66,1,1/0:101554911/101554913 [ 597.687437][T21390] tipc: Failed to remove unknown binding: 66,1,1/0:101554911/101554913 [ 597.842307][T21408] device pim6reg1 entered promiscuous mode [ 597.860536][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.871395][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 597.884067][ T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 597.894340][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.940506][ T24] usb 4-1: config 0 descriptor?? [ 598.545248][ T24] plantronics 0003:047F:FFFF.0059: unknown main item tag 0x0 [ 598.552535][ T24] plantronics 0003:047F:FFFF.0059: unknown main item tag 0x0 [ 598.559989][ T24] plantronics 0003:047F:FFFF.0059: No inputs registered, leaving [ 598.568240][ T24] plantronics 0003:047F:FFFF.0059: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 598.788654][T21425] loop4: detected capacity change from 0 to 40427 [ 598.800512][T21425] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 598.808184][T21425] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 598.841295][T21425] F2FS-fs (loop4): invalid crc value [ 598.862240][T21425] F2FS-fs (loop4): Found nat_bits in checkpoint [ 598.868298][T21434] loop0: detected capacity change from 0 to 512 [ 598.868790][T21434] EXT4-fs: quotafile must be on filesystem root [ 598.914475][T21425] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 598.921920][T21425] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 599.143206][T21456] syz-executor.4: attempt to access beyond end of device [ 599.143206][T21456] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 599.628904][T18420] syz-executor.4: attempt to access beyond end of device [ 599.628904][T18420] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 599.944271][T21480] netlink: 'syz-executor.0': attribute type 30 has an invalid length. [ 599.956434][T21476] device pim6reg1 entered promiscuous mode [ 600.277431][T21510] loop0: detected capacity change from 0 to 1024 [ 600.300023][T21510] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 600.336654][T21510] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz-executor.0: Invalid inode bitmap blk 18435710331736723584 in block_group 0 [ 600.354904][T19989] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor.0: path /root/syzkaller-testdir565436632/syzkaller.xPOJRP/130/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 600.380624][T19989] EXT4-fs error (device loop0): __ext4_get_inode_loc:4497: comm syz-executor.0: Invalid inode table block 7485954548343485821 in block_group 0 [ 600.395535][T19989] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 600.395851][T20098] usb 4-1: USB disconnect, device number 48 [ 600.411794][T19989] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #2: comm syz-executor.0: mark_inode_dirty error [ 600.426512][ T226] EXT4-fs error (device loop0): __ext4_get_inode_loc:4497: comm kworker/u4:3: Invalid inode table block 7485954548343485821 in block_group 0 [ 600.441529][T19989] EXT4-fs (loop0): unmounting filesystem. [ 600.596306][T21520] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.603189][T21520] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.610644][T21520] device bridge_slave_0 entered promiscuous mode [ 600.618367][T21520] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.625247][T21520] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.633435][T21520] device bridge_slave_1 entered promiscuous mode [ 600.707626][T21521] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.714522][T21521] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.721796][T21521] device bridge_slave_0 entered promiscuous mode [ 600.732481][T21521] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.739433][T21521] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.746492][T21521] device bridge_slave_1 entered promiscuous mode [ 600.801031][T21520] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.807894][T21520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.815117][T21520] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.821914][T21520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.840758][T21521] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.847640][T21521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.854684][T21521] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.861574][T21521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.885596][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 600.893102][ T4737] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.900325][ T4737] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.907700][ T4737] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.914986][ T4737] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.928518][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 600.936824][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.943707][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.960413][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 600.968317][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 600.976735][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.983958][ T468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.991483][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 601.000607][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.007758][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 601.014965][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 601.023014][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.029910][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 601.057013][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 601.065576][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 601.073565][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 601.085203][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 601.109904][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 601.117975][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 601.125903][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 601.134271][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 601.142906][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 601.151555][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 601.161249][T21520] device veth0_vlan entered promiscuous mode [ 601.168931][ T226] device bridge_slave_0 left promiscuous mode [ 601.174940][ T226] bridge0: port 1(bridge_slave_0) entered disabled state [ 601.183257][ T226] device veth1_macvtap left promiscuous mode [ 601.189225][ T226] device veth0_vlan left promiscuous mode [ 601.274490][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 601.282259][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 601.296961][T21520] device veth1_macvtap entered promiscuous mode [ 601.304292][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 601.312057][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 601.319327][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 601.327458][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 601.336071][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 601.346732][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 601.354909][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 601.366972][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 601.375407][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 601.383767][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 601.391960][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 601.400050][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 601.408588][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 601.416270][ T316] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 601.424030][T21521] device veth0_vlan entered promiscuous mode [ 601.431334][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 601.438712][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 601.456088][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 601.464270][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 601.473747][T21521] device veth1_macvtap entered promiscuous mode [ 601.492245][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 601.500145][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 601.508857][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 601.517271][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 601.525852][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 601.554207][T21547] loop0: detected capacity change from 0 to 512 [ 601.560806][T21547] EXT4-fs: quotafile must be on filesystem root [ 601.901883][ T316] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 601.919665][ T316] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 601.935135][ T28] audit: type=1326 audit(1852353057.534:5027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21561 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11d847cea9 code=0x0 [ 601.970091][T21564] loop4: detected capacity change from 0 to 256 [ 602.025585][ T28] audit: type=1400 audit(1852353057.608:5028): avc: denied { append } for pid=21569 comm="syz-executor.4" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 602.050209][ T28] audit: type=1326 audit(1852353057.608:5029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21561 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11d847cea9 code=0x0 [ 602.091757][ T316] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 602.113514][ T316] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 602.121686][ T316] usb 3-1: SerialNumber: syz [ 602.298944][ T226] device bridge_slave_0 left promiscuous mode [ 602.305321][ T226] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.315887][ T226] device veth1_macvtap left promiscuous mode [ 602.322276][ T226] device veth0_vlan left promiscuous mode [ 602.565890][ T316] usb 3-1: 0:2 : does not exist [ 602.570877][ T316] usb 3-1: unit 5: unexpected type 0x0c [ 602.600982][ T316] usb 3-1: USB disconnect, device number 47 [ 603.055462][T21597] loop3: detected capacity change from 0 to 256 [ 603.111086][ T28] audit: type=1326 audit(1852353058.628:5030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21605 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12cc07cea9 code=0x0 [ 603.164237][ T28] audit: type=1400 audit(1852353058.675:5031): avc: denied { watch watch_reads } for pid=21618 comm="syz-executor.3" path="/root/syzkaller-testdir1788367978/syzkaller.irXebf/12/file0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 603.211738][T21623] loop3: detected capacity change from 0 to 256 [ 603.224378][ T28] audit: type=1326 