last executing test programs:

1m5.439505906s ago: executing program 4 (id=164):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1800040, &(0x7f00000001c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@block_validity}, {@nodioread_nolock}, {@nodelalloc}, {@resuid}, {@errors_remount}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x115)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0x2, 0x1, 0xcc7, 0x3}, 0x14)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

1m4.252112599s ago: executing program 4 (id=171):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x10)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000280)={r1, 0x2, 0x6, @local}, 0x10)
setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000000)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}, 0x10)

1m3.822399384s ago: executing program 4 (id=175):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x40, 0x0)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)

1m2.615981748s ago: executing program 4 (id=188):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x10, &(0x7f0000000100)={[{@dioread_lock}]}, 0x5, 0x7e5, &(0x7f00000018c0)="$eJzs3ctrW9kZAPDvyvKjTlK7UGjSlaHQGoLlOnWTFrpI6aIUGgi06yZCVkxq2QqWHGJjSEMpdFNoQxeFdpN12qa7btuZ7cy/MLMZhiEhM+OESZjF4OHqEcu25MgZWZqJfz+49jn3oXO++zj3yPdwHcCxNZX+yESciYg/JxETjflJRAzXUtmIi/X1nm1tFtIpie3tX32U1NZ5urVZiJZtYnw8TjQypyPijT9EnM3sL7eyvrGUL5WKq438bHX5xmxlfWPm+nJ+sbhYXDk/Nz9/7sIPL4z2LtZP3t44+egvP//evy9++vtvPfjTm0lcjJONZa1x9MpUTNX3SQynu3CXn/W6sAFLBl0BXkl6aQ7Vr/I4ExPZGOl+2+xRVgwAODK3I2IbADhmEvd/ADhmmn8HeLq1WUin7duD/XtEvz3+aUSM1eNvPt+sL8k2ntmN1Z6Djj9Ndj3vSCJisgflT0XEP/77m3+mUxzRc0iAdn53JyKuTk412/+d9ifZN2ahrvsBGd9vJg4YHDC1J6/9g/75X9r/+dFO/2/n+su86P9Em/7PaJtr91VMxe4RJ/uv/8zDHhTTUdr/+8nwzti2Zy3xN0wONXKnan2+4eTa9VIxbdu+HhHTMTya5ufaf3xteNn0k8+e7JrbEnFr/+/ju7+9n5af/t5ZI/Mwu6fJXchX872IPfX4TsS3s+3iT14c/6RD//dyl2X84sd//HunZWn8abzNaXf8Rz+qbPtexHejffxNyUHjE8/P1k6H2eZJ0cZ/3vvbeKfyW49/OqXl178LnOp9sG2kx3/84Pgnk9bxmpXDl/HWvYn/d1rWOf6m9uf/SPLrWrp5Kd3KV6urcxEjyS/3zz+3s20z31w/jX/6O+2v/4PO//Q74dUu488++vBfL42/OWNf/A1jXRZ2SGn8C4c6/m0T6VfhDovypQfPloY6ld/d8Z9PE0PTjTndtH8da5ovlUZa1nnlHQcAAAAAAAAAAAAAAAAAAAAAAAAAh5CpvaQ0yeRepDOZXC5q/8P7mzGeKZUr1bPXymsrC/WXmU7G8GhE1F51OdHyPtS5xvvwm/lze/I/iIhvRMRfR79Wy+cK5dLCoIMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIYTHf7/f+qD0frv5wOtIQBwJMZeusaTYl8qAgD0zcvv/xExevT1AAD6p6v7PwDwWnH/B4DjZywz6BoAAP02FpEddB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4rV2+dCmdtp9vbRbS/MLN9bWl8s2ZhWJlKbe8VsgVyqs3covl8mKpmCuUl1s2fafd55XK5RvzsbJ2a7ZarFRnK+sbV5bLayvVK9eX84vFK8XhvkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN2rrG8s5Uul4mojcX88YvecPiWGGhXq5SfPnOx3FP1IbE/U99SXpT49T4ztnfP+zLunD9rq7r7TWOILJwbZKgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8dXweAAD//9GqGUs=")
mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000100)='./bus\x00', 0x80, 0x0, 0x1, 0x0, 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x0, 0x0, 0x1)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@index_on}]})

1m1.912005806s ago: executing program 4 (id=193):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x10, 0x4, 0x8, 0x5}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20)

1m0.952049097s ago: executing program 4 (id=201):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa00004, &(0x7f00000006c0)={[{@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@umask={'umask', 0x3d, 0x5}}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@dmode={'dmode', 0x3d, 0x8e}}, {@adinicb}, {@adinicb}, {@dmode={'dmode', 0x3d, 0x4}}, {@shortad}, {@shortad}, {@undelete}, {@gid_forget}, {@noadinicb}]}, 0x2, 0xc6e, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfG5LiSmkrJk4VJ42DTVuksmK5+hdTtgp3VdNsA8iyEIq5BeBKpNSFKZIgqUY23JbppYceAhRFDzkRaIUCKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAAVoEW8zsW3FFkRYjkhIlfz429d2deW/mvZnxjCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOJ3Xj1/4mTaZEXfI2gMAPBQXBz7yolTmz3/AYAn1uWt/v8fAAAAAAAAAAAAAADYL1IU8VSkmLu4liaq7x21C62Bm7fGR0Y3r3YwVTX7qvLlT+3kqdNnvvTC8NluXmjNfEj93faZeH3s8vn6K7M35uanFhamJuvjM62rs5NT297CTutvdKw6APUbb9ycvHZtoX7q+dN3rb419MHgx44MnRt+9vgz3bLjI6OjY+tFar3l+x+4IR1bjfA4EEUcjxTPfefHqRkRRez8WNQe7rnf6GDViWNVJ8ZHRquOTLeaM4vlykvdA1FE1HsqNbrHaPNzEf0DD7UPW2tELJXNLxt8rOze2Fxzvnlleqp+qTm/2Fpszc5cSp3Wlv2pRxFnU8RyRKwO3ru5gSiiP1J86/BaupLf+lEdhy9WA4O3bkexh33chrKd9YGI5eIxOGf72GAU8Vqk+Mm7R+Nqvs9U95ovRLxW5vcibpf5ckQqL4wzEe9vch3xeOqPIv6sPP/n1tJkdT/o3lcufLX+5Zlrsz1lu/eVzvPhQERs6/lwz53iET0fDm7Ih2Of35tqUUSzuuOvpQf/zQ4AAAAAAAAAAAAAAAAAu+1gFPHpSPHqv/5BNa44qnHph88N/+7QL/aOGX/6Ptspyz4fEUvF9sbkHsgDAy+lSyk94rHEH2W1KOIP8/i/bzzqxgAAAAAAAAAAAAAAAAAAAHykFfGjSPHSe0fTcvTOKd6auV6/3Lwy3ZkVtjv3b3fO9Ha73a6nTjZyTuRcyrmccyXnas4ocv2cjZwTOZdyLudcybmaM/py/ZyNnBM5l3Iu51zJuZoz+nP9nI2cEzmXci7nXMm5mjP2ydy9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPkiKK+Fmk+ObX11KkiGhETEQnVwYfdesAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNJgKuK7kaL+e407y/ojIlX/dhwtfzkTjQNlfiIaw2W+HI3zOZtV9je+sfVuir3sAw9uIBXxw0gxWHvnzgnP53+g8+3OZRC3317/9pn+TvZ1Vw59MPixI4fPDY9+7umtPqfNGnDsQmvm5q36+Mjo6FjP4v6890/0LBvK+3Ux7Z6FN996ozk9PTX/4B/KS+ABq3fP5A72/jA/pP7Hpqk+7MaH6N8XzXg0fb9L7VHcnNhz5fP//Ujxm+/9W/eB33n+1+IXOt/uPOHjp3+0/vx/aeOGtvn8799YLz//yyfBZs//p3qWvZR/NzLQH1FbvDE3cCSitvDmW8dbN5rXp65PzZw5ceLF4eEXT58YOBBRu9aanur5tCuHCwAAAAAAAAAAAAAAAODhSUX8dqRo/nAt1SPiVjVea+jc8LPHn+mLvmq81V3jtl8fu3y+/srsjbn5qYWFqcn6+Ezr6uzk1HZ3V6uGe42PjO5JZ+7r4B63/2Dtldm5N+db139/cdP1h2rnrywszjevbr46DkYR0ehdcqxq8PjIaNXo6VZzpqp6adPB9D+/gVTEv0eKq2fq6fN5WR7/v3GEf9x++8U718LSxg3t4vj/zx1aH//38Z6i5T5TKuKnkeI3/vzp+HzVzkNxzzHL5f46Uhw7+9lcLg6U5bpt6LxXoDMysCz735Hi7392d9nueMin1sue/LkO7mOgPP+HI8V3//Tb8at52d3vf+g9/+vH79DGDe3R+x8+2bPs0F3vK9hx18nn/3ikePmpd+LXqiX/+6Hv/+i+seFop/D6+zn26Pz/cs+yobzfX9+tzgMAAAAAAAAAADzGBlIRfxMpvj/an17Iy7bz9/8mN25oj/7+16d6lk3uznxF9/2w44MKAAAAAPvEQCriR5Hi+uI7d8ZQ3z3+u2f852+tj/8cSRvWVn/O90vVewN288//eg3l/U7svNsAAAAAAAAAAAAAAAAAAACwr6RUxAt5PvWJajz/5Jbzqa9Eilf/87lcLh0py3XngR+qfq1dnJ05fn56erYWi80r01P1sbnm1amy7icjxdpffTbXLar51bvzzXfmeF+fi30+Uoz+bbdsZy727tzknfnAa+12xMmy7McjxX/83d1l89TUee7oarunyrJ/GSm+9o+blz2yXvZ0WfbbkeIHX6t3yx4qy3bfj/qp9bLPX50t9uCsAAAAAAAAAAAAAAAAAAAA8FEzkIr4k0jxXzeW74zlz/P/D/R8rdx+u2e+/w1uVfP8D1Xz/2/1+UHm/6/eK7C01V4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODJlKKItyLF3MW1tDJYfu+oXWjN3Lw1PjK6ebWDqarZV5Uvf2onT50+86UXhs9288Pr77ZPx+tjl8/XX5m9MTc/tbAwNVkfn2ldnZ2c2vYWdlp/o2PVAajfeOPm5LVrC/VTz5++a/WtoQ8GP3Zk6Nzws8ef6ZYdHxkdHesp0z/wwHu/R9pi+YEo4i8ixXPf+XH6/mBEETs/Fve5dvbawaoTx6pOjI+MVh2ZbjVnFsuVl7oHooio91RqdI/Rfc/F/7Xb7YfVlU00IpbK5pcNPlZ2b2yuOd+8Mj1Vv9ScX2wttmZnLqVOa8v+1KOIsyliOSJWB+/d3EAU8Uak+NbhtfRPgxF93ePwxYtjXzlxaut2FHvYx20o21kfiFgutnPO2MpgFPEPkeIn7x6Nfx6M6I/OT3wh4rUyvxdxOzrnO5UXxpmI9ze5jng89UcR/1Oe/3Nr6d3B8n7Qva9c+Gr9yzPXZnvKdu8rO3w+tNvtPy7z0T0fHqZ9fm+qRRE/qO74a+lf/HcNAAAAAAAAAAAAAAAAsI8U8SuR4qX3jqZqfPCdMcWtmev1y80r051hfd2xf90x0+12u11PnWzknMi5lHM550rO1ZxR5Po5G2XW2u2J/H0p53LOlZyrOaMv1++rhiu2G/n7RM6lnMs5V3Ku5oz+XD9nI+dEzqWcyzlXcq7mjH0ydg8AAAAAAAAAAAAAAAAAAHiyFNU/Kb759bXUHuzMLz0RnVwxH+gT7/8DAAD//6sO9s4=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e01272a22fc54078fd5e64475993668980a9f95aff96492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef4201dbc11d36a0a0db52e84461c6fbb4aad62cf3c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec080000002b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270b36ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a7986cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9aee540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b231f7ffc441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25afd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e5706000", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x12, r0, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000100)='./bus\x00', 0x1d81ca4, 0x0, 0x83, 0x0, &(0x7f0000000080))

