last executing test programs:

1m9.854836088s ago: executing program 1 (id=101):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000340)="47302b0a093ed7bb1057", 0xa}], 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x44)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0x9], 0x0, 0x0, 0x1, 0x1}}, 0x40)

1m9.021626931s ago: executing program 1 (id=104):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000cc0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000380)={0x0, 0x12, 0x2, "c8b8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

1m6.984406327s ago: executing program 32 (id=119):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r0, &(0x7f0000000cc0)=[{&(0x7f00000000c0)="14", 0x1}, {&(0x7f0000000500)="bf1f86611434f128c0ea", 0xa}], 0x2)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x44)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0x9], 0x0, 0x0, 0x1, 0x1}}, 0x40)

1m6.408131681s ago: executing program 1 (id=125):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x336)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
close_range(r0, 0xffffffffffffffff, 0x0)

1m5.542291096s ago: executing program 1 (id=130):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x1024404, 0x0, 0x1, 0x0, &(0x7f0000000080))
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1m5.134649533s ago: executing program 1 (id=134):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket(0x1e, 0x805, 0x0)
connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x2}}, 0x10)
connect$tipc(r2, &(0x7f0000000000)=@id, 0x10)
close(r2)

1m3.735833637s ago: executing program 1 (id=137):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
fallocate(r0, 0x0, 0x5, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000051000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000080)=0x2, 0x95, 0x2)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)

1m3.46324118s ago: executing program 33 (id=137):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
fallocate(r0, 0x0, 0x5, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000051000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000080)=0x2, 0x95, 0x2)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)

1m3.225883829s ago: executing program 3 (id=143):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000540)={0x0, 0xfffffffd, 0x10100}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
signalfd4(r0, &(0x7f0000000140)={[0xa84b]}, 0x8, 0x0)

1m2.967354279s ago: executing program 3 (id=144):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@noacl}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
rename(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)='./file0/file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
mount$fuseblk(0x0, 0x0, &(0x7f00000024c0), 0x0, 0x0)
truncate(&(0x7f0000000000)='./file1\x00', 0x100003)
r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./bus\x00', 0x141842, 0x12b)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x4020940d, &(0x7f0000000240)={0x200000004, 0x4000})

1m2.169966887s ago: executing program 3 (id=146):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x1, 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f0000000200)=r1)
close_range(r0, 0xffffffffffffffff, 0x0)

1m0.971919687s ago: executing program 3 (id=155):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x1024404, 0x0, 0x1, 0x0, &(0x7f0000000080))
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1m0.573341668s ago: executing program 3 (id=159):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x80042, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
write$binfmt_aout(r1, &(0x7f0000000280)=ANY=[], 0xfce1)
ioctl$TCFLSH(r0, 0x540b, 0x1)

1m0.070188115s ago: executing program 3 (id=161):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x42, 0x8000002}, 0x10004}}, 0x10)
bind$tipc(r0, 0x0, 0x0)

59.668896631s ago: executing program 34 (id=161):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x42, 0x8000002}, 0x10004}}, 0x10)
bind$tipc(r0, 0x0, 0x0)

55.993066721s ago: executing program 0 (id=172):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r0, &(0x7f0000000700)='attr/sockcreate\x00')

55.122109s ago: executing program 0 (id=173):
syz_mount_image$erofs(&(0x7f00000003c0), &(0x7f0000000880)='./file0\x00', 0x8000c6, &(0x7f0000000240)=ANY=[], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA")
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000002e40)=@generic={&(0x7f0000002640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r0}, 0x18)

54.883795138s ago: executing program 0 (id=174):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000280)={0x79, 0x0, 0xd86})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000400000004"])
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000180)={0x4, 0x2007})

54.641702948s ago: executing program 0 (id=175):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000004c0)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfe, 0x669, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+")
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)

54.22955153s ago: executing program 0 (id=176):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[], 0x14}}, 0x8018)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x41054}, 0x20000801)
sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)

53.527725572s ago: executing program 0 (id=178):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xc95e, 0x800, 0x20000000, 0x72})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

53.082744107s ago: executing program 35 (id=178):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xc95e, 0x800, 0x20000000, 0x72})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

50.003738092s ago: executing program 4 (id=191):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

49.896214802s ago: executing program 4 (id=192):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r2, &(0x7f0000000200)="a3", 0x1)
ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, &(0x7f0000000040))

49.272784073s ago: executing program 4 (id=193):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x2}, 0x8)
sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000380)="15", 0x1}], 0x1}, 0x4000000)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1)

49.109535827s ago: executing program 4 (id=194):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x1024404, 0x0, 0x1, 0x0, &(0x7f0000000080))
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

48.804773634s ago: executing program 4 (id=195):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000880)='ns\x00')
r0 = socket$inet6(0xa, 0x3, 0x3)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x2, r0}, 0x2)
sendmsg$inet6(r1, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000029000000040000002b00000000000007120000000000000029"], 0x30}, 0x0)

48.063909136s ago: executing program 4 (id=196):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0x0})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/234)
ioctl$PPPIOCGFLAGS1(r1, 0x40047435, &(0x7f0000000280))

47.793641923s ago: executing program 36 (id=196):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0x0})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/234)
ioctl$PPPIOCGFLAGS1(r1, 0x40047435, &(0x7f0000000280))

32.606996744s ago: executing program 5 (id=282):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f00000000c0)='.\x00', 0xa4000061)
r1 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x20f)
inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x8500017e)
removexattr(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)=@known='system.posix_acl_default\x00')

32.437136482s ago: executing program 5 (id=284):
r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r2, 0x0)
connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

32.312125158s ago: executing program 5 (id=287):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000900)={0x32, 0x5, 0x0, {0x0, 0x0, 0xffffffffffffffff, 0xfff}}, 0x30)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

32.093904211s ago: executing program 5 (id=293):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x800714, &(0x7f0000000280), 0xff, 0x4a1, &(0x7f0000000b00)="$eJzs3MtvVFUYAPDvTh+8aUVEQdAqGomPlhZUFi7UaOJCExNd4LK2BZGBGloTIY0WY3BpSNwblyb+Be7cGHVhTNxq4tKQEG1MKK5q7gum02mZlpYpnd8vmc45c1/nu+eemXPv6b0BtK2+9E8SsT0ifo+Injw7f4a+/G12Zmrk+szUSBJzc2/9nWTzXZuZGilnLZfbVmQOVSIqnyXxYrJwuxPnL5werlbHzhX5gckzHwxMnL/wzKkzwyfHTo6dHTp27OiRweefG3p2VeJM47q27+Px/Xtfe+fyGyPHL7/707dpsfYcyKfXxnFL1xsE1EBfutf+mcvUT3t8GWW/G+yoSSedLSwIy9IREWl1dWXtvyc64mbl9cSrn7a0cMCaSn+bNi0+eXoO2MCSaHUJgNYof+jT89/ydYe6HuvC1Zciuov07MzUyOyN+DujUnzetYbb74uI49P/fZW+YrnXIQAAViDr2zzdqP9XiT3Zez7WsbMYQ+mNiHsiYldE3BsRuyPivohs3vujOx7IF57raXL7fXX5hf2fypWGZV4laf/vhZq+32xN/MVbb0eR25HF35WcOFUdO1zsk0PRtSnNDy6xje9f+e2LxabV9v/SV7r9si9YFOBKZ90FutHhyeHV2glXL0bs62wUf3JjJCA9AvZGxL7lrXpnmTj15Df7F5vp1vEvYRXGmea+jngir//pqIu/lCw9PjmwOapjhwfKo2Khn3+99GaR7K6fdlvxr4K0/rfOP/6LKReL955/k3y8tiuq1bFzE8vfxqU/Pl/0nGalx3938nY2Zv3Le/lnHw1PTp4bjOhOXs/y5Y7OPh+6uWyZL+dP4z90sHH731Usk8b/YESkB/GBiHgoIh4uyv5IRDwaEQeXiP/Hlx97f4n4k0iipfU/2vD7L4nYnCV6k9rx+hUkOk7/8N1iI+bN1f/RmM6+a3PZ998tNFvA29+DAAAAsP5VImJ7JJX+PN23PSqV/v78f/h3x9ZKdXxi8qkT4x+eHc3vEeiNrkp5paun5nroYDJdrDHPDxXXisvpR4rrxl92bMny/SPj1dEWxw7tbtv89h9l+0/91dHq0gFrzv1a0L7q23+lReUA7rxmfv+dC8DG1KD9b2lFOYA7z/k/tK9G7f+Turz+P2xMC9v/nw0eWQdsRPr/0L60f2hf2j+0pWbv4i+fp7DihwDMS5Q3C6x8PZubvsN//SX61mTNZQ2tZeG3xM1PorJqa55eB5WyzhNpi1nJ4rGz+WdhzE80eFgNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAXej/AAAA//+q8eIl")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x4, 0x205a2, 0x0, 0x0, 0x19, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df701905b9aafab4afaaf755a3f6a004", "cba3d625780820d1cbf7db71038259ca171ce1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "d300e6d6ae9ef30bea2a004000", [0x0, 0x2]})
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)

31.546043618s ago: executing program 5 (id=299):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000140)=""/201, 0xc9}], 0x6)
close(r0)
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)

31.125029321s ago: executing program 5 (id=306):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03076804268c989e14f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

30.655650516s ago: executing program 37 (id=306):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03076804268c989e14f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

13.465867193s ago: executing program 9 (id=464):
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
r0 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
getsockopt(0xffffffffffffffff, 0xff, 0x80000006, 0x0, 0x0)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000080)={0x1, 0xf, 0xf})

13.26262099s ago: executing program 9 (id=465):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000000000004000000000060000000000000001000040878cbd5b87"])

12.947625888s ago: executing program 9 (id=466):
mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x8)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r2, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40)

12.866641765s ago: executing program 9 (id=467):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000180)=0x8, 0x4)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)

12.538409805s ago: executing program 9 (id=468):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

10.847595033s ago: executing program 6 (id=476):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000080)="a2", 0x1}], 0x1}, 0x4006041)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=@base={0xf, 0x4, 0x4, 0x16, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

10.44340729s ago: executing program 6 (id=479):
r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84)
sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
sendto$inet(r0, &(0x7f0000000100)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
shutdown(r0, 0x1)
setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000001c0)={0x0, 0xf7, 0xc, 0x8}, 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x34, 0xfffffffe}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x9c)

9.419799723s ago: executing program 6 (id=490):
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r0, &(0x7f00000000c0)="1c0000001d005f0214fffffffffffff8070000000d00000000000600", 0x1c)

7.087260904s ago: executing program 6 (id=502):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x48814}, 0x14000012)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)
sendmsg$key(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x2, 0x8, 0x4, 0x6, 0x12, 0x0, 0x70bd25, 0x25dfdbff, [@sadb_x_nat_t_port={0x1, 0x15, 0x4e21}, @sadb_ident={0x2, 0x0, 0x9, 0x0, 0xfe}, @sadb_x_nat_t_type={0x1, 0x14, 0x1}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e23, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xd}}, @sadb_ident={0x2, 0xa, 0x9, 0x0, 0xb182}, @sadb_x_sec_ctx={0x3, 0x18, 0x5, 0xfa, 0x9, "f74fa4fb75f414f7f7"}]}, 0x90}}, 0x4)

6.101287468s ago: executing program 6 (id=510):
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x20040a, &(0x7f00000001c0)={[{@grpjquota}, {@errors_continue}, {@abort}, {@bsdgroups}]}, 0x12, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==")

5.744491332s ago: executing program 6 (id=513):
syz_usb_connect(0x0, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f0002"], 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000040)=0x7, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000600)=[{{&(0x7f0000000140)=@nfc_llcp, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/199}, {&(0x7f0000000340)=""/161}, {&(0x7f0000000400)=""/94}, {&(0x7f0000000480)=""/160}, {&(0x7f0000000640)=""/155}, {&(0x7f0000000700)=""/80}], 0x0, &(0x7f0000000580)=""/80, 0x11}}], 0x4000000000002ff, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

4.956851978s ago: executing program 2 (id=521):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc)

4.820644212s ago: executing program 2 (id=523):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

4.407243092s ago: executing program 9 (id=468):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

4.035468574s ago: executing program 8 (id=531):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = timerfd_create(0x0, 0x0)
readv(r2, &(0x7f0000000000)=[{&(0x7f00000020c0)=""/4100, 0x1004}], 0x1)

3.083886407s ago: executing program 8 (id=534):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
open(0x0, 0x4e482, 0x154)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000d40)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x65)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRESHEX=r1], 0x40}, 0x1, 0x0, 0x0, 0x8050}, 0x0)

2.796368722s ago: executing program 8 (id=535):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r4, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)

2.637500385s ago: executing program 2 (id=536):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0xd6, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x3, 0xfffffffc}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffd}})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)

2.515842595s ago: executing program 8 (id=537):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x100, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f4, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x4, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x3404c8d4)

2.056111198s ago: executing program 7 (id=539):
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfd00000}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x40010002})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)

2.036285363s ago: executing program 8 (id=540):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_PLIMIT={0x8, 0x8}]}}]}, 0x38}}, 0x0)

1.927378468s ago: executing program 2 (id=541):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x38011, r1, 0x9988000)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
fadvise64(r0, 0x18, 0x0, 0x4)