audit(1852353058.731:5032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21605 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12cc07cea9 code=0x0 [ 603.553838][T21654] loop3: detected capacity change from 0 to 40427 [ 603.561412][T21654] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 603.569768][T21654] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 603.578395][T21654] F2FS-fs (loop3): invalid crc value [ 603.585103][T21654] F2FS-fs (loop3): Found nat_bits in checkpoint [ 603.609301][T21654] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 603.616281][T21654] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 603.626087][T21654] syz-executor.3: attempt to access beyond end of device [ 603.626087][T21654] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 603.688444][T21661] tmpfs: Unknown parameter '"' [ 603.761708][ T4737] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 604.136236][ T28] audit: type=1326 audit(1852353059.591:5033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21697 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba67c7cea9 code=0x7fc00000 [ 604.146561][ T4737] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 604.160145][ T28] audit: type=1326 audit(1852353059.591:5034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21697 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fba67c7cea9 code=0x7fc00000 [ 604.170301][ T4737] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 604.285979][ T4737] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 604.295015][ T4737] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 604.302855][ T4737] usb 3-1: SerialNumber: syz [ 604.311180][T21713] overlayfs: statfs failed on './file0' [ 604.408120][ T28] audit: type=1326 audit(1852353059.835:5035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21716 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11d847cea9 code=0x7ffc0000 [ 604.432903][ T28] audit: type=1326 audit(1852353059.835:5036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21716 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11d847cea9 code=0x7ffc0000 [ 604.606746][ T4737] usb 3-1: 0:2 : does not exist [ 604.611644][ T4737] usb 3-1: unit 5: unexpected type 0x0c [ 604.620484][ T4737] usb 3-1: USB disconnect, device number 48 [ 604.828161][T21729] xt_l2tp: v2 doesn't support IP mode [ 605.228285][T21756] kvm: pic: non byte read [ 605.232611][T21756] kvm: pic: non byte read [ 605.237158][T21756] kvm: pic: level sensitive irq not supported [ 605.237235][T21756] kvm: pic: non byte read [ 605.266479][T21756] kvm: pic: non byte read [ 605.271616][T21756] kvm: pic: non byte read [ 605.275939][T21756] kvm: pic: level sensitive irq not supported [ 605.276035][T21756] kvm: pic: non byte read [ 605.826456][T21784] loop2: detected capacity change from 0 to 512 [ 605.833338][T21784] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 605.846641][T21784] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 605.859961][T21784] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 605.872882][T21784] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 605.908349][T21784] EXT4-fs (loop2): 1 orphan inode deleted [ 605.958945][T21784] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 606.114373][T20293] EXT4-fs (loop2): unmounting filesystem. [ 606.189700][T21798] loop2: detected capacity change from 0 to 2048 [ 606.200357][T21798] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 606.208799][T21798] ext4 filesystem being mounted at /root/syzkaller-testdir3066071213/syzkaller.skO1SX/120/bus supports timestamps until 2038 (0x7fffffff) [ 606.233348][T20293] EXT4-fs (loop2): unmounting filesystem. [ 606.462743][T21813] input: syz1 as /devices/virtual/input/input75 [ 607.649416][ T28] kauditd_printk_skb: 8248 callbacks suppressed [ 607.649433][ T28] audit: type=1326 audit(1852353062.398:13285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21802 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe4f74402e9 code=0x7ffc0000 [ 607.739178][T21866] syz-executor.2[21866] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 607.739264][T21866] syz-executor.2[21866] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 607.930998][T15881] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 607.954786][T21906] Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 608.218555][T21925] loop0: detected capacity change from 0 to 2048 [ 608.225786][T21925] EXT4-fs (loop0): unsupported inode size: 0 [ 608.231813][T21925] EXT4-fs (loop0): blocksize: 4096 [ 608.326596][T15881] usb 4-1: config 0 has an invalid interface number: 169 but max is 1 [ 608.337456][T15881] usb 4-1: config 0 has no interface number 1 [ 608.508313][T15881] usb 4-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=e9.34 [ 608.527960][T15881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.535783][T15881] usb 4-1: Product: syz [ 608.539785][T15881] usb 4-1: Manufacturer: syz [ 608.544207][T15881] usb 4-1: SerialNumber: syz [ 608.549256][T15881] usb 4-1: config 0 descriptor?? [ 608.822679][T15881] usb 4-1: USB disconnect, device number 49 [ 608.844155][T21933] syz-executor.2[21933] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 608.844202][T21933] syz-executor.2[21933] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 608.946629][ T24] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 609.384966][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 609.395747][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 609.408940][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 609.417816][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.426074][ T24] usb 5-1: config 0 descriptor?? [ 609.963116][ T24] plantronics 0003:047F:FFFF.005A: unknown main item tag 0x0 [ 609.972556][ T24] plantronics 0003:047F:FFFF.005A: unknown main item tag 0x0 [ 609.985022][ T24] plantronics 0003:047F:FFFF.005A: No inputs registered, leaving [ 610.029807][ T24] plantronics 0003:047F:FFFF.005A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 610.042967][T21964] syz-executor.2[21964] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 610.043050][T21964] syz-executor.2[21964] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 611.162138][T21994] netem: change failed [ 611.865559][ T316] usb 5-1: USB disconnect, device number 52 [ 611.969733][T22023] netem: change failed [ 612.164149][T22030] loop4: detected capacity change from 0 to 40427 [ 612.171376][T22030] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 612.179043][T22030] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 612.187915][T22030] F2FS-fs (loop4): invalid crc value [ 612.194772][T22030] F2FS-fs (loop4): Found nat_bits in checkpoint [ 612.232755][T22030] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 612.239966][T22030] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 612.252555][ T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 612.261852][ T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 612.279408][T22030] F2FS-fs (loop4): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint [ 612.381167][T22078] loop4: detected capacity change from 0 to 512 [ 612.391736][T22078] EXT4-fs (loop4): 1 truncate cleaned up [ 612.397782][T22078] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 612.417185][T22078] EXT4-fs error (device loop4): __ext4_get_inode_loc:4497: comm syz-executor.4: Invalid inode table block 0 in block_group 0 [ 612.419354][T22084] netlink: 488 bytes leftover after parsing attributes in process `syz-executor.2'. [ 612.430324][T22078] EXT4-fs error (device loop4): __ext4_get_inode_loc:4497: comm syz-executor.4: Invalid inode table block 0 in block_group 0 [ 612.452416][T22078] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 612.462126][T22078] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #12: comm syz-executor.4: mark_inode_dirty error [ 612.476796][T22078] EXT4-fs error (device loop4): __ext4_get_inode_loc:4497: comm syz-executor.4: Invalid inode table block 0 in block_group 0 [ 612.494026][T18420] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 13: comm syz-executor.4: lblock 0 mapped to illegal pblock 13 (length 1) [ 612.508970][T18420] EXT4-fs warning (device loop4): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.4: error -117 reading directory block [ 612.523387][T18420] EXT4-fs error (device loop4): __ext4_get_inode_loc:4497: comm syz-executor.4: Invalid inode table block 0 in block_group 0 [ 612.536482][T18420] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 612.545770][T22093] loop2: detected capacity change from 0 to 256 [ 612.546161][T18420] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz-executor.4: mark_inode_dirty error [ 612.554253][T22093] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 612.575191][ T10] EXT4-fs error (device loop4): __ext4_get_inode_loc:4497: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 612.589169][T18420] EXT4-fs (loop4): unmounting filesystem. [ 612.619835][T22099] device pim6reg1 entered promiscuous mode [ 612.770163][T22115] loop2: detected capacity change from 0 to 256 [ 612.779187][T22115] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 612.811340][T22109] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.818443][T22109] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.825771][T22109] device bridge_slave_0 entered promiscuous mode [ 612.835563][T22109] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.845906][T22109] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.853332][T22109] device bridge_slave_1 entered promiscuous mode [ 612.929823][T22109] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.936727][T22109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.943804][T22109] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.950609][T22109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.985228][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 612.993353][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.001567][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.033297][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 613.059215][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 613.066093][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 613.074244][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 613.082341][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.089339][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 613.097016][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 613.104915][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 613.133637][T22109] device veth0_vlan entered