1m0.429597433s ago: executing program 32 (id=201):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa00004, &(0x7f00000006c0)={[{@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@umask={'umask', 0x3d, 0x5}}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@dmode={'dmode', 0x3d, 0x8e}}, {@adinicb}, {@adinicb}, {@dmode={'dmode', 0x3d, 0x4}}, {@shortad}, {@shortad}, {@undelete}, {@gid_forget}, {@noadinicb}]}, 0x2, 0xc6e, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfG5LiSmkrJk4VJ42DTVuksmK5+hdTtgp3VdNsA8iyEIq5BeBKpNSFKZIgqUY23JbppYceAhRFDzkRaIUCKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAAVoEW8zsW3FFkRYjkhIlfz429d2deW/mvZnxjCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOJ3Xj1/4mTaZEXfI2gMAPBQXBz7yolTmz3/AYAn1uWt/v8fAAAAAAAAAAAAAADYL1IU8VSkmLu4liaq7x21C62Bm7fGR0Y3r3YwVTX7qvLlT+3kqdNnvvTC8NluXmjNfEj93faZeH3s8vn6K7M35uanFhamJuvjM62rs5NT297CTutvdKw6APUbb9ycvHZtoX7q+dN3rb419MHgx44MnRt+9vgz3bLjI6OjY+tFar3l+x+4IR1bjfA4EEUcjxTPfefHqRkRRez8WNQe7rnf6GDViWNVJ8ZHRquOTLeaM4vlykvdA1FE1HsqNbrHaPNzEf0DD7UPW2tELJXNLxt8rOze2Fxzvnlleqp+qTm/2Fpszc5cSp3Wlv2pRxFnU8RyRKwO3ru5gSiiP1J86/BaupLf+lEdhy9WA4O3bkexh33chrKd9YGI5eIxOGf72GAU8Vqk+Mm7R+Nqvs9U95ovRLxW5vcibpf5ckQqL4wzEe9vch3xeOqPIv6sPP/n1tJkdT/o3lcufLX+5Zlrsz1lu/eVzvPhQERs6/lwz53iET0fDm7Ih2Of35tqUUSzuuOvpQf/zQ4AAAAAAAAAAAAAAAAAu+1gFPHpSPHqv/5BNa44qnHph88N/+7QL/aOGX/6Ptspyz4fEUvF9sbkHsgDAy+lSyk94rHEH2W1KOIP8/i/bzzqxgAAAAAAAAAAAAAAAAAAAHykFfGjSPHSe0fTcvTOKd6auV6/3Lwy3ZkVtjv3b3fO9Ha73a6nTjZyTuRcyrmccyXnas4ocv2cjZwTOZdyLudcybmaM/py/ZyNnBM5l3Iu51zJuZoz+nP9nI2cEzmXci7nXMm5mjP2ydy9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPkiKK+Fmk+ObX11KkiGhETEQnVwYfdesAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNJgKuK7kaL+e407y/ojIlX/dhwtfzkTjQNlfiIaw2W+HI3zOZtV9je+sfVuir3sAw9uIBXxw0gxWHvnzgnP53+g8+3OZRC3317/9pn+TvZ1Vw59MPixI4fPDY9+7umtPqfNGnDsQmvm5q36+Mjo6FjP4v6890/0LBvK+3Ux7Z6FN996ozk9PTX/4B/KS+ABq3fP5A72/jA/pP7Hpqk+7MaH6N8XzXg0fb9L7VHcnNhz5fP//Ujxm+/9W/eB33n+1+IXOt/uPOHjp3+0/vx/aeOGtvn8799YLz//yyfBZs//p3qWvZR/NzLQH1FbvDE3cCSitvDmW8dbN5rXp65PzZw5ceLF4eEXT58YOBBRu9aanur5tCuHCwAAAAAAAAAAAAAAAODhSUX8dqRo/nAt1SPiVjVea+jc8LPHn+mLvmq81V3jtl8fu3y+/srsjbn5qYWFqcn6+Ezr6uzk1HZ3V6uGe42PjO5JZ+7r4B63/2Dtldm5N+db139/cdP1h2rnrywszjevbr46DkYR0ehdcqxq8PjIaNXo6VZzpqp6adPB9D+/gVTEv0eKq2fq6fN5WR7/v3GEf9x++8U718LSxg3t4vj/zx1aH//38Z6i5T5TKuKnkeI3/vzp+HzVzkNxzzHL5f46Uhw7+9lcLg6U5bpt6LxXoDMysCz735Hi7392d9nueMin1sue/LkO7mOgPP+HI8V3//Tb8at52d3vf+g9/+vH79DGDe3R+x8+2bPs0F3vK9hx18nn/3ikePmpd+LXqiX/+6Hv/+i+seFop/D6+zn26Pz/cs+yobzfX9+tzgMAAAAAAAAAADzGBlIRfxMpvj/an17Iy7bz9/8mN25oj/7+16d6lk3uznxF9/2w44MKAAAAAPvEQCriR5Hi+uI7d8ZQ3z3+u2f852+tj/8cSRvWVn/O90vVewN288//eg3l/U7svNsAAAAAAAAAAAAAAAAAAACwr6RUxAt5PvWJajz/5Jbzqa9Eilf/87lcLh0py3XngR+qfq1dnJ05fn56erYWi80r01P1sbnm1amy7icjxdpffTbXLar51bvzzXfmeF+fi30+Uoz+bbdsZy727tzknfnAa+12xMmy7McjxX/83d1l89TUee7oarunyrJ/GSm+9o+blz2yXvZ0WfbbkeIHX6t3yx4qy3bfj/qp9bLPX50t9uCsAAAAAAAAAAAAAAAAAAAA8FEzkIr4k0jxXzeW74zlz/P/D/R8rdx+u2e+/w1uVfP8D1Xz/2/1+UHm/6/eK7C01V4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODJlKKItyLF3MW1tDJYfu+oXWjN3Lw1PjK6ebWDqarZV5Uvf2onT50+86UXhs9288Pr77ZPx+tjl8/XX5m9MTc/tbAwNVkfn2ldnZ2c2vYWdlp/o2PVAajfeOPm5LVrC/VTz5++a/WtoQ8GP3Zk6Nzws8ef6ZYdHxkdHesp0z/wwHu/R9pi+YEo4i8ixXPf+XH6/mBEETs/Fve5dvbawaoTx6pOjI+MVh2ZbjVnFsuVl7oHooio91RqdI/Rfc/F/7Xb7YfVlU00IpbK5pcNPlZ2b2yuOd+8Mj1Vv9ScX2wttmZnLqVOa8v+1KOIsyliOSJWB+/d3EAU8Uak+NbhtfRPgxF93ePwxYtjXzlxaut2FHvYx20o21kfiFgutnPO2MpgFPEPkeIn7x6Nfx6M6I/OT3wh4rUyvxdxOzrnO5UXxpmI9ze5jng89UcR/1Oe/3Nr6d3B8n7Qva9c+Gr9yzPXZnvKdu8rO3w+tNvtPy7z0T0fHqZ9fm+qRRE/qO74a+lf/HcNAAAAAAAAAAAAAAAAsI8U8SuR4qX3jqZqfPCdMcWtmev1y80r051hfd2xf90x0+12u11PnWzknMi5lHM550rO1ZxR5Po5G2XW2u2J/H0p53LOlZyrOaMv1++rhiu2G/n7RM6lnMs5V3Ku5oz+XD9nI+dEzqWcyzlXcq7mjH0ydg8AAAAAAAAAAAAAAAAAAHiyFNU/Kb759bXUHuzMLz0RnVwxH+gT7/8DAAD//6sO9s4=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e01272a22fc54078fd5e64475993668980a9f95aff96492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef4201dbc11d36a0a0db52e84461c6fbb4aad62cf3c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec080000002b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270b36ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a7986cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9aee540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b231f7ffc441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25afd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e5706000", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x12, r0, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000100)='./bus\x00', 0x1d81ca4, 0x0, 0x83, 0x0, &(0x7f0000000080))

4.640050567s ago: executing program 0 (id=535):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x104}]})
socket$igmp6(0xa, 0x3, 0x2)
timer_settime(r1, 0x1, &(0x7f00000002c0)={{}, {0x0, 0x989680}}, 0x0)

4.564180717s ago: executing program 2 (id=536):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r0, @ANYBLOB="06001500070000000c0016"], 0x38}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa0}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0xfff0)

