last executing test programs:

2m29.061647976s ago: executing program 1 (id=3756):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000096d5c4004233e0269d7010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0})

2m27.464197746s ago: executing program 1 (id=3771):
syz_open_dev$video(0x0, 0x1ff, 0x800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004000}, 0x80)

2m27.244574932s ago: executing program 1 (id=3773):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100fcfffffffcdbdf250700000008000300", @ANYRES32=r2, @ANYBLOB="140004006e696376663000000000000000000000080005000600000014001780040005000400030004000400040007"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2m26.998408714s ago: executing program 1 (id=3775):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x84000, 0x0)

2m26.771233656s ago: executing program 1 (id=3778):
unshare(0x24020400)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9)

2m24.605074519s ago: executing program 1 (id=3794):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x0, 0xfffffffd}, 0x20)
connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @local, 0x9, 0x4}, 0x20)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100))

2m24.185861541s ago: executing program 32 (id=3794):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x0, 0xfffffffd}, 0x20)
connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @local, 0x9, 0x4}, 0x20)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100))

10.719473855s ago: executing program 2 (id=4445):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)="91", 0x1}], 0x1}, 0x0)
sendmsg$rds(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

10.175337799s ago: executing program 2 (id=4452):
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20}, {0x28, 0x0, 0x81, 0x1}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&'], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0xa, 0x200, 0x7, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r0, &(0x7f0000000a40)='&', &(0x7f0000000040)=""/98}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/76}, 0x20)

9.680908332s ago: executing program 2 (id=4456):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x38, r1, 0x1, 0x70bd25, 0x25dfdc01, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x6c]}]}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004001}, 0x3400c012)

9.28145858s ago: executing program 2 (id=4460):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x8)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000010600)='./file0\x00', 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c66617374626f6f742c746573745f64756d6d795f656e6372797074696f6e2c6673796e635f6d6f64653d7374726963742c00200da779e57c52e33a83fdbd563a5b7c6b958cb6e49387a5ba5a89b0887c0292eb888cc8efa81040100dc3ba748033542625bc334eaf793332891541000f3c63c0a5f0af254a5bd1f4b81d0c5188ddcadf07eff7b49004e0b243a8a4d93632fbe9ab868d88310829d8e04a3c0572143a3d3d1472cc5da6f72bb097f5f7b95a09e442c0a1463aaa90db7dcbc542dc5bced278eda11583f810469b706968e793db3230"], 0x1, 0x1059a, &(0x7f0000010640)="$eJzs3M1rI2UcB/Bftu6r61pkX/TkgAgNmNC03aIgUnUXXbBL8eXgSdNkGrKbZEqTvrhnPemf4FUQ8ebf4MV/Y/EgeBK8rSiZmcpW96A226zbzwem32eePPPL84RcnkyZAI6t2eTXXypxIc5GxExEnI/I25XyyK0U8WxEPB8RJ+47KmX/nx2nIuJcRFwYFy9qVsqXln+7e++r5268+vk3d6uNn77+cnqrBqbtxYjobxbt3X6RWafIW2V/c6ebZ39pp8zihf7t8jwrcjddzyvsNvfHNfNc7BTjs83t4Tg3es3WODvdjbx/c1C84XCns18nv+BWcys/b6freXaHWZ6dO8W89sq8MxwVddplvU/y8jEa7WfRn+6lxXo2b+fZGozK/qJu1k73xrlTZvl20cp67Xwe6//5Y37kvdMdbO8lO+nWsJsNkqv1xsv1xnKtsZW101G6VGv228tLyVynNx5WG6XN/konyzq9tN7K+tVkrtNq1RqNZO5aut5tDpJGo75Yn69drZatl5K3bn6Q9NrJ3Djf6A62R93eMNnItpLiimqyUF98pZq80EjeW11L1t69fn117f2Prn148/XVG2+Wg/42rWRuYX5hodaYry00qtZ/GJXDXc5x5wsE8K/Z/wPTYP9v/x/2v8d+/bZvHIovEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAsfXjye/ezhuzxfmTZf9TZdczEXElIi5HxKWI+P0BZuLUgZoXI6JSth80/uRf5vB9JfIK42tOl8e5iFgpj3tPP+xPAQAAAB5f3/7w6WcRM+Nm/ue1aU+Io1T+aHNmUvXyn3yemFS1i3mxvQlVu7RfciIuR8TJ2Z8nVO1KRJw4//GEqv0jMwfizH1RKeLEUc4GAAA4Ggd3AhPbvQEAAPDI+WLaE2A68vu15f/il/eCTxdR3hA8e+AMAAAA+B+qTHsCAAAAwEOX7/89/w8AAAAeb8Xz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YuZfcNGI4DsB/oFPoS0UVj6uwqrpkwSF6hC57gPY22XGGSIhzkF2OEEHEjIMyhN2YAZHvkwbbI/jJRmJhmzEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACc00OxnN+t//1vmrPdNZNnNAAAAMApm2I5LyvDqv0l3f+Wbv2IiGlETCJiHBGn5u69+FjLHEVEJ9VPvb846sN9RJmw/0w/XZ8j4le6nr6f+1sAAACA27VezRYRvX21fPl5qPEOpEWbQa68csnnQ660URn2N1Pa+CUyi0lEFMPHTGnTiOh+/Z1arfz+erVi8KroVEW3jV4AAADtqs8Ess3eAAAAuDp/Lt0BLqPcr03/xU97wf2qSBuCn2otAAAA4HodP21/0Gm3HwAAAMAFlPP/N+f/pVUB5/8BAADAbajO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCcNsVyvl7NFk1ztrtm8owGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntmfdxQIgTAIg73r+06D9z+WNGhqalIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALz53V/+T0yNM8nca2PpeSRZOzW2To29c+PoD+Pr1wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzP3QmEQBCEwb7zP6fF/MOSBo1BhCpY+JhhHhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GIHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgr7c2+bMBDGcfi1kyhxm4yQ3uJjBhoqBCPwISFZ8gwMwEI0VLQWi8AKIOCgpTMFz9P8fzpdcQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+n09MZHRGSfj8wjH67+DpeDr8jXTTP4vma2Oe7rn1tOtrtRyt8Y/xcRUUTWwm8AANpX3jfFYlnNO2m7aXtp+2nLaV3NXvloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzuzcsWpTURgA4JOkiVYnRyuI4KCLjU2sRsjiUOguCLqFNpZiqpJmaEuXPoHo5Oor2E1fwRcQHLTg4NBBwUUQJclNeoJBUoR7Q/0++O/9c4dzz8kQ+O9/bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgWA73wtlBngshzM0c5V3vv+6ujDu/ffZhbhBf7ry5GI/ZHaIYQni43mpeT3Et025ze+dRo9VqtiUSiWSYZP3LBADASVNMolvXfyruL3ev5eoh/Ho1Wv9fifLwl/r/88vzFwbxc+tdJ75XXP8vpLbC6VfubDwtb27vXFvfaKw115qPq9XK4s3FG7dvVcq9ZyVlT0wAAAD4N6Uk4vo/X/+z/38mysOE9f+9pQf343sV1P9jHTX9sp4JAADA/+3cpe/fcmOu50qlsNXodNoL/ePwc6V/zGCqx3Yqibj+L9SznhUAAACQhsO93Ej/fzXKw4T9//nXuwfxmIUQwmzS/59fedJaTW85Uy2N14mzXiMAAADZmk0i7v8Xe/v/88MtD/kQwtXL/Tz5G8CJ6v+PL+6OvLQe7/+vprfEqZSv9b+P3rkWwkwt6xkBAABwkp1OolvsHxT3l9s/ni+V7P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf7NgxSgNBFAbgzW5WKzFgpVZeQLSzClgIYuMhREHwBCKIBxBbS+9g6R1SK9hYWKbwBvJmd1TSBCx2lXwfTN4jDJmXSZN/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgrun+d1/Fy6jpy/a954+rk6gvMzW8369vxop+0OXQ/9Bgr+8JAAAAWARVzvdFUbzVj4dRy3HK/3XeE5n/YaXpc56fzf25Pt29buT8f328dfl10Kg5Jz707PzidKezb/j3rc7dMUw3n569VOkHKY9u1qZ1us/B7WRysJTa5S6mBQB+YzvXtsn/h6Lu9jkYAAtj2K7iR/6vxv3OBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCFzwAAAP//OCtiEg==")
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="020200021100000000000100000000000200080008000000f100000000000000020001000000000000000500000000a0050006003c0000000a004e210000000700000000000000000000ffffac1414aa000800000000000005000500000000000a004e240000000e00000000000000000000ffffe0000002280b0000000000000100"], 0x88}, 0x1, 0x7}, 0x0)

8.632379695s ago: executing program 4 (id=4462):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
io_uring_setup(0x4, &(0x7f0000000040)={0x0, 0x4d7e, 0xc501, 0x4008, 0x30})
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

7.753528047s ago: executing program 0 (id=4464):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000040000000404000040"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x7, 0x4, 0x801, 0x1, r0, 0x15b4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20)
close(r0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f0000000900)}, 0x20)

7.635800732s ago: executing program 2 (id=4465):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000f6d5f76a182000000000000000000077c22a004f97ff0100"], 0x0, 0x7, 0x0, 0x0, 0x41000, 0xef3de733e96368ad}, 0x94)
ptrace(0x10, r0)
ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f1821a4e4cbec8438c571a70e7ca7b0451a6cc55c", 0x98})
ptrace$setregset(0x4205, r0, 0x200, &(0x7f00000001c0)={&(0x7f0000000440)="c94522e546f93f6dedf11f1509685636", 0x60})

7.33747777s ago: executing program 0 (id=4467):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0xae64, 0x0)
ioctl$KVM_SET_PIT2(r1, 0xae71, &(0x7f00000002c0)={[{0x10000, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff, 0x80, 0x1, 0x0, 0x2, 0x100000000000000}, {0xffffffff, 0x0, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x10, 0xc}, {0x30000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x3, 0xfd, 0x0, 0xfe, 0x0, 0x800}]})

6.279439199s ago: executing program 4 (id=4472):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x18a42000)
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000008, &(0x7f0000000980)=ANY=[], 0x4, 0x28a, &(0x7f00000012c0)="$eJzs201rE10YxvGrbZ6+Pm3yPNVqK+KNbnQztPEThNKCGFBqI76AMLUTDZkmJRMqEbHdufVzFJfuBPELdOMncOGuG3d2IY50EtukHfEFzKD5/zZzh5Mrcw73GTiLzO6t52vlYuAU3br6+0wpaVB7Ukb9GlBTX+vaH9WDarelS5P5d2dv3L5zNZfPLyyZLeaWL2fNbOLc60dPXpx/Ux+7+XLi1ZB2Mvd2P2Tf70ztTO9+Xn5YCqwUWKVaN9dWqtW6u+J7tloKyo7Zdd9zA89KlcCrdYwX/er6esPcyur46HrNCwJzKw0rew2rV61ea5j7wC1VzHEcGx8VvqewvbTk5pKeBX6vWi3nzkuaOTZS2E5kQgAAIFEx5/8tzv+9gvN/L9g//99tPb+dOP8DAAAAAAAAAAAAAAAAAAAAAPAn2AvDdBiG6a/Xf6ToDZ+w9XlE0qikMUn/ShqXNCEpLSkj6T9J/0ualHRC0klJU5JOSTotabrtt2Juv5XAktFmLwyVko71f6A7/UfCEn7+kTD639vaXtwdltaebRQ2Cs1rczxXVEm+PM0qrU9RL1ua9eKV/MKsRTI6s7bZym9uFAY683NK72+YuPxcM2+d+aFo3x3ks0rvb7C4fDY2P6yLF9ryjtJ6e19V+VqN9uRh/umc2fy1/JH8TPS9v51jB2L75zjfGm/mf2B/hLOx/UlpJpXs2iEFjcdl1/e9WheLkSRuSvGLhbpwr49hGCa/UoqOvqMHHDY96ZkAAAAAAAAAAAAAAAAAAH5GN/5OmPQaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA46ksAAAD//6GAXmU=")
r0 = open(&(0x7f00000000c0)='./file1\x00', 0x24842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3)

6.276524037s ago: executing program 0 (id=4482):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.935514151s ago: executing program 0 (id=4474):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file1\x00', 0x2810012, &(0x7f00000000c0)={[{@nojournal_checksum}]}, 0x0, 0x5bc, &(0x7f0000001440)="$eJzs3V2IXGcdB+D/md1N87E1H7Zqa2xWQ20gdGez2YREvLDEj1qTWlG8CIWwZKe7IbM7a3YD3algizeiIII3IggVe2FFNJCbSqntRYs3Ckr9oKIxoIIIRSsFEdSRdz620+akCe7uHJrzPHBm3/Oe2X3f2eE355w57zkngNIaSw9ZxGhEXIyI7Z3Z1z9hrPOjefDCXJqyaLU+/bes/byZgxfmek/t/d629DAcsTkidh3LYu/Ile0urTTPTtfrtXPd+ery/GJ1aaV595n56dnabG3h0JGpo5OHp45Mrd9rnfjZ1lv/fOf9l594/p///tZvDv8g9Xe0u6z/dayXsRjr/k9GYmdf/XAWcd96N1aQoc5bHXf21WXDBXaI69Zq7fp+ev/eHhF72/nfHkPRefNeevrBf2yPX91bdB+BjdPqyV/8Sgu4YVXa28BZZTwiOuVKZXy8sw1/S2yt1BtLy/sfapxfmOlsK++IkcpDZ+q1ie6+wo4YydL8gXb5tfnJN8wfjGhvA39paEt7fvx0oz4z6A87oG004tLFz53etO0N+f/LUCf/wI0r5f+XLzz1bCq/OlR0b4BBSvn/3qvznwj5h9KRfygv+Yfykn8oL/mH8pJ/KC/5h/KSfygv+Yfykn8or17+HzhxIh44caLV7J7/vtCYPXN2bvHo5MT4/PnT46cb5xbHZxuN2fYZO/PX/rv1RmPxwGScf7i6XFtari6tNE/NN84vLJ9qn9d/qpZzKQCgACcvb75v557nXsoi4tEPbGlPyabuclmFG1urlUXR5yADxbDrD+XlUm1QXvbxgewayzdfbUF9/fsCDEal6A4AhbnrNsf/oKx8/w/l5ft/KC/b+IDv/6F8fP8P5TV6lft/3dx3766JiHhbRPx0aOSm3r2+gLeU1+3qj0ZcuvSdz1ZX78OtoKCgsFoo7oMKGIzXQl90T4CizBy8MNebBtXmM7ODagnI8/I9nUFAKffN7tRZMrx6bGBkg8YJ7bwjPf7o94/vmxtKU3Q/hzagKSDHo49FxLvy1v9Z+9jAju7zdnWeFrdExK0R8Y6IeOca2/7GpyLG4oVaf538w+Bcb/5vi4i0ur49It4dEbsj4j1rbPsXF1P+f72lv07+oRw+/3zRPQCK8vGniu4BUJSTxhhAaX33kaJ7ABTl6R8W3QOgKF99segeQLk9d09ETOQd/6u0j/f3jHSvC3hT91oAWyJia0Rs655DeHP3HMHtfccMr+XUJyPG4o4f99c5/geD0xv/17xi/F9ldfzfUETsWUMbz3xw9Ct59dO7U/6feKQ3/i9Nqf3eWEBgY738WMTtufnPVsf8ZpFyGvHe/7ONsS9cfjKv/sX7098d+bn8QzFa3454f+TnvyeVqsvzi9Wllebd7ft4z9YWDh2ZOjp5eOrIVLV9iZBq70IhOY7//ZX9efW/m0z5/+Yh+YdipPX/1qvkv3/7/31raOPY1798Mq9+9I8p/7ufffP8V/66KftMe753X4KHp5eXzx2I2JQdv7J+cg0dhRtcLyO9DKX879ubv/+/q/s7af1/LCI+nLYXIuI/EfHfiPhIRHw0Ij4WEfe+SZtfu2v2cl79H55M+X/8rPU/FCPlf+Ya6//0819raGP/vp98Ma/+Q3tS/sd/+6fjDw6nSf4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1t/SSvPsdL1eO7eBhaJfIwAAAAAAAJTF/wIAAP//d8Uzog==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000b00)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000300)='.\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)

5.550979552s ago: executing program 4 (id=4475):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000740)='bridge0\x00', 0x10)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
connect$inet(r0, &(0x7f0000000140)={0x2, 0xc000, @multicast1}, 0x10)

5.433183184s ago: executing program 0 (id=4476):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000000900)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20008090}], 0x1, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000240)={r2, 0x6}, &(0x7f0000000280)=0x8)

5.411709529s ago: executing program 3 (id=4477):
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r0 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)

5.182151955s ago: executing program 4 (id=4478):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfff7e002, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0x6, 0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000041}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=@newtfilter={0x5c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x3}, {}, {0x4, 0x2}}, [@filter_kind_options=@f_u32={{0x8}, {0x30, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x0, 0x3}}, @TCA_U32_SEL={0x24, 0x5, {0xc, 0x6, 0x1, 0x3d3f, 0x0, 0xfff, 0x3, 0x58f, [{0x1, 0x4000001, 0x206, 0x6}]}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x94}, 0x24040084)

4.652638568s ago: executing program 4 (id=4480):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x2008002, &(0x7f00000000c0)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1000}}, {@nobarrier}, {@quota}]}, 0x1, 0x560, &(0x7f0000000c00)="$eJzs3c9vI1cdAPDvTH42u212oQeogF2gsKDV2htvu6p6abmAUFWpouLEYRsSbxTWXi+xU5oQifRvAAkkTvAncEDigNQTB24ckTgAohyQCkSgDRIHoxlPEjdxWLN2bDb+fKTZ+fFm5vuevTPv+dmZF8DEuhoRuxExGxFvRcRisT0ppni1M2X7PdzbWdnf21lJot1+829Jnp5ti65jMheKc85HxNe+EvHN5GTc5tb2veVarbpRrJdb9Qfl5tb2jfX68lp1rXq/Urm9dPvmS7derAytrFfqP/vgy+uvff2Xv/jk+7/Z/eJ3s2xdLNK6yzFMnaLPHMbJTEfEa2cRbAymivnsmPPB40kj4iMR8Zn8+l+Mqfx/JwBwnrXbi9Fe7F4HAM67NO8DS9JSRKRp0Qgodfrwno2FtNZotq7fbWzeX+30lV2KmfTueq168/Lc776d7zyTZOtLeVqenq9Xjq3fiojLEfGDuafy9dJKo7Y6niYPAEy8C931f0T8cy5NS6W+Du3xrR4A8MSYH3cGAICRU/8DwORR/wPA5Omj/i++7N8987wAAKPh8z8ATB71PwBMHvU/AEyUN15/PZva+8Xzr1ff3tq813j7xmq1ea9U31wprTQ2HpTWGo21/Jk99Uedr9ZoPFh6ITbfKbeqzVa5ubV9p97YvN+6kz/X+051ZiSlAgD+m8tX3vttEhG7Lz+VT9E1loO6Gs63dIh7AU+WqUEO1kCAJ5rRvmBy9VWF542EX595XoDx6Pkw7/meix/2o/8hiN8Zwf+Vax/vv//fGM9wvujZh8n1eP3/rww9H8DoPXb//x+Gmw9g9Nrt5PiY/7OHSd3eGOWoxADAWRrgJ3zt7w2rEQKM1aMG8x7K9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwzlyMiG9FkpbyscDT7N+0VIp4OiIuxUxyd71WvRkRz8SViJiZy9aXxp1pAGBA6V+SYvyva4vPXzyeOpv8ay6fR8R3fvzmD99ZbrU2lrLtfz/cPncwfFjl6LgBxhUEAPr3p352yuvvSjHv+iD/cG9n5WA6wzye8MGXDgcfXdnf28mnTsp0tNvtdsR83pZY+EcS08Ux8xHxXERMDSH+7rsR8bFe5U/yvpFLxcin3fGjiP30SOOnH4qf5mmdefbyfXQIeYFJ8152/3m11/WXxtV83vv6n8/vUIPL73/zEQf3vv2u+NNFpKke8bNr/mq/MV741VdPbGwvdtLejXhuulf85DB+ckr85/uM//tPfOr7r5yS1v5JxLXoHb87VrlVf1Bubm3fWK8vr1XXqvcrldtLt2++dOvFSjnvoy4f9FSf9NeXrz9zWt6y8i+cEr/zzl84Vv7Zw2M/12f5f/rvt77x6aPVuePxv/DZ3u//s/m89+uf1Ymf7zP+8sLPTx2+O4u/ekr5H/X+X+8z/vt/3l7tc1cAYASaW9v3lmu16sZAC9mn0GGc58RClsX+dj5oLg4W9I+RLxy9LEkkMexyZY2xfnaeOatX9cwXpg/bisM44VRnYaE45YiLkw6pFIMtxKVi4eGogo7nfgSMztFFP+6cAAAAAAAAAAAAAAAApxnF3zCNu4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcX/8JAAD//7a0vsc=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
syz_mount_image$exfat(0x0, &(0x7f0000000200)='./file0\x00', 0xe1c00, 0x0, 0x0, 0x0, &(0x7f0000000000))
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)