1.609726247s ago: executing program 8 (id=542):
r0 = syz_mount_image$bcachefs(&(0x7f00000058c0), &(0x7f0000005900)='./file0\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='fsck,inline_data,nocow,degraded,str_hash=siphash,norecovery,discard,reconstruct_alloc,erasure_code,acl,no_splitbrain_check,hash,uid=', @ANYRESDEC=0x0, @ANYRESOCT, @ANYRES32, @ANYRESOCT], 0x0, 0x58b4, &(0x7f0000005980)="$eJzs3W2QXFXdIPBzu3synZm8TAJIBJkMgSiCmglvhS+l0fWtAKlYWErYKAxkgtEkpJIgEFCCCy4UYKGlpagf0EJq0WhRBatESuRlE1ZRitWltpBa3UU/+BTykBLIQ1k+5qmZvqfTc6fv3J7unpDA71fJ3D6nb//PueeevtP/Mz3TAQAAgNeE3ddv2XvOUR/41RdHX7rmwz/bcG3oL4/XV+MOA+n2ileqhxxIvZVF49vsvHjTVT/489DF7/vl3X3ff3nXmmPX/v79h118/2fO3Hnbtx96ce69/3ymKG6cTyfuLyfPJSFUf77n61/a9diRY3VJCKGcDGwPYUGy8KEFSSbE8N9DCGvSwqLMnfe8dMrase21N/VOqJ+f2c98f22rpvNs297LTwp/eO+q636z+Mc/6tnx7Pb9uyTVhvkUwrwLGx/fE0KYnf4fE2dbnI9x0q4MIfQ1PO6Mgn4d12L/l+WUj063s9Jtf0GceP+STLmU2S9bjnoy276C9jqV14929ysyJ1POXow6ldfPWL8g3f403Z44zfjl+D8JpSRU6t1fn+yfI6HhvCUhGT+X1Xq5VD+3IT3+TDnJlEuZcrknc1zj7aYTrZwkE+vjfpn6eDmupPXHNl6rmzg3p/716baaPlFfjuWQvVHTP+lG/bjGxX7tmaIvB0Kp4RrUrL5+4tOT0Z/W9ScLJz1mXxPxvl2rbl5aXv3w7oGcfiR3J2n8pK342369YM6nfnjjZdnv6/X4F5bS+KW24v/xrMefP//G730rN/6tMX65rfgnP9D33FmPXL8kd3z2xPGptBV/5JlHb1l8+EU7cvt/e4xfbSv+ip2P987d+8CDuf0fjuMzu634T7/zg3+668n7ns2NH2L8vrbir9656cu9g3tPyI3/YByf/vbmzws7Tn9qcPAvQ3nxn4jx57YV/87tt73jjvk3nZl7flfG8RloK/7Zx99/3Zy99x2Td+1Mbu/Wd06A16bD0tdYN6TldvPMTjXkC98cqtRe881J/8/tZkMZY+3Mm8H4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALw2HXHS//zQ///4wHOVtNyb3ni6VNvG+lkhJLNDCFu2jmzeum7jJUOfufSyzRtH1g+NbB0a3bh185VDp75laPPopvUjV47dO/zWU2qPWxiS2jY5ZlLb+/bt21camFgX2/tPx+/4w9Iz/uWvIQwf8bvBSm7/l9224Y7Dm3zNSFbse8+Gy8753WnfTY9rIO3XQE6/Qk6//vW8f9zx1T1/PiGE4ddN1a9Hn373LyZ0aLxif5xUqTfUOtSb9DXtR73XaX/ieFXWrls/Olw8vuWc4/jPVz3797VXfOUftfGt5h5Hi+M7e8W+9aVvrDr7379xda3iYD3vReMdjyL2L45fNR3veelxzcs5rkrOcV3/mwef/PlRN764PQxXXlg8ue2i4+pJJ0BP8vqW2o0t9CULJtRX0/3jGY+PW7Z1w6ZlW67c9tZ1G0YuGb1kdOPbl5+6/PTh004/bdn4kS/r8vHH9t/Y4vEfmPk0/3Pbfxq/tjafivpVNB5j/Soej8Ye5T3/+s790tfeftsj59QqiuZ53Lt+PUm3fWPneXlomG+Tx6rZcRWNQwhhqNk4PP/imeHI/7PuuqLrUOOZafyakazY99iSv333jO8selet4oBc5xs71OZ1vt7r/f0ZH69qej4O1vHtDeX0uPqb9mv5Y4/03Lz7r5+v92/WrHDFyNatm5fXvs5JezonObppv7K18bgWj38th3RYQn2aNpmvY3pCrX/Z62fcPTuq/el9/cnCpseVFe/btermpeXVD+/OG+nk7lqLs8Pc2jZ5Q86e6zMPLNc73Kz9Q3V+DH7oO/d+/N6fnDppfpxc+1p0XEnOcf34yTu/9v2v/NefdO+4PvTuxwf+9n8/vbRWcahcV+q9TvuTNF5XTg6h6Pm3ODQ/jtznX6n58RQ9/7Lt7N+/ebyhTLk/lNt6vp78QN9zZz1y/ZLc5+ueVp+vV08olQuerwfL/Hnlnl8TJkqyYt8vbzhs+0PXrDyqVlE0r+t7N5vXp7SQf+Qc1y/Of2rw0qH/8r+7d934wVvuueD3Iyu+UKs4WM57NR3fas741nsd887G8X3bxZeuX1OrP3hf/6bbgvwnXkq2XLntsyPr149u3tLacbX6/TS2kx3ldr+fxqvbwoLjKk06rpm70cp4tfp8i/1f0/Z4TXy+9Yekre8L2369YM6nfnjjZQOTHpU2dGEpjV9qK/4fz3r8+fNv/N63cuPfGuNX2oo/8syjtyw+/KIdufFvT9L41bbir9j5eO/cvQ88mBt/OPZ/dlvxn37nB/9015P3PZsbP8T4/e2N/ws7Tn9qcPAvufGfSNJ2xl4jhXDPS6esrZWT0JM+32I/eib0K2TLSaZcypTLjeVSba213kA5SSbWx/3S+mMb+tLMJ3Lq46uw6qLa9uVYDtkbU9cfbEoN1/5m9UWvUwEAXu3iz//ja9D48//R9IVS/koD7NdpHrYoJ27Mw/av58yacP+iNH58fFwHHHxbGB7bXjtUe6E/3XXO+HzIrnPGdk44bmKMdtc5i9bfl2TKsV+19fJKQx6ampzXVEIL6++T25l6/T1z+MXr40M3TOrWUMO6Vfb89aQrZs3e75Dpb2UsQt78yK6LxfdzDM4LK8fba3F+ZN9HE89D9n00sZ2jMhfOdt9H0+n8iN2eYn6Md7n45xuTz1+YYnz3n7/m0bLnbxrnuzq2/0z/fPbQXzec2Z+HWZfMiZ8+wQ72dcNYH4+j0uJ64sdz6ru1nhgvF7Ffe6boy4FgPRF4tYr5f/weMZb/j70A/7fMfkWvQ7OvGmO83PcJlZv3pyjvmPw+vb62vo+v3rnpy72De0/IfZ3zYKvv+9k0odRX8L6fonFcmikXjmPOAk1Rvpdtp2jcs+/L6A9z2xr3O7ff9o475t90Zu64r6x9Iy0e969NKM0tGHf5Qk58+cJBkS/M9PrZK5aPpG98mql85GM59dPNR/om3agf17hDLh/pObD9AgAOHTH/r//8LM3//19mv6K89cRMOcbLzVtzXp/k5a0fSbdXZPbvT3+jYrqvm88+/v7r5uy975jcvOX2VvPQ/zahNFCYh3aWN+fmESu7837x3Dyinmd1lifm9r+eJ3aWp+fGr+fpneXRueNTz6M7WwfIjV9fBzjU89yZXa971ebR6a/PzlQefW5O/XTz6P5JN+rHNU4eDQDwyor5f3wZF/P/RzL7dfq6PTcv6NLr9uzfA6nHf+JA5ZUznffNdN4603n9TK9LHOp58UyvC83sOpm8OC2H7I0aeTEAAAeDmP/PTsv5+X9n+Ulu/lbPT+TnTePLzw+S/PxQX/+S/8v/i8n/AQBe3WL+H3/tMf79v/+RlrN/t16enhNfni5Pn2r+tJynz/Q6m3UA6wDFrAMAALy69IxnSpN/z/6T6Tb7e/Z5v5d/fs7+raqM/459CBdt3Tw6esFlm9aMbB29YOOla0a3XHD55nVbt45urO3Xad6Ym7ekeWNPqKTj0Xy/bN42P/17CPNz/h5Cdv8Y9ujxG5P/HkK22dkFf0dg//lrrb955680xf7N5kfe+c6L/4mc/aP6+b/40ydfsHbLBes2rtu6bmT9um2jE/cby1r7pvG5mXFYpvW5mZkvk5Sm//md3elHaVI/etLxyPt89iTTjwVpTxbkff5BTr9/9b+++rnj9/3jrhCGjyi/oaPxS1bs++/njX5k6+7fbRrrf2nK/tf3TPtV9Hml2f3j8VTWX7pl60lrL71sY/YTJdsT1zNK9fIMrWekT/9yi+sTq3Pqp7s+UZ504+DU8voEAAATxJ//x9ez8eeHX0lfQMX61vP0zn5+nJunD7eWp2c/l6woT8/uH4+31Ty92mGenm2/KE9vtn+zPD0v786L/7Gc/aer9XnS2fs8cufJha3Nk+znGRTNk+z+050nSYfzJNt+0Txptn+zeZJ33vPifzRn/zytz4fO3peTOx9ubW0+vDlTLpoP2f2nOx9KHc6HbPtF86HZ/s3mQ975zYt/Ts7+rZo4P8Ymxvi8GL3g8ks3f7Zhv5n+/IvO+zezn//Rrtb7P7Pv+5r5/s/s+8pmvv+dva8st/9PdLYS1nr/Z/bzXdp1wNZr0zebFb3/rGgdd1VO/XTXcWdNunFwso4Lr5yY/8cf98T8/6Z02+0fAx36n5Pmc8yaxu/S55gVvY7x/XyKxg4Cvp8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtKa3smh8u/v6LXvPOeoDv/ri6EvXfPhnG65901U/+PPQxe/75d19339515pj1/7+/YddfP9nztx527cfenHuvf98pjDwQG1zYlqshpA8l4RQ/fmer39p12NHjtUlIYRyMrA9hAXJwocWJJkIw38PIayp93Pinfe8dMrase21N/VOqJ+fCZI9rtBfjv2Z0M9wReERcQiqpvNs297LTwp/eO+q636z+Mc/6tnx7Pb9uyTVhvkUwrwLGx/fE0KYnf4fE2fbovjgdLsyhNDX8LgzCvp1XIv9X5ZTPjrdzkq3/QVx4v1LMuVSZr9sOerJbPsK2utUXj/a3a/InEw5ezHqVF4/Y/2CdPvTdHviNOOX4/8klJJQqXd/fbJ/joSG85aEZPxcVuvlUv3chvT4M+UkUy5lyuWezHGNt5tOtHKSTKyP+2Xq4+W4ktYf23itbuLcnPrXp9tq+kR9OZZD9kZN/6Qb9eMaF/u1Z4q+HAilhmtQs/r6iU9PRn9a158snPSYfU3E+3atunlpefXDuwdy+pHcnaTxk7bib/v1gjmf+uGNly3Ki39hKY1faiv+H896/Pnzb/zet3Lj3xrjl9uKf/IDfc+d9cj1S3LHZ08cn0pb8UeeefSWxYdftCO3/7fH+NW24q/Y+Xjv3L0PPJjb/+E4PrPbiv/0Oz/4p7uevO/Z3Pghxu9rK/7qnZu+3Du494Tc+A/G8elvb/68sOP0pwYH/zKUF/+JGH9uW/Hv3H7bO+6Yf9OZued3ZRyfgbbin338/dfN2XvfMXnXzuT2bn3nBHhtOix9jXVDWm43z+xUQ77wzaFK7TXfnPT/3G42lDHWzrwZjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKvTb68+9ZPnveejqypJCEnOPvuaiPeVZ61YMdRGuyPPPHrL4sMv2tFYt6iNOAAAAECxmIeX6jXVsChcnswORzfdP64RHB1LycT67BpCjJNdI2g3TqlLccpdilPpUpyeLsWZ1aU4vV2KUy2IUw2txZk9ZZxSy/3p61Kc/i7FmdOlOHO7FGdel+LM71KcgSnjtD4PF3QpzsIuxTmsS3EO71KcI7oU53VdinNkl+Jk15SnOw/npnselRdn/Ea5ME4lKdfvaLaeHts5psN2+ltsJ/f7cYvtzG6xneMyjytNs51qi+28scN2khbbeXOH7ZQK2onz9ops/2I7sdTi/L+yS3G2dSnOVV2Kc3WX4ny+S3G+0KU413QYB6BVMf/fn+8NhN7Ku0JfesXJrgLEfHfx+NfJ3+/yLkgx3hsy9bOy8bJhsol6Jt7i6fYvu4CQibckU98zIV6lno9MEa/aGG9p5s5Jx5vtX3ZBIdO/EzP1vUXxsgsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCDfnv1qZ887z0fXRWSMPavqX1NxPvKs1asGGqj3V2rbl5aXv3w7sa63kobgQAAAIBCMQ/vqddUQ29leehNZk3Yr5quA1TTcnmgth2cF1aObZOh0ni5L1kw5eMq6eOWbd2wadmWK7e9dd2GkUtGLxnd+Pblpy4/ffi0009btnbd+tHh2tcQegvihRDGlx+2XLntsyPr149u3lKrzPZ/Ufq4RWk5SR83+LYwPLa9Nu3/woL2SpPam7kbxWcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2DX/kLdPOs4gD9vkpNkZ6uN7F9W1tPQP6Pq0LZm0ulYXhAcbG3pYSDJ9DiKa3F4upatHXXGreA2WxRho1AqvanU4ebwZn/cEPeHQmVWC55aZBu6C71QNp10oxfSEek5eXOSNGlO41i37vO5eN/keX7P88uTiwPf9wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA/WVL08Ua2M10ajEKI+NY0ekrl0No5LQ/T9+vNbf5wbO7m8fSyXGWIjAAAAYKAkh4+0RvIhl0mHdLhq+t3i0DYRZnM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw8TNVL09UK+O1i6MQoj41jR6SuXQ2jktD9H3jnSe/8OrY2D/ax4pD7AMAAAAMluTwVGskH4phSRiJruqoS54NLOha312X7LNwjnXdzw761S2ZY901c6z71IC6dc37jgAAAAAffUn+z7RGCiGXmdc3/w/K9Undoq66dPM+zG8FAAAAgP9Pkv9zrZFiyGWKrbw+17y/uKsuWT/o//bJ+mV91g/6f/7a5t3/6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgo2OqXp6oVsZr6SiEqE9No4dkLp2N49IQfVe9MPqvWw49tLh9LJcZYiMAAABgoCSHz0bvfMhlRsNIuHg694/dtP/prz79bDmEMBPzs9mwY8O2bXevmrkmdSuPHBr50eG3vndG3cqZ63k7IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8L6ZqpcnqpXx2kVRCFGfmkYPyVw6G8elIfq+/qWv/O3x48+92T5WHGIfAAAAYLAkh89m/3wohmzIhium37Vn/dNSXev7PTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhz3fOe+b2+YnNx4txdeeOFF68X5/ssEAAC83xaFKDTO0ZXrz/enBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgym6uWJamW8lo9CiPrUNHpI5tLZOC4N0Td+/mhu3skXXmofKw6xDwAAADBYksNns38+FMNIGAmXT7/r9UxgOv8XPsAPCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHyoTNXLE9XKeG1eFELUp6bRQzKXzsZxaYi+j+3c98WD8394c/tYLjPERgAAAMBASQ7PtkbyIZf5dMiFq5vvJzsXROnmvfdzgdl1WzuWjc55Xb1jXXrO63Z1nSzTPM3MunyyX2Hm3lpXOnNdqW1dMbTalzrWhT0dq+YN+JwBAAAAzqMk/+daI4WQy+Tacu7PO+oLci4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0MdUvTxRrYzXoiiEqE9No4dkLp2N49IQfe/7/Scv+cYvdm9vHysOsQ8AAAAwWJLDZ7N/PhTDwvCJsHA694dCZ31S9+/qqYOP/ufvy0NYccWxsUzf/X/7+o0vdl9CSHUWpUKY3+wX9en3uz8+eu/SxqnHQ1hxefrqc+3XuWXceKa6ce22w8e2nuWLAQAAgAtIkv9HWiOFkMvc1Tf/J8n7nPL//Ht3/uqy5rWZyLtWpArNfqk+/b689Mm/Llv9z7dO5/+z9fvcvs0HL+toODPSJYoblc3b1x277kAqOfVM/3RX/+R7+dp33/zvph2PnJrpnw/55viCTK/+Z167XBQ3JlN7a2ve21vv7J/pc/6H/vDS8d8s2P3u6f7vLBpt9b/mLOc/e//RWx/ec/2+Q+s6+4cQSr36v/3uzeHKP9/5YPf5R7s2bv/m269dorhxZPGJA6v3F2/o7B919U++/18ef2zPzx75wbNJ/+S3IsuXzLV/qqv/K7su3fnyA+sXdPZP9Tn/i7e9Oral9P0/dZ//jqHP/8S1T93+2ob4/u4pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC8tUvTxRrYzXUlEIUZ+aRg/JXDobx6Uh+r5xy9G3b9v905+0jxWH2AcAAAAYLMnhs9k/H4ohG7JhdDr3P1PduHbb4WNbQ2FmNmreM5Nb7tn2mU1btt91x3n65AAAAMBcJfk/0xophFxmaRhp5v/K5u3rjl13IJXk/1SS/zfdOblxRWjVvbLr0p0vP7B+Qes5QQjTPwvIn677/GzdTTceLZz4y7eW9axbNVt3ZPGJA6v3F29I6kJ73crQej7xxLVP3f7ahvj+1udrr/vsN7dMNh9PJPuO3vrwnuv3HVrXOkfzPtrcN6mbTO2trXlvbz2pSzfv+ea5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAzTdXLE9XKeC2kQ4j61DR6SObS2TguDdF3zdJfP3jJyecWto/lMkNsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8jx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs101oHVUfB+Bz7k3e3OYmbdK+YFRM06oodWFRENGNioq0IgVXlSLV1i5EQRBR6sJUWrFUxY1gdVNEBTVKQcHGYmmVVPwqblyooFBdCKUY0IbiQiXJObc304xXJ1VQnweGc8+Zmd/8Z87J5F4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4R+npGpppD++4f+qWc2746NG7Tjxy0zv3brvo4Ve/G9l03Yd7e186ObF5xZYvr1+2af/da8Z3P3/op/63fjnaMfih2WZV6jZCiMdjCI13J595bOLjs6bHYgihHgdGQxiMSw8NxkLC6p9DCJtbdc7d+eaJy7dMt9t29cwZX1IIKd5XaNZzPbMG5tbLv0sjrbOtUw9eEr6+dv32T5e/8Xr32LHRU4fERtt6CmHxxvbzu0MIi9I2La+2oXxyateFEHrbzruyQ13n/8H6Ly3pn5va/6W22SEn719Z6NcKxxX7WXeh7e1wvYUqq6PqcZ30FfrFl9FCldWZxwdT+3ZqV/3J/HreYqjF0NUq/554ao2EtnmLIc7MZaPVr7XmNqT7L/RjoV8r9OvdhfuauW5aaPUY547n4wrj+XXclcZXtL+r53FryfjZqW2kP9STuR+KH2Y1T/vQuq8Zua7J36nl71BrewfNN96a+DQZzTTWjEtPO+fXeeR9E+ufuLC+4b3DAyV1xL0x5cdK+Vs/Gey7/bWdDwyV5W+spfxapfxv1h754badLzxXmv90zq9Xyr/sQO/xte/vWFn6fCbz8+mqlH/H0Q+eXP7/O8dK69+T8xuV8q8ZP9LTP3XgYGn9q/PzWVQp/6urb/z2lc/3HSvNDzm/t1L+hvH7nuoZnrq4NP9gfj7Nauvnx7Ervhge/n6kLP+znN9fKf/l0d1Xvbhk15rS+V2Xn89ApfybL9i/vW9q33ll786450z95wT4b1qWvmM9nvpVf2cuVNvvhWdHuma/8/Wlrf9MXqhg+jqL/8J8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dd24IAEAAAAQND/1+0IFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngoAAP//pkA1WQ==")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc020bc12, &(0x7f0000000000)={0x3, 0x6, 0x1, 0x4, 0x868, 0x6})