promiscuous mode [ 613.148652][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 613.156968][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 613.171102][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 613.178924][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 613.204201][T22109] device veth1_macvtap entered promiscuous mode [ 613.216584][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 613.224153][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 613.231443][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 613.256038][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 613.264143][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 613.277867][ T226] device bridge_slave_1 left promiscuous mode [ 613.283827][ T226] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.296422][ T226] device bridge_slave_0 left promiscuous mode [ 613.308392][ T226] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.317583][ T226] device veth1_macvtap left promiscuous mode [ 613.327061][ T226] device veth0_vlan left promiscuous mode [ 613.473645][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 613.490381][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 613.498595][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 613.515466][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 613.595844][T22137] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 613.777011][T22151] loop2: detected capacity change from 0 to 2048 [ 613.790837][T22151] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 613.811604][T20293] EXT4-fs (loop2): unmounting filesystem. [ 613.847297][T22157] loop2: detected capacity change from 0 to 2048 [ 613.854480][T22157] EXT4-fs (loop2): unsupported inode size: 0 [ 613.860286][T22157] EXT4-fs (loop2): blocksize: 4096 [ 613.888793][T22153] loop3: detected capacity change from 0 to 40427 [ 613.895484][T22153] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 613.903106][T22153] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 613.911917][T22153] F2FS-fs (loop3): invalid crc value [ 613.918417][T22153] F2FS-fs (loop3): Found nat_bits in checkpoint [ 613.955724][T22153] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 613.962762][T22153] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 613.988958][ T10] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 613.999241][ T10] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 614.023720][T22153] F2FS-fs (loop3): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint [ 615.359556][T22191] loop4: detected capacity change from 0 to 2048 [ 615.392665][T22191] EXT4-fs (loop4): unsupported inode size: 0 [ 615.398650][T22191] EXT4-fs (loop4): blocksize: 4096 [ 615.427601][T22199] device syzkaller0 entered promiscuous mode [ 615.434623][T22199] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487 [ 615.552432][T22219] loop3: detected capacity change from 0 to 256 [ 615.978835][T22230] loop3: detected capacity change from 0 to 2048 [ 616.009986][T22230] EXT4-fs (loop3): unsupported inode size: 0 [ 616.021027][T22230] EXT4-fs (loop3): blocksize: 4096 [ 616.781092][T22281] loop4: detected capacity change from 0 to 1024 [ 616.789294][T22281] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 616.820535][T22109] EXT4-fs (loop4): unmounting filesystem. [ 616.861546][T22287] device pim6reg1 entered promiscuous mode [ 616.920574][T22289] loop4: detected capacity change from 0 to 512 [ 616.927526][T22289] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 616.938787][T22289] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 616.953208][T22289] EXT4-fs (loop4): 1 orphan inode deleted [ 616.959056][T22289] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 616.975111][T22109] EXT4-fs (loop4): unmounting filesystem. [ 617.001547][T20098] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 617.054311][T22299] loop3: detected capacity change from 0 to 256 [ 617.127892][T22305] overlayfs: statfs failed on './file0' [ 617.171217][T22309] loop3: detected capacity change from 0 to 1024 [ 617.191397][T22309] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 617.287738][T21520] EXT4-fs (loop3): unmounting filesystem. [ 617.350131][T22319] loop3: detected capacity change from 0 to 512 [ 617.356771][T22319] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 617.368092][T22319] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 617.383378][T22319] EXT4-fs (loop3): 1 orphan inode deleted [ 617.388932][T22319] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 617.392383][T20098] usb 3-1: config 0 has an invalid interface number: 169 but max is 1 [ 617.408770][T22317] device pim6reg1 entered promiscuous mode [ 617.417092][T20098] usb 3-1: config 0 has no interface number 1 [ 617.424405][T21520] EXT4-fs (loop3): unmounting filesystem. [ 617.595432][T20098] usb 3-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=e9.34 [ 617.612498][T20098] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.620538][T20098] usb 3-1: Product: syz [ 617.624726][T20098] usb 3-1: Manufacturer: syz [ 617.629268][T20098] usb 3-1: SerialNumber: syz [ 617.636859][T20098] usb 3-1: config 0 descriptor?? [ 617.781477][T22331] loop4: detected capacity change from 0 to 256 [ 617.903982][T15881] usb 3-1: USB disconnect, device number 49 [ 619.085587][T22365] loop4: detected capacity change from 0 to 256 [ 619.283248][ T10] device bridge_slave_1 left promiscuous mode [ 619.289333][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.297041][ T28] audit: type=1400 audit(1852353073.772:13286): avc: denied { create } for pid=22386 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 619.340281][ T10] device bridge_slave_0 left promiscuous mode [ 619.360437][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.381312][ T10] device veth1_macvtap left promiscuous mode [ 619.387161][ T10] device veth0_vlan left promiscuous mode [ 619.578371][T22381] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.585457][T22381] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.592753][T22381] device bridge_slave_0 entered promiscuous mode [ 619.599857][T22381] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.606745][T22381] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.613911][T22381] device bridge_slave_1 entered promiscuous mode [ 619.673889][T22381] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.680788][T22381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 619.687859][T22381] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.694768][T22381] bridge0: port 1(bridge_slave_0) entered forwarding state [ 619.735318][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 619.748265][T15881] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.756684][T15881] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.794497][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 619.802653][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.809515][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 619.816799][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 619.824938][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.831813][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 619.840544][T22439] loop3: detected capacity change from 0 to 256 [ 619.847131][T22439] FAT-fs (loop3): Unrecognized mount option "./binderfs/binder0" or missing value [ 619.851095][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 619.870682][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 619.883942][T22381] device veth0_vlan entered promiscuous mode [ 619.904781][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 619.912593][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 619.920295][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 619.938583][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 619.949769][T22381] device veth1_macvtap entered promiscuous mode [ 619.958461][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 619.983188][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 619.996982][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 620.169799][T22450] overlayfs: statfs failed on './file0' [ 620.197550][T22455] loop2: detected capacity change from 0 to 256 [ 620.208916][T22455] FAT-fs (loop2): Directory bread(block 64) failed [ 620.216339][T22455] FAT-fs (loop2): Directory bread(block 65) failed [ 620.222819][T22455] FAT-fs (loop2): Directory bread(block 66) failed [ 620.230186][T22455] FAT-fs (loop2): Directory bread(block 67) failed [ 620.237091][T22455] FAT-fs (loop2): Directory bread(block 68) failed [ 620.243792][T22455] FAT-fs (loop2): Directory bread(block 69) failed [ 620.250293][T22455] FAT-fs (loop2): Directory bread(block 70) failed [ 620.256721][T22455] FAT-fs (loop2): Directory bread(block 71) failed [ 620.263119][T22455] FAT-fs (loop2): Directory bread(block 72) failed [ 620.269870][T22455] FAT-fs (loop2): Directory bread(block 73) failed [ 620.716821][T22482] overlayfs: statfs failed on './file0' [ 621.035958][T22501] loop4: detected capacity change from 0 to 256 [ 621.047199][T22501] FAT-fs (loop4): Directory bread(block 64) failed [ 621.053784][T22501] FAT-fs (loop4): Directory bread(block 65) failed [ 621.060790][T22501] FAT-fs (loop4): Directory bread(block 66) failed [ 621.067344][T22501] FAT-fs (loop4): Directory bread(block 67) failed [ 621.080839][T22501] FAT-fs (loop4): Directory bread(block 68) failed [ 621.087279][T22501] FAT-fs (loop4): Directory bread(block 69) failed [ 621.093867][T22501] FAT-fs (loop4): Directory bread(block 70) failed [ 621.100289][T22501] FAT-fs (loop4): Directory bread(block 71) failed [ 621.106634][T22501] FAT-fs (loop4): Directory bread(block 72) failed [ 621.113057][T22501] FAT-fs (loop4): Directory bread(block 73) failed [ 621.209584][T22515] loop4: detected capacity change from 0 to 2048 [ 621.220817][T22515] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 621.229283][T22515] ext4 filesystem being mounted at /root/syzkaller-testdir2091319928/syzkaller.NtL6JC/63/file0 supports timestamps until 2038 (0x7fffffff) [ 621.284974][T22109] EXT4-fs (loop4): unmounting filesystem. [ 622.113483][T22545] device pim6reg1 entered promiscuous mode [ 622.382368][T22556] loop4: detected capacity change from 0 to 2048 [ 622.396745][T22556] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 622.405264][T22556] ext4 filesystem being mounted at /root/syzkaller-testdir2091319928/syzkaller.NtL6JC/65/file0 supports timestamps until 2038 (0x7fffffff) [ 622.419481][ T28] audit: type=1400 audit(1852353076.681:13287): avc: denied { create } for pid=22560 