4.195682841s ago: executing program 2 (id=540):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000180)={[{@init_itable}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@nodiscard}]}, 0x3, 0x466, &(0x7f0000000800)="$eJzs27tvHMUfAPDvrl/xL/lhE8IjD8AQEBYPO054pKCACCSKICFBQWvZThRyiVFsJBJFkCAUKkRDjyj5F6igQYgKiRZ6FClCaZJQHdq7XfvecS5nn5P7fKT1zezOeuZ7u3M3u3MbwMCayv4kEbsi4s+ImKhm6wtMVV9uXr+4cOv6xYUkyuX3/0kq5W5cv7hQFC3225lnptOI9Msk9reod+X8hdPzpdLSuTw/u3rm49mV8xdeOnVm/uTSyaWzh48effnI3GuvHn6lJ3Fmbbqx77PlA3vfSYbfPf51ti4t4m+Io0emOm18tlzucXX99f+adDLcx4ZwR4YiIjtcI5X+PxFDsX7wJuLtL/raOGBTlcvl8s72my+VgftYEvV5XR4GRfFFn13/FkvjIOCNzRt+9N21N6sXQFncN/OlumU40hivpEYarm97aSoiPrz073fZEptzHwIAoM5P2fjnxVbjvzQeqSn3QD43NBkRD0bE7oh4KCL2RMTDEZWyj0bEY3n58Q3W3zhJ0jz+Sa92HdwGZOO/1/O5rfrxX1oUmRyq5MYqY8DJGElOnCotHcrfk+kYGcvycx3q+PmtP75pt612/JctWf3FWDBvx9Xhsfp9FudX5+8m5lrXLkfsG24Vf7I2E5BExN6I2NdlHaee/+FAu223j7+DHswzlb+PeK56/C9FQ/yFpPP85OyOKC0dmi3Oima//X7lvXb131X8PZAd//+1PP/X4p9MaudrV+68jit/fdX2mqbb8380+aCSHs3XfTq/unpuLmI0OV5tdO36w+v7FvmifBb/9MHW/X93rL8T+yMiO4kfj4gnIuLJvO1PRcTTEXGwQ/y/Hnvmo+7j31xZ/It3dPzXE6PRuKZ1Yuj0Lz/WVTrZFP+tDsd/LTWdvzZ//g01xbWRdnV3NgMAAMC9J7u63hVJOrOWTtOZmerv5fdEpKXlldUXTix/cnax+ozAZERa3OmaqLkfOpdf1lfzlyOi+tOCYvuR/L7xt0PjlfzMwnJpsd/Bw4Db2ab/Z/5uvq0G3G88rwWDS/+HwXW7/v/5FrUD2Hrdf/8f2+jvPIFtqkX/169hIIy1/P435ofB0ND/TfvBAGno/zv61Q5g63V//2+0p+0Atp75fxhIK+Nx+4fkOyaK/9Tl7vdtIka2RTM2LRHptmjGtk2M3OP9on+fSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL30XwAAAP//cBbcWg==")
syz_mount_image$exfat(&(0x7f0000000700), &(0x7f00000001c0)='./file0\x00', 0x810000, &(0x7f0000000380)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c696f636861727365743d69736f383835392d312c646d61736b3d30303030303030303030303033373737373737373737372c696f636861727365743d6b6f69382d72752c696f636861727365743d63703433372c6e616d65636173653d312c6e616d65636173653d312c009a8d4d9016e3d8128333e260a1b926dd0c5f7619710e03ea1ae6521494f87e5737dc0c5bec3f76668140a15258818b6fbc51f9a13940e63c378688559c351287f0e09ef0b7330db20eef797e5004484649e7f5fb64b746683a75b9ed822f5ae34fac98323e391c369ca6c39e364b33f2bd19e856b7b0e86858ae18603b96c63c427c5b17c064597d388dcc3134ac94d4e521504ef8b1379461e12e1c1d7fe764571b3053cd80336486dc54ba8045c3ca1678548e23d9fc"], 0x5, 0x1501, &(0x7f0000002a80)="$eJzs3AuYzlW7MPD7Xmv9GdOkp0kOw1rr/vOkwTJJkkOKHJIkSZKcEpImSRISQ0gSkpwPk+QwhOQwjUnjfD7knDR5pUmSkJzC+q7pbW/vu3v3297f2/581577d13rmnXPeu71rDX3zDz/9b+u5/m+x8i6zevVakpE8C/Bv35JAYAYABgCANcBQAAAleIrxeeOF5CY8q89CftzPZJ2tVfAriauf97G9c/buP55G9c/b+P6521c/7yN65+3cf0Zy8u2zyl2Pbe82/j+f17Gr///i+SUn/z1xvI39vxvpHD98zauf97G9c/buP55G9c/b+P6/+9X85+Mcf3zNq4/Y3nZ1b7/zO3qtqv9+8cYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjLG84569QAPBv/au9LsYYY4wxxhhjjP15fP6rvQLGGGOMMcYYY4z9z0MQIEFBAPkgP8RAAYiFayAOroWCcB1E4HqIhxugENwIhaEIFIVikADFoQRoMGCBIISSUAqicBOUhpshEcpAWSgHDspDEtwCFeBWqAi3QSW4HSrDHVAFqkI1qA53Qg24C+6GmlAL7oHaUAfqQj24F+rDfdAA7oeG8AA0ggehMTwETeBhaAqPQDN4FJrDY9ACHoeW0ApaQxto+3+V/zL0gVegL/SDFOgPA+BVGAiDYDC8BkPgdRgKb8AweBOGwwgYCW/BKHgbRsM7MAbGwjgYDxNgIkyCyTAFpkIqvAvT4D2YDu/DDJgJs2A2pMEcmAsfwDyYDwvgQ1gIH8EiWAxLYCmkw8eQAcsgEz6B5fApZMEKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w2ewA3bCLtgNe2Av7IPPYT98AQfgS8iGr/6b+Wf/Q35PBAQUKFChwnyYD2MwBmMxFuMwDgtiQYxgBOMxHgthISyMhbEoFsUETMASWAINGiQkLIklMYpRLI2lMRETsSyWRYcOkzAJK+CtWBErYiWshJWxMlbBqlgVq2N1rIE18G6EKgHUwtpYG+tiXbwX78X7sAE2wIbYEBthI2yMjbEJNsGm2BSbYTNsjs2xBbbAltgSW2NrbIttsR22w/bYHjtiR+yEnbAzdsZkTMYu2AW7Ylfsht2wO3bHHtgDe2Iv7IUv48v4Cr6C/bC26I8DcAAOxIEHcv8YXsPXcSi+gW/gmzgcR+BIfAvfwrdxNJ7BMTgWx+E4rCEm4iScjCSmYiqm4jSchtNxOs7AmTgTZ2MazsG5OBfn4Xycjx/iQvwIP8LFuBiXYjqmYwYuw0zMxOV4FrNwBa7EVbga1+BqXIfrcR1uxE24EbfgFtyG2/Az/Ax34k7cjbtxL+7Fz/Fz/AK/wOGYjdl4EA/iITyEh/Ew5mAOHsEjeBSP4jE8hsfxOJ7Ak3gKT+JpPI1n8Cyew3N4AS/gRXwx4dtme8tsGA4ilxJK5BP5RIyIEbEiVsSJOFFQFBQRERHxIl4UEoVEYVFYFBVFRYJIECVECWGEESRCUVKUFFERFaVFaZEoEkVZUVY44USSSBIVRAVRUVQUlcTtorK4Q1QRVUUHV11UFzVER3e3qClqiVqitqgj6op6op6oL+qLBqKBaCgaikaikWgsHhJNRH8cjI+I3Mo0FyOwhRiJLUUr0Vq0EW/jE6KdGI3tRQfRUTwlxuIY7CzauWTxrOgiJmFX8byYjC+I7mIq9hAviZ6il+gtXhZ9RHvXV/QTM7C/GCBm40AxSAwWr4l5WEfkVqyueFMMFyPESPGWWIpvi9HiHTFGjBXjxHgxQUwUk8RkMUVMFaniXTFNvCemi/fFDDFTzBKzRZqYI+aKD8Q8MV8sEB+KheIjsUgsFkvEUpEuPhYZYpnIFJ+I5eJTkSVWiJVilVgt1oi1Yp1YLzaIjWKT2Cy2iK1im9guPhM7xE6xS+wWe8ResU98LvaLL8QB8aXIFl+Jg+Iv4pD4WhwW34gc8a04Ir4TR8X34pj4QRwXP4oT4qQ4JX4Sp8XP4ow4K86J8+KC+EVcFJfEZeEFSJRCSqlkIPPJ/DJGFpCx8hoZJ6+VBeV1MiKvl/HyBllI3igLyyKyqCwmE2RxWUJqaaSVJENZUpaSUXmTLC1vlomyjCwry0kny8skeYusIG+VFeVtspK8XVaWd8gqsqqsJqvLO2UNeZe8W9aUteQ9srasI+vKevJeWV/eJxvI+2VD+YBsJB+UjeVDsol8WDaVj8hm8lHZXD4mW8jHZUvZSraWbWRb+YRsJ5+U7WUH2VE+JTvJp2Vn+YxMls/KLvI52VU+L7vJF2R3+aLsIV+SPWUv2Vtekpell31lP5ki+8sB8lU5UA6Sg+Vrcoh8XQ6Vb8hh8k05XI6QI+VbcpR8W46W78gxcqwcJ8fLCXKinCQnyylyqkyV78pp8j05Xb4vZ8iZcpacLdPkHDn4t5kW/Bfy3/sH+cN+ffZtcrv8TO6QO+UuuVvukXvlPrlP7pf75QF5QGbLbHlQHpSH5CF5WB6WOTJHHpFH5FF5VB6Tx+RxeVyekCflefmTPC1/lmfkWXlWnpcX5AV58befAShUQkmlVKDyqfwqRhVQseoaFaeuVQXVdSqirlfx6gZVSN2oCqsiqqgqphJUcVVCaWWUVaRCVVKVUlF1kyqtblaJqowqq8opp8qrJHXLv5z/R+trq9qqdqqdaq/aq46qo+qkOqnOqrNKVsmqi+qiuqquqpvqprqr7qqH6qF6qp6qt+qt+qg+qq/qq1JUihqgXlUD1SA1WL2mhqjX1VA1VA1Tw9RwNVyNVCPVKDVKjVaj1Rg1Ro1T49QENUFNUpPUFDVFpapUNU1NU9PVdDVDzVCz1CyVptLUXDVXzVPz1AK1QC1UC9UitUgtUUtUukpXGSpDZapMtVwtV1lqhVqhVqlVao1ao9apdWqD2qA2qU1qi9qistR2tV3tUDvULrVL7VF71D61T+1X+9UBdUBlq2x1UB1Uh9QhdVgdVjkqRx1RR9RRdVQdU8fUcXVcnVAn1Cl1Sp1Wp9UZdUadU+fUBXVBXVQX1WV1OfeyLxCBCFSggnxBviAmiAlig9ggLogLCgYFg0gQCeKD+KBQcGNQOCgSFA2KBQlB8aBEoAMT2ICCMCgZlAqiwU1B6eDmIDEoE5QNygUuKB8kBbcEFYJbg4rBbUGl4PagcnBHUCWoGlQLqgd3BjWCu4K7g5pBreCeoHZQJ6gb1AvuDeoH9wUNgvuDhsEDQaPgwaBx8FDQJHg4aBo8EjQLHg2aB48FLYLHg5ZBq6B10CZo+6fO7/2ZIk+6vrqfTtH99QD9qh6oB+nB+jU9RL+uh+o39DD9ph6uR+iR+i09Sr+tR+t39Bg9Vo/T4/UEPVFP0pP1FD1Vp+p39TT9np6u39cz9Ew9S8/WaXqOnqs/0PP0fL1Af6gX6o/0Ir1YL9FLdbr+WGfoZTpTf6KX6091ll6hV+pVerVeo9fqdXq93qA36k16s96it+pterv+TO/QO/UuvVvv0Xv1Pv253q+/0Af0lzpbf6UP6r/oQ/prfVh/o3P0t/qI/k4f1d/rY/oHfVz/qE/ok/qU/kmf1j/rM/qsPqfP6wv6F31RX9KXtc+9uM99eTfKKJPP5DMxJsbEmlgTZ+JMQVPQREzExJt4U8gUMoVNYVPUFDUJJsGUMCVMLjJkSpqSJmqiprQpbRJNoilryhpnnEkySaaCqWAqmoqmkqlkKpvKpoqpYqqZauZOc6e5y9xlapqa5h5zj6lj6ph6pp6pb+qbBqaBaWgamkamkWlsGpsmpolpapqaZqaZaW6amxamhWlpWprWprVpa9qadqadaW/am46mo+lkOpnOprNJNsmmi+liupquppvpZrqb7qaH6WF6mp6mt+lt+pg+pq/pa1JMihlgBpiBZqAZbAabIWaIGWqGmmFmmBlfYVPN3JPTKDPKjDajzRgz1owz480EM9FMMpPNFDPVpJpUM81MM9PNdDPDzDCzzCyTZtLMXDPXzDPzzAKzwCw0C80is8gsMUtMukk3GSbDZJpMs9wsN1kmy6w0K81qs9qsNWvNerPebDQbzWaz2Ww1W812s93sMDvMLrPL7DF7zD6zz+w3+80Bc8Bkm+yY3w535rA5bHJMjjlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86ZC+YXc9FcMpeNNzFWQKy9xsbZa21Be52NsQXs38ZFbTGbYIvbElbbwrbI38XGWptoy9iytpx1trxNsrf8Lq5iq9pqtrq909awd9m7fxfXt/fZBvZ+29A+YOvZe/8ubmQftI3tY7aJfdw2ta1sM9vGNreP2Rb2cdvStrKtbRvbyT5tO9tnbLJ91naxz/0uzrDL7Hq7wW60m+x++4U9Z8/bo/Z7e8H+YvvafnaIfd0OtW/YYfZNO9yO+F08zo63E+xEO8lOtlPs1N/Fs+xsm2bn2Ln2AzvPzv9dnG4/tgttpl1kF9sldumvce6aMu0ndrn91GbZFXalXWVX2zV2rV3372tdZbfYrXab3Wc/tzvsTrvL7rZ77N5f49x9HLBf2mz7lT1iv7OH7Nf2sD1mc+y3v8a5+wP4wR63P9oT9qQ9ZX+yp+3P9ow9++v+c/f+k71kL1tvgZAESVIUUD7KTzFUgGLpGoqja6kgXUcRup7i6QYqRDdSYSpCRakYJVBxKkGaDFkiCqkklaIo3USl6WZKpDJUlsqRo/KURLdQBbqVKtJtVIlup8p0B1WhqlSNqtOdVIPuorupJtWie6g21aG6VI/upfp0HzWg+6khPUCN6EFqTA9RE3qYmtIj1Iwepeb0GLWgx6kltaLW1Iba0hPUjp6k9tSBOtJT1Imeps70DCXTs9SFnqOu9Dx1oxeoO71IPegl6km9qDe9TH3oFepL/SiF+tMAepUG0iAaTK/REHqdhtIbNIzepOE0gkbSWzSK3qbR9A6NobE0jsbTBJpIk2gyTaGplErv0jR6j6bT+zSDZtIsmk1pNIfm0gc0j+bTAvqQFtJHtIgW0xJaSun0MWXQMsqkT2g5fUpZtIJW0ipaTWtoLa2j9bSBNtIm2kxbaCtto+30Ge2gnbSLdtMe2kv76HPaT1/QAfqSsukrOkh/oUP0NR2mbyiHvqUj9B0dpe/pGP1Ax+lHOkEn6RT9RKfpZzpDZ+kcnacL9AtdpEt0mTxBiKEIZajCIMwX5g9jwgJhbHhNGBdeGxYMrwsj4fVhfHhDWCi8MSwcFgmLhsXChLB4WCLUoQltSGEYlgxLhdHwprB0eHOYGJYJy4blQheWD5PCW8IK4a1hxfC2sFJ4e1g5vCOsElYNH3ugenhnWCO8K7w7rBnWCu8Ja4d1wrphvfDesH54X9ggvD9sGD4QVgwfDBuHD4VNwofDpuEjYbPw0bB5+FjYInw8bBm2CluHbcK24RNhu/DJsH3YIewYPhV2Cp8OO4fPhMnhs2GX8Lk/HE8J+4cDwlfDV0Pv75dLokuj6dGPoxnRZdHM6CfR5dFPo1nRFdGV0VXR1dE10bXRddH10Q3RjdFN0c3RLdGt0W1R7+vlB4dOOOmUC1w+l9/FuAIu1l3j4ty1rqC7zkXc9S7e3eAKuRtdYVfEFXXFXIIr7ko47YyzjlzoSrpSLupucqXdzS7RlXFlXTnnXHmX5Nq4tq6ta+eedO1dB9fRPeWeck+7p90z7hn3rOvinnNd3fOum3vBdXcvuhfdS66n6+V6u5ddH/eK6+v6uRSX4ga4AW6gG+gGu8FuiBvihrqhbpgb5oa74W6kG+lGuVFutBvtxrgxbpwb5ya4CW6Sm+SmuCku1aW6aW6am+6muxluhpvlZrk0l+bmurlunpvnFrgFbmHiQrfILXJL3BKX7tJdhstwmS7TLXfLXZbLcivdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A63y+1ye9wet8/tc/vdfnfAHXDZLtsddAfdIXfIHXbfuBz3rTvivnNH3ffumPvBHXc/uhPupDvlfnKn3c/ujDvrzrnz7oL7xV10l9xl511q5N3ItMh7kemR9yMzIjMjsyKzI2mROZG5kQ8i8yLzIwsiH0YWRj6KLIosjiyJLI2kRz6OZESWRTIjn0SWRz6NZEVWRFZGVkVWR9ZEvC++I/QlfSkf9Tf50v5mn+jL+LK+nHe+vE/yt/gK/lZf0d/mK/nbfWV/h6/iq/pq/nHf0rfyrX0b39Y/4dv5J31738F39E/5Tv5p39k/45P9s76Lf8539c/7bv4F392/6Hv4l3xP38v39i/7Pv4V39f38ym+vx/gX/UD/SA/2L/mh/jX/VD/hh/m3/TD/Qg/0r/lR/m3/Wj/jh/jx/pxfryf4Cf6SX6yn+Kn+lT/rp/m3/PT/ft+hp/pZ/nZPs3P8XP9B36en+8X+A/9Qv+RX+QX+yV+qU/3H/sMv8xn+k/8cv+pz/Ir/Eq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fa/zW/3n/kdfqff5Xf7PX6v3+c/9/v9F/6A/9Jn+6/8Qf8Xf8h/7Q/7b3yO/9Yf8d/5o/57f8z/4I/7H/0Jf9Kf8j/50/5nf8af9ef8eX/B/+Iv+kv+8n/1PWv5/ifvpTPGGGOM/f8v9Q/G+/+D74nfWq4BAHDtzmI5fzsuAWBz4b/2B4mEThEAeLZfj0f+rdWunZKS8ttjsyQEpRYDQORK/q+XaL/FK6AjPA3J0AEq/MP1DRK9LtAfzB+9HSD2b3Ji/voxB/9h/lv/k/mfeGpcRuXwXPw/mX8xQGKpKzkF4Ep8Zf6K/8n8Rdr9wfoLfJ0K0P5vcuLgSnxl/iR4Ep6D5L97JGOMMcYYY4wx9leDRLVulHsihn9+Pk9QV3Lyw5X4j87njDHGGGOMMcYYu/pe6NX7mSeSkzt04w53uMOdf+9c7f9MjDHGGGOMsT/blYv+q70SxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMs7/p/8XFiV3uPjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG2NX2fwIAAP//sN45jQ==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
setresuid(0x0, 0xee01, 0x0)
utimensat(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0)