1.579635896s ago: executing program 2 (id=543):
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000010580), &(0x7f00000105c0)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303030372c6661756c745f747970653d30303030303030303030303030313030303030342c70726a6a71756f74613d66326673002c75737271756f8fa67fe374613d272c6e6f5f686561702c00"], 0x0, 0x10589, &(0x7f0000020bc0)="$eJzs3E+LG2UcB/Bfdvu/tS7iQVBwQIVdMaHZ/kFvbW0RS1uK2oMnzSbZkDbJLJvsbuxJ8OLBN1DwlXj3XfgGRE+CiCCsZJ5Z6VY92JTE3f18YPqdeWbmmd+UXH6T7ARwZC1lv/5SifNxOiIWI+JcRLFeKZfC1RSvRMTrEbHwxFIpx/8aOBERZyLi/GTyNGel3PX2jRO3bj2+/tvXj29/d3r82pvzu2tg3t6KiP5GWt/pp8w7KR+U443tbpH9S9tlph39h+V2nnKnvVbMsNPYO65R5MVOOj7f2BpOcr3XaE6y010vxjcG6YLD7c7ePMUJDxqbxXarvVZkd5gX2XmU6hqX+Wi4u5vWyvm+KKaP0Wgv03h73E73s/GwyOZgVI6nefNWezzJ7TLLy0Uz77WKOtae9X/5/+92d7A1zrbbm8NuPsgu1+rv1upXqvXNvNUetS9VG/3WlUvZcqc3Oaw6ajf6Vzt53um1a828v5Itd5rNar2eLd9or3Ubg6xer12sXaheXinX3sk+uHs/67Wy5Ule7w62Rt3eMFvPN7N0xkq2Wrv43kr2Rj37+M697N5HN2/euffJZzc+vXvtzofvlwf9raxsefXC6mq1fqG6Wl9x/9P4vTLd+Rxhu/MuAOBgmlf//5P+H460w9H/pz5+o6X/f1YHvv/94Yjf/5T9v/afqfgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcWfd/vPZqsbK0f/yFcuilcrsSEQsRsfsPFuPEvnMXI+JsRBz/l+OPP1XD95UoZphc42S5nImIq+Xyx4tpHwAAAPDfHfv2qy9Tt57+WZp3QcxSemizcO7z5zRfJSKOL/38HGaJ8mFTvDx9Vcnk830sxlPOsldb8QDr1PRVJWejKG6WFvfFqSeikmJhpuUAAAAzsb8TmG0XAgAAwCx9M+8CmI/i28zyt/jlD/hPpii/EDy9bwsAAAA4gPxJPQAAABx+Rf//9Pv/zpY7vf8PAAAADof0/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JOd+8lJHYriAHz49+C9p5EYZywGGTLHuWEFDh2auA3DItyDiyFxCQYMvdfECiSalhLJ9yX1ei/kx2nC5NyWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHdLOcjLpPjw9Vc1brauo5GwAAAGCX2XIyKv4Zpvn/vH6ely7zvBUR7YjY1bt34k8ps5Nzenve3/tSw0tEkbD5jH4+/kXEdT7eLtJrAAAAwM/NF+Np6tbTn+GxC6JJadOmfXZbU14rInrD1xpSIm82xVX1qpLN97sb9xVTPmorNrAG1atKii23bl1p39IpDYNPQysN7UbLAQAAGlHuBJrtQgAAAGjS3bEL4DiKq5n5Xvx8A38/DfmC4N/SDAAAAPiF/KQeAAAATl/R/3v+HwAAAJy29Pw/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmm2nIzmi/G0as5qveV5e2m/es4GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCd/XlHgRAIgzDYu74zmfsfVho0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725yUFQiAIomDO+N9J3/+wkqBnECECGh5V1KIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC527ti3jSoMAPg7n+1SEOIwkgeygBhggLrGHcxoqSxs4T+IUrdEuBi1EWqrMmTswAJjJVRGNkT/Av6BboCHrh0yeCiCueid75xriUoB6c40v5/0+X05Wfe+50hRvnsvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKy8lRnsaXbJW3imu/Pry5G8fFE2M0f7DIYsQ8qbPo/6Gk33QFAAAAnARp2d+HELYPJ1txbGV5/98p3xN7/jsvr/Kyn3+y7y/H8/dvZ2XMe9d+WU+UreaJN724N5uerW2Fm++Vv31HO//k82cvaf4NaX108Nqyk3+eyVf37n3YzdNTdVQLAPwbZ8qxSMrfh+I4bLIwAE6MdhGh0v+nWbM1AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANRheRBeKvMkhPB6+yiPFg9v7h43nr9/Oyvj55/evFW9Z7xFJ4RwcW82PVvjWjbd1es3Pt2ZzaZXJBKJZJ00/ZMJAIDnTaeI2NdvH0624rWkF8Kj7x7v/9+u5OEZ+/8v70x+rM5V7f+Hta1w8w32L38+uHr9xnt7l3cuTS9NPxuOz43PjcYfjMaD/FnJwBMTAAAA/ptuEdX+v9X76/7/i5U8PGP/37716PvqXKn+/1hHm35NVwIAAHCyvfrGH78lx1xPut1wbWd//8pw9br++v3VawOl/mOniqj2/2mv6aoAAACAOiwPksf2/y9U8vCU/f/5g0VWxt1PRp3qPdMQwuli///M7nx2ob7lbLQ6/py46TUCAADQrNNFVPf/O/n5/9b6yEMrhPDOW6u8+DeATz3/H3v/OP6+/fUX1bmq5/9H9S1xI7V+mKySfghpP4R2v+mKAAAAeJ69UERs9j8+nGzd/fbdb7rO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJ/tzb5swEMZx+PUlUeI2GSG9lcAMNFQIRuBDQrLkGRiAhWioaC0WgRVAgnNNZyiep/n/iivuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABe3uXhi7eIKCJ1mSKNNz+n94j4iLRt29HnLYvd+dh83XO2P0xyfsf0t4yIMoo+zgEA6F3VbY7Vul7+5f3PO8g7zFvNm3rxzE8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgrAAD///YaVM0=")
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)

1.405269627s ago: executing program 7 (id=544):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYRESOCT], &(0x7f0000000200)='GPL\x00', 0x0, 0x2b, 0x0, 0x40f00, 0x7, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009d40", @ANYBLOB="fe4cecb210bc091b104f801f21ddeb4c9b"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

969.264017ms ago: executing program 7 (id=545):
r0 = epoll_create(0x2)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000140))
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8)
r2 = gettid()
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r2}, &(0x7f0000044000))
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

724.248142ms ago: executing program 7 (id=546):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="660f388084000072baf80c66b860b4498c66efbafc0c66b80e00000066ef64f30fc7b000100f850100f30fc7b1030066b9800000c00f326635000400000f30d2bc0a000f23c80f21f86635040040000f23f8b8f4008ee0", 0x57}], 0x1, 0x48, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

368.492673ms ago: executing program 7 (id=547):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xf, {"a2e3ad21e08eeb661b5d370987f70e06d038e7ff7fc6e5539b0d650e8b089b3f363b6c090890e0878f0e1ac6e7049b3b45959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07470936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1387abdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf4ff0fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc2d880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b404749702202000e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe2905cc0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da4f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b26c020ff7f045fd58261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f3091239945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8)
close_range(r1, 0xffffffffffffffff, 0x0)

62.589449ms ago: executing program 7 (id=548):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x98, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x68, 0x2, {{0xfffffffb, 0x3, 0x8, 0x3, 0x0, 0x5}, [@TCA_NETEM_ECN={0x8}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0xd9de, 0x5}}, @TCA_NETEM_REORDER={0xc, 0x3, {0x4, 0x8}}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xd, 0x10, 0x0, 0x5, 0x0, 0x8000000000000001}}]}}}]}, 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)

0s ago: executing program 2 (id=549):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0xeeee0000, 0x2, 0x0, 0xeffffdff, 0x0, [{0x0, 0x80, 0x0, '\x00', 0x1d}, {0x19, 0x9, 0x0, '\x00', 0x10}, {0xfc, 0x4}, {0xfe, 0x0, 0x7f, '\x00', 0x2}, {0x8, 0x0, 0x5, '\x00', 0xb}, {}, {0x0, 0x81, 0x27}, {0x0, 0x6, 0x0, '\x00', 0x3}, {0x0, 0x0, 0xfe, '\x00', 0x7f}, {0x8, 0x6, 0xff, '\x00', 0x12}, {}, {0x0, 0x50}, {0x4, 0x0, 0x4, '\x00', 0x3}, {0x5, 0x4e}, {0x4, 0x2, 0x4, '\x00', 0xfe}, {}, {0x1, 0x0, 0x4, '\x00', 0x1}, {0x0, 0x0, 0x0, '\x00', 0xfd}, {0x1, 0x4, 0xf, '\x00', 0x3}, {0x80, 0x0, 0x0, '\x00', 0x40}, {0x0, 0x4}, {0x0, 0x0, 0x0, '\x00', 0x2}, {0x1, 0x0, 0x0, '\x00', 0x12}, {0xfc, 0x83, 0xe}]}})

kernel console output (not intermixed with test programs):