4.647925681s ago: executing program 3 (id=4481):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40140, 0x1)
close_range(r0, r0, 0x2)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x882)
ioctl$EVIOCSABS20(r1, 0x40044591, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x800004, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

4.188134736s ago: executing program 3 (id=4483):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x2140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_GET_SREGS2(r2, 0x8140aecc, &(0x7f0000000280))

3.504290457s ago: executing program 3 (id=4486):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0xf8cde000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

3.23543412s ago: executing program 0 (id=4487):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000001200)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x12}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "ec9700", 0xf98, 0x2c, 0x0, @local, @loopback, {[@fragment={0x6}], @pkt_toobig={0x2, 0x0, 0x0, 0xd93f, {0x4, 0x6, "ab9400", 0xf08, 0x2f, 0xb9e02c7ea3376920, @mcast2, @mcast2, [@dstopts={0x16, 0x1e3, '\x00', [@jumbo, @enc_lim, @jumbo={0xc2, 0x4, 0x40}, @calipso={0x7, 0x10, {0x4, 0x2, 0x4, 0x6c8, [0x0]}}, @generic={0x2, 0xef6, "471c193e445fffa682333b6ea5d9758e49d1f56a2cacf058c91036aa2a98b0af004e6f5acbbab33a8a5a9112f348b1a0089ddf5d100402cf846849a5c61cd7554140293b1191985ab08825ff716bc3ec7c318469d1e246d1c2b6f9ac2da9fa05bbc052fd2c1e07394a280e009667ed6f989d69942944973c6d558feda3d1c3358d50dff7bdd2c1fb8021ade354c814396f3fc7c17209d79e6c4952e91a6ec461a7cc945887c3bce662f5449d7b817758d7db37c9b2d74a1e7f0e05c28fce1ed8803f1e214667d299c1bd9653c497bea87774d74ebc16b76bee5c7e6ba19f460cafc8a531b56ea9d086e7f82153806b9840ec4fa711abb32a8728e81b51406040e0c274c260aa9b0b468d88f95b045258ddd448a48b987951e70d75bba7371694f1fb2b1957b4954fb807f86d7c7781697c2304a26e879a066a81d9b4f9ad82632a90632f737b44dc95d5b56a4acfdca287e039c5ebe808b5d585eda8c1543dbc5bf1b6bfc52c5ff2a947bce2327ccfeccfc2ba9df17ea126da5c4bbb54018d4f8277939acd67cd26ce4173968cfb747b74d61eb69503dea36f616de641ed0755b2e37f14dc9a8d86bab92acdfcbb93bed1d4344f2fd9c539d5fda77cbae2bedb79e05fc03e64e253b03bd8ac170e54ee380314727c60a3bc1d689b989710dd0f9a418f90637db3aae7034a9b83e8c843ba835c6a500ae43e840688d0801a882ffb94b7a77bd2314217aac52d296d169395c0b3dc7339a389354e1e4ff0746e6b2e3fc0149a36e75eafc20d51812e984faeecb52ad9b89288bacf21c152290ff2f6781dc761a3e50d88a8b4da3e65782fa959d583c718cf64d09d330c381ae123bea01e7d25eb8f8be911f3928237e3878e505be36bb6852903dff1e77be22ccf3b3e1c8658a5b92c816c6f3f0306a196ec62d5a39ecf36528f18e639b26351b6bc9d1230482e5d8e2c9561de5204d98487364c50f7236c503db3665876f6c04f7f23d1606d36120f62e3fd3de4a7525678e3748905d5a14fa840297c7dda43e13e18fad1453d5c24ddcb4bef61ab494d4f620201993b1b20f339ec6409474a6f104edbe42e0df14633c9a40352f773600b335e6a7ec6f0b0511c6d55fb484696d3b3e2fa4346d26446cba1e2e7ae1de5df058e7c2b52a1d6bb2d2daff1c73a4718541d6b9882891870b3f17442bdc250de45202f7314cd6c3670c3061b9ea658f21e1c362d622316f158968f118a72bef80745a9159f3c77985ecd9bca98ccd482b96ab39701053e30fb4d6d5efc4ba8f33fe18b0df2ab24ad5b2169ed8569cc264f91481fe3accc27448231088f05d996f562fd1950e43313193d23338fc134753ef5127d57161597f99598d546e290123ac1c3df0f5ded6cad9f523e71f7d5ce0b7d41f0d2fc6f911bd6b578f156b7b85dcf90d423e1cb854bb18ddc6801fc30ce76df9c27c1d5d91e06e9209d061b43449d0abdf346c644db465ee610d3ed406af49cce6119a1ec2ac9846350367f99e7255e5be602f0cce16439f3c5beb7276f96f2f9dffc88da05c8b197b90bf4ca75be6d767dc10d1ff883728fcaecbde596ed9b01a456e417fb9ded7431323b19a6fa8f6fd0ec596410a887037ff6a0feb81ce0dffdfdec39a5b04ec962e87bc038e4436b2a8ac00e51bca0976eef42211107422ff30034cc62355fcf65b51325fcd25861ee487c695b51ba4be9b3c47ab47388e9a8dcce4507acbf5b16164f85d12161c8038019f589e0117a02161dcf2fc01968983bde59dceda258e008e337a3af1c1127258b8877558918caa71355ca8d17be32b10d61e72a0391b6ed88327d1f6d030877fe893f777de0e0ec863f15a50b40d003a9a941182a0639674bd0b4f4f9716fb1c2e115a6465fa731759793b86a9bb70ae0bb18d0c5e53c120d192a71302d15fff0c2c76ad1f9e1281c42a659ed7b67c4f4d7c3fcd56a022bf8f043006c61f254a80184519935bbc805eefba13ed54234322506f28f362065d6a68c35473280d4b8196754a11604a901cfdea47dc6f442fa73ffc6fe5e59bece8741407a57fd5f36a5906951fe75bea732413200bb85053ad500ea6245bea8abccbf5e8927261f752c12a2765827ea9908f084b862ce41b11443f73f0ec6aa095db1bbce0b14bce8397b45da28c2ac2f33c8ecce00bdf34cd00aa95d181ea33e08b7c8a768a365c4279e0b5d9352eb62c628909cc4191e0ff81fd84cc4c371ffc000d8841a9ebe70574993579cfd0e35574ef6e4cc6edf42deb8cb1e38b55fead366238d8d7d83902c6da5ad2ee63843db90090d57eeebd90ec9b08a6ffffd6c60e0b017e0c22d08cf1e22e2e63df06b62e5e0cfcd7b9441d2ca09b4e96c3b61ed1459fc24d83301148940e554f4d78c453c7e2f262f09aebee218ec5a22f874768e4c1afa870262f2f67155c94b17a36475dd421eaee27632427ede8330b1d74d2cd1a2d0a7de694a7d87ede13b5ea664e89f3d872512581adc606cd841a2abd2ed34efe3ec8e4f03d1e38fadfd08cb1b65f4eac10c48894b6fda1440ddd5d22b06214dbd483a5da821c4f447cce31df27c40b14f4471abccd35e6673aaa17133e78a589f45331399d930534edae0402e811a411d557c184c44ebec37a4e146d8076a070cf1f967ba3341e4e8e0c8b4b4617ee2bf3e8ae478567137641b6f6bc1fafd0d15cfed74198646906b5b853c8206ebf1e7e46bd74ae848281c4d89c02057de523e7e3e75567811685c1be1d2f5a57ff5b32fb8ef19e44f25226701f1b6b66cac452620cb7529b411cd833e3b1ad07bc781be7cda26eeccdb57f44308e765e13f357356e3fb83dcb4994b369fd3ee6aa6e405da03703c0dbd0e47110533992fd2be5bde2cbf6f7e777082427189766afbe426e6014ec9d041e96bcc900d5bdf4be72142ed1ab4c1d88afe8408145e06ddd3c2820f5d928309b3ef77afdd500568d76eb99ebd6f4ab78d5e43aa61b8a0ec27e1f6475691183e19f9e43ef1e94f2656da3eb693921f13aee4d4140fc4d56ac5ff3ec97163915a028c1ed16c7d08e6862503b18283b30489507e35945197c22733dee593f1d20a53dc5a463d5b8a058fa555c220de3fe5252a83e10f163babc01ec11c2e2197491ebb06b43919320c7237c0e55cbf927e0b5aaadd81c0c4c49a30ff2f9426b32311cbf09e1bcbe75c89aec74cf848d1b2194760a6edc734aebac9b429ae0438c620d4ad23b42deb8f7f1806ee8db02261b1e6d35742b1c85602c8099c0ed85cd89969f7b9ffd5906483e788d9f8c01e998c000f3005ea9efef9ca977530999344093bd6d234e500d784b22ccc8de58065451196dc977d8e8c8deac7d47b1ddc23f82f09159796a883d8b530fa193a20c53c22c5ffa3e5d411329f6489266ea75ff184b7ff1b301293b3ff5de6eb3658d826e6aa114eac2e572bf7d0d085e1e927af2bc1b21d1eaa37075a4778bec44521e5341c89c7589ca85b0cbda1060bca778906705be8791e479cb9867b4f6f06802ae76fba15b8fbf14bfd1b393bcef6f7997ac66bd87fcdda9387a519b5dbb61f7f970772a406bdce40f48511344070ed00a20880fdcc19732df83f0ba1bf6c94e201a7a2c833239ebf380720d3ddd644c8b3d78a0eae5d0d7d22937fc5c3e9295cd7a412897b9c1123ffc1aec8c49c768ed008f795e62ad47250ad92f90d4d2c903fdba9c19f8ce5dd5eb69c099ba28eac5717c975c7504ce86b168744f9944ca63ba1938c02918ca9bfb77fc4e97c093108b3d35b8330bc32758c7f3ee746315e758ccb5e220de655350eba786e400bc89e958862541506c6e4958d3fd0987686f2d6236abd0bd118fea29e09d6025f1ac9730e72177ef28399c25134261f785b5e1b7f20bde4e347da83f8dfe0c9080d48b9dc371d9e81174faf9ebcefd3804718b05bbd6f41f40e726d390b87e60afbdadd45cd2f0c4d7495b6a6f074259518838317973877d991ef156d2d39098b50e8b6e1bbfb4096d5801d64e0655be19f7390594ad273f83e7c5128a579e6faf44c76bfdd70d726c0ea4cb9f69976b5beee76f5bec995e49d26795c9731d36d013d628fd7ac2f0bfde44c434d2bfc547480ae597b3e1e5214f108255fa0d22eb69df4a1691c6614743298af40e283090a4039b8bdf9822a86caeabd18d12c506d3448c1b15efa929881029ca0f8d4861d5f7a2d06f0e1a2f18db910ab1bf391a690086eb91341e38649f8bbd8299c3e81e0c816f34629b191e722e9bfdb8610fd135d36b0335198e2a4c06e2f37b9efeeb85a07896674c979e720347fa61782ac09cacd7967a7484e55ea2bfd50a9cb3e1863a59e6ad867593237bdb2baebaf9c88df6b91b5801393186a64dd33ba3472c0a3cb99b7ed8c93f1b95832d75df45c65df69d818ad0680e39606045c996691fcbf1bc69b3f171a46fc81fa66877758c76f73c1d83cc3dddd321b1c03c6b56fa9e02bc3fa4bef43050420202370c5074c0abd08d94c9b75a871cee948ca2e055ab07e1c062e8a1435e06073dc5911d91237ce9fe8cdf47a345de4ca65febc8f48de09603e44d7f14e1e0c37428680dd3428f0f4563dc90e0714fe0a40689acc472394704b9feba33ec9bca45533cd4635b3249a24025c271e6661d0060de48689debb58be19a6cef15f39dd6f42828d8440bc5b9e6d3aae0f745f05181c9d74832c358b8438bf46f0f4f302ffafc395b226d5bd1c5d5b011c846be3d133470db70800297699c8ee17104945a73cc77c2c9cdae9383904dc428f76480558a40c0dc19cd9190dbb78ed1da18eea6694406f428c4ad3e8b4add1ececf520fc9ffbdbde06ac39b2ceb2f24b6054268f179d258a9b260490216f6169e5867c050f3898a555907bd18b18c6d11748cf43bf7b7b1a8eeef32cee7560eed7faea9218ff4f08f69835cd6b1af390f4159ed300faf2d8b5b5904a42bb3e926b383496fb018c8da32e13a952bb172d749edc6e1e38c1e88db1d75f141d3bed099f275e3d0e7fed711d1c4e882612dc7f33fc567a19ce4a901a5350b128d08eff31b1f660e108b146ac3d415ec86820207bf9a9c32d7df1e648cc68bf093faccc1c9e3e31a45ec81a1ce6ceef43240543476ae1305a6beeb8337a0e7c6dae864081fe962b7fd63326415e01b2ebfc770f1c5f8704add7da3a0380625c1162191af137b6a5ada314e0f7233b41e6e58f9ea7e1cf9927da4770bc2d4c45e71d5728930f5a02d740f124521490231229b99cbce370627517017e6d3d82526faecdd573e135d5bc3b96e1292e0b473471e2e93e8162eadf6fc2caced5f9aa494d0eadf8dc5442a9da1d9caf007f8e47c05eb38fa8f99e480c49957c7bae1efb2ce516bd690b7379e83f0493df617449fd9c61e6f9393750464e8d59eb10c8bc84"}]}, @hopopts={0x4fb560df2bad385d, 0x2, '\x00', [@hao={0xc9, 0x10, @loopback}]}], "d53354e0f167b1d8f8ed2a0790c6f7186919d562ebcbf5ab"}}}}}}, 0xfce)