3.571994099s ago: executing program 0 (id=546):
r0 = inotify_init1(0x80000)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x2000775)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x101042, 0x0)
r1 = dup(r0)
ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, 0x0)

3.515875589s ago: executing program 2 (id=547):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='veth0_virt_wifi\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0x804, &(0x7f0000000080)={0x2, 0x4ea2, @multicast1}, 0x10)
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0x1, 0x4)
recvmmsg(r0, &(0x7f0000003d80)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x22, 0x0)

3.328115182s ago: executing program 0 (id=549):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
munmap(&(0x7f0000ff3000/0xb000)=nil, 0xb000)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000002, 0x9132, 0xffffffffffffffff, 0x9aa9b000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
read$FUSE(r0, &(0x7f0000012380)={0x2020}, 0x2020)

3.294313802s ago: executing program 5 (id=550):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x9}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000900)=[@in6={0xa, 0x4e23, 0x3f, @loopback, 0x5}], 0x1c)

3.121337204s ago: executing program 2 (id=551):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, 0x0})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000485000/0x3000)=nil)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x4000000)
mbind(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x1ff, 0x3)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2.944018416s ago: executing program 0 (id=553):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000008c0)={{r0}, &(0x7f00000007c0), &(0x7f0000000800)='%pS    \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r2}, 0xc)