   94.369541][ T5829] bcachefs (loop0): going read-only
[   94.386651][ T5829] bcachefs (loop0): finished waiting for writes to stop
[   94.399892][ T5829] bcachefs (loop0): flushing journal and stopping allocators, journal seq 4
[   94.692167][ T5829] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 5
[   94.715651][ T5829] bcachefs (loop0): clean shutdown complete, journal seq 6
[   94.725008][ T5829] bcachefs (loop0): marking filesystem clean
[   95.240646][ T5829] bcachefs (loop0): shutdown complete
[   95.734148][   T92] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   95.903919][   T92] usb 2-1: Using ep0 maxpacket: 8
[   95.913241][   T92] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   95.936534][   T92] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[   95.959436][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.992401][   T92] usb 2-1: config 0 descriptor??
[   96.013557][   T92] gspca_main: vc032x-2.14.0 probing 046d:0892
[   96.127402][ T6288] loop3: detected capacity change from 0 to 1024
[   96.145660][ T6286] mmap: syz.4.108 (6286) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   96.413903][ T5835] Bluetooth: hci1: command 0x0406 tx timeout
[   96.501594][ T6294] sock: sock_set_timeout: `syz.3.113' (pid 6294) tries to set negative timeout
[   96.963644][ T6305] loop4: detected capacity change from 0 to 128
[   97.005758][ T6305] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[   97.050786][ T1083] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.181378][ T6305] UDF-fs: error (device loop4): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[   97.209997][ T1083] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.358938][ T1083] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.435307][   T92] gspca_vc032x: reg_w err -71
[   97.440140][   T92] vc032x 2-1:0.0: probe with driver vc032x failed with error -71
[   97.485761][ T1083] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.499000][   T92] usb 2-1: USB disconnect, device number 2
[   97.770657][ T1083] bridge_slave_1: left allmulticast mode
[   97.784099][ T1083] bridge_slave_1: left promiscuous mode
[   97.799577][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.840029][ T1083] bridge_slave_0: left allmulticast mode
[   97.855149][ T1083] bridge_slave_0: left promiscuous mode
[   97.866950][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.082930][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   98.094084][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   98.114055][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   98.130347][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   98.139847][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   98.268382][ T6334] syz.1.125 uses obsolete (PF_INET,SOCK_PACKET)
[   98.595304][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   98.610283][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   98.631394][ T1083] bond0 (unregistering): Released all slaves
[   98.718223][ T6342] trusted_key: syz.0.127 sent an empty control message without MSG_MORE.
[   98.809006][ T6321] syzkaller0: entered promiscuous mode
[   98.816801][ T6321] syzkaller0: entered allmulticast mode
[   98.958504][ T6350] loop1: detected capacity change from 0 to 512
[   98.971887][ T6350] EXT4-fs (loop1): Test dummy encryption mode enabled
[   98.989188][ T6350] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   99.014457][ T6350] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   99.073700][ T6350] EXT4-fs error (device loop1): ext4_orphan_get:1419: comm syz.1.130: bad orphan inode 131083
[   99.091683][ T6350] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.129137][ T6350] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[   99.181596][ T6350] overlayfs: upper fs needs to support d_type.
[   99.192177][ T6350] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[   99.281518][ T5827] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /28/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[   99.494933][ T5938] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   99.694022][ T5938] usb 4-1: Using ep0 maxpacket: 8
[   99.731085][ T5938] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[   99.743602][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.754417][ T5938] usb 4-1: Product: syz
[   99.758675][ T5938] usb 4-1: Manufacturer: syz
[   99.764658][ T5938] usb 4-1: SerialNumber: syz
[   99.771964][ T5938] usb 4-1: config 0 descriptor??
[   99.993396][ T5938] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  100.174528][ T5844] Bluetooth: hci2: command tx timeout
[  100.213358][ T5938] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  100.235967][ T5938] usb 4-1: USB disconnect, device number 2
[  100.565512][ T6363] loop4: detected capacity change from 0 to 2048
[  100.582773][ T6363] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  100.608044][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.804657][ T1083] hsr_slave_0: left promiscuous mode
[  100.846037][ T1083] hsr_slave_1: left promiscuous mode
[  100.852311][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.874022][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0
[  100.922413][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.933905][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.002725][ T1083] veth1_macvtap: left promiscuous mode
[  101.025363][ T1083] veth0_macvtap: left promiscuous mode
[  101.031083][ T1083] veth1_vlan: left promiscuous mode
[  101.055967][ T1083] veth0_vlan: left promiscuous mode
[  101.215509][ T6380] loop4: detected capacity change from 0 to 128
[  101.278887][ T6380] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  101.333391][ T6380] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  101.457731][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  101.472408][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  101.480483][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  101.490659][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  101.499523][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  101.666905][ T5842] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  101.882870][ T6390] loop3: detected capacity change from 0 to 32768
[  101.903248][ T6390] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.144 (6390)
[  101.929507][ T6390] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  101.940401][ T6390] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  101.949090][ T6390] BTRFS info (device loop3): disk space caching is enabled
[  101.961433][ T6390] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  102.029915][ T6390] BTRFS info (device loop3): rebuilding free space tree
[  102.072830][ T6390] BTRFS info (device loop3): disabling free space tree
[  102.079852][ T6390] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  102.091707][ T6390] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  102.092529][ T1083] team0 (unregistering): Port device team_slave_1 removed
[  102.167601][ T1083] team0 (unregistering): Port device team_slave_0 removed
[  102.256352][ T5844] Bluetooth: hci2: command tx timeout
[  102.257468][ T5826] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  102.555530][   T30] audit: type=1326 audit(1751398202.781:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.3.146" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe14ef8e929 code=0x0
[  103.074516][ T6324] chnl_net:caif_netlink_parms(): no params data found
[  103.183407][ T6431] loop0: detected capacity change from 0 to 256
[  103.204067][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  103.265876][ T6324] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.273066][ T6324] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.280821][ T6324] bridge_slave_0: entered allmulticast mode
[  103.289119][ T6324] bridge_slave_0: entered promiscuous mode
[  103.308239][ T6324] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.315775][ T6324] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.323059][ T6324] bridge_slave_1: entered allmulticast mode
[  103.332206][ T6324] bridge_slave_1: entered promiscuous mode
[  103.363984][   T10] usb 5-1: Using ep0 maxpacket: 16
[  103.371101][   T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.384175][   T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.394186][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  103.401503][   T10] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  103.411498][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.438751][   T10] usb 5-1: config 0 descriptor??
[  103.538634][ T6324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.546169][ T6439] loop3: detected capacity change from 0 to 512
[  103.548172][ T5844] Bluetooth: hci1: command tx timeout
[  103.562647][ T6439] EXT4-fs (loop3): Test dummy encryption mode enabled
[  103.570146][ T6439] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  103.586452][ T6324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.622034][ T6439] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.155: bad orphan inode 131083
[  103.689484][ T6439] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.690393][ T6324] team0: Port device team_slave_0 added
[  103.718998][ T6387] chnl_net:caif_netlink_parms(): no params data found
[  103.758279][ T6439] overlayfs: upper fs needs to support d_type.
[  103.791226][ T6324] team0: Port device team_slave_1 added
[  103.839771][ T5826] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /29/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  103.991353][ T6324] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.999187][ T6324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.027482][ T6324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.150548][   T10] usb 5-1: USB disconnect, device number 3
[  104.238561][ T1083] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.295795][ T5826] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.333914][ T5844] Bluetooth: hci2: command tx timeout
[  104.364159][ T6324] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.371147][ T6324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.444686][ T6324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.608812][ T1083] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.761193][ T6324] hsr_slave_0: entered promiscuous mode
[  104.774199][   T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  104.785241][ T6324] hsr_slave_1: entered promiscuous mode
[  104.841903][ T1083] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.911197][ T6387] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.923116][ T6387] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.930913][ T6387] bridge_slave_0: entered allmulticast mode
[  104.939115][ T6387] bridge_slave_0: entered promiscuous mode
[  104.945386][   T10] usb 1-1: Using ep0 maxpacket: 16
[  104.958811][   T10] usb 1-1: config 0 has no interfaces?
[  104.968174][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  104.983718][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  104.993703][   T10] usb 1-1: SerialNumber: syz
[  105.020475][ T1083] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.033343][   T10] usb 1-1: config 0 descriptor??
[  105.053770][ T6387] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.062175][ T6387] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.069851][ T6387] bridge_slave_1: entered allmulticast mode
[  105.078200][ T6387] bridge_slave_1: entered promiscuous mode
[  105.157706][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.170520][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.180474][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.182709][ T6387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.224372][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.234151][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.306655][ T6387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.331349][   T75] tipc: Subscription rejected, illegal request
[  105.341751][ T5939] usb 1-1: USB disconnect, device number 2
[  105.455214][ T6387] team0: Port device team_slave_0 added
[  105.517532][ T6387] team0: Port device team_slave_1 added
[  105.585254][ T6468] loop4: detected capacity change from 0 to 32768
[  105.606874][ T6387] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.614907][ T5835] Bluetooth: hci1: command tx timeout
[  105.620387][ T6387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.648702][ T6468] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  105.658672][ T6387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.718800][ T6387] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.726813][ T6387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.757698][ T6387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.792304][ T1083] bridge_slave_1: left allmulticast mode
[  105.804660][ T1083] bridge_slave_1: left promiscuous mode
[  105.808146][ T5842] ocfs2: Unmounting device (7,4) on (node local)
[  105.810442][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.837513][ T1083] bridge_slave_0: left allmulticast mode
[  105.843186][ T1083] bridge_slave_0: left promiscuous mode
[  105.852620][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.408356][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.417123][ T5835] Bluetooth: hci2: command tx timeout
[  106.421753][ T6474] loop4: detected capacity change from 0 to 32768
[  106.434329][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.460455][ T1083] bond0 (unregistering): Released all slaves
[  106.630416][ T6474] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  106.630442][ T6474]   allowing incompatible features above 0.0: (unknown version)
[  106.630452][ T6474]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  106.691721][ T6474] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  106.701333][ T6474] bcachefs (loop4): initializing new filesystem
[  106.733301][ T6479] loop0: detected capacity change from 0 to 32768
[  106.744297][ T6479] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.169 (6479)
[  106.752008][ T6474] bcachefs (loop4): going read-write
[  106.773554][ T6479] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  106.776417][ T6474] bcachefs (loop4): marking superblocks
[  106.787622][ T6479] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  106.804072][ T6479] BTRFS info (device loop0): using free-space-tree
[  106.862855][ T6474] bcachefs (loop4): initializing freespace
[  106.871357][ T6387] hsr_slave_0: entered promiscuous mode
[  106.878268][ T6474] bcachefs (loop4): done initializing freespace
[  106.879141][ T6387] hsr_slave_1: entered promiscuous mode
[  106.891359][ T6387] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  106.898831][ T6474] bcachefs (loop4): reading snapshots table
[  106.900116][ T6387] Cannot create hsr debugfs directory
[  106.910531][ T6474] bcachefs (loop4): reading snapshots done
[  106.939701][ T6474] bcachefs (loop4): done starting filesystem
[  107.052421][ T1083] hsr_slave_0: left promiscuous mode
[  107.060805][ T1083] hsr_slave_1: left promiscuous mode
[  107.069594][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.077978][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.099475][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.107991][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.153318][ T1083] veth1_macvtap: left promiscuous mode
[  107.158988][ T1083] veth0_macvtap: left promiscuous mode
[  107.165501][ T1083] veth1_vlan: left promiscuous mode
[  107.170880][ T1083] veth0_vlan: left promiscuous mode
[  107.172089][ T5829] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  107.218250][ T5842] bcachefs (loop4): shutting down
[  107.223428][ T5842] bcachefs (loop4): going read-only
[  107.253500][ T5842] bcachefs (loop4): finished waiting for writes to stop
[  107.284473][ T5842] bcachefs (loop4): flushing journal and stopping allocators, journal seq 13
[  107.295359][ T5150] Bluetooth: hci0: command tx timeout
[  107.437613][ T5842] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 16
[  107.479290][ T5842] bcachefs (loop4): clean shutdown complete, journal seq 17
[  107.504875][ T5842] bcachefs (loop4): marking filesystem clean
[  107.586022][ T5842] bcachefs (loop4): shutdown complete
[  107.700503][ T5150] Bluetooth: hci1: command tx timeout
[  107.848546][ T1083] team0 (unregistering): Port device team_slave_1 removed
[  107.892617][ T1083] team0 (unregistering): Port device team_slave_0 removed
[  108.327268][ T6324] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  108.397165][ T6324] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  108.470574][ T6324] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  108.529454][ T6324] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  108.578415][ T6465] chnl_net:caif_netlink_parms(): no params data found
[  109.062129][ T6465] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.078730][ T6465] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.104034][ T6465] bridge_slave_0: entered allmulticast mode
[  109.111856][ T6465] bridge_slave_0: entered promiscuous mode
[  109.158827][ T6465] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.180955][ T6465] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.198952][ T6465] bridge_slave_1: entered allmulticast mode
[  109.216213][ T6465] bridge_slave_1: entered promiscuous mode
[  109.340839][ T6528] loop0: detected capacity change from 0 to 16
[  109.354917][ T6465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.374855][ T5150] Bluetooth: hci0: command tx timeout
[  109.384299][ T6528] erofs (device loop0): mounted with root inode @ nid 36.
[  109.412312][ T6465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.503058][ T6465] team0: Port device team_slave_0 added
[  109.518062][ T6387] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  109.584992][ T1083] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.618276][ T6465] team0: Port device team_slave_1 added
[  109.624373][ T6387] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  109.718225][ T6526] loop4: detected capacity change from 0 to 32768
[  109.728056][ T1083] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.745628][ T6526] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  109.755608][ T6387] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  109.762796][ T6526] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  109.775523][ T5150] Bluetooth: hci1: command tx timeout
[  109.785561][ T6387] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  109.811375][ T6526] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  109.828756][ T6535] loop0: detected capacity change from 0 to 512
[  109.853406][ T6535] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.175: casefold flag without casefold feature
[  109.854339][ T5930] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  109.874406][ T6535] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.175: couldn't read orphan inode 15 (err -117)
[  109.875318][ T5930] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  109.896365][ T6535] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.900423][ T6465] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.929040][ T6465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.959018][ T6465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.014461][ T5930] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 139ms
[  110.022644][ T5930] gfs2: fsid=syz:syz.0: jid=0: Done
[  110.023349][ T6535] loop0: detected capacity change from 512 to 0
[  110.032817][ T6526] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  110.042860][ T6538] syz.0.175: attempt to access beyond end of device
[  110.042860][ T6538] loop0: rw=14337, sector=2, nr_sectors = 2 limit=0
[  110.060766][ T6538] Buffer I/O error on dev loop0, logical block 1, lost sync page write
[  110.071087][ T1083] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.087908][ T6538] EXT4-fs (loop0): I/O error while writing superblock
[  110.117966][ T6465] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.143924][ T6465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.168977][ T5829] syz-executor: attempt to access beyond end of device
[  110.168977][ T5829] loop0: rw=12288, sector=72, nr_sectors = 2 limit=0
[  110.177673][ T6465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.195879][ T5829] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1051: inode #2: lblock 0: comm syz-executor: error -5 reading directory block
[  110.232739][ T6324] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.241368][ T6526] gfs2: fsid=syz:syz.0: found 1 quota changes
[  110.268385][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.268385][   T13] loop0: rw=524288, sector=12, nr_sectors = 2 limit=0
[  110.290014][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.290014][   T13] loop0: rw=524288, sector=14, nr_sectors = 2 limit=0
[  110.316250][ T1083] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.329340][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.329340][   T13] loop0: rw=524288, sector=16, nr_sectors = 2 limit=0
[  110.348714][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.348714][   T13] loop0: rw=524288, sector=18, nr_sectors = 2 limit=0
[  110.388040][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.388040][   T13] loop0: rw=524288, sector=20, nr_sectors = 2 limit=0
[  110.418640][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.418640][   T13] loop0: rw=524288, sector=22, nr_sectors = 2 limit=0
[  110.442794][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.442794][   T13] loop0: rw=524288, sector=24, nr_sectors = 2 limit=0
[  110.456789][   T13] kworker/u8:1: attempt to access beyond end of device
[  110.456789][   T13] loop0: rw=524288, sector=26, nr_sectors = 2 limit=0
[  110.470519][   T13] EXT4-fs error (device loop0): __ext4_get_inode_loc_noinmem:4914: inode #2: block 5: comm kworker/u8:1: unable to read itable block
[  110.487216][   T13] Buffer I/O error on dev loop0, logical block 1, lost sync page write
[  110.495031][ T6465] hsr_slave_0: entered promiscuous mode
[  110.501995][ T6465] hsr_slave_1: entered promiscuous mode
[  110.506171][   T13] EXT4-fs (loop0): I/O error while writing superblock
[  110.522035][ T5829] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.535648][ T6465] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  110.543488][ T6465] Cannot create hsr debugfs directory
[  110.558083][ T5829] Buffer I/O error on dev loop0, logical block 1, lost sync page write
[  110.584728][ T5829] EXT4-fs (loop0): I/O error while writing superblock
[  110.619387][ T6324] 8021q: adding VLAN 0 to HW filter on device team0