2.537415233s ago: executing program 33 (id=4487):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000001200)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x12}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "ec9700", 0xf98, 0x2c, 0x0, @local, @loopback, {[@fragment={0x6}], @pkt_toobig={0x2, 0x0, 0x0, 0xd93f, {0x4, 0x6, "ab9400", 0xf08, 0x2f, 0xb9e02c7ea3376920, @mcast2, @mcast2, [@dstopts={0x16, 0x1e3, '\x00', [@jumbo, @enc_lim, @jumbo={0xc2, 0x4, 0x40}, @calipso={0x7, 0x10, {0x4, 0x2, 0x4, 0x6c8, [0x0]}}, @generic={0x2, 0xef6, "471c193e445fffa682333b6ea5d9758e49d1f56a2cacf058c91036aa2a98b0af004e6f5acbbab33a8a5a9112f348b1a0089ddf5d100402cf846849a5c61cd7554140293b1191985ab08825ff716bc3ec7c318469d1e246d1c2b6f9ac2da9fa05bbc052fd2c1e07394a280e009667ed6f989d69942944973c6d558feda3d1c3358d50dff7bdd2c1fb8021ade354c814396f3fc7c17209d79e6c4952e91a6ec461a7cc945887c3bce662f5449d7b817758d7db37c9b2d74a1e7f0e05c28fce1ed8803f1e214667d299c1bd9653c497bea87774d74ebc16b76bee5c7e6ba19f460cafc8a531b56ea9d086e7f82153806b9840ec4fa711abb32a8728e81b51406040e0c274c260aa9b0b468d88f95b045258ddd448a48b987951e70d75bba7371694f1fb2b1957b4954fb807f86d7c7781697c2304a26e879a066a81d9b4f9ad82632a90632f737b44dc95d5b56a4acfdca287e039c5ebe808b5d585eda8c1543dbc5bf1b6bfc52c5ff2a947bce2327ccfeccfc2ba9df17ea126da5c4bbb54018d4f8277939acd67cd26ce4173968cfb747b74d61eb69503dea36f616de641ed0755b2e37f14dc9a8d86bab92acdfcbb93bed1d4344f2fd9c539d5fda77cbae2bedb79e05fc03e64e253b03bd8ac170e54ee380314727c60a3bc1d689b989710dd0f9a418f90637db3aae7034a9b83e8c843ba835c6a500ae43e840688d0801a882ffb94b7a77bd2314217aac52d296d169395c0b3dc7339a389354e1e4ff0746e6b2e3fc0149a36e75eafc20d51812e984faeecb52ad9b89288bacf21c152290ff2f6781dc761a3e50d88a8b4da3e65782fa959d583c718cf64d09d330c381ae123bea01e7d25eb8f8be911f3928237e3878e505be36bb6852903dff1e77be22ccf3b3e1c8658a5b92c816c6f3f0306a196ec62d5a39ecf36528f18e639b26351b6bc9d1230482e5d8e2c9561de5204d98487364c50f7236c503db3665876f6c04f7f23d1606d36120f62e3fd3de4a7525678e3748905d5a14fa840297c7dda43e13e18fad1453d5c24ddcb4bef61ab494d4f620201993b1b20f339ec6409474a6f104edbe42e0df14633c9a40352f773600b335e6a7ec6f0b0511c6d55fb484696d3b3e2fa4346d26446cba1e2e7ae1de5df058e7c2b52a1d6bb2d2daff1c73a4718541d6b9882891870b3f17442bdc250de45202f7314cd6c3670c3061b9ea658f21e1c362d622316f158968f118a72bef80745a9159f3c77985ecd9bca98ccd482b96ab39701053e30fb4d6d5efc4ba8f33fe18b0df2ab24ad5b2169ed8569cc264f91481fe3accc27448231088f05d996f562fd1950e43313193d23338fc134753ef5127d57161597f99598d546e290123ac1c3df0f5ded6cad9f523e71f7d5ce0b7d41f0d2fc6f911bd6b578f156b7b85dcf90d423e1cb854bb18ddc6801fc30ce76df9c27c1d5d91e06e9209d061b43449d0abdf346c644db465ee610d3ed406af49cce6119a1ec2ac9846350367f99e7255e5be602f0cce16439f3c5beb7276f96f2f9dffc88da05c8b197b90bf4ca75be6d767dc10d1ff883728fcaecbde596ed9b01a456e417fb9ded7431323b19a6fa8f6fd0ec596410a887037ff6a0feb81ce0dffdfdec39a5b04ec962e87bc038e4436b2a8ac00e51bca0976eef42211107422ff30034cc62355fcf65b51325fcd25861ee487c695b51ba4be9b3c47ab47388e9a8dcce4507acbf5b16164f85d12161c8038019f589e0117a02161dcf2fc01968983bde59dceda258e008e337a3af1c1127258b8877558918caa71355ca8d17be32b10d61e72a0391b6ed88327d1f6d030877fe893f777de0e0ec863f15a50b40d003a9a941182a0639674bd0b4f4f9716fb1c2e115a6465fa731759793b86a9bb70ae0bb18d0c5e53c120d192a71302d15fff0c2c76ad1f9e1281c42a659ed7b67c4f4d7c3fcd56a022bf8f043006c61f254a80184519935bbc805eefba13ed54234322506f28f362065d6a68c35473280d4b8196754a11604a901cfdea47dc6f442fa73ffc6fe5e59bece8741407a57fd5f36a5906951fe75bea732413200bb85053ad500ea6245bea8abccbf5e8927261f752c12a2765827ea9908f084b862ce41b11443f73f0ec6aa095db1bbce0b14bce8397b45da28c2ac2f33c8ecce00bdf34cd00aa95d181ea33e08b7c8a768a365c4279e0b5d9352eb62c628909cc4191e0ff81fd84cc4c371ffc000d8841a9ebe70574993579cfd0e35574ef6e4cc6edf42deb8cb1e38b55fead366238d8d7d83902c6da5ad2ee63843db90090d57eeebd90ec9b08a6ffffd6c60e0b017e0c22d08cf1e22e2e63df06b62e5e0cfcd7b9441d2ca09b4e96c3b61ed1459fc24d83301148940e554f4d78c453c7e2f262f09aebee218ec5a22f874768e4c1afa870262f2f67155c94b17a36475dd421eaee27632427ede8330b1d74d2cd1a2d0a7de694a7d87ede13b5ea664e89f3d872512581adc606cd841a2abd2ed34efe3ec8e4f03d1e38fadfd08cb1b65f4eac10c48894b6fda1440ddd5d22b06214dbd483a5da821c4f447cce31df27c40b14f4471abccd35e6673aaa17133e78a589f45331399d930534edae0402e811a411d557c184c44ebec37a4e146d8076a070cf1f967ba3341e4e8e0c8b4b4617ee2bf3e8ae478567137641b6f6bc1fafd0d15cfed74198646906b5b853c8206ebf1e7e46bd74ae848281c4d89c02057de523e7e3e75567811685c1be1d2f5a57ff5b32fb8ef19e44f25226701f1b6b66cac452620cb7529b411cd833e3b1ad07bc781be7cda26eeccdb57f44308e765e13f357356e3fb83dcb4994b369fd3ee6aa6e405da03703c0dbd0e47110533992fd2be5bde2cbf6f7e777082427189766afbe426e6014ec9d041e96bcc900d5bdf4be72142ed1ab4c1d88afe8408145e06ddd3c2820f5d928309b3ef77afdd500568d76eb99ebd6f4ab78d5e43aa61b8a0ec27e1f6475691183e19f9e43ef1e94f2656da3eb693921f13aee4d4140fc4d56ac5ff3ec97163915a028c1ed16c7d08e6862503b18283b30489507e35945197c22733dee593f1d20a53dc5a463d5b8a058fa555c220de3fe5252a83e10f163babc01ec11c2e2197491ebb06b43919320c7237c0e55cbf927e0b5aaadd81c0c4c49a30ff2f9426b32311cbf09e1bcbe75c89aec74cf848d1b2194760a6edc734aebac9b429ae0438c620d4ad23b42deb8f7f1806ee8db02261b1e6d35742b1c85602c8099c0ed85cd89969f7b9ffd5906483e788d9f8c01e998c000f3005ea9efef9ca977530999344093bd6d234e500d784b22ccc8de58065451196dc977d8e8c8deac7d47b1ddc23f82f09159796a883d8b530fa193a20c53c22c5ffa3e5d411329f6489266ea75ff184b7ff1b301293b3ff5de6eb3658d826e6aa114eac2e572bf7d0d085e1e927af2bc1b21d1eaa37075a4778bec44521e5341c89c7589ca85b0cbda1060bca778906705be8791e479cb9867b4f6f06802ae76fba15b8fbf14bfd1b393bcef6f7997ac66bd87fcdda9387a519b5dbb61f7f970772a406bdce40f48511344070ed00a20880fdcc19732df83f0ba1bf6c94e201a7a2c833239ebf380720d3ddd644c8b3d78a0eae5d0d7d22937fc5c3e9295cd7a412897b9c1123ffc1aec8c49c768ed008f795e62ad47250ad92f90d4d2c903fdba9c19f8ce5dd5eb69c099ba28eac5717c975c7504ce86b168744f9944ca63ba1938c02918ca9bfb77fc4e97c093108b3d35b8330bc32758c7f3ee746315e758ccb5e220de655350eba786e400bc89e958862541506c6e4958d3fd0987686f2d6236abd0bd118fea29e09d6025f1ac9730e72177ef28399c25134261f785b5e1b7f20bde4e347da83f8dfe0c9080d48b9dc371d9e81174faf9ebcefd3804718b05bbd6f41f40e726d390b87e60afbdadd45cd2f0c4d7495b6a6f074259518838317973877d991ef156d2d39098b50e8b6e1bbfb4096d5801d64e0655be19f7390594ad273f83e7c5128a579e6faf44c76bfdd70d726c0ea4cb9f69976b5beee76f5bec995e49d26795c9731d36d013d628fd7ac2f0bfde44c434d2bfc547480ae597b3e1e5214f108255fa0d22eb69df4a1691c6614743298af40e283090a4039b8bdf9822a86caeabd18d12c506d3448c1b15efa929881029ca0f8d4861d5f7a2d06f0e1a2f18db910ab1bf391a690086eb91341e38649f8bbd8299c3e81e0c816f34629b191e722e9bfdb8610fd135d36b0335198e2a4c06e2f37b9efeeb85a07896674c979e720347fa61782ac09cacd7967a7484e55ea2bfd50a9cb3e1863a59e6ad867593237bdb2baebaf9c88df6b91b5801393186a64dd33ba3472c0a3cb99b7ed8c93f1b95832d75df45c65df69d818ad0680e39606045c996691fcbf1bc69b3f171a46fc81fa66877758c76f73c1d83cc3dddd321b1c03c6b56fa9e02bc3fa4bef43050420202370c5074c0abd08d94c9b75a871cee948ca2e055ab07e1c062e8a1435e06073dc5911d91237ce9fe8cdf47a345de4ca65febc8f48de09603e44d7f14e1e0c37428680dd3428f0f4563dc90e0714fe0a40689acc472394704b9feba33ec9bca45533cd4635b3249a24025c271e6661d0060de48689debb58be19a6cef15f39dd6f42828d8440bc5b9e6d3aae0f745f05181c9d74832c358b8438bf46f0f4f302ffafc395b226d5bd1c5d5b011c846be3d133470db70800297699c8ee17104945a73cc77c2c9cdae9383904dc428f76480558a40c0dc19cd9190dbb78ed1da18eea6694406f428c4ad3e8b4add1ececf520fc9ffbdbde06ac39b2ceb2f24b6054268f179d258a9b260490216f6169e5867c050f3898a555907bd18b18c6d11748cf43bf7b7b1a8eeef32cee7560eed7faea9218ff4f08f69835cd6b1af390f4159ed300faf2d8b5b5904a42bb3e926b383496fb018c8da32e13a952bb172d749edc6e1e38c1e88db1d75f141d3bed099f275e3d0e7fed711d1c4e882612dc7f33fc567a19ce4a901a5350b128d08eff31b1f660e108b146ac3d415ec86820207bf9a9c32d7df1e648cc68bf093faccc1c9e3e31a45ec81a1ce6ceef43240543476ae1305a6beeb8337a0e7c6dae864081fe962b7fd63326415e01b2ebfc770f1c5f8704add7da3a0380625c1162191af137b6a5ada314e0f7233b41e6e58f9ea7e1cf9927da4770bc2d4c45e71d5728930f5a02d740f124521490231229b99cbce370627517017e6d3d82526faecdd573e135d5bc3b96e1292e0b473471e2e93e8162eadf6fc2caced5f9aa494d0eadf8dc5442a9da1d9caf007f8e47c05eb38fa8f99e480c49957c7bae1efb2ce516bd690b7379e83f0493df617449fd9c61e6f9393750464e8d59eb10c8bc84"}]}, @hopopts={0x4fb560df2bad385d, 0x2, '\x00', [@hao={0xc9, 0x10, @loopback}]}], "d53354e0f167b1d8f8ed2a0790c6f7186919d562ebcbf5ab"}}}}}}, 0xfce)

2.512838026s ago: executing program 5 (id=4490):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0x1c, &(0x7f0000000400)=ANY=[@ANYBLOB="18080000cbb60000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000008000000bf0920000000000035090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000001000000b7050000080000001c00000000000000bf980000000000000d080000000000008500000005000000b70000000200000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)

2.033714579s ago: executing program 4 (id=4491):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x8, 0x2ea473, 0x1000000})

1.997948565s ago: executing program 2 (id=4492):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902340001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)={0x40, 0x13, 0x6, @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f00000002c0)={0x20, 0x17, 0x3, "a31c04"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0xc0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
connect$inet6(0xffffffffffffffff, 0x0, 0x0)

1.91967939s ago: executing program 5 (id=4493):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat(0xffffffffffffffff, 0x0, 0x600, 0x212)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000200)={{{@in=@empty, @in=@loopback, 0x4e22, 0x8, 0x4e20, 0x0, 0x2, 0x80, 0x80, 0x84}, {0xf8ca, 0x2, 0xa, 0x5c49, 0x4, 0x9, 0x0, 0x1}, {0xffffffff, 0x5, 0xcf38, 0xffffffffffffffff}, 0x52, 0x6e6bc0, 0x1, 0x1, 0x0, 0x3}, {{@in=@multicast1, 0x4d5, 0x18}, 0xb, @in=@empty, 0x3506, 0x4, 0x2, 0xd7, 0x7fffffff, 0x800, 0x6}}, 0xe8)

1.729065781s ago: executing program 5 (id=4494):
getpid()
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000002c0)=0x2, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000003c0)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @loopback, @loopback, [@fragment={0x3c, 0x0, 0x8, 0x0, 0x0, 0x13, 0x65}]}}}}}}}, 0x0)

1.612893202s ago: executing program 3 (id=4495):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
accept(r0, 0x0, 0x0)

502.074047ms ago: executing program 5 (id=4496):
r0 = socket(0x10, 0x3, 0x0)
r1 = epoll_create1(0x0)
close_range(r0, r1, 0x2)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x20000002})

145.222956ms ago: executing program 5 (id=4497):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r0, &(0x7f00000005c0)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x80, @broadcast}}, 0x24)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0xa0}, 0xfc40)

55.8733ms ago: executing program 3 (id=4498):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@allocspi={0xf8, 0x16, 0x1, 0x70bd2b, 0x25dfdbfe, {{{@in=@private=0xa010101, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0x0, 0x4e22, 0x0, 0xa, 0x80, 0x20, 0x1d}, {@in6=@local, 0x4d5, 0x33}, @in=@dev={0xac, 0x14, 0x14, 0x10}, {0x8, 0x7b5, 0x0, 0x6, 0x9, 0xfffffffffffffffa, 0xffffffff, 0x3}, {0x2, 0x3, 0x1, 0xfffffffffffffffa}, {0x0, 0x10001, 0xfffffff9}, 0x70bd2a, 0x0, 0x0, 0x2, 0x6, 0x1}, 0x8, 0x74f}}, 0xf8}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079103000000000007bfdfffe0000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x94)
sendmsg$key(r0, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0xa, 0xfc, 0x0, 0x7, 0x0, 0x70bd28, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in=@empty, @in=@rand_addr=0x64010100, 0x2c, 0x30}]}, 0x38}}, 0x40408c0)

0s ago: executing program 5 (id=4499):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000180)={0x0, 0x7}, 0x8)

kernel console output (not intermixed with test programs):