2.922865586s ago: executing program 5 (id=554):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_mount_image$exfat(&(0x7f0000000980), &(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xa1008a, &(0x7f00000004c0)=ANY=[], 0x1, 0x1517, &(0x7f0000002780)="$eJzs3AuYTlX7MPD7XmttxjTxNMlhWGvdmycNlkOSHJLkkCTJK0lOCaFJkoTEOEsakiTHSXIYQnKYxqRxPh9yTpKkSZKQkLC+S3993rf30Pf+/32f63vn/l3Xvqz72c+99r2fez/2s/dzPfNdj1F1mtWt2YSI4H8E/+ufZACIAYBhAJAPAAIAqBhfMf7y+jwSk/9nG2F/rofTrnUF7Fri/uds3P+cjfufs3H/czbuf87G/c/ZuP85G/efsZxs2+zCN/CScxe+/5+T8fn/P0h2mUlfbShzU89/I4X7n7Nx/3M27n/Oxv3P2bj/ORv3P2fj/uds3H/GcrL//r1j/u7gP2G51scfY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLGc4Zy/SgHAb+NrXRdjjDHGGGOMMcb+PD73ta6AMcYYY4wxxhhj//chCJCACJALckMM5IFYuA7i4HrIC/kgAjdAPNwI+eEmKAAFoRAUhgQoAkVBgwELBCEUg+IQhZuhBNwCiVASSkFpcFAGykI5KA+3QgW4DSrC7VAJ7oDKUAWqQjW4E6rDXVAD7oaacA/UgtpQB+rCvVAP7oP6cD80gAegITwIjeAhaAx/gSbwMDSFR6AZPArN4TFoAS2hFbSGNv+t/BehD7wEfaEfJEN/GAADYRAMhiEwFIbByzAcXoER8CqkwEgYBa/BaHgdxsAbMBbehHHwFoyHCTARJsFkmAKp8DZMhXdgGrwL02EGzIRZkAazYQ68B3NhHsyH92EBfAALYREshiWQDh9CBiyFTPgIlsHHkAXLYQWshFWwGtbAWlgH62EDbIRNsBm2wFbYBp/AdtgBO2EX7IY9sBc+hX3wGeyHz+EAfPFv5p/9XX5PBAQUKFChwlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBQNGiQkVFeOpBJYAhMxEUthKXTosCyWxfJ4K1bAClgRK2IlrISVsQpWwWpYDatjdayBNbAm1sRaWAvrYB28F+/F+7A+1scG2AAbYkNshI2wMTbGJtgEm2JTbIbNsDk2xxbYAlthK2yDbbAttsV22A47YAfsiB2xM3bGJEzCLtgFu2JX7IbdsDt2xx7YA3tiL+yFL+KL+BK+hP2wluiPA3AADsJBOASH4lB8GYfjK/gKvoopOBJH4Wv4Gr6OY/AMjsU3cRyOw+piAk7ESUhiCqZiKk7FqTgNp+F0nIEzcBam4Wycg3NwLs7Defg+LsAP8ANchItwCaZjOmbgUszETFyGZzELl+MKXImrcDWuwrW4DtfiBtyIG3AzbsatuBU/wU9wB+7AXbgL91x+rfFT/Aw/wxQ8gAfwIB7EQ3gID+NhzMZsPIJH8CgexWN4DI/jcTyBJ/EUnsTTeBrP4Fk8h+fwPJ7HC/h8wjdN95RcnwLiMiWUyCVyiRgRI2JFrIgTcSKvyCsiIiLiRbzIL/KLAqKAKCQKiQSRIIqKosIII0iEopgoJqIiKkqIEiJRJIpSopRwwomyoqwoL8qLCqKCqChuF5XEHaKyqCLau2qimqguOrga4m5RU9QUtURtUUfUFXVFPVFP1Bf1RQPRQDQUDUUj8ZBoLPrjEHxYXO5MMzESm4tR2EK0FK1Ea/E6Pi7aijHYTrQXHcST4k0ci51FW5cknhZdxETsKp4Vk/A50V1MwR7iBdFT9BK9xYuij2jn+op+Yjr2FwPELBwkBoshYqiYi7XF5Y7VEa+KFDFSjBKviSX4uvjtGB8n3hLjxQQxUUwSk8UUkSreFlPFO2KaeFdMFzPETDFLpInZYo54T8wV88R88b5YID4QC8UisVgsEeniQ5EhlopM8ZFYJj4WWWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im3iE7Fd7BA7xS6xW+wRe8WnYp/4TOwXn4sD4gtxUHwpDomvxGHxtcgW34gj4ltxVHwnjonvxXHxgzghTopT4kdxWvwkzoiz4pz4WZwXv4gL4qK4JLwAiVJIKZUMZC6ZW8bIPDJWXifj5PUyr8wnI/IGGS9vlPnlTbKALCgLycIyQRaRRaWWRlpJMpTFZHEZlTfLEvIWmShLylKytHSyjCwry8ny8lZZQd4mK8rbZSV5h6wsq8iqspq8U1aXd8ka8m5ZU94ja8naso6sK++V9eR9sr68XzaQD8iG8kHZSD4kG8u/yCbyYdlUPiKbyUdlc/mYbCFbylaytWwjH5dt5ROynWwvO8gnZUfZSXaWT8kk+bTsIp+RXeWzspt8TnaXz8se8gXZU/aSveVFeUl62Vf2k8myvxwgB8pBcrAcIofKYfJlOVy+IkfIV2VKDADI1+Ro+bocI9+QY+Wbcpx8S46XE+REOUlOllNkqnxbTpXvyGnyXTldzpAz5SyZJmfLIVdmmv9/kP/OP8gfIVPkSLlVbpOfyO1yh9wpd8ndco/cK/fKfXKf3C/3ywPygDwoD8pD8pA8LA/LbJktj8gj8qg8Ko/JY/K4PC5PyJPyZ/mjPC1/kmfkWXlW/izPy/PywpXXABQqoaRSKlC5VG4Vo/KoWHWdilPXq7wqn4qoG1S8ulHlVzepAqqgKqQKqwRVRBVVWhllFalQFVPFVVTdjFfeIqqUKq2cKqPKqnL/Tr4qoW5Riark3+T/UX1tVBvVVrVV7VQ71UF1UB1VR9VZdVZJKkl1UV1UV9VVdVPdVHfVXfVQPVRP1VP1Vr1VH9VH9VV9VbJKVgPUQDVIDVZD1FA1rD+o4Wq4GqFGqBSVokapUWq0Gq3GqDFqrBqrxqlxarwaryaqiWqymqxSVaqaqqaqaWqamq6mq5lqpkpTaWqOmqPmqrlqvpqvFqgFaqFaqBarxSpdpasMlaEyVaZappapLLVcLVcr1Uq1Wq1Wa9VatV6tVxvVRrVZbVZZapvaprar7Wqn2ql2q91qr9qr9ql9ar/arw6oA+qgOqgOqUPqsDqsslW2OqKOqKPqqDqmjqnj6rg6oU6oU+qUOq1OqzPqjDqnzqnz6ry6oC6oS+qSggACEYhABSrIFeQKYoKYIDaIDeKCuCBvkDeIBJEgPogP8gc3BQWCgkGhoHCQEBQJigY6MIENKAiDYkHxIBrcHJQIbgkSg5JBqaB04IIyQdmgXFA+uDWoENwWVAxuDyoFdwSVgypB1aBacGdQPbgrqBHcHdQM7glqBbWDOkHd4N6gXnBfUD+4P2gQPBA0DB4MGgUPBY2DvwRNgoeDpsEjQbPg0aB58FjQImgZtApaB23+rPkVBE0D788UfML11f10su6vB+iBepAerIfooXqYflkP16/oEfpVnaJH6lH6NT1av67H6Df0WP2mHqff0uP1BD1RT9KT9RSdqt/WU/U7epp+V0/XM/RMPUun6dl6jn5Pz9Xz9Hz9vl6gP9AL9SK9WC/R6fpDnaGX6kz9kV6mP9ZZerleoVfqVXq1XqPX6nV6vd6gN+pNerPeorfqbfoTvV3v0Dv1Lr1b79F79ad6n/5M79ef6wP6C31Qf6kP6a/0Yf21ztbf6CP6W31Uf6eP6e/1cf2DPqFP6lP6R31a/6TP6LP6nP5Zn9e/6Av6or6k/eUP95dP70YZZXKZXCbGxJhYE2viTJzJa/KaiImYeBNv8pv8poApYAqZQibBJJiipqi5jAyZYqaYiZqoKWFKmESTaEqZUsYZZ8qasqa8KW8qmAqmoqloKplKprKpbKqaquZOc6e5y9xl7jZ3m3vMPaa2qW3qmrqmnqln6pv6poFpYBqahqaRaWQam8amiWlimpqmpplpZpqb5qaFaWFamVamjWlj2pq2pp1pZzqYDqaj6Wg6m84mySSZLqaL6Wq6mm6mm+luupsepofpaXqa3qa36WP6mL6mr0k2yWaAGWAGmUFmiBlihplhZrgZbkaYESbFpJhRZpQZbUabMWaMGWveNOPMW2a8mWAmmklmspliUk2qmWqmmmlmmpluppuZZqZJM2lmjplj5pq5Zr6ZbxaYBWahWWgWm8Um3aSbDJNhMk2mWWaWmSyTZVaYFWaVWWXWmDVmnVlnNpgNZpPZZLaYLWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W8OmAPmoDnoEcAcNodNtsk2R8wRc9QcNcfMMXPcHDcnzAlzypwyp81pc8acMefMOXPe/GIumIvmkvEmxuaxsfY6G2evt3ltPvv7uJAtbBNsEVvUalvAFvyb2FhrE21JW+q3S0xbziZePpfa0tbZMrasLWcr2yq2qq1m77TV7V22xu/jfGDvs/Xt/baBfcDWtffaen8VN7QP2kb2UdvYPmab2Ja2qW1tm9lHbXP7mG1hW9pWtrXtaDvZzvYpm2Sftl3sM38XZ9ildp1dbzfYjXaf/cyesz/bo/Y7e97+YvvafnaYfdkOt6/YEfZVm2JH/l08zr5lx9sJdqKdZCfbKX8Xz7SzbJqdbefY9+xcO+/v4nT7oV1gM+1Cu8gutkt+jS/XlGk/ssvsxzbLLrcr7Eq7yq62a+za/13rSrvZbrFb7V77qd1ud9iddpfdbff8Gl/ej/32c3vAfmGP2G/tIfuVPWyP2Wz7za/x5f07Zr+3x+0P9oQ9aU/ZH+1p+5M9Y89e3n9/ed9/tBftJestEJIgSYoCykW5KYbyUCxdR3F0PeWlfBShGyiebqT8dBMVoIJUiApTAhWhoqTJkCWikIpRcYrSzVSCbqFEKkmlqDQ5KkNlqRyVp1upAt1GFel2qkR3UGWqQlWpGt1J1ekuqkF3U026h2pRbapDdeleqkf3UX26nxrQA9SQHqRG9BA1pr9QE3qYmtIj1Iwepeb0GLWgltSKWlMbepza0hPUjtpTB3qSOlIn6kxPURI9TV3oGepKz1I3eo660/PUg16gntSLetOL1Ideor7Uj5KpPw2ggTSIBtMQGkrD6GUaTq/QCHqVUmgkjaLXaDS9TmPoDRpLb9I4eovG0wSaSJNoMk2hVHqbptI7NI3epek0g2bSLEqj2TSH3qO5NI/m0/u0gD6ghbSIFtMSSqcPKYOWUiZ9RMvoY8qi5bSCVtIqWk1raC2to/W0gTbSJtpMW2grbaNPaDvtoJ20i3bTHtpLn9I+ynPlDfcFHaQv6RB9RYfpa8qmb+gIfUtH6Ts6Rt/TcfqBTtBJOkU/0mn6ic7QWTpHP9N5+oUu0EW6RJ4gxFCEMlRhEOYKc4cxYZ4wNrwujAuvD/OG+cJIeEMYH94Y5g9vCguEBcNCYeEwISwSFg11aEIbUhiGxcLiYTS8OSwR3hImhiXDUmHp0IVlwrJhubB8eGtYIbwtrBjeHlYK7wgrh1XCRx+oFt4ZVg/vCmuEd4c1w3vCWmHtsE5YN7w3rBfeF9YP7w8bhA+EFcIHw0bhQyFc+b1K0/CRsFn4aNg8fCxsEbYMW4Wtwzbh42Hb8ImwXdg+7BA+GXYMO4Wdw6fCpPDpsEv4zB+uTw77hwPCgeHA0Pv75eLokmh69MNoRnRpNDP6UXRZ9ONoVnR5dEV0ZXRVdHV0TXRtdF10fXRDdGN0U3RzdEt0a9T7urnBoRNOOuUCl8vldjEuj4t117k4d73L6/K5iLvBxbsbXX53kyvgCrpCrrBLcEVcUaedcdaRC10xV9xF3c2uhLvFJbqSrpQr7Zwr48q61q6Na+PauidcO9fedXBPuiddJ9fJPeWeck+7Lu4Z19U967q551x397x73r3gerperrd70fVxL7m+rp9LdslugBvgBrlBbogb4oa5YW64G+5GuBEuxaW4UW6UG+1GuzFujBvrxrpxbpwb78a7iW6im+wmu1SX6qa6qW6am+YCAJjpZro0l+bmuDlurpvr5rv5bkHiArfQLXSL3WKX7tJdhstwmS7TLXPLXJbLcivcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXPb3Xa30+10u91ut9ftdfvcPrff7XcH3AF30B10h9whd9h97bLdN+6I+9Yddd+5Y+57d9z94E64k+6U+9Gddj+5M+6sO+d+dufdL+6Cu+guOe9SI29HpkbeiUyLvBuZHpkRmRmZFUmLzI7MibwXmRuZF5kfeT+yIPJBZGFkUWRxZEkkPfJhJCOyNJIZ+SiyLPJxJCuyPLIisjKyKrJagS+yPfTFfHEf9Tf7Ev4Wn+hL+lK+tHe+jM/ty/ny/lZfwd/mK/rbfSV/h6/sq/iq/jHfwrf0rXxr38Y/7tv6J3w739538E/6jr6T7+yf8kn+ad/FP+O7+md9N/+c7+6f9z38C76n7+V7+xd9H/+S7+v7+WTf3w/wA/0gP9gP8UP9MP+yH+5f8SP8qz7Fj/Sj/Gt+tH/dj/Fv+LH+TT/Ov+XH+wl+op/kJ/spPtW/7af6d/w0/66f7mf4mX6WT/Oz/Rz/np/r5/n5/n2/wH/gF/pFfrFf4tP9hz7DL/WZ/iO/zH/ss/xyv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8J3673+F3+l1+t9/j9/pP/T7/md/vP/cH/Bf+oP/SH/Jf+cP+a5/tv/FHsr71R/13/pj/3h/3P/gT/qQ/5X/0p/1P/ow/68/5n/15/4u/4C/6S//mb9Zq/xm3zhljjDHG/j808A/W9/8HjykAEFfGv3jvr99ROPuv10sA2FTgv8aDRULHCAA83a/Hw78ttWolJydfeW6WhKD4IgCI/G4DV+Ll0AE6QRK0h/L/sL7Botd5+hfzZ4yhydHbAWL/KicGrsZX5//yn8z/+JPjMiqF5+L/ef3RRQCJxa/mXL4K/y1eDh1+/eqwPVT4J/MXbPuv6s+SkOerVIB2f5UTBwDt8vy+/rLwBDwDSX/zzAb/cJuMMcYYY4wxxnKewaJqtz+4/vz1+jxBXc3JDVfjP7o+Z4wxxhhjjDHG2LX3XK/eTz2elNS+Gw94wIMcNuj0L55zrf9nYowxxhhjjP3Zrn7ov/pYnmtZEGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlgP9v/hLY9d6HxljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLFr7X8FAAD//8HaM+M=")
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|'], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x19)