[  110.785042][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.792210][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.899511][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.906716][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.454577][ T5150] Bluetooth: hci0: command tx timeout
[  111.689820][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  111.712861][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  111.721463][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  111.732484][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  111.740762][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  111.852132][ T6564] Zero length message leads to an empty skb
[  111.930845][ T1083] bond0 (unregistering): Released all slaves
[  112.272915][ T6387] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.409394][ T6566] loop4: detected capacity change from 0 to 32768
[  112.411209][ T6387] 8021q: adding VLAN 0 to HW filter on device team0
[  112.477031][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.484186][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.506855][ T6566] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  112.520848][ T1083] hsr_slave_0: left promiscuous mode
[  112.529528][ T1083] hsr_slave_1: left promiscuous mode
[  112.556267][ T1083] veth1_macvtap: left promiscuous mode
[  112.563151][ T1083] veth0_macvtap: left promiscuous mode
[  112.573515][ T1083] veth1_vlan: left promiscuous mode
[  112.579389][ T1083] veth0_vlan: left promiscuous mode
[  112.601773][ T6566] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  112.628899][ T6566] XFS (loop4): Starting recovery (logdev: internal)
[  112.658325][ T6566] XFS (loop4): Ending recovery (logdev: internal)
[  112.762392][   T30] audit: type=1800 audit(1751398212.991:34): pid=6566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.184" name="file1" dev="loop4" ino=4426 res=0 errno=0
[  112.874341][ T5842] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  113.349126][ T6585] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  113.544089][ T5150] Bluetooth: hci0: command tx timeout
[  113.656561][ T6465] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  113.675910][   T75] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.683065][   T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.717067][ T6465] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  113.728305][ T6465] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  113.756056][ T6465] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  113.777488][ T5150] Bluetooth: hci3: command tx timeout
[  113.953327][ T6324] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.970656][ T6592] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  113.981687][ T6592] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  114.059429][ T6557] chnl_net:caif_netlink_parms(): no params data found
[  114.146305][ T6604] Bluetooth: MGMT ver 1.23
[  114.159091][ T6604] Bluetooth: hci0: unsupported parameter 4096
[  114.176486][ T6604] Bluetooth: hci0: invalid length 0, exp 2 for type 3
[  114.182093][ T1083] IPVS: stop unused estimator thread 0...
[  114.551334][ T1083] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.572830][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.580443][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.589144][ T6557] bridge_slave_0: entered allmulticast mode
[  114.597649][ T6557] bridge_slave_0: entered promiscuous mode
[  114.621510][ T6465] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.630740][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.642222][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.650058][ T6557] bridge_slave_1: entered allmulticast mode
[  114.659290][ T6557] bridge_slave_1: entered promiscuous mode
[  114.676593][ T1083] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.746798][ T6557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.772676][ T1083] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.793107][ T6465] 8021q: adding VLAN 0 to HW filter on device team0
[  114.808779][ T6387] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.831463][ T6557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.889364][ T1083] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.918467][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.925641][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.955694][ T6557] team0: Port device team_slave_0 added
[  114.996514][ T6557] team0: Port device team_slave_1 added
[  115.028832][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.036006][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.110285][ T6324] veth0_vlan: entered promiscuous mode
[  115.151050][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.163422][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.196272][ T6557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.212849][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.223036][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.250810][ T6557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.273247][ T6324] veth1_vlan: entered promiscuous mode
[  115.369171][ T6631] loop4: detected capacity change from 0 to 512
[  115.376257][ T6557] hsr_slave_0: entered promiscuous mode
[  115.383582][ T6557] hsr_slave_1: entered promiscuous mode
[  115.390685][ T6557] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  115.393289][ T6631] EXT4-fs (loop4): Test dummy encryption mode enabled
[  115.398789][ T6557] Cannot create hsr debugfs directory
[  115.411462][ T6631] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  115.450614][ T6631] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.194: bad orphan inode 131083
[  115.465281][ T6631] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.525526][ T6631] overlayfs: upper fs needs to support d_type.
[  115.582994][ T5842] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /55/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  115.673002][ T1083] bridge_slave_1: left allmulticast mode
[  115.687345][ T1083] bridge_slave_1: left promiscuous mode
[  115.693191][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.733594][ T1083] bridge_slave_0: left allmulticast mode
[  115.740283][ T1083] bridge_slave_0: left promiscuous mode
[  115.747482][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.864157][ T5150] Bluetooth: hci3: command tx timeout
[  116.038541][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.049503][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.061030][ T1083] bond0 (unregistering): Released all slaves
[  116.256332][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.295718][ T6324] veth0_macvtap: entered promiscuous mode
[  116.361763][ T6387] veth0_vlan: entered promiscuous mode
[  116.394197][ T6465] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.401522][ T6324] veth1_macvtap: entered promiscuous mode
[  116.552525][ T6387] veth1_vlan: entered promiscuous mode
[  116.590095][ T1083] hsr_slave_0: left promiscuous mode
[  116.605803][ T1083] hsr_slave_1: left promiscuous mode
[  116.611640][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.634131][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0
[  116.654862][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.662404][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1
[  116.710823][ T1083] veth1_macvtap: left promiscuous mode
[  116.723962][ T1083] veth0_macvtap: left promiscuous mode
[  116.729572][ T1083] veth1_vlan: left promiscuous mode
[  116.737152][ T1083] veth0_vlan: left promiscuous mode
[  116.997144][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  117.024998][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  117.039365][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  117.067335][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  117.078675][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  117.262092][ T1083] team0 (unregistering): Port device team_slave_1 removed
[  117.301770][ T1083] team0 (unregistering): Port device team_slave_0 removed
[  117.737894][ T6324] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.771236][ T6557] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  117.832615][ T6324] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.842770][ T6557] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  117.889815][ T6387] veth0_macvtap: entered promiscuous mode
[  117.900846][ T6557] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  117.916526][ T1113] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.927377][ T1113] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.936260][ T5150] Bluetooth: hci3: command tx timeout
[  117.948250][ T6387] veth1_macvtap: entered promiscuous mode
[  117.961019][ T6557] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  117.989033][ T1113] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.000692][ T1113] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.114958][ T6387] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.154518][ T6387] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.185184][ T6465] veth0_vlan: entered promiscuous mode
[  118.242098][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.250299][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.277237][ T1109] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.313511][ T1109] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.327288][ T1109] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.340052][ T6465] veth1_vlan: entered promiscuous mode
[  118.368982][ T1109] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.381644][ T6643] chnl_net:caif_netlink_parms(): no params data found
[  118.415403][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.423264][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.450265][ T1083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.623630][ T1083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.665808][ T6643] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.672938][ T6643] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.680440][ T6643] bridge_slave_0: entered allmulticast mode
[  118.688525][ T6643] bridge_slave_0: entered promiscuous mode
[  118.756766][ T1083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.799558][ T6643] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.806881][ T6643] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.825975][ T6643] bridge_slave_1: entered allmulticast mode
[  118.838524][ T6643] bridge_slave_1: entered promiscuous mode
[  118.906567][ T1083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.953026][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.964871][ T6643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.974435][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.998255][ T6643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.097340][ T6465] veth0_macvtap: entered promiscuous mode
[  119.119509][ T6665] loop5: detected capacity change from 0 to 512
[  119.128221][ T6665] EXT4-fs: inline encryption not supported
[  119.135367][ T5150] Bluetooth: hci4: command tx timeout
[  119.151221][ T6643] team0: Port device team_slave_0 added
[  119.158828][ T6665] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  119.161998][ T6643] team0: Port device team_slave_1 added
[  119.182737][ T6465] veth1_macvtap: entered promiscuous mode
[  119.192307][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.222535][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.239170][ T6665] EXT4-fs (loop5): 1 truncate cleaned up
[  119.248996][ T6665] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.251260][ T6557] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.306007][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.312959][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.349201][ T6643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.377181][ T6324] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.422409][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.431221][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.463107][ T6643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.547125][ T6465] batman_adv: batadv0: Interface activated: batadv_slave_0
[  119.645126][ T6557] 8021q: adding VLAN 0 to HW filter on device team0
[  119.741655][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.748813][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state
[  119.780694][ T1083] bridge_slave_1: left allmulticast mode
[  119.793974][ T1083] bridge_slave_1: left promiscuous mode
[  119.799827][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.825296][ T1083] bridge_slave_0: left allmulticast mode
[  119.830981][ T1083] bridge_slave_0: left promiscuous mode
[  119.838024][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.015579][ T5150] Bluetooth: hci3: command tx timeout
[  120.119368][ T6684] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  120.281985][ T6680] loop5: detected capacity change from 0 to 32768
[  120.308708][ T6680] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  120.379311][ T6680] XFS (loop5): Ending clean mount
[  120.397740][ T6680] XFS (loop5): Quotacheck needed: Please wait.
[  120.477007][ T6680] XFS (loop5): Quotacheck: Done.
[  120.487323][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  120.499234][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  120.512985][ T1083] bond0 (unregistering): Released all slaves
[  120.541392][ T6643] hsr_slave_0: entered promiscuous mode
[  120.556815][ T6643] hsr_slave_1: entered promiscuous mode
[  120.564930][ T6643] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.572585][ T6643] Cannot create hsr debugfs directory
[  120.581825][   T30] audit: type=1804 audit(1751398220.811:35): pid=6680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.203" name="/newroot/5/file0/file1" dev="loop5" ino=9286 res=1 errno=0
[  120.657793][ T6324] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  120.693653][ T6588] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.700788][ T6588] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.710818][ T6465] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.890859][   T13] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.907192][   T13] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.060798][   T13] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.160965][   T13] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.172568][ T6700] loop5: detected capacity change from 0 to 32768
[  121.211827][ T6700] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  121.216164][ T5844] Bluetooth: hci4: command tx timeout
[  121.262425][ T6700] OCFS2: ERROR (device loop5): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #2304 has bad signature 
[  121.279732][ T6700] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  121.289844][ T6700] OCFS2: File system is now read-only.
[  121.295655][ T6700] (syz.5.207,6700,1):ocfs2_search_chain:1852 ERROR: status = -30
[  121.304010][ T6700] (syz.5.207,6700,1):ocfs2_search_chain:1940 ERROR: status = -30
[  121.311872][ T6700] (syz.5.207,6700,1):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[  121.320276][ T6700] (syz.5.207,6700,1):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[  121.328697][ T6700] (syz.5.207,6700,1):__ocfs2_claim_clusters:2438 ERROR: status = -30
[  121.336839][ T6700] (syz.5.207,6700,1):__ocfs2_claim_clusters:2446 ERROR: status = -30
[  121.344974][ T6700] (syz.5.207,6700,1):ocfs2_local_alloc_new_window:1199 ERROR: status = -30
[  121.353571][ T6700] (syz.5.207,6700,1):ocfs2_local_alloc_new_window:1224 ERROR: status = -30
[  121.362217][ T6700] (syz.5.207,6700,1):ocfs2_local_alloc_slide_window:1298 ERROR: status = -30
[  121.371194][ T6700] (syz.5.207,6700,1):ocfs2_local_alloc_slide_window:1317 ERROR: status = -30
[  121.381343][ T6700] (syz.5.207,6700,1):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -30
[  121.390101][ T6700] (syz.5.207,6700,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30
[  121.399177][ T6700] (syz.5.207,6700,1):ocfs2_reserve_clusters_with_limit:1172 ERROR: status = -30
[  121.408297][ T6700] (syz.5.207,6700,1):ocfs2_reserve_clusters_with_limit:1221 ERROR: status = -30
[  121.417359][ T6700] (syz.5.207,6700,1):ocfs2_lock_allocators:2775 ERROR: status = -30
[  121.425390][ T6700] (syz.5.207,6700,1):ocfs2_write_begin_nolock:1723 ERROR: status = -30
[  121.433672][ T6700] (syz.5.207,6700,1):ocfs2_write_begin:1886 ERROR: status = -30
[  121.498875][ T6324] (syz-executor,6324,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  121.509988][ T1083] hsr_slave_0: left promiscuous mode
[  121.516635][ T1083] hsr_slave_1: left promiscuous mode
[  121.520962][ T6324] ocfs2: Unmounting device (7,5) on (node local)
[  121.522724][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.565113][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.575029][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.588116][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.618155][ T1083] veth1_macvtap: left promiscuous mode
[  121.623799][ T1083] veth0_macvtap: left promiscuous mode
[  121.630153][ T1083] veth1_vlan: left promiscuous mode
[  121.635606][ T1083] veth0_vlan: left promiscuous mode
[  122.253782][ T1083] team0 (unregistering): Port device team_slave_1 removed
[  122.325600][ T1083] team0 (unregistering): Port device team_slave_0 removed
[  123.111200][ T6557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  123.300875][ T5844] Bluetooth: hci4: command tx timeout
[  123.345505][ T6331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.353367][ T6331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.541898][ T6331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.553134][ T6557] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.563923][ T6331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.633286][ T6643] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  123.692102][ T6643] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  123.748954][ T6643] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  123.778740][ T6643] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  123.869334][ T6721] loop6: detected capacity change from 0 to 32768
[  124.013008][ T6721] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  124.013033][ T6721]   allowing incompatible features above 0.0: (unknown version)
[  124.013044][ T6721]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  124.109047][ T6643] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.153514][ T6643] 8021q: adding VLAN 0 to HW filter on device team0
[  124.205607][   T75] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.205737][   T75] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.223837][   T75] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.223960][   T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.310945][ T6721] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  124.324145][ T6721] bcachefs (loop6): initializing new filesystem
[  124.351187][ T6721] bcachefs (loop6): going read-write
[  124.367882][ T6721] bcachefs (loop6): marking superblocks
[  124.389292][ T6557] veth0_vlan: entered promiscuous mode
[  124.402164][ T6721] bcachefs (loop6): initializing freespace
[  124.420076][ T6721] bcachefs (loop6): done initializing freespace
[  124.440518][ T6721] bcachefs (loop6): reading snapshots table
[  124.449085][ T6557] veth1_vlan: entered promiscuous mode
[  124.474273][ T6721] bcachefs (loop6): reading snapshots done
[  124.573136][ T6721] bcachefs (loop6): done starting filesystem
[  124.610381][ T6557] veth0_macvtap: entered promiscuous mode
[  124.631625][ T6730] loop5: detected capacity change from 0 to 32768
[  124.661318][ T6557] veth1_macvtap: entered promiscuous mode
[  124.678845][ T6730] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.215 (6730)
[  124.738697][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.746565][ T6730] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  124.776143][ T6730] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm
[  124.792916][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.819879][ T6730] BTRFS info (device loop5): disk space caching is enabled
[  124.857998][   T75] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.864488][ T6730] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  124.870199][   T75] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.933104][   T75] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.957076][ T6387] bcachefs (loop6): shutting down
[  124.962714][ T6387] bcachefs (loop6): going read-only
[  124.970871][   T75] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.990458][ T6387] bcachefs (loop6): finished waiting for writes to stop
[  125.009453][ T6387] bcachefs (loop6): flushing journal and stopping allocators, journal seq 9
[  125.121492][ T6730] BTRFS info (device loop5): rebuilding free space tree
[  125.177671][ T6730] BTRFS info (device loop5): disabling free space tree
[  125.187050][ T6643] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.188735][ T6730] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  125.207007][ T6387] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 13
[  125.216374][ T6730] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  125.230428][ T6387] bcachefs (loop6): clean shutdown complete, journal seq 14
[  125.245364][ T6387] bcachefs (loop6): marking filesystem clean
[  125.309338][ T6387] bcachefs (loop6): shutdown complete
[  125.382088][ T5844] Bluetooth: hci4: command tx timeout
[  125.549426][ T1113] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared)
[  125.624365][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.632217][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.700638][ T6331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.709538][ T6331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.752466][ T6324] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  125.903222][ T6643] veth0_vlan: entered promiscuous mode
[  125.924373][ T5907] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  125.944579][ T6643] veth1_vlan: entered promiscuous mode
[  126.013370][ T6643] veth0_macvtap: entered promiscuous mode
[  126.063710][ T6643] veth1_macvtap: entered promiscuous mode
[  126.097867][ T5907] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.124665][ T5907] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.152287][ T5907] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  126.155509][ T6791] netlink: 'syz.8.220': attribute type 4 has an invalid length.
[  126.170629][ T5907] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  126.198700][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.224500][ T5907] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.238193][ T5907] usb 8-1: config 0 descriptor??