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 622.442280][T22109] EXT4-fs (loop4): unmounting filesystem. [ 622.483651][T22561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22561 comm=syz-executor.1 [ 622.635400][T22577] device pim6reg1 entered promiscuous mode [ 622.641278][T20098] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 622.759424][ T360] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 622.831903][T22589] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 622.895692][T22594] loop2: detected capacity change from 0 to 512 [ 622.917827][T22594] EXT4-fs error (device loop2): __ext4_iget:5046: inode #14: block 1886221359: comm syz-executor.2: invalid block [ 622.930257][T22594] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 14 (err -117) [ 622.949473][T22594] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 622.963960][T22594] ext4 filesystem being mounted at /root/syzkaller-testdir3066071213/syzkaller.skO1SX/224/file1 supports timestamps until 2038 (0x7fffffff) [ 623.026169][T20098] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.040897][T20098] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.055250][T20098] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 623.064728][T20293] EXT4-fs (loop2): unmounting filesystem. [ 623.070524][T20098] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.083668][T20098] usb 4-1: config 0 descriptor?? [ 623.207958][ T360] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.218858][ T360] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.228583][ T360] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 623.237674][ T360] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.247951][ T360] usb 5-1: config 0 descriptor?? [ 623.614940][T20098] hid (null): bogus close delimiter [ 623.824915][T22608] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 623.871030][T20098] usb 4-1: language id specifier not provided by device, defaulting to English [ 624.138046][ T360] usb 5-1: string descriptor 0 read error: -71 [ 624.159372][ T360] uclogic 0003:256C:006D.005C: failed retrieving string descriptor #200: -71 [ 624.168118][ T360] uclogic 0003:256C:006D.005C: failed retrieving pen parameters: -71 [ 624.176601][ T360] uclogic 0003:256C:006D.005C: failed probing pen v2 parameters: -71 [ 624.186301][ T360] uclogic 0003:256C:006D.005C: failed probing parameters: -71 [ 624.193725][ T360] uclogic: probe of 0003:256C:006D.005C failed with error -71 [ 624.201863][ T360] usb 5-1: USB disconnect, device number 53 [ 624.220999][T22623] loop1: detected capacity change from 0 to 512 [ 624.235504][T22623] EXT4-fs error (device loop1): __ext4_iget:5046: inode #14: block 1886221359: comm syz-executor.1: invalid block [ 624.247631][T22623] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 14 (err -117) [ 624.259873][T22623] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 624.268728][T22623] ext4 filesystem being mounted at /root/syzkaller-testdir2030483270/syzkaller.Cs7pcj/21/file1 supports timestamps until 2038 (0x7fffffff) [ 624.343063][T20098] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005B/input/input77 [ 624.355160][T22381] EXT4-fs (loop1): unmounting filesystem. [ 624.355737][T20098] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005B/input/input78 [ 624.373057][T20098] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005B/input/input79 [ 624.385964][T20098] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005B/input/input80 [ 624.398468][T20098] uclogic 0003:256C:006D.005B: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 624.501508][T15881] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 624.521271][T22635] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 624.570637][ T4737] usb 4-1: USB disconnect, device number 50 [ 624.667163][T22641] netlink: 'syz-executor.4': attribute type 27 has an invalid length. [ 624.683052][T22641] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.690069][T22641] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.929232][T15881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 624.940447][T15881] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 624.953613][T15881] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 624.962612][T15881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.972590][T15881] usb 3-1: config 0 descriptor?? [ 625.466963][T15881] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 625.476399][T15881] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 625.484554][T15881] plantronics 0003:047F:FFFF.005D: No inputs registered, leaving [ 625.495334][T15881] plantronics 0003:047F:FFFF.005D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 627.257535][T22670] netlink: 'syz-executor.4': attribute type 27 has an invalid length. [ 627.321855][T22685] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 627.356266][T22692] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 627.367396][T22692] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 627.379816][T22690] loop1: detected capacity change from 0 to 512 [ 627.397624][T22690] EXT4-fs error (device loop1): __ext4_iget:5046: inode #14: block 1886221359: comm syz-executor.1: invalid block [ 627.409862][T22690] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 14 (err -117) [ 627.422534][T22690] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 627.431345][T22690] ext4 filesystem being mounted at /root/syzkaller-testdir2030483270/syzkaller.Cs7pcj/28/file1 supports timestamps until 2038 (0x7fffffff) [ 627.462012][T22712] loop3: detected capacity change from 0 to 128 [ 627.470336][T22712] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 627.477998][T22712] FAT-fs (loop3): Filesystem has been set read-only [ 627.495584][T22716] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 627.505196][T22381] EXT4-fs (loop1): unmounting filesystem. [ 627.538405][T22728] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 627.547591][T22728] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 627.569479][T22730] loop1: detected capacity change from 0 to 1024 [ 627.577566][T22730] EXT4-fs: Ignoring removed orlov option [ 627.583409][T22730] EXT4-fs (loop1): Test dummy encryption mode enabled [ 627.591992][T22730] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 627.616328][T22381] EXT4-fs (loop1): unmounting filesystem. [ 627.618328][T22737] loop3: detected capacity change from 0 to 2048 [ 627.629722][T22737] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 627.640431][T22737] xt_bpf: check failed: parse error [ 627.650642][T21520] EXT4-fs (loop3): unmounting filesystem. [ 627.666072][T22743] loop1: detected capacity change from 0 to 128 [ 627.674965][T22743] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 627.686504][T22743] FAT-fs (loop1): Filesystem has been set read-only [ 627.724221][T22758] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 628.020897][ T28] audit: type=1401 audit(1852353081.929:13288): op=setxattr invalid_context=40000720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [ 628.039820][T22789] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 628.290239][T20098] usb 3-1: USB disconnect, device number 50 [ 628.301571][ T28] audit: type=1401 audit(1852353082.191:13289): op=setxattr invalid_context=40000720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [ 628.478338][T15881] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 628.542087][T22813] loop1: detected capacity change from 0 to 40427 [ 628.588823][T22813] F2FS-fs (loop1): invalid crc value [ 628.596192][T22813] F2FS-fs (loop1): Found nat_bits in checkpoint [ 628.692199][T22813] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 628.723060][T22842] loop2: detected capacity change from 0 to 512 [ 628.767798][T22844] syz-executor.1: attempt to access beyond end of device [ 628.767798][T22844] loop1: rw=1, sector=53248, nr_sectors = 288 limit=40427 [ 628.782683][T22842] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 628.802480][T22842] ext4 filesystem being mounted at /root/syzkaller-testdir3066071213/syzkaller.skO1SX/238/file0 supports timestamps until 2038 (0x7fffffff) [ 628.837529][T22842] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz-executor.2: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 628.881687][T20293] EXT4-fs (loop2): unmounting filesystem. [ 628.948523][ T28] audit: type=1401 audit(1852353082.789:13290): op=setxattr invalid_context=40000720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [ 629.012945][T15881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 629.135925][T15881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.141369][T22381] syz-executor.1: attempt to access beyond end of device [ 629.141369][T22381] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 629.145724][T15881] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 629.168495][T15881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.177353][T15881] usb 5-1: config 0 descriptor?? [ 629.281628][T22868] loop2: detected capacity change from 0 to 1024 [ 629.288404][T22868] EXT4-fs: Ignoring removed orlov option [ 629.298484][T22868] EXT4-fs (loop2): Test dummy encryption mode enabled [ 629.317801][T22868] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 629.338792][T20293] EXT4-fs (loop2): unmounting filesystem. [ 629.407433][T22878] loop2: detected capacity change from 0 to 256 [ 629.414633][T22878] FAT-fs (loop2): Unrecognized mount option "./binderfs/binder0" or missing value [ 629.666277][T15881] itetech 0003:06CB:73F5.005E: unknown main item tag 0x0 [ 629.673162][T15881] itetech 0003:06CB:73F5.005E: unknown main item tag 0x0 [ 629.692240][T15881] itetech 0003:06CB:73F5.005E: unbalanced collection at end of report description [ 629.723240][T15881] itetech: probe of 0003:06CB:73F5.005E failed with error -22 [ 629.903838][T15881] usb 5-1: USB disconnect, device number 54 [ 630.221741][ T28] audit: type=1326 audit(1852353083.987:13291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22904 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 630.267657][ T28] audit: type=1326 audit(1852353083.987:13292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22904 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 630.299896][ T28] audit: type=1326 audit(1852353084.015:13293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22904 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 630.323999][ T28] audit: type=1326 audit(1852353084.015:13294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22904 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 630.362585][ T28] audit: type=1326 audit(1852353084.015:13295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22904 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 630.399596][ T28] audit: type=1326 audit(1852353084.015:13296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22904 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 630.423931][ T28] audit: type=1326 audit(1852353084.015:13297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22904 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f747cea9 code=0x7ffc0000 [ 630.480906][T22913] loop2: detected capacity change from 0 to 256 [ 631.696304][T22973] input: syz1 as /devices/virtual/input/input81 [ 631.760384][ T335] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 631.787331][T22979] loop2: detected capacity change from 0 to 256 [ 631.797871][T22979] FAT-fs (loop2): Directory bread(block 64) failed [ 631.804320][T22979] FAT-fs (loop2): Directory bread(block 65) failed [ 631.810847][T22979] FAT-fs (loop2): Directory bread(block 66) failed [ 631.817467][T22979] FAT-fs (loop2): Directory bread(block 67) failed [ 631.823866][T22979] FAT-fs (loop2): Directory bread(block 68) failed [ 631.830550][T22979] FAT-fs (loop2): Directory bread(block 69) failed [ 631.837185][T22979] FAT-fs (loop2): Directory bread(block 70) failed [ 631.843626][T22979] FAT-fs (loop2): Directory bread(block 71) failed [ 631.850403][T22979] FAT-fs (loop2): Directory bread(block 72) failed [ 631.856989][T22979] FAT-fs (loop2): Directory bread(block 73) failed [ 631.866165][T22983] SELinux: security_context_str_to_sid (sysadm_u:uid>00000000000000000000@:50 [ 631.866165][T22983] refcnt : 1 [ 631.866165][T22983] selftest : passed [ 631.866165][T22983] internal : yes [ 631.866165][T22983] type : skcipher [ 631.866165][T22983] async : yes [ 631.866165][T22983] blocksize : 16 [ 631.866165][T22983] min keysize : 16 [ 631.866165][T22983] max keysize : 32 [ 631.866165][T22983] ivsize : 16 [ 631.866165][T22983] chunksize : 16 [ 631.866165][T22983] walksize : 16 [ 631.866165][T22983] [ 631.866165][T22983] name : essiv(cbc(aes)) failed with errno=-22 [ 632.198713][ T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 632.212988][ T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.227252][ T335] usb 4-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 632.240792][ T335] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.253449][ T335] usb 4-1: config 0 descriptor?? [ 632.444773][T23012] loop1: detected capacity change from 0 to 256 [ 632.471752][T23012] FAT-fs (loop1): Directory bread(block 64) failed [ 632.487325][T23012] FAT-fs (loop1): Directory bread(block 65) failed [ 632.504577][T23012] FAT-fs (loop1): Directory bread(block 66) failed [ 632.511826][T23012] FAT-fs (loop1): Directory bread(block 67) failed [ 632.518266][T23012] FAT-fs (loop1): Directory bread(block 68) failed [ 632.524650][T23012] FAT-fs (loop1): Directory bread(block 69) failed [ 632.531272][T23012] FAT-fs (loop1): Directory bread(block 70) failed [ 632.537645][T23012] FAT-fs (loop1): Directory bread(block 71) failed [ 632.544046][T23012] FAT-fs (loop1): Directory bread(block 72) failed [ 632.550414][T23012] FAT-fs (loop1): Directory bread(block 73) failed [ 632.620987][T23014] SELinux: security_context_str_to_sid (sysadm_u:uid>00000000000000000000@:50 [ 632.620987][T23014] refcnt : 1 [ 632.620987][T23014] selftest : passed [ 632.620987][T23014] internal : yes [ 632.620987][T23014] type : skcipher [ 632.620987][T23014] async : yes [ 632.620987][T23014] blocksize : 16 [ 632.620987][T23014] min keysize : 16 [ 632.620987][T23014] max keysize : 32 [ 632.620987][T23014] ivsize : 16 [ 632.620987][T23014] chunksize : 16 [ 632.620987][T23014] walksize : 16 [ 632.620987][T23014] [ 632.620987][T23014] name : essiv(cbc(aes)) failed with errno=-22 [ 632.701144][ T360] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 632.744695][ T335] itetech 0003:06CB:73F5.005F: unknown main item tag 0x0 [ 632.751673][ T335] itetech 0003:06CB:73F5.005F: unknown main item tag 0x0 [ 632.758705][ T335] itetech 0003:06CB:73F5.005F: unbalanced collection at end of report description [ 632.767842][ T335] itetech: probe of 0003:06CB:73F5.005F failed with error -22 [ 632.961534][ T335] usb 4-1: USB disconnect, device number 51 [ 632.968380][ T360] usb 3-1: Using ep0 maxpacket: 32 [ 633.022251][T15881] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 633.203605][ T447] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 633.289171][ T360] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 633.298477][ T360] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.306296][ T360] usb 3-1: Product: syz [ 633.310307][ T360] usb 3-1: Manufacturer: syz [ 633.314760][ T360] usb 3-1: SerialNumber: syz [ 633.319587][ T360] usb 3-1: config 0 descriptor?? [ 633.374966][ T360] hub 3-1:0.0: bad descriptor, ignoring hub [ 633.380770][ T360] hub: probe of 3-1:0.0 failed with error -5 [ 633.438838][T15881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 633.449531][T15881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 633.459169][T15881] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 633.460153][ T447] usb 5-1: Using ep0 maxpacket: 32 [ 633.468110][T15881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.481360][T15881] usb 2-1: config 0 descriptor?? [ 633.541023][T23030] device bridge_slave_0 left promiscuous mode [ 633.547058][T23030] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.599209][ T447] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 633.620509][ T447] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 633.667704][T23034] loop3: detected capacity change from 0 to 40427 [ 633.675163][T23034] F2FS-fs (loop3): invalid crc value [ 633.681107][T23034] F2FS-fs (loop3): Found nat_bits in checkpoint [ 633.704095][T23034] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 633.749085][ T360] usb 3-1: USB disconnect, device number 51 [ 633.751391][ T447] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 633.764551][ T447] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 633.772754][ T447] usb 5-1: Product: syz [ 633.776884][ T447] usb 5-1: Manufacturer: syz [ 633.823918][ T447] hub 5-1:4.0: USB hub found [ 634.058912][ T447] hub 5-1:4.0: 2 ports detected [ 634.059090][T15881] hid (null): bogus close delimiter [ 634.275500][T23040] loop2: detected capacity change from 0 to 256 [ 634.287011][T23040] FAT-fs (loop2): Directory bread(block 64) failed [ 634.293367][T23040] FAT-fs (loop2): Directory bread(block 65) failed [ 634.299904][T15881] usb 2-1: string descriptor 0 read error: -22 [ 634.300560][T23040] FAT-fs (loop2): Directory bread(block 66) failed [ 634.312307][T23040] FAT-fs (loop2): Directory bread(block 67) failed [ 634.318707][T23040] FAT-fs (loop2): Directory bread(block 68) failed [ 634.325053][T23040] FAT-fs (loop2): Directory bread(block 69) failed [ 634.331481][T23040] FAT-fs (loop2): Directory bread(block 70) failed [ 634.337794][T23040] FAT-fs (loop2): Directory bread(block 71) failed [ 634.344101][T23040] FAT-fs (loop2): Directory bread(block 72) failed [ 634.350411][T23040] FAT-fs (loop2): Directory bread(block 73) failed [ 634.384129][T23042] SELinux: security_context_str_to_sid (sysadm_u:uid>00000000000000000000@:50 [ 634.384129][T23042] refcnt : 1 [ 634.384129][T23042] selftest : passed [ 634.384129][T23042] internal : yes [ 634.384129][T23042] type : skcipher [ 634.384129][T23042] async : yes [ 634.384129][T23042] blocksize : 16 [ 634.384129][T23042] min keysize : 16 [ 634.384129][T23042] max keysize : 32 [ 634.384129][T23042] ivsize : 16 [ 634.384129][T23042] chunksize : 16 [ 634.384129][T23042] walksize : 16 [ 634.384129][T23042] [ 634.384129][T23042] name : essiv(cbc(aes)) failed with errno=-22 [ 634.502120][T21520] syz-executor.3: attempt to access beyond end of device [ 634.502120][T21520] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 634.520069][T21520] syz-executor.3: attempt to access beyond end of device [ 634.520069][T21520] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 634.552069][ T226] kworker/u4:3: attempt to access beyond end of device [ 634.552069][ T226] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 634.583966][T15881] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0060/input/input82 [ 634.597006][T15881] uclogic 0003:256C:006D.0060: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 634.617987][T23050] loop2: detected capacity change from 0 to 40427 [ 634.624997][T23050] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 634.632801][T23050] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 634.673892][T23050] F2FS-fs (loop2): invalid crc value [ 634.680208][T23050] F2FS-fs (loop2): Found nat_bits in checkpoint [ 634.717476][T23050] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 634.724395][T23050] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 634.771929][ T343] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 634.781008][ T343] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 634.811364][T20098] usb 2-1: USB disconnect, device number 48 [ 634.881839][T23056] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.888769][T23056] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.895948][T23056] device bridge_slave_0 entered promiscuous mode [ 634.902718][T23056] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.909919][T23056] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.917169][T23056] device bridge_slave_1 entered promiscuous mode [ 634.958392][T23056] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.965257][T23056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 634.972336][T23056] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.979175][T23056] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.996869][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 635.004485][ T447] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.011541][ T447] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.032925][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 635.042080][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 635.050167][ T447] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.057021][ T447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 635.065668][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 635.073580][ T447] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.080329][ T447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.087881][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 635.095607][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 