2.59203818s ago: executing program 0 (id=556):
socket$inet(0x2, 0x4000000000000001, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000340), 0x1, 0xe0882)
socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000430109029200030172e5000904000000010100000a24010000000201020c0d240700000500006e626805000c240000e945fff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05", @ANYRES16=r0, @ANYRES16=r1], 0x0)

2.458040001s ago: executing program 5 (id=558):
syz_mount_image$reiserfs(&(0x7f0000000540), &(0x7f0000000140)='./file0\x00', 0xd0, &(0x7f0000000040), 0xf4, 0x1119, &(0x7f0000003600)="$eJzs2b9qFUEUB+Df7F5NupW1XwJaWEhIuD6AKRRua6uNSEAwVS4Iiq/hG/gWvoKmsg/ptQhYCis3e9f8IaCSG0H4Ptids2dn9uyUMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYmCRfS3K7StoxVyUpSdcdzI6SdGP+1qe6SsmT3dn80f708TxJfdK9PE02TrqUJO32nfV22k7b7fbBw527n+dv3r56vre3u7/8TEmXw+OVzqKMt/psrqy0BgAAAPy3+itr8v71n1S6eU31AQAAgN9Z9X4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwN/qm9O4HYMqSUm67mB2lKS7ZNyNf/R/AAAAwNWVVHnWXJYftgFO3c+XpvzKL9rvZRFv5UNzYSAAAABwzsuP5x77tWVw9nz9Rz9YrLvvZTKsy9eHdxuZZHNziJdNvu0kdZKtC7UOj9+9GK/S18na9cwJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfrIDByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAXBQAA//+XOeFM")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
r1 = dup(r0)
ftruncate(r1, 0x3f3ffc)
write$binfmt_script(r0, &(0x7f0000000580)={'#! ', './file0'}, 0xb)

2.356075573s ago: executing program 3 (id=559):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)

2.131055315s ago: executing program 2 (id=560):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000680)='./file2\x00', 0x800000, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f757365725f78617474722c666c7573685f6d657267652c6673796e635f6d6f64653d706f7369782c64697361626c655f6578745f6964656e746966792c6261636b67726f756e645f67633d73796e632c6673796e635f6d6f64653d7374726963742c6e6f626172726965722c6e6f696e6c696e655f646174612c6e6f626172726965722c71756f74612c6261636b67726f756e645f67633d6f66662c6e6f61636c2c6e6f657874656e745f63616368652c6e6f646973636172642c6163746976655f6c6f67733d342c00e62bc03000c35169ed09803fa1bee488c680f339e530b5e8ad120a2b4f078093a8e0ba2b3d1b5fe99356b80a454c1ec2f8e12392bbffe9fae2fa05e18a6b61f5eded2e484f574d2757a5fe762c770477aa3460313ee54451c6a6159eca600d6c85a8c09cef9996dc851a5f5edf1a4a22576c6dfe6b9e8dade2d3a8e6a8c7710733c1f69aabd8880291"], 0x1, 0x5504, &(0x7f000000c0c0)="$eJzs3M1rI2UYAPB32u1+uxbx4G0HFqGFTWj6seit6i5+YJey6sGTpsk0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJl3qls/QGma2O3vB5Nn5p03zzxvKIVnJiQA59Z8+vOPSbgRroQQZkMI10Mo9pNyK6zH8Fx5buaxLSnHfx+4GEK4GkK4MUoecyblqU9vD2+t/fDGT199c+nCtc++/HZ6qwam7fkQQncn7u93Y8xbMT4sx+vDdhG7q8MyxhPdR+VxHuN+tlVk2K8fzasXcaUV5+c7e/1R3O7UG6PYam8X4zu9eMH+sHWUp3jDw/pucdzMtorY7udFbB3Gug4O4/+2w/4g5mmW+T4o0ofB4CjG8ewgi+vZeVTERm9Qjse8eTM7GMVhGcvLhUbeaRZ1bJ3kk/5/e7Pd2ztIh9luv5330rVq7YVq7U6ltps3s0G2Wql3m3dW04VWZzStMsjq3fVWnrc6WbWRdxfThVajUanV0oW72Va73ktrtepKdamytlju3U5fvf9O2mmmC6P4cru3N2h3+ul2vpvGdyymy9WVFxfTW7X0rY3NdPPBvXsbm2+/d/fd+y9tvP5KOekvZaULy0vLy5XaUmW5tniO1v9RWfQY1w8nkky7AICz57/2/zf1/8AYnF7/v/sghNPv/4P+fyzOVP973vv/U1g/nIj+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg3Ppu7vPXip35eHytHH+qHHqmPE5CCDMhhF//xmy4eCznbJln7h/mz/2phq+TUGQYXeNSuV0NIayX2y9Pn/anAAAAAE+uLz68+Uns1uPL/LQLYpLiTZuZ6++PKV8SQpib/35M2WZGL8+OKVnx930hHIwpW3ED6/KYksVbbhfGle1fmT0WLj8WkhhmJloOAAAwEcc7gcl2IQAAAEzSx9MugOlIwtGjzKNnwcU37/94IHjl2BEAAABwBiXTLgAAAAA4dUX/7/f/AAAA4MkWf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5j535yUgfiOID/WuiD9y+PvLj3Ku7gGB7BpUvDAbwER8AreAHPgDuPYMDQqUQU3XRKI/l8kjJMQ77MELqY3yQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTpsVrO7m7Ob9vmrDft5JkNAAAAcMiqWs7qN5PU/93c/9vc+t/0i4goI+LQ2n0QP/YyB01O9cnnq3djuI+oE7bfMWquXxFx0VzP/7r+FQAAAOB0PcwX07RaTy+TvgfEMaWiTfnnMlNeERHV5ClTWrnNO8sUVv+/h3GdKa0uYI0zhaWS2zBX2kcHouvHfVe1G79pitSUX0dmmzsAAHBEg72mw1UIAAAAPbvqewD0o4jXrczdVuAoNc323s+9HgAAAPANFX0PAAAAAOhcvf53/h8AAACctnT+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF1aVctZNV9M2+asN+3kmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALywP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/uzs7WVsUYJYeIKHjQi023tbU38aAED/4JQki3NXbrjzYHW4qQizfJuRfRo4igxFv/h55b6KXeesihghcvlTc/kmkMuFo7s20+H3jzvjsZ3vu+GQj5zkwWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNr2u7txljZzZdyv9t28d3U19bf29Mn1zduLqaW412bSj4eXmx96C90lAgAAwMGR1fV9RNzJt5ZT358r6v+8PibV/N89W8Z1Pb+37q/7uvZP7ddf7r64M9FcOU8a9OzaZHzs76kMHt0qZ9tz/3jEoDjzxb2XrLgg/Q82XtjOi/PZ++bGjfeGRXiojWwBgP/iaN1XQf33UOpHXSYGwIExaBTedf2fzXWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAbtjfi6TruRcTiYDdObt27urpff33z9mLdTl27ttkcMw2RR8TZtcn4WItrmXWXLl85vzKZjC+2H7wSEV3N/k61/PMfTXFwRCfnR/A/Bf3qYs9KPg8T5NVaHv1cHf1CAgDgiZVXLdX1d/Kt5bSvNx9x//sH6//XG3FMWf/f/fjUzeZczfp/1NoKZ9/S+oXPly5dvvLm2oWVc+Nz40/fOj56e3Ti9MmTp5eKeyVL7pgAAADwcIZVa9b/wz3HpJ8dacQxZf3/xbejr5rjZOr/fe0+9Os6EwAAgIPt+Vf/+L23z/7ecBhfrqyvXxyV253Px8ttB6n+a4eq1qz/s/muswIAAADasL3Re+D9/zONOKZ8/v/MDy/91Bwzi4jD1fP/o6ufTc60t5yZ1sa/Lne9RgAAALp1uGrN5//5fKr/+zuvPPQj4o3Xyrj6GsCp6v/s/a9/bM7VfP//RHtLnEn9hfJ8FP1CxGCh64wAAAB4Uv15P+KpKFsq9n/Lt5Y/+fnIh0Pv/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC07a8AAAD//3npOno=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x109342, 0x0)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0)

2.117555215s ago: executing program 3 (id=562):
rt_sigprocmask(0x2, &(0x7f0000000600)={[0xfffffffffffffffd]}, 0x0, 0x8)
prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0)
r0 = gettid()
tkill(r0, 0x14)
tkill(r0, 0x12)

1.870646068s ago: executing program 1 (id=563):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20044000}, 0x0)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4041)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='d\x00\x00\x00\n'], 0x64}}, 0x4800)

1.857829839s ago: executing program 1 (id=564):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000eb15000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002060207b1a"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc)

1.843019719s ago: executing program 3 (id=565):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2100, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
fchdir(r0)
symlink(&(0x7f0000000300)='./file0/../file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')

1.639953721s ago: executing program 5 (id=566):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2040d0, &(0x7f00000001c0)={[{@nouid32}, {@nombcache}, {@norecovery}]}, 0xf3, 0x4a4, &(0x7f0000000e00)="$eJzs3E9sFNUfAPDvbLct/9sfP/wDolbRSPzTQkHl4EFNTDxgYqIHPK5tIchCDa2JJUSqIXgxERLvxsSLiWcPnjwZ9WTixYPeDQkxXERPa2Z3ts5ut3TZLt3Cfj7Jsu913u5735l5M2/mMRtA3xpL/0kitkXEbxExEhGF5gJjtbcb189P/X19ICIqlTf+TNKPxV/Xz0/ViybZ+9Zappi+FS4m8WKLeucWzp0qlcszZ7P8xPzpdyfmFs49c/J06cTMiZkzk0eOHD508PnnJp/tSpz/S9u654PZvbtffevKa1PHrrz949dJrtH5OLpjMBZz66TZ492trOe259JJsWHR9Ehj0cL6tIh2DEdUO+pgtf+PxMDFHUvLRuKVj3raOOC2qlQqlcmVFy9WgLtYEr1uAdAb9RN9ev1bf63T0GNDuPZS7QIojftG9qotKS5dqA42Xd920/mIOLb4z+fpK27LfQgAgEbfpeOfp1uN/wpxb67cjmxuaDSbS9kZEf+PiF0RcU9Etex9EXH/LdY/1pRfPv4pXO0osDal478XsrmtxvHf0jTF6ECW216NfzA5frI8cyBbJ/tjcDjNH2z57UlUJ4Hil09Xqn8sN/5LX2n99bFg1o6rxeHGz0yX5ktrDjxz7cOIPcUW8RcboojdEbGnwzpOPvnV3sa/DCylVo//JoodNiin8kXEE7XtvxgN2/+/mbskNz+Z7v9N85MTm6I8c2Civlcs99PPl15fqf41xd8F6fbf0rz/b4p8/KNJfr52btlXDK1Wx6XfP17xmqbT/X8oebOh8vdL8/NnD0YMJUeX/z13g7uer5dP49+/r3X/35l9Jo3/gYhId+IHI+KhiHg4a/sjEfFoROy7Sfw/vPzYO53Fv+km39odafxHWx7/Vtr+t54YOPX9t8tr3txG/JFt/8PV1P7smNzO8a/dBq59DQIAAMDGl15Rb4ukML6ULhTGx2v/h39XbCmUZ+fmnzo++96Z6dozAqMxWKjf6RrJ8pHd/xzN3R+drM6aR1zI8oey+8afDWyu5senZsvTvQ4e+tzW6j305f0/9cdAjxsH3H5dmEcD7lD6P/Svzvu/Iwfc6VbpxX6wAe5izuLQv1r1/ws9aAew/pz/oX8t9f/LbRTOPe7V/PAmcOdx/of+pf9DX5pbOHdqOCI6ea5/QyTiy9Uan2yUpt5S4pN1r/Ram4WP13abKGyMFdWQiEiizcKlVovi8oqfSntLJw0b6lqAxbZ/1WKhcqFULv/6zVoq7fWRCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDv+DQAA//+On96k")
mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0xa, 0x1002, &(0x7f0000001cc0)=""/4098, 0x41100, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000}, 0x94)
r0 = open(&(0x7f0000000140)='./file2\x00', 0x147842, 0x126)
preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