nknown main item tag 0x0
[  639.603431][   T32] asus 0003:0B05:1ABE.0011: unknown main item tag 0x0
[  639.603456][   T32] asus 0003:0B05:1ABE.0011: unknown main item tag 0x0
[  639.603479][   T32] asus 0003:0B05:1ABE.0011: unknown main item tag 0x0
[  639.603504][   T32] asus 0003:0B05:1ABE.0011: unknown main item tag 0x0
[  639.760682][ T5617] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  639.779281][ T4928] Bluetooth: hci3: unexpected event for opcode 0x0c6d
[  639.796245][   T32] asus 0003:0B05:1ABE.0011: hidraw0: USB HID v7f.fd Device [HID 0b05:1abe] on usb-dummy_hcd.0-1/input0
[  639.845304][    T9] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  639.883350][ T5345] usb 1-1: USB disconnect, device number 32
[  639.945135][ T5617] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  639.945166][ T5617] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.945185][ T5617] usb 4-1: Product: syz
[  639.945197][ T5617] usb 4-1: Manufacturer: syz
[  639.945210][ T5617] usb 4-1: SerialNumber: syz
[  639.948944][T14638] fido_id[14638]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  640.011819][    T9] usb 5-1: config index 0 descriptor too short (expected 59428, got 90)
[  640.011846][    T9] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  640.011866][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  640.011879][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  640.011917][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  640.011931][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  640.011951][    T9] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  640.011962][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.035227][    T9] usb 5-1: config 0 descriptor??
[  640.435552][ T5617] rtl8150 4-1:1.0: couldn't reset the device
[  640.435916][ T5617] rtl8150 4-1:1.0: probe with driver rtl8150 failed with error -5
[  640.485211][ T5617] usb 4-1: USB disconnect, device number 34
[  640.809405][    T9] hid-led 0003:27B8:01ED.0012: probe with driver hid-led failed with error -71
[  640.879276][    T9] usb 5-1: USB disconnect, device number 36
[  640.881177][T14653] netlink: 512 bytes leftover after parsing attributes in process `syz.0.3587'.
[  641.003224][T14661] loop1: detected capacity change from 0 to 164
[  641.776545][    T9] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  641.808369][ T5617] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  641.908548][T14684] sch_tbf: burst 18 is lower than device lo mtu (65550) !
[  641.943367][    T9] usb 4-1: Using ep0 maxpacket: 16
[  642.006031][    T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  642.006057][    T9] usb 4-1: config 0 has no interface number 0
[  642.006099][    T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  642.006123][    T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  642.006160][    T9] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  642.006181][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.017215][ T5345] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  642.078000][    T9] usb 4-1: config 0 descriptor??
[  642.090102][ T5617] usb 3-1: Using ep0 maxpacket: 16
[  642.101471][ T5617] usb 3-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  642.101500][ T5617] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.101520][ T5617] usb 3-1: Product: syz
[  642.101534][ T5617] usb 3-1: Manufacturer: syz
[  642.101553][ T5617] usb 3-1: SerialNumber: syz
[  642.236518][ T5345] usb 2-1: Using ep0 maxpacket: 16
[  642.238932][ T5345] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  642.239030][ T5345] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  642.239053][ T5345] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  642.239094][ T5345] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  642.239108][ T5345] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.344454][ T5345] usb 2-1: config 0 descriptor??
[  642.391690][ T5617] usb 3-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  642.424417][ T5617] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  642.424816][ T5617] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  642.425664][ T5617] usb 3-1: media controller created
[  642.477798][ T5617] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  642.645189][ T5745] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  642.661461][T14658] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  642.665749][T14658] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3588'.
[  642.719162][T14690] sctp: Trying to GSO but underlying device doesn't support it.
[  642.740303][ T5617] zl10353_read_register: readreg error (reg=127, ret==-110)
[  642.775643][    T9] uclogic 0003:28BD:0071.0013: pen parameters not found
[  642.775690][    T9] uclogic 0003:28BD:0071.0013: interface is invalid, ignoring
[  642.828997][ T5745] usb 5-1: Using ep0 maxpacket: 16
[  642.835839][ T5745] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  642.835868][ T5745] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.835881][ T5745] usb 5-1: Product: syz
[  642.835888][ T5745] usb 5-1: Manufacturer: syz
[  642.835895][ T5745] usb 5-1: SerialNumber: syz
[  642.921702][ T5345] microsoft 0003:045E:07DA.0014: item 0 4 0 11 parsing failed
[  642.922470][ T5345] microsoft 0003:045E:07DA.0014: parse failed
[  642.929407][ T5345] microsoft 0003:045E:07DA.0014: probe with driver microsoft failed with error -22
[  642.987342][ T5617] dvb_usb_gl861 3-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  643.010918][ T5617] usb 3-1: USB disconnect, device number 36
[  643.050004][ T5345] usb 4-1: USB disconnect, device number 35
[  643.211797][ T5745] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  643.221033][    T9] usb 2-1: USB disconnect, device number 35
[  643.223727][ T5745] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  643.224118][ T5745] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  643.224164][ T5745] usb 5-1: media controller created
[  643.288797][ T5745] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  643.473703][T14685] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  643.476012][T14685] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3599'.
[  643.569188][ T5745] zl10353_read_register: readreg error (reg=127, ret==-110)
[  643.674872][ T5745] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  643.681105][ T5745] usb 5-1: USB disconnect, device number 37
[  644.000997][T14704] sctp: [Deprecated]: syz.1.3609 (pid 14704) Use of int in maxseg socket option.
[  644.000997][T14704] Use struct sctp_assoc_value instead
[  644.057291][T14708] vlan0: entered promiscuous mode
[  644.057336][T14708] bond0: entered promiscuous mode
[  644.057350][T14708] bond_slave_0: entered promiscuous mode
[  644.061617][T14708] bond_slave_1: entered promiscuous mode
[  644.061826][T14708] team0: entered promiscuous mode
[  644.061841][T14708] team_slave_0: entered promiscuous mode
[  644.067365][T14708] team_slave_1: entered promiscuous mode
[  644.369270][T14719] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3615'.
[  644.872766][T14712] can0: slcan on ttynull.
[  645.087633][T14731] loop2: detected capacity change from 0 to 256
[  645.260501][    T9] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  645.281009][T14731] FAT-fs (loop2): Directory bread(block 64) failed
[  645.281043][T14731] FAT-fs (loop2): Directory bread(block 65) failed
[  645.281134][T14731] FAT-fs (loop2): Directory bread(block 66) failed
[  645.281153][T14731] FAT-fs (loop2): Directory bread(block 67) failed
[  645.281239][T14731] FAT-fs (loop2): Directory bread(block 68) failed
[  645.281260][T14731] FAT-fs (loop2): Directory bread(block 69) failed
[  645.281346][T14731] FAT-fs (loop2): Directory bread(block 70) failed
[  645.281367][T14731] FAT-fs (loop2): Directory bread(block 71) failed
[  645.281453][T14731] FAT-fs (loop2): Directory bread(block 72) failed
[  645.281472][T14731] FAT-fs (loop2): Directory bread(block 73) failed
[  645.437895][    T9] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  645.437924][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.437940][    T9] usb 1-1: Product: syz
[  645.437952][    T9] usb 1-1: Manufacturer: syz
[  645.437963][    T9] usb 1-1: SerialNumber: syz
[  645.472929][    T9] usb 1-1: config 0 descriptor??
[  645.499600][    T9] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  645.547379][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  645.567351][    T9] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  645.567403][    T9] usb 1-1: media controller created
[  645.601738][T14735] loop3: detected capacity change from 0 to 512
[  645.650507][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  645.737306][T14727] digitv: more than 2 i2c messages at a time is not handled yet. TODO.
[  645.737321][T14727] dvb-usb: bulk message failed: -22 (7/0)
[  645.857187][    T9] DVB: Unable to find symbol mt352_attach()
[  645.919790][    T9] DVB: Unable to find symbol nxt6000_attach()
[  645.919807][    T9] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  646.085342][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input16
[  646.087603][T14735] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  646.164221][    T9] dvb-usb: schedule remote query interval to 1000 msecs.
[  646.164244][    T9] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  646.164259][    T9] dvb-usb: bulk message failed: -22 (7/0)
[  646.164272][    T9] dvb-usb: bulk message failed: -22 (7/0)
[  646.177811][    T9] usb 1-1: USB disconnect, device number 33
[  646.867688][T14735] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.3623: bg 0: block 104: invalid block bitmap
[  646.867726][T14735] loop3: lost filesystem error report for type 5 error -117
[  646.874794][    C1] EXT4-fs (loop3): initial error at time 1779835833: ext4_validate_block_bitmap:432
[  646.874828][    C1] EXT4-fs (loop3): last error at time 1779835833: ext4_validate_block_bitmap:432
[  646.954406][T14735] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  646.954442][T14735] loop3: lost filesystem error report for type 5 error -117
[  646.954937][T14735] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3623: invalid indirect mapped block 1 (level 1)
[  646.954970][T14735] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  647.037573][T14735] EXT4-fs (loop3): 1 truncate cleaned up
[  647.167864][T14711] can0 (unregistered): slcan off ttynull.
[  647.383125][T14757] binder: 14756:14757 ioctl c018620c 200000000280 returned -1
[  647.428140][    T9] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  647.535536][T14735] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  647.628257][T11702] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  647.802334][T11702] usb 3-1: Using ep0 maxpacket: 16
[  647.813779][T11702] usb 3-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  647.813808][T11702] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.813827][T11702] usb 3-1: Product: syz
[  647.813841][T11702] usb 3-1: Manufacturer: syz
[  647.813856][T11702] usb 3-1: SerialNumber: syz
[  648.043425][T14771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3637'.
[  648.086338][T11702] usb 3-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  648.103689][T11702] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  648.104073][T11702] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  648.104132][T11702] usb 3-1: media controller created
[  648.286185][T11702] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  648.353227][T14753] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  648.357625][T14753] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3625'.
[  648.523280][T11702] zl10353_read_register: readreg error (reg=127, ret==-71)
[  648.673232][T11702] dvb_usb_gl861 3-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  648.678004][T11702] usb 3-1: USB disconnect, device number 37
[  648.984189][ T1339] ieee802154 phy0 wpan0: encryption failed: -22
[  649.255626][ T5618] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  650.234072][T14809] loop1: detected capacity change from 0 to 128
[  650.273961][T14810] loop3: detected capacity change from 0 to 256
[  650.327764][T14809] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  650.327824][T14809] hpfs: filesystem error: improperly stopped
[  650.327839][T14809] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  650.327852][T14809] hpfs: You really don't want any checks? You are crazy...
[  650.377015][T14809] hpfs: hpfs_map_4sectors(): unaligned read
[  650.377104][T14809] hpfs: hpfs_map_4sectors(): unaligned read
[  650.377113][T14809] hpfs: filesystem error: unable to find root dir
[  650.882606][ T5745] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  650.919173][T14820] loop4: detected capacity change from 0 to 4096
[  651.076576][ T5745] usb 2-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=a4.46
[  651.076607][ T5745] usb 2-1: New USB device strings: Mfr=133, Product=2, SerialNumber=0
[  651.076625][ T5745] usb 2-1: Product: syz
[  651.076636][ T5745] usb 2-1: Manufacturer: syz
[  651.130194][ T5745] usb 2-1: config 0 descriptor??
[  651.157913][ T5745] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  651.159864][ T5745] ftdi_sio ttyUSB0: unknown device type: 0xa446
[  651.224472][ T5617] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  651.375639][   T32] usb 2-1: USB disconnect, device number 36
[  651.399009][   T32] ftdi_sio 2-1:0.0: device disconnected
[  651.414288][ T5617] usb 1-1: Using ep0 maxpacket: 16
[  651.421544][ T5617] usb 1-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  651.421573][ T5617] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.421592][ T5617] usb 1-1: Product: syz
[  651.421605][ T5617] usb 1-1: Manufacturer: syz
[  651.421618][ T5617] usb 1-1: SerialNumber: syz
[  651.718826][ T5617] usb 1-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  651.742827][ T5617] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  651.744692][ T5617] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  651.744756][ T5617] usb 1-1: media controller created
[  651.810932][ T5617] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  651.979609][T14822] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  651.985294][T14822] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3651'.
[  652.072382][ T5617] zl10353_read_register: readreg error (reg=127, ret==-110)
[  652.167096][ T5617] dvb_usb_gl861 1-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  652.194289][ T5617] usb 1-1: USB disconnect, device number 34
[  652.577607][T14849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3670'.
[  652.903564][T14849] geneve3: entered promiscuous mode
[  652.903591][T14849] geneve3: entered allmulticast mode
[  653.031182][T14833] loop4: detected capacity change from 0 to 40427
[  653.062941][T14833] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  653.062969][T14833] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  653.135482][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  653.135716][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  653.135752][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  653.135786][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  653.237710][T14833] F2FS-fs (loop4): invalid crc value
[  654.078994][T11702] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  654.249373][T11702] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  654.249403][T11702] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.249424][T11702] usb 1-1: Product: syz
[  654.249438][T11702] usb 1-1: Manufacturer: syz
[  654.249452][T11702] usb 1-1: SerialNumber: syz
[  654.353725][T14858] loop1: detected capacity change from 0 to 131072
[  654.378227][T11702] usb 1-1: config 0 descriptor??
[  654.452773][T14858] F2FS-fs (loop1): invalid crc value
[  654.504015][T11702] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  654.561738][T11702] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  654.589066][T11702] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  654.589125][T11702] usb 1-1: media controller created
[  654.674888][T14871] netlink: 'syz.2.3676': attribute type 6 has an invalid length.
[  654.696871][T14858] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  654.706064][T14864] dvb-usb: bulk message failed: -22 (7/0)
[  654.714004][T14858] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  654.801745][T11702] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  654.934836][T11702] DVB: Unable to find symbol mt352_attach()
[  654.964533][T14833] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  655.013190][T11702] DVB: Unable to find symbol nxt6000_attach()
[  655.013210][T11702] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  655.018396][T11702] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input17
[  655.085795][T11702] dvb-usb: schedule remote query interval to 1000 msecs.
[  655.085818][T11702] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  655.085833][T11702] dvb-usb: bulk message failed: -22 (7/0)
[  655.085848][T11702] dvb-usb: bulk message failed: -22 (7/0)
[  655.122053][T11702] usb 1-1: USB disconnect, device number 35
[  655.433036][T11702] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  658.000612][ T5617] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  658.191914][ T5617] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.191969][ T5617] usb 5-1: New USB device found, idVendor=048d, idProduct=8595, bcdDevice= 0.00
[  658.191991][ T5617] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.206449][ T5617] usb 5-1: config 0 descriptor??
[  658.726094][T14912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  658.731461][T14912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.959199][ T5617] hid_parser_main: 473 callbacks suppressed
[  658.959225][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959261][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x4
[  658.959337][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959362][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959387][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959413][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x2
[  658.959438][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959461][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959487][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959512][ T5617] itetech 0003:048D:8595.0015: unknown main item tag 0x0
[  658.959566][ T5617] itetech 0003:048D:8595.0015: item fetching failed at offset 40/41
[  658.960343][ T5617] itetech 0003:048D:8595.0015: probe with driver itetech failed with error -22
[  659.004284][ T5617] usb 5-1: USB disconnect, device number 38
[  659.244632][T14935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3701'.
[  659.853237][ T5617] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  660.023853][ T5617] usb 1-1: Using ep0 maxpacket: 32
[  660.026183][ T5617] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  660.026214][ T5617] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  660.026259][ T5617] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  660.026281][ T5617] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.057929][ T5617] usb 1-1: config 0 descriptor??
[  660.168710][ T5617] hub 1-1:0.0: USB hub found
[  660.293341][ T5617] hub 1-1:0.0: 1 port detected
[  660.511592][ T5617] hub 1-1:0.0: hub_hub_status failed (err = -71)
[  660.511617][ T5617] hub 1-1:0.0: config failed, can't get hub status (err -71)
[  660.523934][ T5617] usbhid 1-1:0.0: can't add hid device: -71
[  660.524045][ T5617] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  660.628880][ T5617] usb 1-1: USB disconnect, device number 36
[  660.753691][ T5738] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  660.984456][ T5738] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  660.984486][ T5738] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.989273][ T5738] usb 3-1: config 0 descriptor??
[  661.026064][ T5738] cp210x 3-1:0.0: cp210x converter detected
[  661.424094][T14941] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.461767][ T5738] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  661.557657][ T5738] usb 3-1: cp210x converter now attached to ttyUSB0
[  661.711529][ T5745] usb 3-1: USB disconnect, device number 38
[  661.766096][ T5745] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  661.788334][T14958] sch_tbf: burst 32767 is lower than device lo mtu (65550) !
[  662.043481][ T5745] cp210x 3-1:0.0: device disconnected
[  662.461937][T14975] loop1: detected capacity change from 0 to 1024
[  662.530771][T14979] loop2: detected capacity change from 0 to 16
[  662.794738][T14941] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.804714][T14979] erofs (device loop2): rootino(nid 36) is not a directory(i_mode 66700)
[  662.810151][T14979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3722'.
[  662.899379][T14971] sch_tbf: peakrate 7 is lower than or equals to rate 1023 !
[  663.060473][T14979] ip6gre1: entered promiscuous mode
[  663.060491][T14979] ip6gre1: entered allmulticast mode
[  663.169271][T14988] loop4: detected capacity change from 0 to 8
[  663.499505][T14995] loop4: detected capacity change from 0 to 128
[  663.882803][T14941] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  664.073937][T15007] loop1: detected capacity change from 0 to 512
[  664.129567][T15008] nbd: device at index 2 is going down
[  664.134067][T15007] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  664.184143][T15007] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1148: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  664.256840][T15007] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3735: bg 0: block 248: padding at end of block bitmap is not set
[  664.256879][T15007] loop1: lost filesystem error report for type 5 error -117
[  664.274881][    C1] EXT4-fs (loop1): error count since last fsck: 1
[  664.274912][    C1] EXT4-fs (loop1): last error at time 1779835849: ext4_validate_block_bitmap:441
[  664.297049][T15007] __quota_error: 10 callbacks suppressed
[  664.297069][T15007] Quota error (device loop1): write_blk: dquota write failed
[  664.297159][T15007] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  664.297218][T15007] EXT4-fs error (device loop1): ext4_acquire_dquot:7034: comm syz.1.3735: Failed to acquire dquot type 1
[  664.297239][T15007] loop1: lost filesystem error report for type 5 error -28
[  664.382915][T15018] loop2: detected capacity change from 0 to 2048
[  664.400075][T15018] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  664.500132][T15007] EXT4-fs (loop1): 1 truncate cleaned up
[  664.578711][T15007] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  664.612118][T15007] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 2 index 2
[  664.612176][T15007] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 131074
[  664.612197][T15007] EXT4-fs error (device loop1): ext4_acquire_dquot:7034: comm syz.1.3735: Failed to acquire dquot type 1
[  664.924442][ T5619] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  665.149814][T14941] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.262401][T15023] loop2: detected capacity change from 0 to 512
[  665.358150][T15023] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  665.394621][   T38] audit: type=1800 audit(1779835850.145:234): pid=15023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3740" name="file1" dev="loop2" ino=15 res=0 errno=0
[  665.802453][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  665.829154][T15033] loop4: detected capacity change from 0 to 1024
[  666.321140][T15038] loop1: detected capacity change from 0 to 256
[  666.330353][T15038] exfat: Bad value for 'uid'
[  666.330372][T15038] exfat: Bad value for 'uid'
[  666.438824][ T4928] Bluetooth: hci4: unexpected event for opcode 0x204e
[  666.789769][T15038] bpf: Bad value for 'uid'
[  667.196613][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  667.667343][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  667.703508][ T5738] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  667.767739][T15066] loop4: detected capacity change from 0 to 4096
[  667.769582][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  667.773044][T15066] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  667.773874][T15066] ntfs3(loop4): ino=3, mi_enum_attr
[  667.869626][T15066] ntfs3(loop4): Failed to initialize $Secure::$SDH (-22).