635.105298][T23056] device veth0_vlan entered promiscuous mode [ 635.115418][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 635.123467][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 635.131456][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 635.143024][T23056] device veth1_macvtap entered promiscuous mode [ 635.154928][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 635.162991][T15881] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 635.171288][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 635.179731][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 635.249532][T23071] device syzkaller0 entered promiscuous mode [ 635.259135][ T226] device bridge_slave_1 left promiscuous mode [ 635.265078][ T226] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.272693][ T226] device veth1_macvtap left promiscuous mode [ 635.278551][ T226] device veth0_vlan left promiscuous mode [ 635.385582][T23069] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.392436][T23069] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.400119][T23069] device bridge_slave_0 entered promiscuous mode [ 635.408486][T23069] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.415379][T23069] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.422924][T23069] device bridge_slave_1 entered promiscuous mode [ 635.427570][ T447] hub 5-1:4.0: activate --> -90 [ 635.470492][T23082] input: syz1 as /devices/virtual/input/input83 [ 635.484772][T23069] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.491730][T23069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.498783][T23069] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.505621][T23069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 635.530297][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 635.538498][ T1043] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.546132][ T1043] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.566317][T15881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 635.578522][T15881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 635.589129][T15881] usb 3-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 635.599993][T15881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.600173][ T28] kauditd_printk_skb: 52 callbacks suppressed [ 635.600186][ T28] audit: type=1326 audit(1852353089.019:13350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa4e7cea9 code=0x7ffc0000 [ 635.638430][T15881] usb 3-1: config 0 descriptor?? [ 635.639902][ T28] audit: type=1326 audit(1852353089.019:13351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa4e7cea9 code=0x7ffc0000 [ 635.667428][ T28] audit: type=1326 audit(1852353089.019:13352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fa4e7cea9 code=0x7ffc0000 [ 636.320291][T21152] usb 5-1: USB disconnect, device number 55 [ 636.326266][ T28] audit: type=1326 audit(1852353089.019:13353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa4e7cea9 code=0x7ffc0000 [ 636.350364][ T28] audit: type=1326 audit(1852353089.019:13354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa4e7cea9 code=0x7ffc0000 [ 636.375019][ T28] audit: type=1326 audit(1852353089.028:13355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fa4e7cea9 code=0x7ffc0000 [ 636.399126][ T28] audit: type=1326 audit(1852353089.047:13356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa4e7cea9 code=0x7ffc0000 [ 636.423302][ T28] audit: type=1326 audit(1852353089.066:13357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4fa4e7a627 code=0x7ffc0000 [ 636.447463][ T28] audit: type=1326 audit(1852353089.066:13358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4fa4e402e9 code=0x7ffc0000 [ 636.448343][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 636.471571][ T28] audit: type=1326 audit(1852353089.066:13359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4fa4e7a627 code=0x7ffc0000 [ 636.479925][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 636.514239][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 636.521572][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 636.521843][T23090] SELinux: security_context_str_to_sid (sysadm_u:uid>00000000000000000000@:50 [ 636.521843][T23090] refcnt : 1 [ 636.521843][T23090] selftest : passed [ 636.521843][T23090] internal : yes [ 636.521843][T23090] type : skcipher [ 636.521843][T23090] async : yes [ 636.521843][T23090] blocksize : 16 [ 636.521843][T23090] min keysize : 16 [ 636.521843][T23090] max keysize : 32 [ 636.521843][T23090] ivsize : 16 [ 636.521843][T23090] chunksize : 16 [ 636.521843][T23090] walksize : 16 [ 636.521843][T23090] [ 636.521843][T23090] name : essiv(cbc(aes)) failed with errno=-22 [ 636.528907][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 636.597888][T20098] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.604757][T20098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.611954][ T447] usb 5-1-port2: config error [ 636.616772][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 636.624828][T20098] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.631645][T20098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 636.638799][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 636.646604][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 636.654648][T23069] device veth0_vlan entered promiscuous mode [ 636.674918][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 636.682899][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 636.692140][T23069] device veth1_macvtap entered promiscuous mode [ 636.700849][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 636.708202][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 636.731803][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 636.745170][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 636.753471][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 636.769547][T23098] syz-executor.3[23098] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 636.769620][T23098] syz-executor.3[23098] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 636.841497][T15881] itetech 0003:06CB:73F5.0061: unknown main item tag 0x0 [ 636.860541][T15881] itetech 0003:06CB:73F5.0061: unknown main item tag 0x0 [ 636.867411][T15881] itetech 0003:06CB:73F5.0061: unbalanced collection at end of report description [ 636.877943][T23100] device bridge_slave_0 left promiscuous mode [ 636.883927][T23100] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.890861][T15881] itetech: probe of 0003:06CB:73F5.0061 failed with error -22 [ 636.990524][T23110] device syzkaller0 entered promiscuous mode [ 637.030890][ T24] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 637.083482][T20098] usb 3-1: USB disconnect, device number 52 [ 637.555111][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 637.680332][T23130] loop4: detected capacity change from 0 to 256 [ 637.694445][T23130] FAT-fs (loop4): Directory bread(block 64) failed [ 637.700832][T23130] FAT-fs (loop4): Directory bread(block 65) failed [ 637.707688][T23130] FAT-fs (loop4): Directory bread(block 66) failed [ 637.714062][T23130] FAT-fs (loop4): Directory bread(block 67) failed [ 637.720462][T23130] FAT-fs (loop4): Directory bread(block 68) failed [ 637.726854][T23130] FAT-fs (loop4): Directory bread(block 69) failed [ 637.733317][T23130] FAT-fs (loop4): Directory bread(block 70) failed [ 637.740033][T23130] FAT-fs (loop4): Directory bread(block 71) failed [ 637.746497][T23130] FAT-fs (loop4): Directory bread(block 72) failed [ 637.752876][T23130] FAT-fs (loop4): Directory bread(block 73) failed [ 637.790519][ T226] device bridge_slave_1 left promiscuous mode [ 637.796573][ T226] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.804115][ T226] device bridge_slave_0 left promiscuous mode [ 637.810179][ T226] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.828111][ T226] device veth1_macvtap left promiscuous mode [ 637.843458][ T226] device veth0_vlan left promiscuous mode [ 637.854121][T23136] overlayfs: statfs failed on './file0' [ 637.922552][ T24] usb 2-1: New USB device found, idVendor=061c, idProduct=c084, bcdDevice=91.db [ 637.940599][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.949313][ T24] usb 2-1: Product: syz [ 637.956208][ T24] usb 2-1: Manufacturer: syz [ 637.957199][T23138] loop3: detected capacity change from 0 to 40427 [ 637.961371][ T24] usb 2-1: SerialNumber: syz [ 637.968477][T23138] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 637.973715][ T24] usb 2-1: config 0 descriptor?? [ 637.979906][T23138] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 638.007168][T23138] F2FS-fs (loop3): invalid crc value [ 638.072947][ T24] usb-storage 2-1:0.0: USB Mass Storage device detected [ 638.208523][T23138] F2FS-fs (loop3): Found nat_bits in checkpoint [ 638.250239][ T24] usb 2-1: USB disconnect, device number 49 [ 638.287731][T23138] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 638.295202][T23138] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 638.332472][ T343] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 638.341576][ T343] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 638.630914][T23174] loop3: detected capacity change from 0 to 256 [ 638.642973][T23174] FAT-fs (loop3): Directory bread(block 64) failed [ 638.649446][T23174] FAT-fs (loop3): Directory bread(block 65) failed [ 638.655881][T23174] FAT-fs (loop3): Directory bread(block 66) failed [ 638.662146][T23174] FAT-fs (loop3): Directory bread(block 67) failed [ 638.668577][T23174] FAT-fs (loop3): Directory bread(block 68) failed [ 638.675000][T23174] FAT-fs (loop3): Directory bread(block 69) failed [ 638.681475][T23174] FAT-fs (loop3): Directory bread(block 70) failed [ 638.687938][T23174] FAT-fs (loop3): Directory bread(block 71) failed [ 638.694326][T23174] FAT-fs (loop3): Directory bread(block 72) failed [ 638.700665][ T1043] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 638.700690][T23174] FAT-fs (loop3): Directory bread(block 73) failed [ 638.760764][T23178] overlayfs: statfs failed on './file0' [ 638.851923][T23188] syz-executor.0[23188] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 638.852024][T23188] syz-executor.0[23188] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 638.953432][T23199] loop3: detected capacity change from 0 to 256 [ 638.977581][T23199] FAT-fs (loop3): Directory bread(block 64) failed [ 638.984111][T23199] FAT-fs (loop3): Directory bread(block 65) failed [ 638.993035][T23197] syz-executor.0[23197] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 638.993105][T23197] syz-executor.0[23197] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 