[  126.250956][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.284112][   T30] audit: type=1326 audit(1751398226.511:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6790 comm="syz.8.220" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9fa518e929 code=0x0
[  126.321287][   T36] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.340519][   T36] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.376812][   T36] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.393418][ T6795] loop5: detected capacity change from 0 to 512
[  126.407597][   T36] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.424290][ T6795] EXT4-fs (loop5): failed to initialize system zone (-117)
[  126.431628][ T6795] EXT4-fs (loop5): mount failed
[  126.523163][ T6588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.538577][ T6588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.568346][ T6588] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.579606][ T6588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.692319][ T5907] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  126.835532][ T6805] Illegal XDP return value 4294967274 on prog  (id 24) dev syz_tun, expect packet loss!
[  126.974489][   T92] usb 8-1: USB disconnect, device number 2
[  127.641490][ T6839] loop6: detected capacity change from 0 to 16
[  127.679304][ T6839] erofs (device loop6): mounted with root inode @ nid 36.
[  127.757301][ T5844] erofs (device loop6): failed to decompress -26 in[46, 0] out[9000]
[  127.772210][ T6839] erofs (device loop6): failed to decompress -26 in[46, 4050] out[4096]
[  127.786190][ T6839] erofs (device loop6): read error -117 @ 0 of nid 89
[  128.161533][ T6834] loop8: detected capacity change from 0 to 32768
[  128.183634][ T6834] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  128.355698][ T6834] XFS (loop8): Ending clean mount
[  128.423934][   T30] audit: type=1800 audit(1751398228.641:37): pid=6834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.233" name="file2" dev="loop8" ino=6151 res=0 errno=0
[  128.541029][ T6557] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  128.710134][ T6872] cifs: Unknown parameter 'mode'
[  128.903080][ T6880] loop7: detected capacity change from 0 to 2048
[  128.981999][ T6886] loop6: detected capacity change from 0 to 128
[  128.991558][ T6880] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  129.018825][ T6886] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  129.068431][ T6886] ext4 filesystem being mounted at /16/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  129.088813][ T6886] syz.6.255 (pid 6886) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  129.184420][ T5836] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  129.199115][ T6886] fscrypt: Adiantum using implementation "adiantum(xchacha12-x86_64,aes-aesni,nhpoly1305-avx2)"
[  129.223996][   T92] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  129.251909][ T6387] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  129.287428][ T5907] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  129.374486][ T5836] usb 6-1: Using ep0 maxpacket: 16
[  129.389063][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.400186][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.403945][   T92] usb 9-1: Using ep0 maxpacket: 16
[  129.410149][ T5836] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  129.422501][   T92] usb 9-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  129.437169][ T5836] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  129.437197][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.446365][ T5907] usb 10-1: Using ep0 maxpacket: 16
[  129.460321][   T92] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.461484][ T5836] usb 6-1: config 0 descriptor??
[  129.470676][   T92] usb 9-1: Product: syz
[  129.478676][   T92] usb 9-1: Manufacturer: syz
[  129.483427][   T92] usb 9-1: SerialNumber: syz
[  129.487427][ T5907] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  129.499542][   T92] usb 9-1: config 0 descriptor??
[  129.499737][ T5907] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.515372][ T5907] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  129.532375][ T5907] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  129.538195][   T92] ssu100 9-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  129.542718][ T5907] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.558765][ T5907] usb 10-1: Product: syz
[  129.563064][ T5907] usb 10-1: Manufacturer: syz
[  129.567838][ T5907] usb 10-1: SerialNumber: syz
[  129.939535][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  129.951278][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  129.958989][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  129.970853][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  129.974818][ T6914] loop6: detected capacity change from 0 to 4096
[  129.978392][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  129.995521][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  130.003851][ T5907] usb 10-1: 0:2 : does not exist
[  130.011004][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  130.019215][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  130.026728][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  130.034268][ T5836] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  130.077272][ T5836] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0003/input/input7
[  130.122880][ T5836] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  130.149377][ T5836] usb 6-1: USB disconnect, device number 2
[  130.754242][   T92] usb 9-1: Quatech SSU-100 USB to Serial Driver converter now attached to ttyUSB0
[  130.973991][ T5939] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  131.014606][ T5891] usb 9-1: USB disconnect, device number 2
[  131.031683][ T5891] ssu100 ttyUSB0: Quatech SSU-100 USB to Serial Driver converter now disconnected from ttyUSB0
[  131.043611][ T5891] ssu100 9-1:0.0: device disconnected
[  131.051713][ T5907] usb 10-1: 1:0: failed to get current value for ch 0 (-22)
[  131.101824][ T5907] usb 10-1: USB disconnect, device number 2
[  131.157297][ T5939] usb 7-1: Using ep0 maxpacket: 8
[  131.167595][ T6940] loop5: detected capacity change from 0 to 1024
[  131.182203][ T5939] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  131.193400][ T5939] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  131.195069][ T6940] EXT4-fs: Ignoring removed orlov option
[  131.206883][ T5939] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  131.211460][ T6940] EXT4-fs: Ignoring removed nomblk_io_submit option
[  131.222015][ T5939] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  131.241233][ T5939] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  131.250405][ T5939] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.273308][ T6940] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.442299][ T6324] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.472123][ T5939] usb 7-1: GET_CAPABILITIES returned 0
[  131.485197][ T5939] usbtmc 7-1:16.0: can't read capabilities
[  131.565129][ T6947] loop5: detected capacity change from 0 to 256
[  131.589259][ T6947] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  131.625300][ T6949] loop2: detected capacity change from 0 to 7
[  131.635518][ T6949]  loop2:
[  131.638649][ T6949] loop2: partition table partially beyond EOD, truncated
[  131.649737][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880565d6000: rx timeout, send abort
[  131.662183][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880565d6000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  131.680523][ T6947] netlink: 44 bytes leftover after parsing attributes in process `syz.5.278'.
[  131.693538][ T6947] netlink: 'syz.5.278': attribute type 6 has an invalid length.
[  131.712796][ T5907] usb 7-1: USB disconnect, device number 2
[  131.716750][ T6947] netlink: 'syz.5.278': attribute type 5 has an invalid length.
[  131.735123][ T6951] loop9: detected capacity change from 0 to 512
[  131.749816][ T6951] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  131.750426][ T6947] netlink: 'syz.5.278': attribute type 4 has an invalid length.
[  131.812707][ T6951] EXT4-fs error (device loop9): xattr_find_entry:333: inode #15: comm syz.9.280: corrupted xattr entries
[  131.866436][ T6951] EXT4-fs (loop9): Remounting filesystem read-only
[  131.890830][ T6951] EXT4-fs warning (device loop9): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  131.932592][ T6951] EXT4-fs (loop9): 1 truncate cleaned up
[  131.956928][ T6951] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.015443][ T6643] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.329463][ T6976] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  132.376674][ T6980] loop5: detected capacity change from 0 to 512
[  132.399645][ T6980] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.293: casefold flag without casefold feature
[  132.406872][ T6983] loop9: detected capacity change from 0 to 512
[  132.418090][ T6980] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.293: couldn't read orphan inode 15 (err -117)
[  132.443491][ T6980] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  132.464361][ T6983] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  132.501591][ T6983] EXT4-fs (loop9): 1 truncate cleaned up
[  132.503246][ T6985] syzkaller0: entered promiscuous mode
[  132.519154][ T6983] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.531414][ T5939] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  132.538925][   T30] audit: type=1800 audit(1751398232.751:38): pid=6980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.293" name="bus" dev="loop5" ino=19 res=0 errno=0
[  132.550110][ T6985] syzkaller0: entered allmulticast mode
[  132.605475][ T6980] loop5: detected capacity change from 512 to 258
[  132.633613][ T6987] bio_check_eod: 3 callbacks suppressed
[  132.633633][ T6987] syz.5.293: attempt to access beyond end of device
[  132.633633][ T6987] loop5: rw=2051, sector=506, nr_sectors = 2 limit=258
[  132.661915][ T6987] EXT4-fs (loop5): discard request in group:0 block:252 count:1 failed with -5
[  132.676338][ T6987] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6548: IO failure
[  132.676537][ T6643] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.687313][ T6987] syz.5.293: attempt to access beyond end of device
[  132.687313][ T6987] loop5: rw=2051, sector=510, nr_sectors = 2 limit=258
[  132.732421][ T6987] EXT4-fs (loop5): discard request in group:0 block:254 count:1 failed with -5
[  132.743648][ T6987] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6548: IO failure
[  132.765697][ T5939] usb 9-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  132.775364][ T5939] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.794300][ T5939] usb 9-1: Product: syz
[  132.798762][ T5939] usb 9-1: Manufacturer: syz
[  132.804423][ T5939] usb 9-1: SerialNumber: syz
[  132.813774][ T6994] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  132.817071][ T5939] usb 9-1: config 0 descriptor??
[  132.821499][ T5939] gspca_main: sunplus-2.14.0 probing 055f:c230
[  132.822519][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  132.822593][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  132.860281][ T6324] EXT4-fs error (device loop5): htree_dirblock_to_tree:1080: inode #2: block 36: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=17104912, rec_len=26982, size=1024 fake=0
[  132.970785][ T6324] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.185399][ T7006] loop9: detected capacity change from 0 to 47
[  133.389685][ T1113] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.606728][ T1113] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.704030][ T5836] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  133.732790][ T1113] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.849456][ T1113] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.894753][ T5836] usb 10-1: Using ep0 maxpacket: 32
[  134.024730][ T5836] usb 10-1: device descriptor read/all, error -71
[  134.137982][ T1113] bridge_slave_1: left allmulticast mode
[  134.144368][ T1113] bridge_slave_1: left promiscuous mode
[  134.155841][ T1113] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.195051][ T1113] bridge_slave_0: left allmulticast mode
[  134.200730][ T1113] bridge_slave_0: left promiscuous mode
[  134.234397][ T1113] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.280976][ T5939] gspca_sunplus: reg_r err -71
[  134.294074][ T5939] sunplus 9-1:0.0: probe with driver sunplus failed with error -71
[  134.316605][ T5939] usb 9-1: USB disconnect, device number 3
[  134.464890][   T92] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  134.493250][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  134.504464][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  134.514338][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  134.536632][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  134.547274][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  134.624047][   T92] usb 8-1: Using ep0 maxpacket: 8
[  134.633989][   T92] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  134.643472][   T92] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.657428][   T92] usb 8-1: config 0 descriptor??
[  134.983248][ T1113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  134.996862][ T7032] loop8: detected capacity change from 0 to 2048
[  135.004505][ T1113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.015267][ T1113] bond0 (unregistering): Released all slaves
[  135.028337][ T7032] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  135.038070][ T7025] warning: `syz.9.313' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  135.444000][ T5939] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  135.487934][ T1113] hsr_slave_0: left promiscuous mode
[  135.506494][ T1113] hsr_slave_1: left promiscuous mode
[  135.517993][ T1113] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.526053][ T1113] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.534833][ T1113] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.542859][ T1113] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.569596][ T1113] veth1_macvtap: left promiscuous mode
[  135.575474][ T1113] veth0_macvtap: left promiscuous mode
[  135.581201][ T1113] veth1_vlan: left promiscuous mode
[  135.588365][ T1113] veth0_vlan: left promiscuous mode
[  135.603946][ T5939] usb 10-1: Using ep0 maxpacket: 8
[  135.616393][ T5939] usb 10-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  135.635000][ T5939] usb 10-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  135.664759][ T5939] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  135.682513][ T5939] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.716830][ T5939] usbtmc 10-1:16.0: bulk endpoints not found
[  136.090935][   T92] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  136.101633][   T92] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  136.112992][   T92] asix 8-1:0.0: probe with driver asix failed with error -71
[  136.133467][   T92] usb 8-1: USB disconnect, device number 3
[  136.256710][ T1113] team0 (unregistering): Port device team_slave_1 removed
[  136.274873][ T5907] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  136.307887][ T1113] team0 (unregistering): Port device team_slave_0 removed
[  136.435139][ T5907] usb 9-1: Using ep0 maxpacket: 16
[  136.456200][ T5907] usb 9-1: config 0 has an invalid interface number: 251 but max is 0
[  136.475582][ T5907] usb 9-1: config 0 has no interface number 0
[  136.481693][ T5907] usb 9-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  136.491749][ T5907] usb 9-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  136.504736][ T5907] usb 9-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  136.523886][ T5907] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.531955][ T5907] usb 9-1: Product: syz
[  136.549000][ T5907] usb 9-1: Manufacturer: syz
[  136.553640][ T5907] usb 9-1: SerialNumber: syz
[  136.577048][ T5907] usb 9-1: config 0 descriptor??
[  136.577829][ T5835] Bluetooth: hci2: command tx timeout
[  136.582810][ T7045] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  136.612428][ T7045] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  136.818562][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  136.907520][ T7045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  137.015890][ T7045] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.112545][ T5907] asix 9-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  137.151355][ T5907] asix 9-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[  137.174777][ T5907] asix 9-1:0.251: probe with driver asix failed with error -5
[  137.197045][ T5907] usb 9-1: USB disconnect, device number 4
[  137.415417][ T7021] chnl_net:caif_netlink_parms(): no params data found
[  137.645657][ T7021] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.668659][ T7021] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.694336][ T7021] bridge_slave_0: entered allmulticast mode
[  137.712364][ T7021] bridge_slave_0: entered promiscuous mode
[  137.731164][ T7021] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.743290][ T7021] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.750754][ T7021] bridge_slave_1: entered allmulticast mode
[  137.759639][ T7021] bridge_slave_1: entered promiscuous mode
[  137.871724][ T7021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.895449][ T7021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.015215][ T7021] team0: Port device team_slave_0 added
[  138.038643][ T7021] team0: Port device team_slave_1 added
[  138.126589][ T7021] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.133988][ T7021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.160689][ T7021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.182593][ T7021] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.189718][ T7021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.219675][ T7021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.338881][ T7021] hsr_slave_0: entered promiscuous mode
[  138.359984][ T7021] hsr_slave_1: entered promiscuous mode
[  138.628756][ T7083] loop8: detected capacity change from 0 to 40427
[  138.654182][ T5835] Bluetooth: hci2: command tx timeout
[  138.840579][ T7083] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  138.877265][   T30] audit: type=1800 audit(1751398239.111:39): pid=7083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.332" name="file0" dev="loop8" ino=10 res=0 errno=0
[  138.942866][ T6557] syz-executor: attempt to access beyond end of device
[  138.942866][ T6557] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  138.983296][ T6557] CPU: 1 UID: 0 PID: 6557 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  138.983344][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  138.983369][ T6557] Call Trace:
[  138.983377][ T6557]  <TASK>
[  138.983385][ T6557]  dump_stack_lvl+0x189/0x250
[  138.983421][ T6557]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.983442][ T6557]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  138.983467][ T6557]  ? __pfx_queue_work_on+0x10/0x10
[  138.983491][ T6557]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  138.983512][ T6557]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  138.983535][ T6557]  ? f2fs_hw_is_readonly+0x39b/0x470
[  138.983564][ T6557]  f2fs_handle_critical_error+0x37c/0x540
[  138.983593][ T6557]  f2fs_write_end_io+0x495/0x810
[  138.983615][ T6557]  ? blkg_put+0x22/0x240
[  138.983652][ T6557]  __submit_merged_bio+0x27a/0x6a0
[  138.983680][ T6557]  __submit_merged_write_cond+0x255/0x530
[  138.983711][ T6557]  f2fs_write_data_pages+0x261d/0x3000
[  138.983778][ T6557]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  138.983879][ T6557]  ? __lock_acquire+0xab9/0xd20
[  138.983911][ T6557]  ? do_raw_spin_lock+0x121/0x290
[  138.983942][ T6557]  ? do_raw_spin_unlock+0x122/0x240
[  138.983960][ T6557]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  138.983985][ T6557]  do_writepages+0x32e/0x550
[  138.984024][ T6557]  ? do_raw_spin_unlock+0x122/0x240
[  138.984047][ T6557]  filemap_fdatawrite+0x199/0x240
[  138.984071][ T6557]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  138.984163][ T6557]  ? do_raw_spin_unlock+0x122/0x240
[  138.984187][ T6557]  f2fs_sync_dirty_inodes+0x31f/0x830
[  138.984230][ T6557]  f2fs_write_checkpoint+0x95a/0x1df0
[  138.984284][ T6557]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  138.984359][ T6557]  ? try_to_wake_up+0x7e5/0x1290
[  138.984385][ T6557]  ? kill_f2fs_super+0x298/0x6c0
[  138.984416][ T6557]  kill_f2fs_super+0x2c3/0x6c0
[  138.984448][ T6557]  ? __pfx_kill_f2fs_super+0x10/0x10
[  138.984468][ T6557]  ? radix_tree_delete_item+0x2b6/0x400
[  138.984502][ T6557]  ? shrinker_free+0x2ce/0x3e0
[  138.984526][ T6557]  deactivate_locked_super+0xbc/0x130
[  138.984551][ T6557]  cleanup_mnt+0x425/0x4c0
[  138.984572][ T6557]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.984599][ T6557]  task_work_run+0x1d1/0x260
[  138.984621][ T6557]  ? __pfx_task_work_run+0x10/0x10
[  138.984636][ T6557]  ? __x64_sys_umount+0x122/0x160
[  138.984666][ T6557]  ? exit_to_user_mode_loop+0x40/0x110
[  138.984693][ T6557]  exit_to_user_mode_loop+0xec/0x110
[  138.984714][ T6557]  do_syscall_64+0x2bd/0x3b0
[  138.984730][ T6557]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.984753][ T6557]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.984770][ T6557]  ? clear_bhb_loop+0x60/0xb0
[  138.984793][ T6557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.984809][ T6557] RIP: 0033:0x7f9fa518fc57
[  138.984834][ T6557] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  138.984847][ T6557] RSP: 002b:00007ffeb24afdd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  138.984867][ T6557] RAX: 0000000000000000 RBX: 00007f9fa5210925 RCX: 00007f9fa518fc57
[  138.984879][ T6557] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb24afe90
[  138.984889][ T6557] RBP: 00007ffeb24afe90 R08: 0000000000000000 R09: 0000000000000000
[  138.984899][ T6557] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb24b0f20
[  138.984911][ T6557] R13: 00007f9fa5210925 R14: 0000000000021e81 R15: 00007ffeb24b0f60
[  138.984945][ T6557]  </TASK>
[  139.393253][ T7021] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  139.400511][ T6557] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  139.486783][ T7096] loop9: detected capacity change from 0 to 32768
[  139.501427][ T7021] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  139.512116][ T7101] loop2: detected capacity change from 0 to 7
[  139.535446][ T7021] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  139.559559][ T7101]  loop2:
[  139.561212][ T7021] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  139.576385][ T7101] loop2: partition table partially beyond EOD, truncated