1.586018141s ago: executing program 3 (id=567):
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x18, 0x0, 0x361, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000814}, 0x14)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
syz_mount_image$ext4(&(0x7f0000000980)='ext4\x00', &(0x7f0000003000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x58, &(0x7f00000000c0), 0xfe, 0x799, &(0x7f00000001c0)="$eJzs3c1rHGUYAPBnNp+m1UYQbL00Jy2UbtoaWwWh8SSChYKebcNmG2I22ZLdlCbkYBFBEEGLB0Evnv2oN28ievZv8CIiLVXTYsWDrMx+JJtukm7TTdI2vx9M8r4zs/PMs7Pzvu/uDLsB7FpD6Z9MxIGI+CiJ2Fefn0RET7XUHTFaW+/20mIunZKoVN74M6muc2tpMRdNj0ntqVf2R8SP70UczrTGLc0vTI0VCvnZen24PH1huDS/cGRyemwiP5GfOXFsZOT4yRdOnuhcrn//vLD3+sevPvfN6L/vPn31w5+SGI299WXNeXTKUAzVn5Oe9Cms+b7TUR4MyU7vAJuSnppdtbM8DsS+6KqWAIBHWdr/VwCAXSbR/wPALtP4HODW0mKuMe3sJxLb68YrEdFfy79xfbO2pLt+za6/eh104Fay6spIEhGDHYi/PyI+/+6tr9Iptug6JMBa3rkcEecGh1rb/2TlnoVNOtrGOkN31LV/sH1+SMc/L641/sssj39ijfFP3xrn7mYMRfTWN1fVev5nrq0K2nCqA8Hr47+Xa/e2pYk2jf+Wb1ob7KrXHk8rByNispBP27YnIuJQ9PSdnyzkj20Q49DN/26ut2yoafz315W3v0zjp/9X1shc6+5b/ZjxsfLY/eTc7MbliGe6V+7tu93S/jeOeuv498xGGz64Unztpfc/W2+1NP8038bUmv/WqnwR8WysnX9DsuH9icPp4T9a+7t2jG9//XRgvfjNxz+d0viN9wLbIT3+AxvnP5g0369Z6mz8u+e//Ppf3qH09d+bvFkt99bnXRorl2ePRfQmr7fOP76ytUa9sX6af23Di72xKv+V9i9Zo/1L3xOeazPH7ut/fL35/LdWmv/4PR3/ey9cvT3VtV789o7/SLV0qD6nnfav3R28n+cOAAAAAAAAAAAAAAAAAAAAAAAAANqViYi9kWSyy+VMJput/Yb3UzGQKRRL5cPni3Mz41H9rezB6Mk0vupyX62eNL7/dLCpfvyO+vMR8WREfNL3WLWezRUL4zudPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU7Vnn9/9Tv/ft9N4BAFumv2VOpVKpNNdv5jdcDAA8dFr7fwDgUaf/B4DdR/8PALuP/h8Adh/9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvszOnT6VT5Z2kxl9bHL87PTRUvHhnPl6ay03O5bK44eyE7USxOFPLZXHH6btsrFIsXRmJm7tJwOV8qD5fmF85OF+dmymcnp8dOxdl8z7ZkBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3pjS/MDVWKORnH4nCBxHxAOyGQmcLvx35Zf9G61y5y8t4tI1Y/fUT4gFJeecLO9wwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwk/g8AAP//Ez0kyA==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)

1.413567173s ago: executing program 1 (id=568):
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d08000b000000e8fe55a1180015000600142603600e1209000d00e8030000a80016000a000340", 0x38}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe5538250015000600149b0000001208000313eba96240a8002b", 0x33}], 0x1}, 0x80)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)

804.06198ms ago: executing program 5 (id=569):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2)
close_range(r0, 0xffffffffffffffff, 0x0)

803.85256ms ago: executing program 1 (id=570):
r0 = socket$inet6(0xa, 0x2, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x4a, 0x0, 0x84, 0xfffffffe})
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000400)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

803.76173ms ago: executing program 3 (id=571):
r0 = syz_clone(0x2008400, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000b40)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
syz_open_procfs(r0, &(0x7f0000000100)='map_files\x00')

734.393591ms ago: executing program 0 (id=572):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
r1 = io_uring_setup(0x194f, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x351})
close_range(r1, 0xffffffffffffffff, 0x0)
read(r0, &(0x7f0000000200)=""/202, 0xca)

498.320484ms ago: executing program 1 (id=573):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000001c0)=0x1)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xe0000017})
epoll_wait(r1, &(0x7f0000000400)=[{}], 0x1, 0x8009)

252.107336ms ago: executing program 3 (id=574):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002fc0)=ANY=[@ANYBLOB="7a0af8ff75257078bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce72d75946c2b638d91dbef661962239c77edf2d34b12cd48a1b20fb7dd8432619f2c50d77bc0ea9b0af58e6fff4942eb613eff289026d5045ef76d7d864409eb2dc9518a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be3cdda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed544126fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f00000000008000000000000000000000000040000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000002900)=r1, 0x4)
r2 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0x40020)

227.336447ms ago: executing program 5 (id=575):
r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4})
r1 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b7c4fb9191024da8887f94ba4fb"}, 0x4, 0x5})
ioctl$DVB_DEMUX_DMX_STOP(r0, 0x6f2a)

117.912378ms ago: executing program 1 (id=576):
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

0s ago: executing program 2 (id=577):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_mount_image$f2fs(&(0x7f0000010600), &(0x7f0000010640)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00add821dea478c008e5c2cee2c62442bdfb2c3b387492982dbd3bc10bff08e47b9f8fa46aae46c81799af2877db439a136248124cecd3c1b6a5bb456b8a3f3cd39be96babc684f3934152a375b2e820541fdcbb7e613b7ddbe72066c3ad004dce9c97970bc3a0eeac6c928fff943d55ec6526701eaa44af9e0700d20e6389747546fc47cb9418c6b7a7daa4c5cb0c296e67a64849a53d820a453d6014f3dd310f6699613e5677e7c28ee5368e9b777af56b76ed83032b78e5852211b255b56fbdfb188a47cedd6b5de523ccc05ef82d3c1368f13d0bdb23c7e2e07b4a9e97fe7c48385b89a6e6ee3f0311b47a1d96a6b18b1063976cac79e916fe5f5ef0297dbcbb53158bbcdd1afaabc85588d403183c66f9fad5cd9ce1cf64cd9a06d83229c04dad708611b40d711e812f67dfa7b92bd21f3ebc2708c49e33dfa4509f851d602d349203d43df966043e0029a1cd588d3a05251243a1b5a7c32a65c0ca2cddaf560145244a7977099b0794b516dd7bb0a6437d183fa09176f37b2f77e42215ca79658309798efa4ee5023d5e77fa6728d6182eff8b2a5663312c8278588b24970324804023366557778f284c87b9e3da2dfcb1368453f9fe94c86b00"/457], 0x1, 0x105df, &(0x7f00000106c0)="$eJzs3L9vG+UfB/CPm29/fkuJUH8wgDgJISUStuIkrWBBAVoBUlNFFAYmcOyL5db2RbGTmC4sMCAxsfBPMMHfwAI7KyxsLCCxVYB8d0ENdADixqV5vaTL+7nHz338PJaXxxddAEfWbPLLz5U4F6cjYiYizkbk7Up55FaKeDIinomIY/cclbL/j44TEXEmIs6Nixc1K+VLT/169/svvrn+9MffffrtB5/9dHN6qwam7bmI6G0W7d1ekVm7yFtlf2Onk2dveafM4oXe7fI8K3I3Xc8r7Db2xjXyXGoX47PN7cE4N7qN5jjbnY28f7NfvOFgp71XJ7/gVmMrP2+l63l2Blme7TvFvEZl3hkMizqtst77efkYDvey6E9HabGezdt5NvvDsr+om7XS0Th3yizfLppZt5XPY/1ff8wPveud/vYo2Um3Bp2sn1yu1V+o1a9U61tZKx2my9VGr3VlOZlrd8fDqsO00VtpZ1m7m9aaWW8+mWs3m9V6PZm7mq53Gv2kXq8t1Raql+fL1vPJazfeTrqtZG6cr3T628NOd5BsZFtJccV8slhbenE+ebae3FxdS9bevHZtde2td6++c+Pl1TdeLQf9ZVrJ3OLC4mK1vlBdrM9b/0GMKge7niPO9wfgH7P/B6bB/t/+P+x/j/z67f85EN8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAj64fjX76eN2aL8/+X/Y+VXU9ExKWIuBgRFyLit/uYiRP7ap6PiErZvt/443+aw1eVyCuMrzlZHmciYqU87j7+oD8FAAAAeHR9/vWHH0XMjJv5n5emPSEOU/mjzalJ1ct/8vnfpKqdz4uNJlTtwl7JibgYEcdnf5xQtUsRcezsexOq9rfM7ItT90SliGOHORsAAOBw7N8JTGz3BgAAwEPnk2lPgOnI79eW/4tf3gs+WUR5Q/D0vjMAAADgP6gy7QkAAAAAD1y+//f8PwAAAHi0Fc//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA39m5m9vEgSgO4A9YL+yXFq34aIXTao8cKGJLyDEFJN3kRg2REHWQW0qIIMKeSHHEIZLHOEG/n2RmbMFfz9yexxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgTQ/Fenm3vbltmrM/NJPnbgAAAIBTdsV6WU7G1fmPdP1XuvQnIuYRMYuIaUSc6t0H8bWWOYmIXpqf+n7xpob7iDLh+JthOr5HxL90PP1u+18AAACAy7XdLFYRg+O0/PjbdUGcU3poM8qVVz7y+ZIrbVKGXWdKm75EZjGLiGL8mCltHhH9n/8zpb3LoDaMXg29auifsxoAAOA86p1Atu4NAACAD+eq6wLoRrlem97FT2vBw2pIC4LfamcAAADAJ9TrugAAAACgdWX/b/8/AAAAuGzV/n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0aVesl9vNYtU0Z39oJs/dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDM/ryjQAiEQRjsXd93Grz/saRBU1OTKhA+/sZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBif+5OIASCIAz2nf85LeYfljRoDCJUwcLHDPOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/0u1/+T0yNM8ncaWPpeCRZu2psXTX2HjSOHoy3fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2J9724SBMI7Dry+JErfJCOmtBGagoUIwAh8SkiXPwAAsRENFa7EIrAASnGs6U/A8zf9XXHEvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8JouD1+8RUQRqcsUabz5Ob1HxEekbduOPm9Z7M7H5uues/1hkvM7pr9lRJRR9HEOAEDvqm5zrNb18i/vf95B3mHeat7Ui2d+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MrO/bxE8cZxAH92dff7tVuXDlFQFiRErT8QV/FSFFjQP+Bt0U2ktUQ9pARhF+kSdOnepUvdPHXqP+jUJaKg7hsURBCEsbsz9pga62VnpdcLnpmPwzDzPHMQ3vMZBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOpL4ezqd1LoRwvPd33fD2y72Zvfb1+8dG0/Ho5PPF+JqNSxRCCDfna9XBDq6lm50Nw839h88PB+Jn+Od5y6trtyq1WnVJoVAotosMfmkBAHBoFZLRyPUfC5tTjWO5yRC2nu7M/+eiOrSZ/7eeDLyO7xXn/6GOrbC7pfl/+vrGxN/yf2llYbG0vLp2YX6hMledq94eGhsfGxwpjw6PlZrvU0reqgAAALC/YjLi/J+f3N3/PxLVoc38/+rlten4Xj3y/y5p/r/c3/+svf5/BpMEAAD4Rxw99e1rbo/juWIx3K2srCwNtbbbPw+3thlM9cD+S0ac/3sms54VAAAA0An19dyO/v9sVIc2+//vv185EV+zJ4TQl/T/L87cqc12bjldK+3/T1yq3Mj67/8zWD4AAAAd0peMuP9faH7/nz+dnpMPIQycadXJvwFsK///fDD+Jr5X/P3/SOeW2JXy5dbzSPP/xrsX8/vl/+a55RB6yxlNFgAAgEPv/2Q08v+nwubU0o/HV4u+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4xY4dozQTRHEAn2ST72sUA4JYWmhjISoIVgELQeIhLERB8AgB8QAKnsXCO4ikTkoPkMIbyEx2JGyjguxq+P1g8n+ETfbtTJMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE9Nj8JGrov40pvV7fK98dvwPOakkumzN2sHccW6VW/bf856mc+T06fx3B62DpvrCQAAgMVT5Pk+hPDafTyJ2e6n+X8rXxNn/uHyrM7zfHXuz5ln/7iWHoqzjxv1ZvfphhAur64vdmt7wt9tM+ynHLxs38/vYfW6lS98VyedT/qHpkjH1h7crk67addbd6PR8b9U/v/5pwAAvmsnZ1nk30cx95psDICF1SlXmJv/i36zPQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU4T0AAP//XHWQwg==")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0))
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x4)