639.008597][ T1043] usb 3-1: Using ep0 maxpacket: 8 [ 639.009890][T23199] FAT-fs (loop3): Directory bread(block 66) failed [ 639.031730][T23199] FAT-fs (loop3): Directory bread(block 67) failed [ 639.038365][T23199] FAT-fs (loop3): Directory bread(block 68) failed [ 639.044750][T23199] FAT-fs (loop3): Directory bread(block 69) failed [ 639.051561][T23199] FAT-fs (loop3): Directory bread(block 70) failed [ 639.058107][T23199] FAT-fs (loop3): Directory bread(block 71) failed [ 639.064536][T23199] FAT-fs (loop3): Directory bread(block 72) failed [ 639.070795][T23199] FAT-fs (loop3): Directory bread(block 73) failed [ 640.265229][ T1043] usb 3-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 640.360261][ T1043] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 640.369061][ T1043] usb 3-1: config 1 has no interface number 1 [ 640.374934][ T1043] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 640.420570][T23215] loop0: detected capacity change from 0 to 256 [ 640.429211][T23215] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 640.441451][T23215] exFAT-fs (loop0): IO charset iso8859d=A$땖Y.c̜*wwH/WZ7s4 W.k0x00000000ffffffff not found [ 640.569904][T23234] __nla_validate_parse: 1 callbacks suppressed [ 640.569925][T23234] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 640.588595][T23236] syz-executor.3[23236] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 640.588668][T23236] syz-executor.3[23236] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 640.594491][T23238] loop1: detected capacity change from 0 to 256 [ 640.623010][ T1043] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 640.632134][ T1043] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.640369][T23238] FAT-fs (loop1): Directory bread(block 64) failed [ 640.640534][ T1043] usb 3-1: Product: syz [ 640.650808][ T1043] usb 3-1: Manufacturer: syz [ 640.655661][ T1043] usb 3-1: SerialNumber: syz [ 640.663953][T23238] FAT-fs (loop1): Directory bread(block 65) failed [ 640.677076][T23238] FAT-fs (loop1): Directory bread(block 66) failed [ 640.683673][T23238] FAT-fs (loop1): Directory bread(block 67) failed [ 640.690271][T23238] FAT-fs (loop1): Directory bread(block 68) failed [ 640.750210][T23238] FAT-fs (loop1): Directory bread(block 69) failed [ 640.756843][T23238] FAT-fs (loop1): Directory bread(block 70) failed [ 640.763653][T23238] FAT-fs (loop1): Directory bread(block 71) failed [ 640.770217][T23238] FAT-fs (loop1): Directory bread(block 72) failed [ 640.776988][T23238] FAT-fs (loop1): Directory bread(block 73) failed [ 640.915023][T23252] loop1: detected capacity change from 0 to 256 [ 640.923727][T23252] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 640.936091][T23252] exFAT-fs (loop1): IO charset iso8859d=A$땖Y.c̜*wwH/WZ7s4 W.k0x00000000ffffffff not found [ 641.039941][ T1043] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 641.047756][ T1043] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 641.120101][ T1043] usb 3-1: USB disconnect, device number 53 [ 641.124353][T23268] loop1: detected capacity change from 0 to 256 [ 641.142726][T23268] FAT-fs (loop1): Directory bread(block 64) failed [ 641.152513][T23268] FAT-fs (loop1): Directory bread(block 65) failed [ 641.162253][T23268] FAT-fs (loop1): Directory bread(block 66) failed [ 641.173040][T23268] FAT-fs (loop1): Directory bread(block 67) failed [ 641.180534][T23268] FAT-fs (loop1): Directory bread(block 68) failed [ 641.192356][T23268] FAT-fs (loop1): Directory bread(block 69) failed [ 641.202095][T23268] FAT-fs (loop1): Directory bread(block 70) failed [ 641.210848][T23268] FAT-fs (loop1): Directory bread(block 71) failed [ 641.221545][T23268] FAT-fs (loop1): Directory bread(block 72) failed [ 641.227875][T23268] FAT-fs (loop1): Directory bread(block 73) failed [ 641.344005][T23269] loop3: detected capacity change from 0 to 40427 [ 641.379931][T23269] F2FS-fs (loop3): invalid crc value [ 641.400848][T23269] F2FS-fs (loop3): Found nat_bits in checkpoint [ 641.490187][T23269] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 641.524774][T23284] loop4: detected capacity change from 0 to 256 [ 641.533163][T23284] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 641.545984][T23284] exFAT-fs (loop4): IO charset iso8859d=A$땖Y.c̜*wwH/WZ7s4 W.k0x00000000ffffffff not found [ 641.634111][T23269] syz-executor.3: attempt to access beyond end of device [ 641.634111][T23269] loop3: rw=1, sector=53248, nr_sectors = 496 limit=40427 [ 641.769326][T23306] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.776177][T23306] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.783578][T23306] device bridge_slave_0 entered promiscuous mode [ 641.790695][T23306] bridge0: port 2(bridge_slave_1) entered blocking state [ 641.797621][T23306] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.805003][T23306] device bridge_slave_1 entered promiscuous mode [ 641.852288][ T24] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 641.883464][T23306] bridge0: port 2(bridge_slave_1) entered blocking state [ 641.890345][T23306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 641.897994][T23306] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.904845][T23306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 641.936495][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 641.944159][ T1043] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.951967][ T1043] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.962096][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 641.970961][T15881] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.977826][T15881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 641.987755][T23056] syz-executor.3: attempt to access beyond end of device [ 641.987755][T23056] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 642.002531][T21152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 642.010670][T21152] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.017543][T21152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 642.027935][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 642.045714][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 642.064259][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 642.079492][T23306] device veth0_vlan entered promiscuous mode [ 642.086136][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 642.096263][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 642.103605][T15881] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 642.118049][T23306] device veth1_macvtap entered promiscuous mode [ 642.126311][T21152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 642.138727][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 642.150332][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 642.259905][T23317] device bridge1 entered promiscuous mode [ 642.309699][T23320] loop4: detected capacity change from 0 to 40427 [ 642.317119][T23320] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 642.325101][T23320] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 642.983088][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 643.003064][T23320] F2FS-fs (loop4): invalid crc value [ 643.008938][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 643.018558][ T24] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 643.029656][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.031560][T23320] F2FS-fs (loop4): Found nat_bits in checkpoint [ 643.038142][ T24] usb 1-1: config 0 descriptor?? [ 643.244751][ T226] device bridge_slave_1 left promiscuous mode [ 643.296393][ T226] bridge0: port 2(bridge_slave_1) entered disabled state [ 643.353770][ T226] device bridge_slave_0 left promiscuous mode [ 643.359797][ T226] bridge0: port 1(bridge_slave_0) entered disabled state [ 643.373090][T23320] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 643.379961][T23320] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 643.782301][ T24] itetech 0003:06CB:73F5.0062: unknown main item tag 0x0 [ 643.800245][ T24] itetech 0003:06CB:73F5.0062: unknown main item tag 0x0 [ 643.810260][ T343] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 643.820166][ T343] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 643.834771][ T24] itetech 0003:06CB:73F5.0062: unbalanced collection at end of report description [ 643.880580][ T24] itetech: probe of 0003:06CB:73F5.0062 failed with error -22 [ 643.906644][T23354] overlayfs: failed to resolve './file0': -2 [ 644.129362][ T24] usb 1-1: USB disconnect, device number 54 [ 644.228654][T23361] loop4: detected capacity change from 0 to 1024 [ 644.235329][T23361] EXT4-fs: Ignoring removed orlov option [ 644.241050][T23361] EXT4-fs: Ignoring removed nomblk_io_submit option [ 644.259610][T23361] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 644.278451][T23361] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 644.292028][T23361] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 644.313569][T23306] EXT4-fs (loop4): unmounting filesystem. [ 644.352714][T23370] syz-executor.4[23370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 644.352786][T23370] syz-executor.4[23370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 644.450817][T23378] syz-executor.4[23378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 644.464007][T23378] syz-executor.4[23378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 644.479688][T23380] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.480138][T23345] loop1: detected capacity change from 0 to 131072 [ 644.508477][T23380] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.509957][T23345] F2FS-fs (loop1): invalid crc value [ 644.517865][T23380] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.524187][T23345] F2FS-fs (loop1): Found nat_bits in checkpoint [ 644.569946][T23345] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 644.591311][T23345] F2FS-fs (loop1): sanity_check_inode: corrupted inode footer i_ino=7, ino,nid: [2097159, 7] run fsck to fix. [ 644.684746][T23399] device pim6reg1 entered promiscuous mode [ 644.781254][T23413] input: syz1 as /devices/virtual/input/input84 [ 644.789197][T23416] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.798428][T23416] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.807554][T23416] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.932407][T23429] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 644.939435][T23429] IPv6: NLM_F_CREATE should be set when creating new route [ 644.946608][T23429] IPv6: NLM_F_CREATE should be set when creating new route [ 645.094196][T23437] device veth0_vlan left