[  139.605076][ T7096] ocfs2: Mounting device (7,9) on (node local, slot 0) with writeback data mode.
[  139.666072][   T30] audit: type=1800 audit(1751398239.881:40): pid=7096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.336" name="file1" dev="loop9" ino=17058 res=0 errno=0
[  139.807659][ T6643] ocfs2: Unmounting device (7,9) on (node local)
[  139.860424][ T7021] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.918304][ T7021] 8021q: adding VLAN 0 to HW filter on device team0
[  139.963732][ T6331] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.971031][ T6331] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.032974][ T6588] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.040178][ T6588] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.643483][ T7021] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.738851][ T5835] Bluetooth: hci2: command tx timeout
[  140.792968][ T7021] veth0_vlan: entered promiscuous mode
[  140.810305][ T7021] veth1_vlan: entered promiscuous mode
[  140.889935][ T7021] veth0_macvtap: entered promiscuous mode
[  140.913312][ T7021] veth1_macvtap: entered promiscuous mode
[  140.989190][ T7021] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.023282][ T7021] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.090410][ T1113] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.110442][ T1113] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.138470][ T1113] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.158363][ T1113] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.320643][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.333967][ T5938] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  141.345483][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.419109][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.445229][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.531845][ T5938] usb 8-1: config 8 has an invalid interface number: 177 but max is 0
[  141.552555][ T5938] usb 8-1: config 8 has no interface number 0
[  141.562817][ T5938] usb 8-1: config 8 interface 177 altsetting 9 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  141.580282][ T5938] usb 8-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[  141.592926][ T5938] usb 8-1: config 8 interface 177 has no altsetting 0
[  141.608862][ T5938] usb 8-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  141.628541][ T5938] usb 8-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  141.648861][ T5938] usb 8-1: Manufacturer: syz
[  141.705171][ T7149] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  141.719985][ T7163] loop2: detected capacity change from 0 to 512
[  141.768680][ T7163] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  141.798673][ T7163] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal
[  141.940805][ T5938] ir_toy 8-1:8.177: required endpoints not found
[  141.969244][ T5938] usb 8-1: USB disconnect, device number 4
[  142.227351][ T7161] loop8: detected capacity change from 0 to 32768
[  142.300029][ T7161] bcachefs (loop8): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  142.300045][ T7161]   allowing incompatible features above 0.0: (unknown version)
[  142.300052][ T7161]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  142.348988][ T7161] bcachefs (loop8): Using encoding defined by superblock: utf8-12.1.0
[  142.360497][ T7161] bcachefs (loop8): initializing new filesystem
[  142.375339][ T7161] bcachefs (loop8): going read-write
[  142.384600][ T7161] bcachefs (loop8): marking superblocks
[  142.407286][ T7161] bcachefs (loop8): initializing freespace
[  142.418148][ T7161] bcachefs (loop8): done initializing freespace
[  142.429863][ T7161] bcachefs (loop8): reading snapshots table
[  142.436229][ T7161] bcachefs (loop8): reading snapshots done
[  142.462317][ T7161] bcachefs (loop8): done starting filesystem
[  142.647950][ T6557] bcachefs (loop8): shutting down
[  142.657178][ T6557] bcachefs (loop8): going read-only
[  142.666035][ T6557] bcachefs (loop8): finished waiting for writes to stop
[  142.692788][ T7194] loop2: detected capacity change from 0 to 2048
[  142.699721][ T6557] bcachefs (loop8): flushing journal and stopping allocators, journal seq 2
[  142.716341][ T7194] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=18576, location=18576
[  142.763062][ T7194] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  142.780007][ T6557] bcachefs (loop8): flushing journal and stopping allocators complete, journal seq 3
[  142.786024][ T7196] netlink: 136 bytes leftover after parsing attributes in process `syz.7.367'.
[  142.802976][ T6557] bcachefs (loop8): clean shutdown complete, journal seq 4
[  142.811330][ T7196] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  142.813368][ T6557] bcachefs (loop8): marking filesystem clean
[  142.833764][ T5835] Bluetooth: hci2: command tx timeout
[  142.917927][ T7198] netlink: 212 bytes leftover after parsing attributes in process `syz.7.368'.
[  142.932034][ T7198] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[  142.951164][ T6557] bcachefs (loop8): shutdown complete
[  143.022515][ T7200] loop7: detected capacity change from 0 to 2048
[  143.145734][ T7200] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.196059][   T30] audit: type=1800 audit(1751398243.421:41): pid=7200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.370" name="file2" dev="loop7" ino=16 res=0 errno=0
[  143.352256][ T6465] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.937990][ T7222] sctp: [Deprecated]: syz.2.377 (pid 7222) Use of struct sctp_assoc_value in delayed_ack socket option.
[  143.937990][ T7222] Use struct sctp_sack_info instead
[  143.998652][ T7220] loop7: detected capacity change from 0 to 4096
[  144.040488][ T7220] ntfs3(loop7): Different NTFS sector size (2048) and media sector size (512).
[  144.423567][ T7232] loop7: detected capacity change from 0 to 1024
[  144.441031][ T7232] EXT4-fs: Ignoring removed nobh option
[  144.519665][ T7232] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.597139][ T7232] EXT4-fs warning (device loop7): ext4_rename_delete:3726: inode #12: comm syz.7.381: Deleting old file: nlink 2, error=-2
[  144.645473][ T7241] input: syz0 as /devices/virtual/input/input8
[  144.759885][ T6465] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.990137][ T7252] loop7: detected capacity change from 0 to 2048
[  145.010441][ T7255] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[  145.057128][ T7252] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  145.908398][ T7288] netlink: 28 bytes leftover after parsing attributes in process `syz.9.404'.
[  145.912064][    C0] Unknown status report in ack skb
[  145.933746][ T7288] netlink: 28 bytes leftover after parsing attributes in process `syz.9.404'.
[  145.968041][   T24] hid-generic FFFC:0003:0000.0004: unknown main item tag 0x0
[  145.998285][   T24] hid-generic FFFC:0003:0000.0004: unknown main item tag 0x0
[  146.014293][   T24] hid-generic FFFC:0003:0000.0004: unknown main item tag 0x0
[  146.032040][   T24] hid-generic FFFC:0003:0000.0004: unknown main item tag 0x0
[  146.048089][   T24] hid-generic FFFC:0003:0000.0004: unknown main item tag 0x0
[  146.065918][   T24] hid-generic FFFC:0003:0000.0004: unknown main item tag 0x0
[  146.112311][   T24] hid-generic FFFC:0003:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  146.341567][ T7306] loop2: detected capacity change from 0 to 256
[  146.356746][ T7275] loop8: detected capacity change from 0 to 32768
[  146.361049][ T7306] exfat: Deprecated parameter 'namecase'
[  146.384337][ T7306] exfat: Deprecated parameter 'namecase'
[  146.390946][ T7306] exfat: Deprecated parameter 'utf8'
[  146.425278][ T7275] ocfs2: Mounting device (7,8) on (node local, slot 0) with writeback data mode.
[  146.442012][ T7306] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  146.486499][   T30] audit: type=1800 audit(1751398246.721:42): pid=7275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.365" name="file1" dev="loop8" ino=17059 res=0 errno=0
[  146.613627][ T6557] ocfs2: Unmounting device (7,8) on (node local)
[  146.629231][ T7314] loop6: detected capacity change from 0 to 512
[  146.654994][ T7314] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  146.709673][ T7314] EXT4-fs (loop6): 1 truncate cleaned up
[  146.730518][ T7314] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.844361][ T7320] netlink: 156 bytes leftover after parsing attributes in process `syz.9.418'.
[  146.952495][ T7325] loop8: detected capacity change from 0 to 47
[  146.994263][ T6387] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.216681][   T13] kworker/u8:1: attempt to access beyond end of device
[  147.216681][   T13] loop8: rw=1, sector=48, nr_sectors = 2 limit=47
[  147.252011][   T13] Buffer I/O error on dev loop8, logical block 24, lost async page write
[  147.279276][   T13] kworker/u8:1: attempt to access beyond end of device
[  147.279276][   T13] loop8: rw=1, sector=50, nr_sectors = 2 limit=47
[  147.308201][   T13] Buffer I/O error on dev loop8, logical block 25, lost async page write
[  147.326910][   T13] kworker/u8:1: attempt to access beyond end of device
[  147.326910][   T13] loop8: rw=1, sector=52, nr_sectors = 2 limit=47
[  147.361158][ T7337] loop6: detected capacity change from 0 to 4096
[  147.362143][   T13] Buffer I/O error on dev loop8, logical block 26, lost async page write
[  147.397721][   T13] kworker/u8:1: attempt to access beyond end of device
[  147.397721][   T13] loop8: rw=1, sector=54, nr_sectors = 2 limit=47
[  147.402046][ T7337] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.411251][   T13] Buffer I/O error on dev loop8, logical block 27, lost async page write
[  147.585820][ T6387] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.854780][ T5891] usb 8-1: new full-speed USB device number 5 using dummy_hcd
[  147.931720][ T7350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.954971][ T7350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.995972][ T7362] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  148.006645][ T5891] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  148.021424][ T5891] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  148.038045][ T5891] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  148.048952][ T5891] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.093939][   T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  148.243898][   T24] usb 3-1: Using ep0 maxpacket: 16
[  148.256751][   T24] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  148.282562][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.291471][ T5891] usb 8-1: usb_control_msg returned -32
[  148.299319][ T5891] usbtmc 8-1:16.0: can't read capabilities
[  148.306375][   T24] usb 3-1: config 0 descriptor??
[  148.441661][ T7366] loop8: detected capacity change from 0 to 32768
[  148.454251][ T7366] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.437 (7366)
[  148.473510][ T7366] BTRFS info (device loop8): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409
[  148.485224][ T7366] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm
[  148.494908][ T7366] BTRFS info (device loop8): using free-space-tree
[  148.751921][   T24] lenovo 0003:17EF:6047.0005: hidraw0: USB HID v1.01 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  149.024320][ T7402] loop6: detected capacity change from 0 to 64
[  149.077638][ T6557] BTRFS info (device loop8): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409
[  149.086676][ T7402] overlayfs: upper fs needs to support d_type.
[  149.105471][ T7402] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  149.137241][ T7402] overlayfs: failed to set xattr on upper
[  149.152681][ T7402] overlayfs: ...falling back to redirect_dir=nofollow.
[  149.162407][ T7402] overlayfs: ...falling back to index=off.
[  149.172642][ T7402] overlayfs: ...falling back to uuid=null.
[  149.302871][ T6387] Trying to free block not in datazone
[  149.491932][ T7406] loop6: detected capacity change from 0 to 4096
[  149.743175][   T24] usb 3-1: USB disconnect, device number 4
[  149.829081][ T7417] 9pnet: p9_errstr2errno: server reported unknown error ��p��A���
��;��
[  149.921383][ T7415] loop6: detected capacity change from 0 to 32768
[  149.929059][ T7415] btrfs: Deprecated parameter 'usebackuproot'
[  149.940066][ T7415] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  149.955365][ T7415] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.451 (7415)
[  149.974468][ T7415] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  149.985111][ T7415] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  149.995855][ T7415] BTRFS info (device loop6): using free-space-tree
[  150.020627][ T1113] BTRFS warning (device loop6): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0
[  150.040126][ T7415] BTRFS warning (device loop6): couldn't read tree root
[  150.049867][ T7415] BTRFS warning (device loop6): try to load backup roots slot 1
[  150.061870][ T1113] BTRFS warning (device loop6): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0
[  150.075414][ T7415] BTRFS warning (device loop6): couldn't read tree root
[  150.077576][ T7434] loop9: detected capacity change from 0 to 256
[  150.082653][ T7415] BTRFS warning (device loop6): try to load backup roots slot 2
[  150.098693][ T6331] BTRFS error (device loop6): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  150.110703][ T7434] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  150.125891][ T7415] BTRFS warning (device loop6): couldn't read tree root
[  150.132966][ T7415] BTRFS warning (device loop6): try to load backup roots slot 3
[  150.161512][ T7415] BTRFS info (device loop6): rebuilding free space tree
[  150.188335][ T7415] BTRFS info (device loop6): checking UUID tree
[  150.391366][ T6387] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  150.412245][ T7445] capability: warning: `syz.9.458' uses deprecated v2 capabilities in a way that may be insecure
[  150.564861][ T5907] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  150.655610][ T5836] usb 8-1: USB disconnect, device number 5
[  150.766133][ T5907] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  150.794257][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.819065][ T5907] usb 3-1: config 0 descriptor??
[  150.838134][ T5907] cp210x 3-1:0.0: cp210x converter detected
[  151.247907][ T5907] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  151.293176][ T5907] usb 3-1: cp210x converter now attached to ttyUSB0
[  151.371132][ T7453] loop6: detected capacity change from 0 to 32768
[  151.401500][ T7453] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.457 (7453)
[  151.446873][ T7453] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  151.476846][ T7453] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm
[  151.499695][ T7453] BTRFS info (device loop6): disk space caching is enabled
[  151.517611][   T24] usb 3-1: USB disconnect, device number 5
[  151.528531][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  151.537328][ T7448] loop8: detected capacity change from 0 to 40427
[  151.544388][ T7453] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  151.566188][ T7448] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  151.573427][ T7448] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  151.585637][ T7448] F2FS-fs (loop8): build fault injection rate: 17008
[  151.594199][   T24] cp210x 3-1:0.0: device disconnected
[  151.599931][ T7448] F2FS-fs (loop8): build fault injection type: 0x6
[  151.648195][ T7448] F2FS-fs (loop8): invalid crc value
[  151.693732][ T7453] BTRFS info (device loop6): rebuilding free space tree
[  151.701523][ T7458] loop7: detected capacity change from 0 to 32768
[  151.739893][ T7453] BTRFS info (device loop6): disabling free space tree
[  151.756666][ T7458] XFS (loop7): DAX unsupported by block device. Turning off DAX.
[  151.757704][ T7453] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  151.769069][ T7458] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  151.809503][ T7453] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  151.835029][ T7448] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  151.841940][ T7458] XFS (loop7): Ending clean mount
[  151.844427][ T7448] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  151.860752][ T5907] usb 10-1: USB disconnect, device number 5
[  151.896173][ T7458] XFS (loop7): Quotacheck needed: Please wait.
[  151.933521][ T7448] syz.8.459: attempt to access beyond end of device
[  151.933521][ T7448] loop8: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  151.976485][ T7458] XFS (loop7): Quotacheck: Done.
[  151.994290][ T7458] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  152.131104][ T6557] syz-executor: attempt to access beyond end of device
[  152.131104][ T6557] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  152.161448][   T13] BTRFS info (device loop6): qgroup scan completed (inconsistency flag cleared)
[  152.170985][ T6557] CPU: 1 UID: 0 PID: 6557 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  152.171012][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.171022][ T6557] Call Trace:
[  152.171029][ T6557]  <TASK>
[  152.171037][ T6557]  dump_stack_lvl+0x189/0x250
[  152.171069][ T6557]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.171089][ T6557]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  152.171113][ T6557]  ? __pfx_queue_work_on+0x10/0x10
[  152.171137][ T6557]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.171159][ T6557]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.171183][ T6557]  ? f2fs_hw_is_readonly+0x39b/0x470
[  152.171210][ T6557]  f2fs_handle_critical_error+0x37c/0x540
[  152.171239][ T6557]  f2fs_write_end_io+0x495/0x810
[  152.171260][ T6557]  ? blkg_put+0x22/0x240
[  152.171298][ T6557]  __submit_merged_bio+0x27a/0x6a0
[  152.171327][ T6557]  __submit_merged_write_cond+0x255/0x530
[  152.171357][ T6557]  f2fs_write_data_pages+0x261d/0x3000
[  152.171421][ T6557]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.171495][ T6557]  ? __mod_zone_page_state+0xd7/0x140
[  152.171530][ T6557]  ? folios_put_refs+0x560/0x640
[  152.171563][ T6557]  ? __pfx_folios_put_refs+0x10/0x10
[  152.171580][ T6557]  ? rcu_is_watching+0x15/0xb0
[  152.171613][ T6557]  ? __lock_acquire+0xab9/0xd20
[  152.171653][ T6557]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.171677][ T6557]  do_writepages+0x32e/0x550
[  152.171713][ T6557]  ? do_raw_spin_unlock+0x122/0x240
[  152.171734][ T6557]  filemap_fdatawrite+0x199/0x240
[  152.171758][ T6557]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.171838][ T6557]  ? do_raw_spin_unlock+0x122/0x240
[  152.171861][ T6557]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.171903][ T6557]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.171955][ T6557]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.172030][ T6557]  ? try_to_wake_up+0x81b/0x1290
[  152.172055][ T6557]  ? kill_f2fs_super+0x298/0x6c0
[  152.172085][ T6557]  kill_f2fs_super+0x2c3/0x6c0
[  152.172117][ T6557]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.172138][ T6557]  ? radix_tree_delete_item+0x2b6/0x400
[  152.172170][ T6557]  ? shrinker_free+0x2ce/0x3e0
[  152.172194][ T6557]  deactivate_locked_super+0xbc/0x130
[  152.172218][ T6557]  cleanup_mnt+0x425/0x4c0
[  152.172240][ T6557]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.172271][ T6557]  task_work_run+0x1d1/0x260
[  152.172293][ T6557]  ? __pfx_task_work_run+0x10/0x10
[  152.172308][ T6557]  ? __x64_sys_umount+0x122/0x160
[  152.172338][ T6557]  ? exit_to_user_mode_loop+0x40/0x110
[  152.172363][ T6557]  exit_to_user_mode_loop+0xec/0x110
[  152.172384][ T6557]  do_syscall_64+0x2bd/0x3b0
[  152.172400][ T6557]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.172422][ T6557]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.172440][ T6557]  ? clear_bhb_loop+0x60/0xb0
[  152.172461][ T6557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.172477][ T6557] RIP: 0033:0x7f9fa518fc57
[  152.172495][ T6557] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.172509][ T6557] RSP: 002b:00007ffeb24afdd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.172528][ T6557] RAX: 0000000000000000 RBX: 00007f9fa5210925 RCX: 00007f9fa518fc57
[  152.172540][ T6557] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb24afe90
[  152.172551][ T6557] RBP: 00007ffeb24afe90 R08: 0000000000000000 R09: 0000000000000000
[  152.172561][ T6557] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb24b0f20
[  152.172572][ T6557] R13: 00007f9fa5210925 R14: 00000000000251e0 R15: 00007ffeb24b0f60
[  152.172605][ T6557]  </TASK>
[  152.180961][ T6557] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  152.546957][ T6557] CPU: 0 UID: 0 PID: 6557 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  152.546985][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.546996][ T6557] Call Trace:
[  152.547004][ T6557]  <TASK>
[  152.547011][ T6557]  dump_stack_lvl+0x189/0x250
[  152.547044][ T6557]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.547065][ T6557]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  152.547088][ T6557]  ? __pfx_queue_work_on+0x10/0x10
[  152.547113][ T6557]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.547135][ T6557]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.547159][ T6557]  ? f2fs_hw_is_readonly+0x39b/0x470
[  152.547185][ T6557]  f2fs_handle_critical_error+0x37c/0x540
[  152.547213][ T6557]  f2fs_write_end_io+0x495/0x810
[  152.547235][ T6557]  ? blkg_put+0x22/0x240
[  152.547271][ T6557]  __submit_merged_bio+0x27a/0x6a0
[  152.547297][ T6557]  __submit_merged_write_cond+0x255/0x530
[  152.547323][ T6557]  f2fs_write_data_pages+0x261d/0x3000
[  152.547377][ T6557]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.547431][ T6557]  ? __mod_zone_page_state+0xd7/0x140
[  152.547457][ T6557]  ? folios_put_refs+0x560/0x640
[  152.547481][ T6557]  ? __pfx_folios_put_refs+0x10/0x10
[  152.547495][ T6557]  ? rcu_is_watching+0x15/0xb0
[  152.547519][ T6557]  ? __lock_acquire+0xab9/0xd20
[  152.547548][ T6557]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.547566][ T6557]  do_writepages+0x32e/0x550
[  152.547593][ T6557]  ? do_raw_spin_unlock+0x122/0x240
[  152.547610][ T6557]  filemap_fdatawrite+0x199/0x240
[  152.547628][ T6557]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.547688][ T6557]  ? do_raw_spin_unlock+0x122/0x240
[  152.547706][ T6557]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.547736][ T6557]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.547773][ T6557]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.547820][ T6557]  ? try_to_wake_up+0x81b/0x1290
[  152.547839][ T6557]  ? kill_f2fs_super+0x298/0x6c0
[  152.547862][ T6557]  kill_f2fs_super+0x2c3/0x6c0
[  152.547885][ T6557]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.547901][ T6557]  ? radix_tree_delete_item+0x2b6/0x400