[  667.869711][T15066] ntfs3(loop4): Failed to initialize $Secure (-22).
[  667.906779][ T5738] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  667.906811][ T5738] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.906830][ T5738] usb 2-1: Product: syz
[  667.906843][ T5738] usb 2-1: Manufacturer: syz
[  667.906858][ T5738] usb 2-1: SerialNumber: syz
[  667.915786][   T68] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  667.959184][ T5738] usb 2-1: config 0 descriptor??
[  667.968172][ T5738] hub 2-1:0.0: bad descriptor, ignoring hub
[  667.968206][ T5738] hub 2-1:0.0: probe with driver hub failed with error -5
[  668.121984][T15070] loop3: detected capacity change from 0 to 256
[  668.208119][ T5738] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  668.326521][ T5738] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  668.326591][ T5738] dib0700: firmware download failed at 7 with -22
[  668.374144][ T5738] usb 2-1: USB disconnect, device number 37
[  668.479527][T15070] FAT-fs (loop3): Directory bread(block 64) failed
[  668.479558][T15070] FAT-fs (loop3): Directory bread(block 65) failed
[  668.479669][T15070] FAT-fs (loop3): Directory bread(block 66) failed
[  668.479692][T15070] FAT-fs (loop3): Directory bread(block 67) failed
[  668.480155][T15070] FAT-fs (loop3): Directory bread(block 68) failed
[  668.480197][T15070] FAT-fs (loop3): Directory bread(block 69) failed
[  668.480460][T15070] FAT-fs (loop3): Directory bread(block 70) failed
[  668.480497][T15070] FAT-fs (loop3): Directory bread(block 71) failed
[  668.480606][T15070] FAT-fs (loop3): Directory bread(block 72) failed
[  668.480627][T15070] FAT-fs (loop3): Directory bread(block 73) failed
[  669.533894][T15105] loop2: detected capacity change from 0 to 512
[  669.917240][T15113] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3780'.
[  670.600786][T15119] loop3: detected capacity change from 0 to 4096
[  670.668273][T15119] NILFS (loop3): invalid segment: Checksum error in segment payload
[  670.668299][T15119] NILFS (loop3): trying rollback from an earlier position
[  670.801433][T15119] NILFS (loop3): recovery complete
[  670.829894][T15128] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  671.874018][T15139] loop4: detected capacity change from 0 to 256
[  671.921886][T15143] loop2: detected capacity change from 0 to 512
[  671.922906][T15143] EXT4-fs: inline encryption not supported
[  671.922934][T15143] EXT4-fs: Ignoring removed mblk_io_submit option
[  671.960151][T15143] EXT4-fs (loop2): Test dummy encryption mode enabled
[  671.978125][T15143] EXT4-fs (loop2): orphan cleanup on readonly fs
[  671.978373][T15143] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.3793: inode #13: comm syz.2.3793: iget: illegal inode #
[  671.978402][T15143] loop2: lost filesystem error report for type 5 error -117
[  671.979420][T15143] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.3793: couldn't read orphan inode 13 (err -117)
[  671.979450][T15143] loop2: lost filesystem error report for type 5 error -117
[  671.982785][T15143] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  672.282304][   T38] audit: type=1800 audit(1779835856.493:235): pid=15139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3791" name=38F3CD4498BEE8 dev="loop4" ino=1048696 res=0 errno=0
[  672.368066][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  672.804407][ T5745] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  673.033317][ T5745] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  673.033376][ T5745] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  673.033399][ T5745] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.062098][ T5745] gspca_main: stv0680-2.14.0 probing 041e:4007
[  673.234234][T12678] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  673.487638][T12678] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  673.491199][T12678] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  673.537896][T12678] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  673.643720][T12678] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  674.285687][ T5745] stv0680 1-1:4.0: Could not get descriptor 0200
[  674.545448][ T5745] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  674.545478][ T5745] stv0680 1-1:4.0: last error: 34,  command = 0xf
[  674.553289][ T5745] usb 1-1: USB disconnect, device number 37
[  674.807534][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  674.999641][T15158] tun0: tun_chr_ioctl cmd 2148553947
[  675.475815][T15184] loop9: detected capacity change from 0 to 524287999
[  675.907679][T15193] loop2: detected capacity change from 0 to 22
[  675.919614][T15193] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  675.924730][T15193] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  676.370110][ T4928] Bluetooth: hci3: command tx timeout
[  676.731287][T15184] Dev loop9: unable to read RDB block 8
[  676.896768][T15184]  loop9: unable to read partition table
[  676.915043][T15184] loop_reread_partitions: partition scan of loop9 (3�����) failed (rc=-5)
[  677.397965][T12363] Buffer I/O error on dev loop9, logical block 65535999, async page read
[  677.865697][ T5617] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  677.945958][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.038948][ T5617] usb 4-1: Using ep0 maxpacket: 16
[  678.043850][ T5617] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  678.043880][ T5617] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.043899][ T5617] usb 4-1: Product: syz
[  678.043910][ T5617] usb 4-1: Manufacturer: syz
[  678.043924][ T5617] usb 4-1: SerialNumber: syz
[  678.047805][ T5617] usb 4-1: config 0 descriptor??
[  678.068492][ T5617] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  678.621625][ T4928] Bluetooth: hci3: command tx timeout
[  678.743005][ T5617] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71
[  678.787378][ T5617] usb 4-1: USB disconnect, device number 36
[  678.860660][T15238] loop2: detected capacity change from 0 to 128
[  679.261874][T15246] loop4: detected capacity change from 0 to 1024
[  679.262989][T15246] EXT4-fs: Ignoring removed bh option
[  679.293544][T15246] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  679.295759][T15251] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  679.295776][T15251] IPv6: NLM_F_CREATE should be set when creating new route
[  679.295832][T15251] IPv6: NLM_F_CREATE should be set when creating new route
[  679.295862][T15251] IPv6: NLM_F_CREATE should be set when creating new route
[  679.372564][T15251] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  680.141662][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.273827][T15149] lo speed is unknown, defaulting to 1000
[  680.549050][   T38] audit: type=1326 audit(1779835864.106:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.549101][   T38] audit: type=1326 audit(1779835864.124:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.556557][   T38] audit: type=1326 audit(1779835864.133:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.557089][   T38] audit: type=1326 audit(1779835864.133:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.557131][   T38] audit: type=1326 audit(1779835864.133:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.559096][   T38] audit: type=1326 audit(1779835864.133:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.559141][   T38] audit: type=1326 audit(1779835864.133:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.563048][   T38] audit: type=1326 audit(1779835864.133:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.563094][   T38] audit: type=1326 audit(1779835864.133:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.563133][   T38] audit: type=1326 audit(1779835864.133:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15271 comm="syz.3.3839" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f024227ce59 code=0x7ffc0000
[  680.872871][ T4928] Bluetooth: hci3: command tx timeout
[  681.033645][T15278] loop2: detected capacity change from 0 to 256
[  681.113476][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  681.638590][T15282] program syz.4.3840 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  681.745236][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.290739][T15305] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3855'.
[  683.151382][T12678] Bluetooth: hci3: command tx timeout
[  684.475996][T15359] loop4: detected capacity change from 0 to 64
[  685.102337][T15149] bridge0: port 1(bridge_slave_0) entered blocking state
[  685.102597][T15149] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.103032][T15149] bridge_slave_0: entered allmulticast mode
[  685.161009][T15149] bridge_slave_0: entered promiscuous mode
[  685.512505][T15373] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3883'.
[  685.543323][T15149] bridge0: port 2(bridge_slave_1) entered blocking state
[  685.543595][T15149] bridge0: port 2(bridge_slave_1) entered disabled state
[  685.543807][T15149] bridge_slave_1: entered allmulticast mode
[  685.547141][T15149] bridge_slave_1: entered promiscuous mode
[  685.571572][T15373] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3883'.
[  685.987211][T15384] loop4: detected capacity change from 0 to 64
[  686.246985][T12678] Bluetooth: hci3: command tx timeout
[  686.556558][ T5745] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  686.641374][T15149] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  686.664822][T15149] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  686.730880][ T5745] usb 4-1: Using ep0 maxpacket: 16
[  686.735961][ T5745] usb 4-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  686.735990][ T5745] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.736008][ T5745] usb 4-1: Product: syz
[  686.736020][ T5745] usb 4-1: Manufacturer: syz
[  686.736033][ T5745] usb 4-1: SerialNumber: syz
[  687.024318][T15400] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3890'.
[  687.052658][T15379] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  687.064041][T15379] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3884'.
[  687.181407][ T5745] usb 4-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  687.205965][ T5745] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  687.206507][ T5745] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  687.206567][ T5745] usb 4-1: media controller created
[  687.212498][T15404] program syz.2.3893 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  687.316997][ T5745] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  687.387647][ T5745] zl10353_read_register: readreg error (reg=127, ret==-71)
[  687.479859][ T5745] dvb_usb_gl861 4-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  687.514175][ T5745] usb 4-1: USB disconnect, device number 37
[  687.592251][T15413] program syz.2.3897 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  688.385337][   T12] bond0: left allmulticast mode
[  688.385362][   T12] bond_slave_0: left allmulticast mode
[  688.385733][   T12] bond_slave_1: left allmulticast mode
[  688.454928][ T5745] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  688.621014][ T5745] usb 1-1: Using ep0 maxpacket: 8
[  688.623198][ T5745] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  688.623354][ T5745] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.731001][ T5745] pvrusb2: Hardware description: Terratec Grabster AV400
[  688.731046][ T5745] pvrusb2: **********
[  688.731054][ T5745] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  688.731067][ T5745] pvrusb2: Important functionality might not be entirely working.
[  688.731077][ T5745] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  688.731088][ T5745] pvrusb2: **********
[  688.792746][   T12] bridge0: port 3(bond0) entered disabled state
[  689.022460][T15420] loop4: detected capacity change from 0 to 32768
[  689.026928][ T2369] pvrusb2: Invalid write control endpoint
[  689.245898][ T5345] usb 1-1: USB disconnect, device number 38
[  689.517335][   T12] bridge_slave_1: left allmulticast mode
[  689.517367][   T12] bridge_slave_1: left promiscuous mode
[  689.518722][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  689.610381][ T2369] pvrusb2: Invalid write control endpoint
[  689.610396][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  689.610405][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  689.610413][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  689.610422][ T2369] pvrusb2: Device being rendered inoperable
[  689.747437][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  689.747504][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  689.765191][   T12] bridge_slave_0: left allmulticast mode
[  689.769422][   T12] bridge_slave_0: left promiscuous mode
[  689.769697][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  689.905211][ T2369] pvrusb2: Attached sub-driver cx25840
[  689.905304][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  689.905315][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  689.961796][T15452] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3907'.
[  690.327050][   T12] batman_adv: batadv0: Interface deactivated: gretap1
[  690.375366][T15454] mmap: syz.4.3904 (15454) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  691.739854][   T12] batman_adv: batadv0: Removing interface: gretap1
[  692.139597][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  692.182689][   T12] bond_slave_0: left promiscuous mode
[  692.204810][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  692.247821][   T12] bond_slave_1: left promiscuous mode
[  692.271401][   T12] bond0 (unregistering): Released all slaves
[  692.303477][T15149] team0: Port device team_slave_0 added
[  692.478076][ T5274] 8021q: adding VLAN 0 to HW filter on device eth1
[  692.489587][T15452] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3907'.
[  692.520158][T15149] team0: Port device team_slave_1 added
[  693.176317][T15459] sch_tbf: burst 32852 is lower than device lo mtu (65550) !
[  693.550231][T15149] batman_adv: batadv0: Adding interface: batadv_slave_0
[  693.550248][T15149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  693.550268][T15149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  693.568699][T15149] batman_adv: batadv0: Adding interface: batadv_slave_1
[  693.568713][T15149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  693.568739][T15149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  693.853119][T15477] macvlan2: entered promiscuous mode
[  693.853142][T15477] bridge0: entered promiscuous mode
[  694.274416][T15486] loop3: detected capacity change from 0 to 1024
[  694.276033][T15486] EXT4-fs: Ignoring removed bh option
[  694.276070][T15486] ext4: Unknown parameter 'smackfsdef'
[  694.355352][T15490] loop4: detected capacity change from 0 to 2048
[  694.395545][ T5345] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  694.538409][T15486] loop3: detected capacity change from 0 to 512
[  694.573312][ T5345] usb 3-1: Using ep0 maxpacket: 16
[  694.585111][ T5345] usb 3-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  694.585142][ T5345] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.585158][ T5345] usb 3-1: Product: syz
[  694.585169][ T5345] usb 3-1: Manufacturer: syz
[  694.585180][ T5345] usb 3-1: SerialNumber: syz
[  694.986061][T15464] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  695.011471][T15464] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3911'.
[  695.183026][T15486] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  695.201330][ T5345] usb 3-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  695.231354][ T5345] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  695.231757][ T5345] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  695.231807][ T5345] usb 3-1: media controller created
[  695.284977][ T5345] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  695.319197][ T5345] zl10353_read_register: readreg error (reg=127, ret==-71)
[  695.332786][T15149] hsr_slave_0: entered promiscuous mode
[  695.341584][T15486] ext4 filesystem being mounted at /793/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  695.391034][ T5345] dvb_usb_gl861 3-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  695.402010][T15149] hsr_slave_1: entered promiscuous mode
[  695.412036][ T5345] usb 3-1: USB disconnect, device number 39
[  695.420503][T15149] debugfs: 'hsr0' already exists in 'hsr'
[  695.420530][T15149] Cannot create hsr debugfs directory
[  695.460061][T15503] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  695.872244][ T5618] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  696.944996][T12678] Bluetooth: hci2: unexpected subevent 0x1a length: 10 > 6
[  697.631451][T15503] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  697.631492][T15503] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4)
[  698.033330][T15503] Remounting filesystem read-only
[  698.137887][ T5613] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer
[  698.758275][ T5274] 8021q: adding VLAN 0 to HW filter on device eth2
[  698.953627][T15541] loop2: detected capacity change from 0 to 256
[  699.100099][T15536] macvlan2: entered promiscuous mode
[  699.100121][T15536] bridge0: entered promiscuous mode
[  699.168613][T12678] Bluetooth: hci2: command 0x0406 tx timeout
[  699.230750][ T4928] Bluetooth: hci2: Opcode 0x206a failed: -110
[  699.378509][T11702] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  699.615997][T11702] usb 4-1: Using ep0 maxpacket: 16
[  699.630301][T11702] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  699.630325][T11702] usb 4-1: config 0 has no interfaces?
[  699.632697][T11702] usb 4-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  699.632723][T11702] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.632743][T11702] usb 4-1: Product: syz
[  699.632756][T11702] usb 4-1: Manufacturer: syz
[  699.632768][T11702] usb 4-1: SerialNumber: syz
[  699.761301][T11702] usb 4-1: config 0 descriptor??
[  699.869508][ T5954] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  700.050476][ T5954] usb 1-1: Using ep0 maxpacket: 16
[  700.054452][ T5954] usb 1-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  700.054481][ T5954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.054499][ T5954] usb 1-1: Product: syz
[  700.054512][ T5954] usb 1-1: Manufacturer: syz
[  700.054524][ T5954] usb 1-1: SerialNumber: syz
[  700.094221][T15553] loop2: detected capacity change from 0 to 2048
[  700.356573][T15538] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  700.357586][T15538] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3933'.
[  700.393263][T15542] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  700.397751][T15542] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3932'.
[  700.466689][ T5954] usb 1-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  700.471843][ T5954] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  700.472191][ T5954] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  700.472237][ T5954] usb 1-1: media controller created
[  700.474635][T15556] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  700.563218][ T5954] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  700.634205][ T5954] zl10353_read_register: readreg error (reg=127, ret==-71)
[  700.714699][ T5954] dvb_usb_gl861 1-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  700.732233][ T5954] usb 1-1: USB disconnect, device number 39
[  700.918946][T15556] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  700.918978][T15556] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4)
[  700.927344][T15556] Remounting filesystem read-only
[  701.016350][ T5620] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer
[  701.464787][T15564] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3941'.
[  701.684111][T11702] usb 4-1: USB disconnect, device number 38
[  702.226800][T15571] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3946'.
[  703.046510][T15587] loop2: detected capacity change from 0 to 512
[  703.149604][T15589] program syz.3.3950 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  703.254358][T15587] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.3949: Invalid inode bitmap blk 4 in block_group 0
[  703.254406][T15587] loop2: lost filesystem error report for type 5 error -117
[  703.264337][    C0] EXT4-fs (loop2): error count since last fsck: 1
[  703.264360][    C0] EXT4-fs (loop2): initial error at time 1779835885: ext4_read_inode_bitmap:139
[  703.264379][    C0] EXT4-fs (loop2): last error at time 1779835885: ext4_read_inode_bitmap:139
[  703.275333][T15587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  703.730282][T15603] loop3: detected capacity change from 0 to 512
[  703.735016][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  703.785359][T15603] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  703.785379][T15603] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  703.785462][T15603] System zones: 0-1, 15-15, 18-18, 34-34
[  703.785882][T15603] EXT4-fs (loop3): orphan cleanup on readonly fs
[  703.785990][T15603] __quota_error: 11 callbacks suppressed
[  703.786002][T15603] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0
[  703.786093][T15603] EXT4-fs warning (device loop3): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  703.786118][T15603] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  703.786716][T15603] EXT4-fs (loop3): 1 truncate cleaned up
[  703.793228][T15603] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  703.952665][   T12] hsr_slave_0: left promiscuous mode
[  704.025439][ T5618] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  704.103989][   T12] hsr_slave_1: left promiscuous mode
[  704.105325][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  704.105349][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  704.270657][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  704.270691][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  704.909947][   T12] veth1_macvtap: left promiscuous mode
[  704.910379][   T12] veth0_macvtap: left promiscuous mode
[  704.911049][   T12] veth1_vlan: left promiscuous mode
[  704.926473][   T12] veth0_vlan: left promiscuous mode
[  705.287884][T15621] loop4: detected capacity change from 0 to 40427
[  705.304691][T15621] F2FS-fs (loop4): invalid crc value
[  705.652460][T15621] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  705.932362][T15621] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  706.192631][ T5617] usb 3-1: new full-speed USB device number 40 using dummy_hcd
[  706.371559][ T5617] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  706.371588][ T5617] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  706.422149][ T5617] usb 3-1: config 0 descriptor??
[  706.433194][ T5617] cp210x 3-1:0.0: cp210x converter detected
[  706.908292][ T5617] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -71
[  706.908954][ T5617] cp210x 3-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  706.908976][ T5617] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  706.957546][ T5613] syz-executor: attempt to access beyond end of device
[  706.957546][ T5613] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  707.027909][ T5613] CPU: 0 UID: 0 PID: 5613 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  707.027937][ T5613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  707.027949][ T5613] Call Trace:
[  707.027959][ T5613]  <TASK>
[  707.027969][ T5613]  dump_stack_lvl+0xe8/0x150
[  707.027999][ T5613]  f2fs_stop_checkpoint+0x3ef/0x5d0
[  707.028033][ T5613]  f2fs_write_end_io+0x1274/0x1740
[  707.028075][ T5613]  __submit_merged_bio+0x256/0x6a0
[  707.028093][ T5613]  ? rcu_is_watching+0x15/0xb0
[  707.028124][ T5613]  __submit_merged_write_cond+0x3c9/0x4e0
[  707.028159][ T5613]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  707.028209][ T5613]  f2fs_write_data_pages+0x287e/0x34f0
[  707.028260][ T5613]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  707.028325][ T5613]  ? do_raw_spin_lock+0x12b/0x2f0
[  707.028357][ T5613]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  707.028373][ T5613]  ? lockdep_hardirqs_on+0x7a/0x110
[  707.028391][ T5613]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  707.028408][ T5613]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  707.028431][ T5613]  ? reacquire_held_locks+0x104/0x190
[  707.028455][ T5613]  ? rt_spin_lock+0x1e0/0x400
[  707.028483][ T5613]  ? rt_spin_unlock+0x14f/0x200
[  707.028510][ T5613]  ? rt_spin_unlock+0x160/0x200