promiscuous mode [ 645.121417][T23437] device veth0_vlan entered promiscuous mode [ 645.192551][T23444] device pim6reg1 entered promiscuous mode [ 645.807741][T23426] loop1: detected capacity change from 0 to 131072 [ 645.815478][T23426] F2FS-fs (loop1): invalid crc value [ 645.822122][T23426] F2FS-fs (loop1): Found nat_bits in checkpoint [ 645.863042][T23426] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 645.886703][T23426] F2FS-fs (loop1): sanity_check_inode: corrupted inode footer i_ino=7, ino,nid: [2097159, 7] run fsck to fix. [ 645.927277][T23462] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 645.934333][T23462] IPv6: NLM_F_CREATE should be set when creating new route [ 645.941384][T23462] IPv6: NLM_F_CREATE should be set when creating new route [ 646.000243][ T24] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 646.054237][T23479] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 646.063388][T23479] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 646.072900][T23479] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 646.080861][T23479] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 646.112105][T23487] input: syz1 as /devices/virtual/input/input85 [ 646.271419][T23495] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 646.278499][T23495] IPv6: NLM_F_CREATE should be set when creating new route [ 646.285585][T23495] IPv6: NLM_F_CREATE should be set when creating new route [ 646.288867][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 646.417221][ T24] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 646.426086][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.443591][ T24] usb 1-1: config 0 descriptor?? [ 646.471105][T23505] device veth0_vlan left promiscuous mode [ 646.477267][T23505] device veth0_vlan entered promiscuous mode [ 646.702907][T23490] loop2: detected capacity change from 0 to 131072 [ 646.711369][T23490] F2FS-fs (loop2): invalid crc value [ 646.728009][T23490] F2FS-fs (loop2): Found nat_bits in checkpoint [ 646.791369][T20098] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 646.798824][T23490] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 646.831748][T23490] F2FS-fs (loop2): sanity_check_inode: corrupted inode footer i_ino=7, ino,nid: [2097159, 7] run fsck to fix. [ 647.022026][T23516] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 647.031619][T23516] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 647.041437][T23516] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 647.048000][T20098] usb 2-1: Using ep0 maxpacket: 16 [ 647.050585][T23516] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 647.080882][T23520] loop4: detected capacity change from 0 to 256 [ 647.089880][T23520] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 647.096639][T23524] loop2: detected capacity change from 0 to 1024 [ 647.108604][T23524] EXT4-fs: Ignoring removed orlov option [ 647.114297][T23524] EXT4-fs: Ignoring removed nomblk_io_submit option [ 647.134723][T23524] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 647.143992][T23528] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 647.151063][T23528] IPv6: NLM_F_CREATE should be set when creating new route [ 647.158105][T23528] IPv6: NLM_F_CREATE should be set when creating new route [ 647.175328][T23530] syz-executor.3[23530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 647.175399][T23530] syz-executor.3[23530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 647.191207][T23524] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 647.216925][T23524] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 647.234174][T20293] ================================================================== [ 647.242147][T20293] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 647.250034][T20293] Read of size 4 at addr ffff888153c34000 by task syz-executor.2/20293 [ 647.258191][T20293] [ 647.260448][T20293] CPU: 0 PID: 20293 Comm: syz-executor.2 Tainted: G W 6.1.78-syzkaller-00002-g65aed0e2f758 #0 [ 647.271908][T20293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 647.281847][T20293] Call Trace: [ 647.284922][T20293] [ 647.287699][T20293] dump_stack_lvl+0x151/0x1b7 [ 647.292219][T20293] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 647.297966][T20293] ? _printk+0xd1/0x111 [ 647.302065][T20293] ? __virt_addr_valid+0x242/0x2f0 [ 647.307074][T20293] print_report+0x158/0x4e0 [ 647.311413][T20293] ? __virt_addr_valid+0x242/0x2f0 [ 647.316387][T20293] ? kasan_addr_to_slab+0xd/0x80 [ 647.321218][T20293] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 647.326695][T20293] kasan_report+0x13c/0x170 [ 647.331030][T20293] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 647.336675][T20293] __asan_report_load4_noabort+0x14/0x20 [ 647.342316][T20293] ext4_xattr_delete_inode+0xcd0/0xce0 [ 647.347703][T20293] ? sb_end_intwrite+0x130/0x130 [ 647.352899][T20293] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 647.358803][T20293] ? __kasan_check_read+0x11/0x20 [ 647.363834][T20293] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 647.369552][T20293] ? ext4_evict_inode+0xbc2/0x1550 [ 647.374502][T20293] ext4_evict_inode+0xef9/0x1550 [ 647.379272][T20293] ? _raw_spin_unlock+0x4c/0x70 [ 647.384137][T20293] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 647.389861][T20293] ? _raw_spin_unlock+0x4c/0x70 [ 647.394822][T20293] ? inode_io_list_del+0x18b/0x1a0 [ 647.399930][T20293] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 647.405657][T20293] evict+0x2a3/0x630 [ 647.409476][T20293] iput+0x642/0x870 [ 647.413120][T20293] vfs_rmdir+0x3c2/0x500 [ 647.417198][T20293] do_rmdir+0x3ab/0x630 [ 647.421210][T20293] ? d_delete_notify+0x160/0x160 [ 647.425991][T20293] __x64_sys_unlinkat+0xdf/0xf0 [ 647.430651][T20293] do_syscall_64+0x3d/0xb0 [ 647.434911][T20293] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 647.440631][T20293] RIP: 0033:0x7fe4f747c687 [ 647.444887][T20293] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 647.464326][T20293] RSP: 002b:00007ffc84488818 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 647.472568][T20293] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fe4f747c687 [ 647.480390][T20293] RDX: 0000000000000200 RSI: 00007ffc844899c0 RDI: 00000000ffffff9c [ 647.488372][T20293] RBP: 00007fe4f74d9636 R08: 0000000000000000 R09: 0000000000000000 [ 647.496177][T20293] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc844899c0 [ 647.503996][T20293] R13: 00007fe4f74d9636 R14: 000000000009aede R15: 0000000000000007 [ 647.511814][T20293] [ 647.514664][T20293] [ 647.516978][T20293] The buggy address belongs to the physical page: [ 647.523184][T20293] page:ffffea00054f0d00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x153c34 [ 647.533326][T20293] flags: 0x4000000000000000(zone=1) [ 647.538459][T20293] raw: 4000000000000000 ffffea0004eba948 ffffea00049506c8 0000000000000000 [ 647.546882][T20293] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 647.555283][T20293] page dumped because: kasan: bad access detected [ 647.561541][T20293] page_owner tracks the page as freed [ 647.566763][T20293] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 23488, tgid 23488 (syz-executor.2), ts 646807747569, free_ts 646856122612 [ 647.587400][T20293] post_alloc_hook+0x213/0x220 [ 647.591994][T20293] prep_new_page+0x1b/0x110 [ 647.596334][T20293] get_page_from_freelist+0x27ea/0x2870 [ 647.601799][T20293] __alloc_pages+0x3a1/0x780 [ 647.606227][T20293] __folio_alloc+0x15/0x40 [ 647.610480][T20293] wp_page_copy+0x23b/0x1690 [ 647.614907][T20293] do_wp_page+0xc25/0xdf0 [ 647.619073][T20293] handle_mm_fault+0x15a2/0x2f40 [ 647.623847][T20293] exc_page_fault+0x3b3/0x700 [ 647.628533][T20293] asm_exc_page_fault+0x27/0x30 [ 647.633221][T20293] page last free stack trace: [ 647.637747][T20293] free_unref_page_prepare+0x83d/0x850 [ 647.643119][T20293] free_unref_page_list+0xf1/0x7b0 [ 647.648061][T20293] release_pages+0xf7f/0xfe0 [ 647.652488][T20293] free_pages_and_swap_cache+0x8a/0xa0 [ 647.657782][T20293] tlb_finish_mmu+0x1e0/0x3f0 [ 647.662294][T20293] exit_mmap+0x421/0x940 [ 647.666374][T20293] __mmput+0x95/0x310 [ 647.670194][T20293] mmput+0x56/0x170 [ 647.673838][T20293] do_exit+0xb29/0x2b80 [ 647.677832][T20293] do_group_exit+0x21a/0x2d0 [ 647.682344][T20293] get_signal+0x169d/0x1820 [ 647.686682][T20293] arch_do_signal_or_restart+0xb0/0x16f0 [ 647.692150][T20293] exit_to_user_mode_loop+0x74/0xa0 [ 647.697191][T20293] exit_to_user_mode_prepare+0x5a/0xa0 [ 647.702479][T20293] syscall_exit_to_user_mode+0x26/0x140 [ 647.707862][T20293] do_syscall_64+0x49/0xb0 [ 647.712114][T20293] [ 647.714280][T20293] Memory state around the buggy address: [ 647.719842][T20293] ffff888153c33f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 647.727867][T20293] ffff888153c33f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 647.735766][T20293] >ffff888153c34000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 647.743658][T20293] ^ [ 647.747575][T20293] ffff888153c34080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 647.755472][T20293] ffff888153c34100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 647.763367][T20293] ================================================================== [ 647.771360][T20098] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 647.780258][T20293] Disabling lock debugging due to kernel taint [ 647.791314][T20098] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.799687][T20098] usb 2-1: Product: syz [ 647.803767][T20098] usb 2-1: Manufacturer: syz [ 647.808300][T20098] usb 2-1: SerialNumber: syz [ 647.829720][T23537] syz-executor.4: attempt to access beyond end of device [ 647.829720][T23537] loop4: rw=0, sector=291, nr_sectors = 1 limit=256 2028/09/12 06:31:40 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 647.876699][T20293] EXT4-fs (loop2): unmounting filesystem. [ 647.885064][T20098] usb 2-1: config 0 descriptor?? [ 647.927520][T20098] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 648.001282][T20098] usb 2-1: Detected FT232H [ 648.127702][T20098] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 648.149088][T20098] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 648.170539][T20098] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 648.181550][ T24] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 648.191404][ T24] asix: probe of 1-1:0.0 failed with error -71 [ 648.200452][T20098] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 648.212774][T20098] usb 2-1: USB disconnect, device number 50 [ 648.222650][ T24] usb 1-1: USB disconnect, device number 55 [ 648.229360][T20098] ftdi_si