[  152.547926][ T6557]  ? shrinker_free+0x2ce/0x3e0
[  152.547944][ T6557]  deactivate_locked_super+0xbc/0x130
[  152.547962][ T6557]  cleanup_mnt+0x425/0x4c0
[  152.547979][ T6557]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.548000][ T6557]  task_work_run+0x1d1/0x260
[  152.548016][ T6557]  ? __pfx_task_work_run+0x10/0x10
[  152.548029][ T6557]  ? __x64_sys_umount+0x122/0x160
[  152.548051][ T6557]  ? exit_to_user_mode_loop+0x40/0x110
[  152.548071][ T6557]  exit_to_user_mode_loop+0xec/0x110
[  152.548087][ T6557]  do_syscall_64+0x2bd/0x3b0
[  152.548099][ T6557]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.548117][ T6557]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.548130][ T6557]  ? clear_bhb_loop+0x60/0xb0
[  152.548147][ T6557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.548160][ T6557] RIP: 0033:0x7f9fa518fc57
[  152.548172][ T6557] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.548184][ T6557] RSP: 002b:00007ffeb24afdd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.548200][ T6557] RAX: 0000000000000000 RBX: 00007f9fa5210925 RCX: 00007f9fa518fc57
[  152.548209][ T6557] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb24afe90
[  152.548218][ T6557] RBP: 00007ffeb24afe90 R08: 0000000000000000 R09: 0000000000000000
[  152.548226][ T6557] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb24b0f20
[  152.548235][ T6557] R13: 00007f9fa5210925 R14: 00000000000251e0 R15: 00007ffeb24b0f60
[  152.548258][ T6557]  </TASK>
[  152.548268][ T6557] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  152.600721][ T6387] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  153.033496][ T7500] loop2: detected capacity change from 0 to 2048
[  153.110647][ T7500] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  153.175043][ T7502] loop7: detected capacity change from 0 to 1024
[  153.495507][   T12] hfsplus: b-tree write err: -5, ino 3
[  153.570181][ T6465] hfsplus: node 4:3 still has 1 user(s)!
[  153.651646][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  153.674167][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  153.693712][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  153.701955][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  153.718036][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  153.747716][ T7511] input: syz1 as /devices/virtual/input/input9
[  153.996432][ T7518] loop8: detected capacity change from 0 to 1024
[  154.085151][ T7508] chnl_net:caif_netlink_parms(): no params data found
[  154.268125][ T7508] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.306453][ T7508] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.313719][ T7508] bridge_slave_0: entered allmulticast mode
[  154.340718][ T7508] bridge_slave_0: entered promiscuous mode
[  154.367914][ T7508] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.375508][ T7508] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.382922][ T7508] bridge_slave_1: entered allmulticast mode
[  154.391633][ T7508] bridge_slave_1: entered promiscuous mode
[  154.518265][ T7508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.546129][ T7508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.670922][ T7508] team0: Port device team_slave_0 added
[  154.690584][ T7508] team0: Port device team_slave_1 added
[  154.801896][ T7508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  154.817437][ T7508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.843448][    C0] vkms_vblank_simulate: vblank timer overrun
[  154.894268][ T7508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  154.916323][ T7508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  154.923338][ T7508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.980070][ T7539] loop8: detected capacity change from 0 to 32768
[  155.005623][ T7508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.018782][ T7539] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  155.114075][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  155.131609][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  155.184475][ T7547] loop2: detected capacity change from 0 to 32768
[  155.216325][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  155.227066][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  155.236961][ T7547] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  155.246102][ T7508] hsr_slave_0: entered promiscuous mode
[  155.255264][ T7508] hsr_slave_1: entered promiscuous mode
[  155.275871][ T7508] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  155.283640][ T7508] Cannot create hsr debugfs directory
[  155.310643][ T7539] XFS (loop8): Ending clean mount
[  155.362539][ T7539] XFS (loop8): Quotacheck needed: Please wait.
[  155.474424][ T7539] XFS (loop8): Quotacheck: Done.
[  155.701226][ T7021] ocfs2: Unmounting device (7,2) on (node local)
[  155.759189][ T7508] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.774118][ T5835] Bluetooth: hci4: command tx timeout
[  156.025806][ T6557] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  156.091961][ T7508] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.280867][ T7508] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.479216][ T7508] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.537166][ T7576] loop2: detected capacity change from 0 to 4096
[  156.560052][ T7576] EXT4-fs (loop2): Test dummy encryption mode enabled
[  156.581512][ T7576] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  156.598907][ T7576] System zones: 0-5
[  156.617786][ T7576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.740217][ T7508] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  156.770303][ T7508] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  156.782838][ T7508] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  156.808932][ T7508] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  156.830311][ T7021] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.138884][ T7508] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.199910][ T7508] 8021q: adding VLAN 0 to HW filter on device team0
[  157.239745][ T6588] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.247208][ T6588] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.332522][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.339703][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.757377][ T7508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.854121][ T5835] Bluetooth: hci4: command tx timeout
[  158.156194][ T7508] veth0_vlan: entered promiscuous mode
[  158.159875][ T7608] loop2: detected capacity change from 0 to 32768
[  158.171687][ T7625] loop8: detected capacity change from 0 to 512
[  158.184420][ T7625] EXT4-fs: Mount option(s) incompatible with ext3
[  158.197089][ T7608] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  158.210918][ T7508] veth1_vlan: entered promiscuous mode
[  158.300397][ T7508] veth0_macvtap: entered promiscuous mode
[  158.318842][ T7508] veth1_macvtap: entered promiscuous mode
[  158.342180][ T7508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.369043][ T7608] XFS (loop2): Ending clean mount
[  158.377191][ T7508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.398494][ T7608] XFS (loop2): Quotacheck needed: Please wait.
[  158.407876][ T7639] loop6: detected capacity change from 0 to 512
[  158.429651][ T6331] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.440090][ T7639] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  158.452871][ T6588] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.478351][ T6588] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.494150][ T7608] XFS (loop2): Quotacheck: Done.
[  158.517605][ T7639] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  158.544265][ T6588] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.555662][ T7639] ext4 filesystem being mounted at /77/file1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.630637][ T7646] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  158.678143][ T6387] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  158.711988][ T7021] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  158.721644][ T6588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.737024][ T6588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.865470][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.873320][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.230340][ T7660] netlink: 'syz.2.518': attribute type 1 has an invalid length.
[  159.315471][ T7660] bond1: (slave bridge1): making interface the new active one
[  159.323748][ T7660] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  159.339599][ T7648] loop8: detected capacity change from 0 to 32768
[  159.362722][ T7648] JBD2: Ignoring recovery information on journal
[  159.401570][ T7648] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  159.506440][   T30] audit: type=1804 audit(1751398259.731:43): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.511" name="/newroot/48/file1/bus" dev="loop8" ino=17058 res=1 errno=0
[  159.631666][ T6557] ocfs2: Unmounting device (7,8) on (node local)
[  159.804157][   T92] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  159.967292][   T92] usb 3-1: Using ep0 maxpacket: 32
[  159.973969][   T92] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  159.982144][   T92] usb 3-1: config 0 has no interface number 0
[  159.996847][   T92] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  160.009491][   T92] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  160.019423][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.028925][   T92] usb 3-1: Product: syz
[  160.033237][   T92] usb 3-1: Manufacturer: syz
[  160.044680][   T92] usb 3-1: SerialNumber: syz
[  160.060409][   T92] usb 3-1: config 0 descriptor??
[  160.079741][   T92] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  160.105928][ T6588] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.118047][   T92] em28xx 3-1:0.132: Video interface 132 found:
[  160.483218][   T92] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[  160.551584][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  160.560267][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  160.573209][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  160.591396][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  160.608787][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  160.797020][ T7694] chnl_net:caif_netlink_parms(): no params data found
[  160.881516][ T6588] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.899626][   T92] em28xx 3-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  160.931769][   T92] em28xx 3-1:0.132: board has no eeprom
[  161.024364][   T92] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  161.048644][   T92] em28xx 3-1:0.132: analog set to bulk mode.
[  161.062167][ T5959] em28xx 3-1:0.132: Registering V4L2 extension
[  161.079726][ T7694] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.102755][ T7694] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.117843][ T7694] bridge_slave_0: entered allmulticast mode
[  161.127271][ T7694] bridge_slave_0: entered promiscuous mode
[  161.172657][ T5959] em28xx 3-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  161.172924][ T5891] usb 3-1: USB disconnect, device number 6
[  161.182764][ T5959] em28xx 3-1:0.132: failed to trigger read from i2c address 0x48 (error=-19)
[  161.195698][ T5891] em28xx 3-1:0.132: Disconnecting em28xx
[  161.239486][ T7694] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.277789][ T7694] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.295169][ T7694] bridge_slave_1: entered allmulticast mode
[  161.302954][ T7694] bridge_slave_1: entered promiscuous mode
[  161.369811][ T5959] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[  161.383609][ T7711] netlink: 8 bytes leftover after parsing attributes in process `syz.8.534'.
[  161.395782][ T6588] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.406429][ T5959] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[  161.413563][ T5959] em28xx 3-1:0.132: No AC97 audio processor
[  161.431764][ T5959] usb 3-1: Decoder not found
[  161.437181][ T5959] em28xx 3-1:0.132: failed to create media graph
[  161.443669][ T5959] em28xx 3-1:0.132: V4L2 device video103 deregistered
[  161.452358][   T30] audit: type=1326 audit(1751398261.681:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7702 comm="syz.7.533" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f494d78e929 code=0x0
[  161.481896][ T5959] em28xx 3-1:0.132: Remote control support is not available for this card.
[  161.494470][ T5891] em28xx 3-1:0.132: Closing input extension
[  161.518760][ T5891] em28xx 3-1:0.132: Freeing device
[  161.596796][ T6588] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.650304][ T7694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.685094][ T7694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.896290][ T7694] team0: Port device team_slave_0 added
[  161.938146][ T7694] team0: Port device team_slave_1 added
[  161.994962][ T7694] batman_adv: batadv0: Adding interface: batadv_slave_0
[  162.002051][ T7694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.063780][ T7694] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  162.269408][ T7694] batman_adv: batadv0: Adding interface: batadv_slave_1
[  162.300472][ T7694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.341047][ T7694] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  162.499046][ T7694] hsr_slave_0: entered promiscuous mode
[  162.527085][ T7694] hsr_slave_1: entered promiscuous mode
[  162.533465][ T7694] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  162.591334][ T7694] Cannot create hsr debugfs directory
[  162.660328][ T5835] Bluetooth: hci4: command tx timeout
[  162.880315][ T6588] bridge_slave_1: left allmulticast mode
[  162.893208][ T6588] bridge_slave_1: left promiscuous mode
[  162.924336][ T6588] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.183711][ T7736] 9pnet: p9_errstr2errno: server reported unknown error �@�L��	O�!��L�+
[  163.842961][ T7732] loop8: detected capacity change from 0 to 32768
[  163.894958][ T6588] bridge_slave_0: left allmulticast mode
[  163.906179][ T7734] loop2: detected capacity change from 0 to 131072
[  163.909038][ T6588] bridge_slave_0: left promiscuous mode
[  163.921670][ T7734] F2FS-fs (loop2): build fault injection rate: 7
[  163.928103][ T7734] F2FS-fs (loop2): build fault injection type: 0x40004
[  163.940738][ T6588] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.945271][ T7734] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name
[  163.971482][ T7734] F2FS-fs (loop2): invalid crc value
[  164.000709][ T7734] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  164.011719][ T7734] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  164.024534][ T7734] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  164.043397][ T7734] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  164.059928][ T7732] bcachefs (loop8): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow
[  164.059958][ T7732]   allowing incompatible features above 0.0: (unknown version)
[  164.059970][ T7732]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  164.082788][ T7734] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  164.105030][ T7734] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  164.118303][ T7734] F2FS-fs (loop2): Bad quota inode 2:255
[  164.118332][ T7734] F2FS-fs (loop2): Failed to enable quota tracking (type=2, err=-2). Please run fsck to fix.
[  164.118350][ T7734] F2FS-fs (loop2): Cannot turn on quotas: error -2
[  164.118370][ T7734] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_recover_fsync_data+0x449/0x8960
[  164.127542][ T7734] F2FS-fs (loop2): Mounted with checkpoint version = 1b41e954
[  164.234037][ T7732] bcachefs (loop8): Using encoding defined by superblock: utf8-12.1.0
[  164.248880][ T7732] bcachefs (loop8): recovering from clean shutdown, journal seq 10
[  164.263247][ T7732] bcachefs (loop8): Version upgrade required:
[  164.263247][ T7732] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  164.263247][ T7732] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  164.263247][ T7732]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  164.355520][ T7732] bcachefs (loop8): dropping and reconstructing all alloc info
[  164.386015][ T7732] bcachefs (loop8): accounting_read... done
[  164.401419][ T7732] bcachefs (loop8): alloc_read... done
[  164.408608][ T7732] bcachefs (loop8): snapshots_read... done
[  164.422106][ T7021] F2FS-fs (loop2): inject invalid blkaddr in f2fs_is_valid_blkaddr of do_write_page+0x277/0xb10
[  164.435347][ T7732] bcachefs (loop8): done starting filesystem
[  164.441743][ T7021] ------------[ cut here ]------------
[  164.447388][ T7021] kernel BUG at fs/f2fs/segment.c:3957!
[  164.458362][ T7021] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  164.464633][ T7021] CPU: 0 UID: 0 PID: 7021 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  164.476265][ T7021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.486329][ T7021] RIP: 0010:do_write_page+0xa44/0xb10
[  164.491722][ T7021] Code: c2 5a ad fd 49 89 ed 48 89 e8 48 25 ff 0f 00 00 74 1a e8 cf 55 ad fd e9 9f 00 00 00 e8 c5 55 ad fd 90 0f 0b e8 bd 55 ad fd 90 <0f> 0b 4d 89 ee 4c 89 ef be 08 00 00 00 e8 1a 6c 11 fe 49 c1 ee 03
[  164.511333][ T7021] RSP: 0018:ffffc900033a6c58 EFLAGS: 00010293
[  164.517390][ T7021] RAX: ffffffff841275d3 RBX: ffffc900033a6f40 RCX: ffff888023f0bc00
[  164.525346][ T7021] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  164.533297][ T7021] RBP: ffffc900033a6f5c R08: 0000000000000003 R09: 0000000000000004
[  164.541249][ T7021] R10: dffffc0000000000 R11: fffffbfff1bfa428 R12: ffff888054fbc000
[  164.549202][ T7021] R13: 1ffff92000674deb R14: dffffc0000000000 R15: ffffc900033a6f5c
[  164.557158][ T7021] FS:  000055557f3fb500(0000) GS:ffff888125c1d000(0000) knlGS:0000000000000000
[  164.566077][ T7021] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  164.572658][ T7021] CR2: 0000001b2fd1aff8 CR3: 00000000302d0000 CR4: 00000000003526f0
[  164.580614][ T7021] Call Trace:
[  164.583883][ T7021]  <TASK>
[  164.586794][ T7021]  f2fs_outplace_write_data+0x11a/0x220
[  164.592330][ T7021]  f2fs_do_write_data_page+0x12ea/0x1a40
[  164.597968][ T7021]  ? __pfx_f2fs_do_write_data_page+0x10/0x10
[  164.603929][ T7021]  ? css_rstat_updated+0x24f/0x4e0
[  164.609028][ T7021]  f2fs_write_single_data_page+0xa68/0x1680
[  164.614919][ T7021]  ? __pfx_f2fs_write_single_data_page+0x10/0x10
[  164.621248][ T7021]  ? mlock_drain_local+0x79/0x490
[  164.626258][ T7021]  ? mlock_drain_local+0x28e/0x490
[  164.631348][ T7021]  f2fs_write_data_pages+0x195b/0x3000
[  164.636795][ T7021]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  164.642591][ T7021]  ? unwind_next_frame+0xa5/0x2390
[  164.647683][ T7021]  ? rcu_is_watching+0x15/0xb0
[  164.652426][ T7021]  ? __kasan_check_byte+0x12/0x40
[  164.657445][ T7021]  ? __lock_acquire+0xab9/0xd20
[  164.662281][ T7021]  ? do_raw_spin_lock+0x121/0x290
[  164.667292][ T7021]  ? do_raw_spin_unlock+0x122/0x240
[  164.672487][ T7021]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  164.678288][ T7021]  do_writepages+0x32e/0x550
[  164.682888][ T7021]  ? do_raw_spin_unlock+0x122/0x240
[  164.688085][ T7021]  filemap_fdatawrite+0x199/0x240
[  164.693100][ T7021]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  164.698649][ T7021]  ? do_raw_spin_unlock+0x122/0x240
[  164.703836][ T7021]  f2fs_sync_dirty_inodes+0x31f/0x830
[  164.709212][ T7021]  f2fs_write_checkpoint+0x95a/0x1df0
[  164.714583][ T7021]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  164.720391][ T7021]  ? try_to_wake_up+0x7e5/0x1290
[  164.725320][ T7021]  ? kill_f2fs_super+0x298/0x6c0
[  164.730246][ T7021]  kill_f2fs_super+0x2c3/0x6c0
[  164.734999][ T7021]  ? __pfx_kill_f2fs_super+0x10/0x10
[  164.740273][ T7021]  ? radix_tree_delete_item+0x2b6/0x400
[  164.745807][ T7021]  ? shrinker_free+0x2ce/0x3e0
[  164.750561][ T7021]  deactivate_locked_super+0xbc/0x130
[  164.755915][ T7021]  cleanup_mnt+0x425/0x4c0
[  164.760314][ T7021]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.765497][ T7021]  task_work_run+0x1d1/0x260
[  164.770073][ T7021]  ? __pfx_task_work_run+0x10/0x10
[  164.775163][ T7021]  ? __x64_sys_umount+0x122/0x160
[  164.780175][ T7021]  ? exit_to_user_mode_loop+0x40/0x110
[  164.785704][ T7021]  exit_to_user_mode_loop+0xec/0x110
[  164.790974][ T7021]  do_syscall_64+0x2bd/0x3b0
[  164.795556][ T7021]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.800741][ T7021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.806797][ T7021]  ? clear_bhb_loop+0x60/0xb0
[  164.811462][ T7021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.817337][ T7021] RIP: 0033:0x7fd691d8fc57
[  164.821738][ T7021] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  164.841325][ T7021] RSP: 002b:00007fff03ea31a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  164.849723][ T7021] RAX: 0000000000000000 RBX: 00007fd691e10925 RCX: 00007fd691d8fc57
[  164.857679][ T7021] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff03ea3260
[  164.865632][ T7021] RBP: 00007fff03ea3260 R08: 0000000000000000 R09: 0000000000000000
[  164.873590][ T7021] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff03ea42f0
[  164.881560][ T7021] R13: 00007fd691e10925 R14: 00000000000281ed R15: 00007fff03ea4330
[  164.889520][ T7021]  </TASK>
[  164.892524][ T7021] Modules linked in:
[  164.897752][ T7021] ---[ end trace 0000000000000000 ]---
[  164.905758][ T5835] Bluetooth: hci4: command tx timeout
[  164.911252][ T7021] RIP: 0010:do_write_page+0xa44/0xb10
[  164.916693][ T7021] Code: c2 5a ad fd 49 89 ed 48 89 e8 48 25 ff 0f 00 00 74 1a e8 cf 55 ad fd e9 9f 00 00 00 e8 c5 55 ad fd 90 0f 0b e8 bd 55 ad fd 90 <0f> 0b 4d 89 ee 4c 89 ef be 08 00 00 00 e8 1a 6c 11 fe 49 c1 ee 03
[  164.936791][ T7021] RSP: 0018:ffffc900033a6c58 EFLAGS: 00010293
[  164.942874][ T7021] RAX: ffffffff841275d3 RBX: ffffc900033a6f40 RCX: ffff888023f0bc00
[  164.950912][ T7021] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  164.951175][ T6557] bcachefs (loop8): shutting down
[  164.959010][ T7021] RBP: ffffc900033a6f5c R08: 0000000000000003 R09: 0000000000000004
[  164.959025][ T7021] R10: dffffc0000000000 R11: fffffbfff1bfa428 R12: ffff888054fbc000
[  164.959039][ T7021] R13: 1ffff92000674deb R14: dffffc0000000000 R15: ffffc900033a6f5c
[  164.959053][ T7021] FS:  000055557f3fb500(0000) GS:ffff888125c1d000(0000) knlGS:0000000000000000
[  164.959068][ T7021] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  164.959080][ T7021] CR2: 0000001b2fd1aff8 CR3: 00000000302d0000 CR4: 00000000003526f0
[  164.959098][ T7021] Kernel panic - not syncing: Fatal exception
[  164.959335][ T7021] Kernel Offset: disabled