[  707.028530][ T5613]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  707.028552][ T5613]  do_writepages+0x32e/0x550
[  707.028574][ T5613]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  707.028599][ T5613]  ? rt_spin_unlock+0x14f/0x200
[  707.028631][ T5613]  filemap_fdatawrite+0x1ec/0x2f0
[  707.028656][ T5613]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  707.028674][ T5613]  ? __lock_acquire+0x6b5/0x2d10
[  707.028732][ T5613]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  707.028764][ T5613]  ? rt_spin_unlock+0x160/0x200
[  707.028790][ T5613]  f2fs_sync_dirty_inodes+0x30e/0x830
[  707.028828][ T5613]  f2fs_write_checkpoint+0x9ce/0x25a0
[  707.028848][ T5613]  ? __lock_acquire+0x6b5/0x2d10
[  707.028909][ T5613]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  707.028986][ T5613]  kill_f2fs_super+0x314/0x730
[  707.029014][ T5613]  ? __pfx_kill_f2fs_super+0x10/0x10
[  707.029048][ T5613]  ? lockdep_hardirqs_on+0x7a/0x110
[  707.029082][ T5613]  deactivate_locked_super+0xbc/0x130
[  707.029106][ T5613]  cleanup_mnt+0x437/0x4d0
[  707.029129][ T5613]  ? _raw_spin_unlock_irq+0x23/0x50
[  707.029151][ T5613]  task_work_run+0x1d9/0x270
[  707.029178][ T5613]  ? __pfx_task_work_run+0x10/0x10
[  707.029213][ T5613]  exit_to_user_mode_loop+0x193/0x680
[  707.029234][ T5613]  ? rcu_is_watching+0x15/0xb0
[  707.029259][ T5613]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.029279][ T5613]  do_syscall_64+0x353/0x580
[  707.029297][ T5613]  ? trace_irq_disable+0x3b/0x140
[  707.029318][ T5613]  ? clear_bhb_loop+0x40/0x90
[  707.029341][ T5613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.029359][ T5613] RIP: 0033:0x7f390d91e097
[  707.029378][ T5613] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  707.029393][ T5613] RSP: 002b:00007fff446afdf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  707.029412][ T5613] RAX: 0000000000000000 RBX: 00007f390d9b21ca RCX: 00007f390d91e097
[  707.029428][ T5613] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff446afeb0
[  707.029439][ T5613] RBP: 00007fff446afeb0 R08: 00007fff446b0eb0 R09: 00000000ffffffff
[  707.029452][ T5613] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff446b0f40
[  707.029463][ T5613] R13: 00007f390d9b21ca R14: 00000000000a55d5 R15: 00007fff446b0f80
[  707.029494][ T5613]  </TASK>
[  707.029513][ T5613] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  707.480274][ T5617] usb 3-1: cp210x converter now attached to ttyUSB0
[  707.583450][ T5617] usb 3-1: USB disconnect, device number 40
[  707.646617][ T5617] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  707.656178][ T5617] cp210x 3-1:0.0: device disconnected
[  708.518720][T15639] loop4: detected capacity change from 0 to 32768
[  708.605650][T15639] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  708.683728][T15639] XFS (loop4): Ending clean mount
[  709.057644][   T12] team0 (unregistering): Port device team_slave_1 removed
[  709.128539][   T12] team0 (unregistering): Port device team_slave_0 removed
[  709.246998][ T5613] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  710.211279][ T5274] 8021q: adding VLAN 0 to HW filter on device eth3
[  710.343145][ T5345] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  710.535501][ T5345] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  710.535538][ T5345] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  710.535554][ T5345] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  710.535571][ T5345] usb 5-1: config 220 has no interface number 2
[  710.535628][ T5345] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  710.535653][ T5345] usb 5-1: config 220 interface 0 has no altsetting 0
[  710.535669][ T5345] usb 5-1: config 220 interface 76 has no altsetting 0
[  710.535685][ T5345] usb 5-1: config 220 interface 1 has no altsetting 0
[  710.545443][ T5345] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  710.545474][ T5345] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  710.545494][ T5345] usb 5-1: Product: syz
[  710.545507][ T5345] usb 5-1: Manufacturer: syz
[  710.545521][ T5345] usb 5-1: SerialNumber: syz
[  710.865994][ T5345] usb 5-1: selecting invalid altsetting 0
[  710.938027][ T5345] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  710.938063][ T5345] uvcvideo 5-1:220.0: No valid video chain found.
[  711.023983][ T5345] usb 5-1: selecting invalid altsetting 0
[  711.024009][ T5345] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  711.031450][ T5345] usb 5-1: USB disconnect, device number 39
[  711.946753][T15654] input: syz0 as /devices/virtual/input/input18
[  713.111562][ T5274] 8021q: adding VLAN 0 to HW filter on device eth4
[  713.992346][T15689] IPv6: addrconf: prefix option has invalid lifetime
[  715.130608][T15701] loop4: detected capacity change from 0 to 1024
[  715.131749][T15701] EXT4-fs: Ignoring removed orlov option
[  715.177887][T15701] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  715.196714][T15701] EXT4-fs error (device loop4): __ext4_new_inode:1285: comm syz.4.3980: failed to insert inode 12: doubly allocated?
[  715.487345][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  715.567655][ T1339] ieee802154 phy0 wpan0: encryption failed: -22
[  715.619154][T15711] binder: 15710:15711 ioctl c018620c 200000000000 returned -22
[  715.725466][ T5345] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  715.895367][ T5345] usb 3-1: Using ep0 maxpacket: 32
[  715.899428][ T5345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  715.899467][ T5345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  715.899506][ T5345] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  715.899528][ T5345] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.966764][ T5345] usb 3-1: config 0 descriptor??
[  716.084389][ T5345] hub 3-1:0.0: USB hub found
[  716.193479][ T5345] hub 3-1:0.0: 1 port detected
[  716.204615][ T5617] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  716.395006][ T5617] usb 5-1: Using ep0 maxpacket: 32
[  716.398059][ T5617] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  716.398088][ T5617] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  716.398107][ T5617] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  716.398126][ T5617] usb 5-1: config 1 has no interface number 0
[  716.398179][ T5617] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  716.398203][ T5617] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  716.398251][ T5617] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  716.398271][ T5617] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.845861][ T5345] usb 3-1: USB disconnect, device number 41
[  716.992753][T15149] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  717.009159][ T5617] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  717.581348][ T5617] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  717.629353][T15737] loop3: detected capacity change from 0 to 128
[  717.723956][T15149] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  717.806888][T15149] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  717.909877][    T9] usb 5-1: USB disconnect, device number 40
[  717.925622][    T9] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  718.141677][T15149] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  718.280500][T15149] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  718.422378][   T12] IPVS: stop unused estimator thread 0...
[  718.515665][T15149] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  718.574989][T15754] loop4: detected capacity change from 0 to 512
[  718.581320][T15754] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  718.606916][T15149] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  718.704965][T15754] EXT4-fs (loop4): 1 truncate cleaned up
[  718.765348][T15754] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  718.779031][    T9] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  718.804562][T15149] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  718.975441][    T9] usb 3-1: Using ep0 maxpacket: 32
[  719.012539][    T9] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  719.012567][    T9] usb 3-1: config 0 has no interface number 0
[  719.029652][    T9] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  719.029684][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.029703][    T9] usb 3-1: Product: syz
[  719.029716][    T9] usb 3-1: Manufacturer: syz
[  719.029736][    T9] usb 3-1: SerialNumber: syz
[  719.037136][    T9] usb 3-1: config 0 descriptor??
[  719.234590][ T5617] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  719.461722][ T5617] usb 1-1: Using ep0 maxpacket: 32
[  719.464251][ T5617] usb 1-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  719.464281][ T5617] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.500929][ T5617] usb 1-1: config 0 descriptor??
[  719.592072][    T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  719.592104][    T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  719.622286][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  719.758782][ T5617] usb 1-1: string descriptor 0 read error: -71
[  719.761222][ T5617] rndis_host 1-1:0.0: GUID doesn't match
[  719.781212][ T5617] usb 1-1: USB disconnect, device number 40
[  719.878111][    T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  719.878390][    T9] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  719.992949][    T9] usb 3-1: USB disconnect, device number 42
[  720.063094][T15748] loop3: detected capacity change from 0 to 32768
[  720.110408][T15748] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  720.223488][T15748] XFS (loop3): Ending clean mount
[  720.437824][ T5618] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  720.736838][T15779] loop2: detected capacity change from 0 to 4096
[  720.810178][T15149] 8021q: adding VLAN 0 to HW filter on device bond0
[  720.811180][T15779] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  720.813965][    T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  720.952472][T15781] loop4: detected capacity change from 0 to 4096
[  720.954842][T15781] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  721.084591][    T9] usb 1-1: Using ep0 maxpacket: 32
[  721.113210][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  721.113241][    T9] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  721.113266][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  721.119173][    T9] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  721.119204][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  721.119224][    T9] usb 1-1: Product: syz
[  721.119237][    T9] usb 1-1: Manufacturer: syz
[  721.119249][    T9] usb 1-1: SerialNumber: syz
[  721.157534][    T9] usb 1-1: config 0 descriptor??
[  721.209658][T15149] 8021q: adding VLAN 0 to HW filter on device team0
[  721.353542][T15779] ntfs3(loop2): ino=19, mi_enum_attr
[  721.353574][T15779] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  721.361683][T15781] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  721.652473][    T9] gs_usb 1-1:0.0: Configuring for 158 interfaces
[  721.906791][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.907399][ T1041] bridge0: port 1(bridge_slave_0) entered forwarding state
[  722.124143][    T9] gs_usb 1-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  722.125669][    T9] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71
[  722.194126][    T9] usb 1-1: USB disconnect, device number 41
[  722.587704][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.587869][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  723.111782][T15796] loop3: detected capacity change from 0 to 128
[  723.711743][T11702] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[  723.918249][T11702] usb 1-1: config 0 has an invalid interface number: 37 but max is 1
[  723.918278][T11702] usb 1-1: config 0 has an invalid interface number: 255 but max is 1
[  723.918299][T11702] usb 1-1: config 0 has no interface number 0
[  723.918316][T11702] usb 1-1: config 0 has no interface number 1
[  723.918356][T11702] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  723.918393][T11702] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  723.918420][T11702] usb 1-1: config 0 interface 255 has no altsetting 0
[  723.921829][T11702] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=20.a3
[  723.921859][T11702] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.921879][T11702] usb 1-1: Product: syz
[  723.921894][T11702] usb 1-1: Manufacturer: syz
[  723.921908][T11702] usb 1-1: SerialNumber: syz
[  724.040646][T11702] usb 1-1: config 0 descriptor??
[  724.088170][T15820] loop2: detected capacity change from 0 to 1024
[  724.109868][T11702] usb 1-1: selecting invalid altsetting 0
[  724.109892][T11702] usb 1-1: Could not set interface, error -22
[  724.324522][    T9] usb 1-1: USB disconnect, device number 42
[  725.124431][T15844] loop2: detected capacity change from 0 to 512
[  725.214203][T15844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  725.214346][T15844] ext4 filesystem being mounted at /809/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  725.301508][T15849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4026'.
[  725.718432][T15149] 8021q: adding VLAN 0 to HW filter on device batadv0
[  726.177799][T15860] loop4: detected capacity change from 0 to 32768
[  726.245797][T15860] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4028 (15860)
[  726.442177][T15860] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  726.442213][T15860] BTRFS info (device loop4): using sha256 checksum algorithm
[  726.856974][T15885] macvtap1: entered promiscuous mode
[  726.857173][T15885] macvtap1: entered allmulticast mode
[  726.857189][T15885] veth1_vlan: entered allmulticast mode
[  727.148121][T15149] veth0_vlan: entered promiscuous mode
[  727.227477][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  727.243254][T15860] BTRFS info (device loop4): enabling ssd optimizations
[  727.243281][T15860] BTRFS info (device loop4): turning on async discard
[  727.243299][T15860] BTRFS info (device loop4): enabling free space tree
[  727.343439][T15889] batadv1: entered promiscuous mode
[  727.343455][T15889] batadv1: entered allmulticast mode
[  727.510532][ T5613] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  727.770416][T15149] veth1_vlan: entered promiscuous mode
[  728.091866][T15899] loop2: detected capacity change from 0 to 512
[  728.108246][T15899] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  728.238968][T15149] veth0_macvtap: entered promiscuous mode
[  728.268085][T15149] veth1_macvtap: entered promiscuous mode
[  728.354275][T15149] batman_adv: batadv0: Interface activated: batadv_slave_0
[  728.518691][T15149] batman_adv: batadv0: Interface activated: batadv_slave_1
[  728.679105][ T1537] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  728.702967][T15899] EXT4-fs error (device loop2): xattr_find_entry:337: inode #15: comm syz.2.4034: corrupted xattr entries
[  728.702996][T15899] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  728.802898][    C1] EXT4-fs (loop2): initial error at time 1779835908: xattr_find_entry:337: inode 15
[  728.802931][    C1] EXT4-fs (loop2): last error at time 1779835908: xattr_find_entry:337: inode 15
[  728.808243][T15899] EXT4-fs (loop2): 1 truncate cleaned up
[  728.817061][T15899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  728.894792][ T1537] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  729.001649][ T1537] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  729.055344][ T1541] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  729.120896][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  730.412331][T15934] loop4: detected capacity change from 0 to 512
[  730.468476][T15934] EXT4-fs: Ignoring removed i_version option
[  730.487143][T15934] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  731.215014][T15934] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.4043: invalid indirect mapped block 4294967295 (level 1)
[  731.215052][T15934] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  731.221536][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  731.221556][    C1] EXT4-fs (loop4): initial error at time 1779835910: ext4_free_branches:1023: inode 11
[  731.221576][    C1] EXT4-fs (loop4): last error at time 1779835910: ext4_free_branches:1023: inode 11
[  731.235032][T15934] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.4043: invalid indirect mapped block 4294967295 (level 1)
[  731.235072][T15934] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  731.237867][T15934] EXT4-fs (loop4): 2 truncates cleaned up
[  731.275963][T15934] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  731.475202][T15945] loop9: detected capacity change from 0 to 524287936
[  731.997788][T15952] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4047'.
[  732.012585][T15952] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4047'.
[  732.012948][T15952] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4047'.
[  732.151065][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  732.151086][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  733.034545][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  733.039604][T15963] loop2: detected capacity change from 0 to 2048
[  733.142923][T15963] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  733.173510][T15963] EXT4-fs (loop2): shut down requested (1)
[  733.411980][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  733.455354][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  733.455374][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  733.783732][T15977] binder: 15975:15977 ioctl c00c620f 200000000180 returned -22
[  735.584057][T16034] cgroup: fork rejected by pids controller in /syz5
[  736.361484][T16058] loop2: detected capacity change from 0 to 2048
[  736.371278][T16058] EXT4-fs: Ignoring removed i_version option
[  736.589098][T16058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  736.811213][T16070] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4078'.
[  736.866178][T16068] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[  737.019849][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  737.245614][ T5745] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  737.408260][ T5745] usb 1-1: Using ep0 maxpacket: 8
[  737.416684][ T5745] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  737.416720][ T5745] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  737.416742][ T5745] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  737.416765][ T5745] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  737.416805][ T5745] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  737.416826][ T5745] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.528790][ T5745] usb 1-1: config 0 descriptor??
[  737.828025][T16075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4080'.
[  737.877419][T15950] usb 1-1: USB disconnect, device number 43
[  738.719583][T15950] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  738.882325][T15950] usb 5-1: Using ep0 maxpacket: 16
[  738.895011][T15950] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  738.895041][T15950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.895060][T15950] usb 5-1: Product: syz
[  738.895072][T15950] usb 5-1: Manufacturer: syz
[  738.895086][T15950] usb 5-1: SerialNumber: syz
[  739.295111][T16092] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  739.298765][T16092] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4087'.
[  739.334148][T15950] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  739.351488][T15950] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  739.352622][T15950] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  739.352676][T15950] usb 5-1: media controller created
[  739.399953][T15950] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  739.429417][T15950] zl10353_read_register: readreg error (reg=127, ret==-71)
[  739.546100][T15950] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  739.569952][T15950] usb 5-1: USB disconnect, device number 41
[  740.063885][ T4928] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  740.367307][ T4928] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  740.445285][ T4928] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  740.449423][ T4928] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  740.524242][ T4928] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  741.371910][ T4399] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.770070][T16139] batadv_slave_0: entered promiscuous mode
[  741.771742][T16143] batadv_slave_0: left promiscuous mode
[  742.244839][T16165] loop3: detected capacity change from 0 to 256
[  742.259483][T16165] exfat: Deprecated parameter 'namecase'
[  742.259708][T16165] exfat: Deprecated parameter 'namecase'
[  742.259734][T16165] exfat: Deprecated parameter 'utf8'
[  742.398851][T16165] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  742.996402][ T4399] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  743.116155][T16169] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4117'.
[  743.120481][T12678] Bluetooth: hci3: command tx timeout
[  743.206860][ T5345] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  743.314747][ T5617] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  743.394097][ T5345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  743.394131][ T5345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  743.394169][ T5345] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  743.394193][ T5345] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.442585][ T5345] usb 3-1: config 0 descriptor??
[  743.531910][ T5617] usb 5-1: Using ep0 maxpacket: 16
[  743.538487][ T5617] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  743.538519][ T5617] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.538539][ T5617] usb 5-1: Product: syz
[  743.538554][ T5617] usb 5-1: Manufacturer: syz
[  743.538568][ T5617] usb 5-1: SerialNumber: syz
[  743.842916][ T5617] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  743.847385][ T5617] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  743.847828][ T5617] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  743.847877][ T5617] usb 5-1: media controller created
[  743.862081][ T5617] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  743.946783][ T5345] hid_parser_main: 2 callbacks suppressed
[  743.946811][ T5345] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  744.047116][T16171] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  744.048176][T16171] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4116'.
[  744.064952][ T5617] zl10353_read_register: readreg error (reg=127, ret==-71)
[  744.156846][ T5345] cp2112 0003:10C4:EA90.0016: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  744.372654][ T5617] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  744.522950][ T5617] usb 5-1: USB disconnect, device number 42
[  744.663357][ T5345] cp2112 0003:10C4:EA90.0016: error requesting version
[  744.707550][ T5345] cp2112 0003:10C4:EA90.0016: probe with driver cp2112 failed with error -71
[  744.742883][ T5345] usb 3-1: USB disconnect, device number 43
[  744.868651][ T4399] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  745.374651][T12678] Bluetooth: hci3: command tx timeout
[  745.749816][T16229] loop3: detected capacity change from 0 to 8
[  745.826246][T16229] squashfs image failed sanity check
[  746.136134][ T4399] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  746.243180][T16128] lo speed is unknown, defaulting to 1000
[  746.618744][T16238] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4142'.
[  747.628267][T12678] Bluetooth: hci3: command tx timeout
[  747.988290][T16263] loop2: detected capacity change from 0 to 32768
[  748.214568][T16263] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  748.350758][T16270] loop4: detected capacity change from 0 to 32768
[  748.356970][T16270] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4154 (16270)
[  748.403980][T16270] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  748.404013][T16270] BTRFS info (device loop4): using sha256 checksum algorithm
[  748.477706][T16243] loop3: detected capacity change from 0 to 32768
[  748.519250][T16243] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4144 (16243)
[  748.949365][T16128] bridge0: port 1(bridge_slave_0) entered blocking state
[  748.949625][T16128] bridge0: port 1(bridge_slave_0) entered disabled state
[  748.949919][T16128] bridge_slave_0: entered allmulticast mode
[  748.964065][T16128] bridge_slave_0: entered promiscuous mode
[  749.038117][T16270] BTRFS info (device loop4): rebuilding free space tree
[  749.077898][T16243] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  749.077936][T16243] BTRFS info (device loop3): using crc32c checksum algorithm
[  749.429586][T16270] BTRFS info (device loop4): disabling free space tree
[  749.429763][T16270] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  749.429789][T16270] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  749.445596][T16270] BTRFS info (device loop4): checking UUID tree
[  749.446562][T16270] BTRFS info (device loop4): setting nodatasum
[  749.446583][T16270] BTRFS info (device loop4): setting nodatacow
[  749.446600][T16270] BTRFS info (device loop4): turning off barriers
[  749.446616][T16270] BTRFS info (device loop4): force clearing of disk cache
[  749.523096][T16128] bridge0: port 2(bridge_slave_1) entered blocking state
[  749.523248][T16128] bridge0: port 2(bridge_slave_1) entered disabled state
[  749.523466][T16128] bridge_slave_1: entered allmulticast mode
[  749.572650][T16128] bridge_slave_1: entered promiscuous mode
[  749.887815][T12678] Bluetooth: hci3: command tx timeout
[  750.112643][   T32] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  750.312252][   T32] usb 1-1: unable to get BOS descriptor or descriptor too short
[  750.347117][   T32] usb 1-1: New USB device found, idVendor=0423, idProduct=000a, bcdDevice=5f.d8
[  750.347156][   T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.347181][   T32] usb 1-1: Product: syz
[  750.347197][   T32] usb 1-1: Manufacturer: syz
[  750.347214][   T32] usb 1-1: SerialNumber: syz
[  750.838836][ T5613] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  751.299767][ T5620] ocfs2: Unmounting device (7,2) on (node local)
[  751.596148][   T32] usb 1-1: selecting invalid altsetting 1
[  751.596169][   T32] catc 1-1:4.0: Can't set altsetting 1.
[  751.596216][   T32] catc 1-1:4.0: probe with driver catc failed with error -5
[  751.635239][   T32] usb 1-1: USB disconnect, device number 44
[  752.097589][T16243] BTRFS error (device loop3): open_ctree failed: -4
[  752.452239][T16128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  752.610129][T16128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  753.367475][   T32] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  753.524473][   T32] usb 3-1: Using ep0 maxpacket: 16
[  753.526668][   T32] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  753.526698][   T32] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  753.526718][   T32] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  753.526753][   T32] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  753.526772][   T32] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.605856][   T32] usb 3-1: config 0 descriptor??
[  754.006938][T16319] loop3: detected capacity change from 0 to 32768
[  754.038763][T16319] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4160 (16319)
[  754.085582][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.085617][   T32] microsoft 0003:045E:07DA.0017: ignoring exceeding usage max
[  754.087846][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.087879][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.087903][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.087926][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.087950][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.087973][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.087996][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.088019][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.088044][   T32] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  754.183025][T16128] team0: Port device team_slave_0 added
[  754.197996][   T32] microsoft 0003:045E:07DA.0017: implement() called with n (123) > 32! (kworker/1:0)
[  754.458778][   T32] microsoft 0003:045E:07DA.0017: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  754.458815][   T32] microsoft 0003:045E:07DA.0017: no inputs found
[  754.458829][   T32] microsoft 0003:045E:07DA.0017: could not initialize ff, continuing anyway
[  754.541086][T16128] team0: Port device team_slave_1 added
[  754.646805][T16319] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  754.646844][T16319] BTRFS info (device loop3): using sha256 checksum algorithm
[  754.782223][   T32] usb 3-1: USB disconnect, device number 44
[  755.058487][T16342] fido_id[16342]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  755.350851][T16331] batadv1: entered promiscuous mode
[  755.350878][T16331] batadv1: entered allmulticast mode
[  755.640677][T16319] BTRFS info (device loop3): setting nodatasum
[  755.640704][T16319] BTRFS info (device loop3): enabling ssd optimizations
[  755.640722][T16319] BTRFS info (device loop3): turning on async discard
[  755.640738][T16319] BTRFS info (device loop3): enabling free space tree
[  755.756948][T16128] batman_adv: batadv0: Adding interface: batadv_slave_0
[  755.756966][T16128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  755.756992][T16128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  755.764767][T16128] batman_adv: batadv0: Adding interface: batadv_slave_1
[  755.764785][T16128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  755.764809][T16128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  756.117063][ T4399] bridge_slave_1: left allmulticast mode
[  756.117099][ T4399] bridge_slave_1: left promiscuous mode
[  756.117377][ T4399] bridge0: port 2(bridge_slave_1) entered disabled state
[  756.458195][ T4399] bridge_slave_0: left allmulticast mode
[  756.458236][ T4399] bridge_slave_0: left promiscuous mode
[  756.458548][ T4399] bridge0: port 1(bridge_slave_0) entered disabled state
[  756.933729][T16367] loop4: detected capacity change from 0 to 8192
[  756.969736][T16367] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  757.152375][T16367] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  757.152837][T16367] ntfs3(loop4): Failed to load $Extend (-2).
[  757.152851][T16367] ntfs3(loop4): Failed to initialize $Extend.
[  757.808161][ T5618] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  758.950609][T16383] loop3: detected capacity change from 0 to 2048
[  758.973467][T16383] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  758.986658][T16383] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  759.658021][ T5345] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  759.737094][T16388] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4182'.
[  759.822967][ T4399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  759.823193][ T5345] usb 1-1: Using ep0 maxpacket: 16
[  759.828710][ T5345] usb 1-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  759.828732][ T5345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  759.828743][ T5345] usb 1-1: Product: syz
[  759.828752][ T5345] usb 1-1: Manufacturer: syz
[  759.828759][ T5345] usb 1-1: SerialNumber: syz
[  759.929768][ T4399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  759.984991][ T4399] bond0 (unregistering): Released all slaves
[  760.125854][ T5345] usb 1-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  760.217464][ T5345] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  760.217691][ T5345] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  760.217720][ T5345] usb 1-1: media controller created
[  760.247097][ T5345] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  760.338061][T16379] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  760.339022][T16379] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4181'.
[  760.380904][ T5345] zl10353_read_register: readreg error (reg=127, ret==-71)
[  760.446040][ T5345] dvb_usb_gl861 1-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  760.451807][ T5345] usb 1-1: USB disconnect, device number 45
[  760.644667][T11702] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  760.731141][T16128] hsr_slave_0: entered promiscuous mode
[  760.734455][T16128] hsr_slave_1: entered promiscuous mode
[  760.739745][T16128] debugfs: 'hsr0' already exists in 'hsr'
[  760.739770][T16128] Cannot create hsr debugfs directory
[  760.878253][T11702] usb 3-1: Using ep0 maxpacket: 32
[  760.881008][T11702] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  760.881042][T11702] usb 3-1: config 0 has no interface number 0
[  760.881088][T11702] usb 3-1: config 0 interface 12 has no altsetting 0
[  760.885455][T11702] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  760.885486][T11702] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.885506][T11702] usb 3-1: Product: syz
[  760.885520][T11702] usb 3-1: Manufacturer: syz
[  760.885535][T11702] usb 3-1: SerialNumber: syz
[  760.890705][T11702] usb 3-1: config 0 descriptor??
[  762.077909][T11702] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  762.077984][T11702] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  762.078002][T11702] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  762.078099][T11702] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  762.088047][T11702] usb 3-1: USB disconnect, device number 45
[  762.397492][T16426] vxcan0: tx drop: invalid da for name 0x00000000000000c7
[  763.193872][ T5274] 8021q: adding VLAN 0 to HW filter on device eth5
[  764.049864][T16455] loop4: detected capacity change from 0 to 512
[  764.061744][T16455] EXT4-fs: Ignoring removed oldalloc option
[  764.072434][T16455] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8840c01c, mo2=0002]
[  764.072781][T16455] EXT4-fs (loop4): orphan cleanup on readonly fs
[  764.120012][T16455] EXT4-fs warning (device loop4): ext4_enable_quotas:7269: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  764.128296][T16455] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  764.128956][T16455] EXT4-fs error (device loop4): ext4_ext_check_inode:521: inode #13: comm syz.4.4205: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  764.128996][T16455] loop4: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  764.129412][T16455] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.4205: couldn't read orphan inode 13 (err -117)
[  764.129440][T16455] loop4: lost filesystem error report for type 5 error -117
[  764.133491][T16455] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  764.145972][T16455] EXT4-fs (loop4): shut down requested (1)
[  764.964367][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  765.030184][T16477] loop3: detected capacity change from 0 to 256
[  765.593651][T16484] loop4: detected capacity change from 0 to 256
[  766.011651][ T5274] 8021q: adding VLAN 0 to HW filter on device eth6
[  767.136804][T16493] loop2: detected capacity change from 0 to 131072
[  767.140154][T16493] F2FS-fs (loop2): invalid crc value
[  767.310429][T16493] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  767.350426][T16493] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  767.709445][ T4399] hsr_slave_0: left promiscuous mode
[  767.758471][ T4399] hsr_slave_1: left promiscuous mode
[  767.759950][ T4399] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  767.759977][ T4399] batman_adv: batadv0: Removing interface: batadv_slave_0
[  767.802037][ T4399] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  767.802064][ T4399] batman_adv: batadv0: Removing interface: batadv_slave_1
[  768.355722][ T4399] veth1_macvtap: left promiscuous mode
[  768.355823][ T4399] veth0_macvtap: left promiscuous mode
[  768.356092][ T4399] veth1_vlan: left promiscuous mode
[  768.384787][ T4399] veth0_vlan: left promiscuous mode
[  769.488640][ T4399] team0 (unregistering): Port device team_slave_1 removed
[  769.562422][ T4399] team0 (unregistering): Port device team_slave_0 removed
[  769.883420][ T5274] 8021q: adding VLAN 0 to HW filter on device eth7
[  770.999010][T16533] bridge0: port 2(dummy0) entered disabled state
[  770.999731][T16533] bridge0: port 1(bridge_slave_0) entered disabled state
[  771.257044][T16554] loop2: detected capacity change from 0 to 256
[  771.263531][T16554] exfat: Deprecated parameter 'namecase'
[  771.263577][T16554] exfat: Deprecated parameter 'utf8'
[  771.620806][T16554] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xea424414, utbl_chksum : 0xe619d30d)
[  772.656132][T16580] loop3: detected capacity change from 0 to 128
[  772.791766][T16580] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  772.792309][T16580] ext4 filesystem being mounted at /869/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  773.283714][ T5618] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  773.701480][T16592] loop2: detected capacity change from 0 to 32768
[  774.071150][T16600] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.4255' sets config #0
[  774.438727][T16592] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  774.438727][T16592] 
[  774.438771][T16592] xtLookup: xtSearch returned -5
[  774.438781][T16592] add_index: get/read_metapage failed!
[  774.438792][T16592] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  774.438792][T16592] 
[  774.438819][T16592] xtLookup: xtSearch returned -5
[  774.438828][T16592] free_index: error reading directory table
[  774.438837][T16592] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  774.438837][T16592] 
[  774.438863][T16592] xtLookup: xtSearch returned -5
[  774.438872][T16592] free_index: error reading directory table
[  774.438880][T16592] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  774.438880][T16592] 
[  774.438905][T16592] xtLookup: xtSearch returned -5
[  774.438913][T16592] free_index: error reading directory table
[  774.438922][T16592] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  774.438922][T16592] 
[  774.438945][T16592] xtLookup: xtSearch returned -5
[  774.438953][T16592] free_index: error reading directory table
[  774.438961][T16592] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt
[  774.438961][T16592] 
[  774.438986][T16592] xtLookup: xtSearch returned -5
[  774.438995][T16592] free_index: error reading directory table
[  775.027206][T16628] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4262'.
[  776.263028][T16652] loop2: detected capacity change from 0 to 1024
[  776.265011][T16652] EXT4-fs: Ignoring removed oldalloc option
[  776.294914][T16652] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  776.436940][T16652] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  776.584106][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  777.257892][T16661] loop3: detected capacity change from 0 to 128
[  778.101308][T16680] loop4: detected capacity change from 0 to 1024
[  778.193256][ T4928] Bluetooth: hci2: hardware error 0x00
[  778.268475][T16680] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  778.268509][T16680] EXT4-fs (loop4): required journal recovery suppressed and not mounted read-only
[  778.373595][T16680] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4276'.
[  780.285318][T16710] bond0: entered promiscuous mode
[  780.285340][T16710] bond_slave_0: entered promiscuous mode
[  780.285522][T16710] bond_slave_1: entered promiscuous mode
[  780.490235][ T4928] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  780.535575][T16710] batadv0: entered promiscuous mode
[  781.729013][T16736] loop2: detected capacity change from 0 to 164
[  781.879263][T16736] Unsupported NM flag settings (240)
[  781.941473][T16128] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  782.087095][T16744] Invalid argument reading file caps for ./file0
[  782.145397][ T1339] ieee802154 phy0 wpan0: encryption failed: -22
[  782.555493][T16128] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  782.566595][T16128] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  782.567924][T16750] netlink: 'syz.0.4297': attribute type 4 has an invalid length.
[  782.771470][T16128] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  782.772537][T16754] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4299'.
[  782.776603][T16128] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  782.930617][T16128] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  782.945245][T16128] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  783.382257][T16128] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  784.552049][T16128] 8021q: adding VLAN 0 to HW filter on device bond0
[  784.666016][T16128] 8021q: adding VLAN 0 to HW filter on device team0
[  784.710542][T15159] bridge0: port 1(bridge_slave_0) entered blocking state
[  784.710705][T15159] bridge0: port 1(bridge_slave_0) entered forwarding state
[  784.949636][ T1397] bridge0: port 2(bridge_slave_1) entered blocking state
[  784.949886][ T1397] bridge0: port 2(bridge_slave_1) entered forwarding state
[  785.066172][T16814] loop4: detected capacity change from 0 to 256
[  785.067457][T16814] exfat: Deprecated parameter 'utf8'
[  785.067492][T16814] exfat: Deprecated parameter 'utf8'
[  785.250519][T16814] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d)
[  785.577084][T16821] loop8: detected capacity change from 0 to 8
[  785.794471][T16821] Dev loop8: unable to read RDB block 8
[  785.794518][T16821]  loop8: unable to read partition table
[  785.794730][T16821] loop8: partition table beyond EOD, truncated
[  785.794748][T16821] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  785.884207][T16827] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  785.884207][T16827] The task syz.3.4321 (16827) triggered the difference, watch for misbehavior.
[  786.463484][T16837] loop4: detected capacity change from 0 to 1024
[  786.469993][T16837] EXT4-fs: Ignoring removed mblk_io_submit option
[  786.554313][T16837] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  786.554474][T16837] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  786.586288][T16837] EXT4-fs error (device loop4): ext4_ext_check_inode:521: inode #11: comm syz.4.4323: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  786.586341][T16837] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  786.588241][T16837] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.4323: couldn't read orphan inode 11 (err -117)
[  786.588276][T16837] loop4: lost filesystem error report for type 5 error -117
[  786.617169][T16837] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  786.766587][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  787.471313][T16863] vxcan0: tx address claim with different name
[  787.492365][T16864] loop4: detected capacity change from 0 to 128
[  787.616328][T16864] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  787.633931][T16864] ext4 filesystem being mounted at /870/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  788.349666][ T5613] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  788.601228][T16128] 8021q: adding VLAN 0 to HW filter on device batadv0
[  788.821608][T16895] loop3: detected capacity change from 0 to 32768
[  788.831982][T16895] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4345 (16895)
[  788.850187][T16895] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  788.850231][T16895] BTRFS info (device loop3): using sha256 checksum algorithm
[  789.034882][T16913] loop4: detected capacity change from 0 to 128
[  789.043834][T16913] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  789.047732][T16913] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  789.326152][T16895] BTRFS info (device loop3): setting nodatasum
[  789.326169][T16895] BTRFS info (device loop3): enabling ssd optimizations
[  789.326180][T16895] BTRFS info (device loop3): turning on async discard
[  789.326189][T16895] BTRFS info (device loop3): enabling free space tree
[  789.619383][ T1397] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  789.997503][T16927] netlink: 'syz.0.4351': attribute type 29 has an invalid length.
[  790.074151][T16927] netlink: 'syz.0.4351': attribute type 29 has an invalid length.
[  790.089878][T16927] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4351'.
[  790.296018][T16128] veth0_vlan: entered promiscuous mode
[  790.347877][T16128] veth1_vlan: entered promiscuous mode
[  790.540615][T16128] veth0_macvtap: entered promiscuous mode
[  790.703367][T16128] veth1_macvtap: entered promiscuous mode
[  790.859746][T16128] batman_adv: batadv0: Interface activated: batadv_slave_0
[  791.089756][T16128] batman_adv: batadv0: Interface activated: batadv_slave_1
[  791.149492][T15159] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  791.307823][T15159] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  791.528049][ T5618] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  791.631978][T15159] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  791.633138][T15159] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  791.759565][T16943] loop4: detected capacity change from 0 to 164
[  792.182320][T16943] rock: corrupted directory entry. extent=458780 out of volume (nzones=41)
[  794.793248][ T1541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  794.793267][ T1541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  794.963352][T16968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4367'.
[  795.181650][T16973] loop4: detected capacity change from 0 to 256
[  795.449110][T16973] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001053e, chksum : 0x9ba999a5, utbl_chksum : 0xe619d30d)
[  796.084947][T16987] loop2: detected capacity change from 0 to 128
[  796.634468][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  796.634492][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  797.493340][T17008] tap0: tun_chr_ioctl cmd 1074812118
[  797.779707][    T9] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  797.875761][ T5617] IPVS: starting estimator thread 0...
[  797.939939][    T9] usb 3-1: Using ep0 maxpacket: 8
[  797.942440][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  797.942471][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  797.942496][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  797.942519][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  797.942559][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  797.942582][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.123708][T17022] IPVS: using max 12 ests per chain, 28800 per kthread
[  798.317849][    T9] usb 3-1: GET_CAPABILITIES returned 0
[  798.317899][    T9] usbtmc 3-1:16.0: can't read capabilities
[  799.034856][T15950] usb 3-1: USB disconnect, device number 46
[  799.866163][ T5725] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  799.951888][T17075] kernel read not supported for file /fb0 (pid: 17075 comm: syz.4.4411)
[  800.040878][ T5725] usb 1-1: Using ep0 maxpacket: 16
[  800.074276][ T5725] usb 1-1: unable to get BOS descriptor or descriptor too short
[  800.074361][ T5725] usb 1-1: too many configurations: 32, using maximum allowed: 8
[  800.075537][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.075561][ T5725] usb 1-1: config 9 has no interface number 0
[  800.075591][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.076746][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.076769][ T5725] usb 1-1: config 9 has no interface number 0
[  800.076800][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.077921][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.077952][ T5725] usb 1-1: config 9 has no interface number 0
[  800.077983][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.079230][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.079254][ T5725] usb 1-1: config 9 has no interface number 0
[  800.079300][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.080572][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.080595][ T5725] usb 1-1: config 9 has no interface number 0
[  800.080640][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.081937][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.081961][ T5725] usb 1-1: config 9 has no interface number 0
[  800.081989][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.100990][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.101017][ T5725] usb 1-1: config 9 has no interface number 0
[  800.101049][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.121818][   T32] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  800.153645][ T5725] usb 1-1: config 9 has an invalid interface number: 57 but max is 0
[  800.153672][ T5725] usb 1-1: config 9 has no interface number 0
[  800.153705][ T5725] usb 1-1: config 9 interface 57 has no altsetting 0
[  800.196366][ T5725] usb 1-1: string descriptor 0 read error: -22
[  800.196496][ T5725] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=61.f7
[  800.196519][ T5725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  800.513043][   T32] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  800.513090][   T32] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  800.513113][   T32] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  800.513137][   T32] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  800.624283][   T32] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  800.624314][   T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  800.624344][   T32] usb 3-1: Product: syz
[  800.624358][   T32] usb 3-1: Manufacturer: syz
[  800.624373][   T32] usb 3-1: SerialNumber: syz
[  800.708774][    T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  800.871676][    T9] usb 4-1: Using ep0 maxpacket: 16
[  800.883417][    T9] usb 4-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  800.883450][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  800.883472][    T9] usb 4-1: Product: syz
[  800.883486][    T9] usb 4-1: Manufacturer: syz
[  800.883501][    T9] usb 4-1: SerialNumber: syz
[  801.168611][T17085] loop4: detected capacity change from 0 to 128
[  801.304595][    T9] usb 4-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  801.349104][    T9] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  801.349658][    T9] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  801.349762][    T9] usb 4-1: media controller created
[  801.429417][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  801.518273][ T5725] video4linux radio48: keene_cmd_set failed (-71)
[  801.518363][ T5725] radio-keene 1-1:9.57: V4L2 device registered as radio48
[  801.563319][T17062] IPVS: set_ctl: invalid protocol: 135 172.20.20.11:21
[  801.725326][ T5725] usb 1-1: USB disconnect, device number 46
[  801.739754][    T9] zl10353_read_register: readreg error (reg=127, ret==-32)
[  801.964955][    T9] dvb_usb_gl861 4-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  801.970633][    T9] usb 4-1: USB disconnect, device number 39
[  802.037369][   T32] cdc_ncm 3-1:1.0: bind() failure
[  802.094444][   T32] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[  802.098477][   T32] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[  802.117284][   T32] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  802.248918][   T32] usb 3-1: USB disconnect, device number 47
[  802.616503][ T5617] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  802.849562][ T5617] usb 6-1: Using ep0 maxpacket: 16
[  802.852068][ T5617] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  802.852094][ T5617] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  802.854265][ T5617] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  802.854293][ T5617] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.854313][ T5617] usb 6-1: Product: syz
[  802.854328][ T5617] usb 6-1: Manufacturer: syz
[  802.854341][ T5617] usb 6-1: SerialNumber: syz
[  802.969046][ T5617] usb 6-1: 0:2 : does not exist
[  803.218445][ T5617] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  803.638862][T17111] loop2: detected capacity change from 0 to 256
[  803.640315][T17111] exfat: Deprecated parameter 'utf8'
[  803.640356][T17111] exfat: Deprecated parameter 'utf8'
[  803.640395][T17111] exfat: Deprecated parameter 'utf8'
[  803.693740][T17111] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d)
[  803.813213][ T5617] usb 6-1: USB disconnect, device number 2
[  803.958516][T17121] sg_write: data in/out 425984/136 bytes for SCSI command 0x0-- guessing data in;
[  803.958516][T17121]    program syz.4.4424 not setting count and/or reply_len properly
[  804.350196][T17131] loop2: detected capacity change from 0 to 128
[  804.657487][T17131] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  804.706249][T17131] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  804.849646][T12363] udevd[12363]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  805.728568][T17162] netlink: 136 bytes leftover after parsing attributes in process `syz.4.4444'.
[  806.350006][T17177] loop3: detected capacity change from 0 to 512
[  806.473718][T17177] EXT4-fs error (device loop3): __ext4_iget:5481: inode #11: block 1: comm syz.3.4451: invalid block
[  806.473757][T17177] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  806.477117][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  806.477139][    C0] EXT4-fs (loop3): initial error at time 1779836236: __ext4_iget:5481: inode 11: block 1
[  806.477170][    C0] EXT4-fs (loop3): last error at time 1779836236: __ext4_iget:5481: inode 11: block 1
[  806.495342][T17177] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.4451: couldn't read orphan inode 11 (err -117)
[  806.495379][T17177] loop3: lost filesystem error report for type 5 error -117
[  806.567007][T17177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  806.634930][T17177] EXT4-fs error (device loop3): __ext4_add_entry:2412: inode #2: comm syz.3.4451: Directory hole found for htree leaf block 0
[  807.344532][ T5618] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  808.124543][    T9] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  808.287039][    T9] usb 5-1: Using ep0 maxpacket: 8
[  808.295229][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  808.295263][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  808.295289][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  808.295313][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  808.295355][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  808.295378][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.341972][T17200] loop2: detected capacity change from 0 to 131072
[  808.378851][T17200] F2FS-fs (loop2): Test dummy encryption mode enabled
[  808.384266][T17200] F2FS-fs (loop2): invalid crc value
[  808.495429][T17200] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  808.522651][T17200] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  808.902383][    T9] usb 5-1: GET_CAPABILITIES returned 0
[  808.902435][    T9] usbtmc 5-1:16.0: can't read capabilities
[  809.110707][ T5725] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  809.176656][T17219] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4466'.
[  809.273456][ T5725] usb 6-1: Using ep0 maxpacket: 32
[  809.276101][ T5725] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  809.276129][ T5725] usb 6-1: config 0 has no interface number 0
[  809.276174][ T5725] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  809.289759][ T5725] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  809.289787][ T5725] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  809.289807][ T5725] usb 6-1: Product: syz
[  809.289819][ T5725] usb 6-1: Manufacturer: syz
[  809.289831][ T5725] usb 6-1: SerialNumber: syz
[  809.291897][T15950] usb 5-1: USB disconnect, device number 43
[  809.473067][ T5725] usb 6-1: config 0 descriptor??
[  809.474872][T17211] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  809.758956][T17211] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  810.260541][T17234] loop4: detected capacity change from 0 to 128
[  810.712328][   T38] audit: type=1800 audit(1779836240.231:257): pid=17234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4472" name="file1" dev="loop4" ino=1048723 res=0 errno=0
[  810.757192][ T5725] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  810.757226][ T5725] asix 6-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  810.757500][ T5725] asix 6-1:0.188: probe with driver asix failed with error -71
[  810.801894][ T5725] usb 6-1: USB disconnect, device number 3
[  811.572875][   T38] audit: type=1800 audit(1779836240.793:258): pid=17248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4477" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  811.833054][T17257] loop4: detected capacity change from 0 to 512
[  812.108919][T17257] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  812.109070][T17257] ext4 filesystem being mounted at /904/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  812.361472][T17257] EXT4-fs error (device loop4): ext4_do_update_inode:5690: inode #2: comm syz.4.4480: corrupted inode contents
[  812.588553][T17266] loop5: detected capacity change from 0 to 512
[  812.631991][T17257] EXT4-fs error (device loop4): ext4_dirty_inode:6587: inode #2: comm syz.4.4480: mark_inode_dirty error
[  812.670971][T17266] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  812.690914][T17266] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0082]
[  812.691061][T17266] System zones: 1-12
[  812.736315][T17266] EXT4-fs (loop5): 1 truncate cleaned up
[  812.740805][T17266] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  812.844875][T16128] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  812.970747][T17257] EXT4-fs error (device loop4): ext4_do_update_inode:5690: inode #2: comm syz.4.4480: corrupted inode contents
[  812.971206][T17257] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.4480: mark_inode_dirty error
[  813.333382][T17274] loop5: detected capacity change from 0 to 512
[  813.334530][T17274] EXT4-fs: Ignoring removed nomblk_io_submit option
[  813.336497][T17274] EXT4-fs: Ignoring removed mblk_io_submit option
[  813.375346][T17274] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  813.375380][T17274] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  813.505820][T17263] EXT4-fs warning (device loop4): ext4_es_cache_extent:1082: inode #2: comm syz.4.4480: ES cache extent failed: add [0,1,20,0x1] conflict with existing [0,8,576460752303423487,0x18]
[  813.505820][T17263] 
[  813.581532][T17263] EXT4-fs error (device loop4): ext4_do_update_inode:5690: inode #2: comm syz.4.4480: corrupted inode contents
[  813.587106][T17274] EXT4-fs (loop5): 1 truncate cleaned up
[  813.616426][T17274] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  813.628549][T17263] EXT4-fs error (device loop4): ext4_append:88: inode #2: comm syz.4.4480: mark_inode_dirty error
[  813.643319][T17263] EXT4-fs error (device loop4) in ext4_append:100: Corrupt filesystem
[  813.655387][T17274] EXT4-fs warning (device loop5): verify_group_input:156: Last group not full
[  814.046448][T16128] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  814.068114][T17257] EXT4-fs error (device loop4): ext4_do_update_inode:5690: inode #2: comm syz.4.4480: corrupted inode contents
[  814.070249][T17257] EXT4-fs error (device loop4): add_dirent_to_buf:2151: inode #2: comm syz.4.4480: mark_inode_dirty error
[  814.461586][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  815.023231][T12678] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  815.036826][ T5725] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  815.160129][T12678] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  815.252679][T12678] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  815.256145][ T5725] usb 3-1: Using ep0 maxpacket: 16
[  815.258637][ T5725] usb 3-1: config index 0 descriptor too short (expected 52, got 36)
[  815.258663][ T5725] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[  815.258683][ T5725] usb 3-1: config 0 has no interface number 0
[  815.258737][ T5725] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  815.258760][ T5725] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  815.261458][ T5725] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  815.261485][ T5725] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  815.261503][ T5725] usb 3-1: Product: syz
[  815.261515][ T5725] usb 3-1: Manufacturer: syz
[  815.261528][ T5725] usb 3-1: SerialNumber: syz
[  815.273885][T12678] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  815.288400][T12678] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  815.396106][ T5725] usb 3-1: config 0 descriptor??
[  815.397200][T17285] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  815.397354][T17285] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  815.780297][T17285] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  815.780419][T17285] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  816.429117][ T4928] ==================================================================
[  816.429136][ T4928] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0xe3/0x180
[  816.429173][ T4928] Read of size 8 at addr ffff888033f4c200 by task kworker/u9:1/4928
[  816.429197][ T4928] 
[  816.429214][ T4928] CPU: 0 UID: 0 PID: 4928 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  816.429245][ T4928] Tainted: [L]=SOFTLOCKUP
[  816.429254][ T4928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  816.429269][ T4928] Workqueue: hci1 hci_rx_work
[  816.429300][ T4928] Call Trace:
[  816.429308][ T4928]  <TASK>
[  816.429317][ T4928]  dump_stack_lvl+0xe8/0x150
[  816.429344][ T4928]  print_address_description+0x55/0x1e0
[  816.429371][ T4928]  ? l2cap_sock_ready_cb+0xe3/0x180
[  816.429396][ T4928]  print_report+0x58/0x70
[  816.429414][ T4928]  kasan_report+0x117/0x150
[  816.429440][ T4928]  ? l2cap_sock_ready_cb+0xe3/0x180
[  816.429469][ T4928]  l2cap_sock_ready_cb+0xe3/0x180
[  816.429497][ T4928]  l2cap_le_start+0x25b/0x1960
[  816.429532][ T4928]  ? __pfx_l2cap_le_start+0x10/0x10
[  816.429556][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  816.429579][ T4928]  ? lockdep_hardirqs_on+0x7a/0x110
[  816.429601][ T4928]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  816.429621][ T4928]  ? mutex_lock_nested+0x152/0x1d0
[  816.429646][ T4928]  ? l2cap_connect_cfm+0x894/0x1560
[  816.429672][ T4928]  l2cap_connect_cfm+0x8d5/0x1560
[  816.429699][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  816.429722][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  816.429742][ T4928]  ? lockdep_hardirqs_on+0x7a/0x110
[  816.429760][ T4928]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  816.429779][ T4928]  ? mutex_lock_nested+0x152/0x1d0
[  816.429802][ T4928]  ? hci_connect_cfm+0x2c/0x140
[  816.429819][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  816.429843][ T4928]  hci_connect_cfm+0x95/0x140
[  816.429867][ T4928]  le_conn_complete_evt+0x1134/0x16b0
[  816.429894][ T4928]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  816.429917][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  816.429938][ T4928]  ? lockdep_hardirqs_on+0x7a/0x110
[  816.429959][ T4928]  ? skb_pull_data+0xfb/0x200
[  816.429983][ T4928]  hci_le_conn_complete_evt+0x187/0x470
[  816.430007][ T4928]  hci_event_packet+0x659/0xef0
[  816.430039][ T4928]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  816.430065][ T4928]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  816.430085][ T4928]  ? __pfx_hci_event_packet+0x10/0x10
[  816.430114][ T4928]  ? rt_spin_unlock+0x14f/0x200
[  816.430144][ T4928]  ? hci_send_to_monitor+0xe2/0x590
[  816.430168][ T4928]  hci_rx_work+0x3ee/0x1040
[  816.430196][ T4928]  ? preempt_schedule_thunk+0x16/0x40
[  816.430218][ T4928]  ? process_one_work+0x8be/0x1630
[  816.430246][ T4928]  process_one_work+0x98b/0x1630
[  816.430273][ T4928]  ? do_raw_spin_unlock+0xf5/0x210
[  816.430304][ T4928]  ? __pfx_process_one_work+0x10/0x10
[  816.430332][ T4928]  ? do_raw_spin_lock+0x12b/0x2f0
[  816.430359][ T4928]  worker_thread+0xb49/0x1140
[  816.430386][ T4928]  kthread+0x388/0x470
[  816.430408][ T4928]  ? __pfx_worker_thread+0x10/0x10
[  816.430426][ T4928]  ? __pfx_kthread+0x10/0x10
[  816.430446][ T4928]  ret_from_fork+0x514/0xb70
[  816.430470][ T4928]  ? __pfx_ret_from_fork+0x10/0x10
[  816.430493][ T4928]  ? __switch_to+0xc79/0x1410
[  816.430515][ T4928]  ? __pfx_kthread+0x10/0x10
[  816.430547][ T4928]  ret_from_fork_asm+0x1a/0x30
[  816.430581][ T4928]  </TASK>
[  816.430589][ T4928] 
[  816.430595][ T4928] Allocated by task 17291:
[  816.430605][ T4928]  kasan_save_track+0x3e/0x80
[  816.430627][ T4928]  __kasan_kmalloc+0x93/0xb0
[  816.430648][ T4928]  __kmalloc_noprof+0x3e7/0x7b0
[  816.430671][ T4928]  sk_prot_alloc+0xe7/0x210
[  816.430689][ T4928]  sk_alloc+0x3a/0x390
[  816.430704][ T4928]  bt_sock_alloc+0x3b/0x340
[  816.430720][ T4928]  l2cap_sock_create+0x147/0x330
[  816.430744][ T4928]  bt_sock_create+0x163/0x240
[  816.430762][ T4928]  __sock_create+0x4e3/0x960
[  816.430785][ T4928]  __sys_socket+0xd9/0x330
[  816.430806][ T4928]  __x64_sys_socket+0x7a/0x90
[  816.430828][ T4928]  do_syscall_64+0x174/0x580
[  816.430846][ T4928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.430865][ T4928] 
[  816.430870][ T4928] Freed by task 17291:
[  816.430879][ T4928]  kasan_save_track+0x3e/0x80
[  816.430898][ T4928]  kasan_save_free_info+0x46/0x50
[  816.430923][ T4928]  __kasan_slab_free+0x5c/0x80
[  816.430941][ T4928]  kfree+0x1c5/0x6c0
[  816.430957][ T4928]  __sk_destruct+0x74b/0x9d0
[  816.430974][ T4928]  l2cap_sock_release+0x1c1/0x270
[  816.430994][ T4928]  __sock_release+0xb9/0x250
[  816.431013][ T4928]  sock_close+0x1c/0x30
[  816.431034][ T4928]  __fput+0x461/0xa70
[  816.431052][ T4928]  task_work_run+0x1d9/0x270
[  816.431074][ T4928]  get_signal+0x11eb/0x1330
[  816.431101][ T4928]  arch_do_signal_or_restart+0xbc/0x840
[  816.431119][ T4928]  exit_to_user_mode_loop+0xa9/0x680
[  816.431138][ T4928]  do_syscall_64+0x353/0x580
[  816.431154][ T4928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.431171][ T4928] 
[  816.431175][ T4928] The buggy address belongs to the object at ffff888033f4c000
[  816.431175][ T4928]  which belongs to the cache kmalloc-4k of size 4096
[  816.431193][ T4928] The buggy address is located 512 bytes inside of
[  816.431193][ T4928]  freed 4096-byte region [ffff888033f4c000, ffff888033f4d000)
[  816.431212][ T4928] 
[  816.431218][ T4928] The buggy address belongs to the physical page:
[  816.431246][ T4928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33f48
[  816.431264][ T4928] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  816.431280][ T4928] flags: 0x80000000000040(head|node=0|zone=1)
[  816.431302][ T4928] page_type: f5(slab)
[  816.431318][ T4928] raw: 0080000000000040 ffff88813fe24140 dead000000000100 dead000000000122
[  816.431335][ T4928] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  816.431354][ T4928] head: 0080000000000040 ffff88813fe24140 dead000000000100 dead000000000122
[  816.431369][ T4928] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  816.431383][ T4928] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  816.431400][ T4928] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  816.431410][ T4928] page dumped because: kasan: bad access detected
[  816.431421][ T4928] page_owner tracks the page as allocated
[  816.431427][ T4928] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 22421790114, free_ts 22416850948
[  816.431462][ T4928]  post_alloc_hook+0x1f9/0x250
[  816.431483][ T4928]  get_page_from_freelist+0x265c/0x26e0
[  816.431508][ T4928]  __alloc_frozen_pages_noprof+0x18d/0x380
[  816.431539][ T4928]  allocate_slab+0x74/0x5e0
[  816.431552][ T4928]  refill_objects+0x33c/0x3d0
[  816.431573][ T4928]  __pcs_replace_empty_main+0x373/0x720
[  816.431587][ T4928]  __kmalloc_cache_noprof+0x44e/0x690
[  816.431606][ T4928]  kobject_uevent_env+0x28f/0x9e0
[  816.431626][ T4928]  kernel_add_sysfs_param+0xb1/0xe0
[  816.431765][ T4928]  param_sysfs_builtin+0x199/0x250
[  816.431784][ T4928]  param_sysfs_builtin_init+0x23/0x30
[  816.431801][ T4928]  do_one_initcall+0x250/0x870
[  816.431821][ T4928]  do_initcall_level+0x104/0x190
[  816.431870][ T4928]  do_initcalls+0x59/0xa0
[  816.431888][ T4928]  kernel_init_freeable+0x2a6/0x3e0
[  816.431906][ T4928]  kernel_init+0x1d/0x1d0
[  816.431928][ T4928] page last free pid 2081 tgid 2081 stack trace:
[  816.431939][ T4928]  free_pages_prepare+0x947/0xa40
[  816.431955][ T4928]  __free_contig_range_common+0x174/0x340
[  816.431976][ T4928]  free_pages_bulk+0x48/0x120
[  816.431994][ T4928]  vfree+0x26f/0x500
[  816.432009][ T4928]  delayed_vfree_work+0x55/0x80
[  816.432026][ T4928]  process_one_work+0x98b/0x1630
[  816.432048][ T4928]  worker_thread+0xb49/0x1140
[  816.432061][ T4928]  kthread+0x388/0x470
[  816.432077][ T4928]  ret_from_fork+0x514/0xb70
[  816.432094][ T4928]  ret_from_fork_asm+0x1a/0x30
[  816.432114][ T4928] 
[  816.432118][ T4928] Memory state around the buggy address:
[  816.432127][ T4928]  ffff888033f4c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  816.432138][ T4928]  ffff888033f4c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  816.432148][ T4928] >ffff888033f4c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  816.432156][ T4928]                    ^
[  816.432164][ T4928]  ffff888033f4c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  816.432174][ T4928]  ffff888033f4c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  816.432182][ T4928] ==================================================================
[  816.432442][ T4928] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  816.432466][ T4928] CPU: 0 UID: 0 PID: 4928 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  816.432494][ T4928] Tainted: [L]=SOFTLOCKUP
[  816.432501][ T4928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  816.432514][ T4928] Workqueue: hci1 hci_rx_work
[  816.432559][ T4928] Call Trace:
[  816.432568][ T4928]  <TASK>
[  816.432577][ T4928]  vpanic+0x56c/0xa60
[  816.432603][ T4928]  ? __pfx_vpanic+0x10/0x10
[  816.432633][ T4928]  panic+0xc5/0xd0
[  816.432657][ T4928]  ? __pfx_panic+0x10/0x10
[  816.432684][ T4928]  ? preempt_schedule_thunk+0x16/0x40
[  816.432705][ T4928]  ? preempt_schedule_thunk+0x16/0x40
[  816.432726][ T4928]  ? l2cap_sock_ready_cb+0xe3/0x180
[  816.432751][ T4928]  check_panic_on_warn+0x89/0xb0
[  816.432774][ T4928]  ? l2cap_sock_ready_cb+0xe3/0x180
[  816.432798][ T4928]  end_report+0x73/0x170
[  816.432822][ T4928]  ? l2cap_sock_ready_cb+0xe3/0x180
[  816.432847][ T4928]  kasan_report+0x128/0x150
[  816.432872][ T4928]  ? l2cap_sock_ready_cb+0xe3/0x180
[  816.432901][ T4928]  l2cap_sock_ready_cb+0xe3/0x180
[  816.432927][ T4928]  l2cap_le_start+0x25b/0x1960
[  816.432953][ T4928]  ? __pfx_l2cap_le_start+0x10/0x10
[  816.432976][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  816.432996][ T4928]  ? lockdep_hardirqs_on+0x7a/0x110
[  816.433014][ T4928]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  816.433033][ T4928]  ? mutex_lock_nested+0x152/0x1d0
[  816.433057][ T4928]  ? l2cap_connect_cfm+0x894/0x1560
[  816.433083][ T4928]  l2cap_connect_cfm+0x8d5/0x1560
[  816.433112][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  816.433136][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  816.433156][ T4928]  ? lockdep_hardirqs_on+0x7a/0x110
[  816.433176][ T4928]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  816.433196][ T4928]  ? mutex_lock_nested+0x152/0x1d0
[  816.433228][ T4928]  ? hci_connect_cfm+0x2c/0x140
[  816.433250][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  816.433276][ T4928]  hci_connect_cfm+0x95/0x140
[  816.433298][ T4928]  le_conn_complete_evt+0x1134/0x16b0
[  816.433325][ T4928]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  816.433348][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  816.433368][ T4928]  ? lockdep_hardirqs_on+0x7a/0x110
[  816.433390][ T4928]  ? skb_pull_data+0xfb/0x200
[  816.433417][ T4928]  hci_le_conn_complete_evt+0x187/0x470
[  816.433443][ T4928]  hci_event_packet+0x659/0xef0
[  816.433475][ T4928]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  816.433501][ T4928]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  816.433547][ T4928]  ? __pfx_hci_event_packet+0x10/0x10
[  816.433575][ T4928]  ? rt_spin_unlock+0x14f/0x200
[  816.433606][ T4928]  ? hci_send_to_monitor+0xe2/0x590
[  816.433633][ T4928]  hci_rx_work+0x3ee/0x1040
[  816.433661][ T4928]  ? preempt_schedule_thunk+0x16/0x40
[  816.433683][ T4928]  ? process_one_work+0x8be/0x1630
[  816.433713][ T4928]  process_one_work+0x98b/0x1630
[  816.433741][ T4928]  ? do_raw_spin_unlock+0xf5/0x210
[  816.433773][ T4928]  ? __pfx_process_one_work+0x10/0x10
[  816.433800][ T4928]  ? do_raw_spin_lock+0x12b/0x2f0
[  816.433830][ T4928]  worker_thread+0xb49/0x1140
[  816.433861][ T4928]  kthread+0x388/0x470
[  816.433885][ T4928]  ? __pfx_worker_thread+0x10/0x10
[  816.433903][ T4928]  ? __pfx_kthread+0x10/0x10
[  816.433926][ T4928]  ret_from_fork+0x514/0xb70
[  816.433950][ T4928]  ? __pfx_ret_from_fork+0x10/0x10
[  816.433975][ T4928]  ? __switch_to+0xc79/0x1410
[  816.433996][ T4928]  ? __pfx_kthread+0x10/0x10
[  816.434018][ T4928]  ret_from_fork_asm+0x1a/0x30
[  816.434051][ T4928]  </TASK>
[  816.434558][ T4928] Kernel Offset: disabled