kernel console output (not intermixed with test programs):

MT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   76.103328][ T4276] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.131919][ T4276] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.141717][ T4276] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.152038][ T4276] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.172899][ T4281] device veth1_macvtap entered promiscuous mode
[   76.185858][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   76.262554][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.270436][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.308537][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.331014][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.347477][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.358395][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.358472][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.358489][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.358501][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.358514][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.368849][ T4281] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.372783][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   76.373594][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   76.374263][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   76.416851][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.416875][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.416886][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.416898][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.416908][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.416920][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.416929][ T4281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.416942][ T4281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.421615][ T4281] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.436430][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   76.437181][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   76.446368][ T4281] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.483505][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.538492][ T4281] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.571767][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.585374][ T4281] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.683536][ T4281] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.693724][ T4286] Bluetooth: hci0: command 0x0419 tx timeout
[   76.701054][ T4286] Bluetooth: hci1: command 0x0419 tx timeout
[   76.707133][ T4286] Bluetooth: hci2: command 0x0419 tx timeout
[   76.713916][ T4282] Bluetooth: hci3: command 0x0419 tx timeout
[   76.736774][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   76.771541][ T4286] Bluetooth: hci4: command 0x0419 tx timeout
[   76.777478][ T4376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12'.
[   76.796145][ T4376] device syz_tun entered promiscuous mode
[   76.935290][ T4298] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.935309][ T4298] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.993721][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   77.104930][ T4327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.138556][ T4327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.147208][ T4298] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.171393][ T4298] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.211035][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   77.231357][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   77.302121][ T4327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.310170][ T4327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.313975][ T4386] loop0: detected capacity change from 0 to 512
[   77.338603][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   77.424578][ T4386] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   77.489854][ T4386] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   77.588034][ T4386] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[   77.612393][ T4391] loop5: detected capacity change from 0 to 4095
[   77.625781][ T4386] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[   77.634609][ T4386] System zones: 0-2, 18-18, 34-35
[   77.660909][ T4386] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   77.694872][ T4386] fscrypt (loop0, inode 12): Error -61 getting encryption context
[   77.750405][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x84700 phys_seg 128 prio class 2
[   77.788117][    C1] I/O error, dev loop5, sector 2032 op 0x0:(READ) flags 0x80700 phys_seg 33 prio class 2
[   77.819689][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   77.829113][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[   77.851032][    C1] I/O error, dev loop5, sector 3840 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   77.883791][    C1] I/O error, dev loop5, sector 3840 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   77.893602][    C1] Buffer I/O error on dev loop5, logical block 480, async page read
[   77.962470][ T4270] EXT4-fs (loop0): unmounting filesystem.
[   78.229640][ T4382] loop1: detected capacity change from 0 to 32768
[   78.287502][ T4379] loop2: detected capacity change from 0 to 40427
[   78.447923][ T4379] F2FS-fs (loop2): Found nat_bits in checkpoint
[   78.742673][ T4379] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   78.942865][   T26] audit: type=1800 audit(1777890382.697:2): pid=4379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.14" name="file1" dev="loop2" ino=10 res=0 errno=0
[   79.157333][ T4271] syz-executor: attempt to access beyond end of device
[   79.157333][ T4271] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   79.179215][ T4420] loop1: detected capacity change from 0 to 16
[   79.261355][ T4420] erofs: (device loop1): mounted with root inode @ nid 36.
[   79.286426][ T4405] loop0: detected capacity change from 0 to 40427
[   79.311750][ T4405] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3ffff
[   79.341645][ T4405] F2FS-fs (loop0): invalid crc value
[   79.395469][ T4405] F2FS-fs (loop0): Found nat_bits in checkpoint
[   79.597363][ T4405] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   79.908147][ T4270] syz-executor: attempt to access beyond end of device
[   79.908147][ T4270] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   80.047863][ T4435] loop1: detected capacity change from 0 to 1024
[   80.337023][ T4441] loop4: detected capacity change from 0 to 512
[   80.476506][ T4439] loop2: detected capacity change from 0 to 32768
[   80.482451][ T4441] ext2: Unknown parameter 'nouser_xattr'
[   80.489691][ T4439] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.24 (4439)
[   80.518284][ T4439] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   80.528854][ T4439] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[   80.538282][ T4439] BTRFS info (device loop2): setting nodatasum
[   80.544732][ T4439] BTRFS info (device loop2): force zlib compression, level 3
[   80.552394][ T4439] BTRFS info (device loop2): turning on flush-on-commit
[   80.559423][ T4439] BTRFS info (device loop2): max_inline at 4096
[   80.565789][ T4439] BTRFS info (device loop2): using free space tree
[   80.739674][ T4460] loop1: detected capacity change from 0 to 16
[   80.785868][ T4439] BTRFS info (device loop2): enabling ssd optimizations
[   80.800291][ T4460] erofs: (device loop1): mounted with root inode @ nid 36.
[   80.912807][   T26] audit: type=1800 audit(1777890384.667:3): pid=4460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.35" name="file1" dev="loop1" ino=86 res=0 errno=0
[   80.919096][ T4469] input: syz0 as /devices/virtual/input/input5
[   81.142884][ T4271] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   82.039216][ T4500] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[   82.082292][ T4502] =======================================================
[   82.082292][ T4502] WARNING: The mand mount option has been deprecated and
[   82.082292][ T4502]          and is ignored by this kernel. Remove the mand
[   82.082292][ T4502]          option from the mount to silence this warning.
[   82.082292][ T4502] =======================================================
[   82.117517][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.291784][ T4508] overlayfs: workdir and upperdir must reside under the same mount
[   82.319837][ T4510] Illegal XDP return value 1343619116 on prog  (id 4) dev N/A, expect packet loss!
[   82.433176][ T4505] set_capacity_and_notify: 1 callbacks suppressed
[   82.433194][ T4505] loop4: detected capacity change from 0 to 4096
[   82.604684][ T4515] loop0: detected capacity change from 0 to 512
[   82.614034][ T4515] EXT4-fs: Ignoring removed oldalloc option
[   82.676930][ T4505] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   82.746547][ T4515] EXT4-fs (loop0): 1 truncate cleaned up
[   82.761980][ T4515] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   83.031421][ T4276] EXT4-fs (loop4): unmounting filesystem.
[   83.185438][ T4270] EXT4-fs (loop0): unmounting filesystem.
[   83.520738][   T22] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   83.640687][ T4315] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   83.724529][ T4539] loop3: detected capacity change from 0 to 256
[   83.724716][   T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   83.760595][   T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.777023][ T4525] loop1: detected capacity change from 0 to 32768
[   83.789213][   T22] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   83.824883][ T4525] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.55 (4525)
[   83.832429][ T4539] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d)
[   83.842391][   T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.868451][ T4315] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   83.900910][   T22] usb 3-1: config 0 descriptor??
[   83.906130][ T4315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.948501][ T4315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.990036][ T4315] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   84.051885][ T4315] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   84.077471][ T4525] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   84.088690][ T4315] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   84.112484][ T4525] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[   84.118274][ T4315] usb 5-1: Manufacturer: syz
[   84.150720][ T4525] BTRFS info (device loop1): enabling auto defrag
[   84.171249][ T4315] usb 5-1: config 0 descriptor??
[   84.180362][ T4525] BTRFS info (device loop1): use no compression
[   84.197239][ T4525] BTRFS info (device loop1): max_inline at 4096
[   84.215119][ T4525] BTRFS info (device loop1): using free space tree
[   84.355658][   T22] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[   84.379058][   T22] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[   84.390700][   T22] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[   84.397560][   T22] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[   84.404911][   T22] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[   84.415752][   T22] elan 0003:04F3:0755.0001: failed to start in urb: -90
[   84.424738][ T4535] loop0: detected capacity change from 0 to 32768
[   84.434200][   T22] elan 0003:04F3:0755.0001: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[   84.504700][ T4535] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.59 (4535)
[   84.603976][ T4315] appleir 0003:05AC:8243.0002: unknown main item tag 0x0
[   84.631855][ T4525] BTRFS info (device loop1): enabling ssd optimizations
[   84.639808][ T4315] appleir 0003:05AC:8243.0002: No inputs registered, leaving
[   84.710866][ T4315] appleir 0003:05AC:8243.0002: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[   84.752145][ T4319] usb 3-1: USB disconnect, device number 2
[   84.768415][ T4535] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   84.813290][ T4535] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   84.854530][ T4535] BTRFS info (device loop0): using free space tree
[   85.059835][ T4560] fido_id[4560]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[   85.092130][ T4318] usb 5-1: USB disconnect, device number 2
[   85.224156][ T4564] fido_id[4564]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[   85.410766][ T4535] BTRFS info (device loop0): enabling ssd optimizations
[   85.595519][ T4587] loop2: detected capacity change from 0 to 1024
[   85.609552][ T4278] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   85.839882][ T4270] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   85.951105][ T4590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.67'.
[   85.960232][ T4590] netlink: 'syz.4.67': attribute type 30 has an invalid length.
[   86.041405][ T4590] netlink: 'syz.4.67': attribute type 29 has an invalid length.
[   86.071053][ T4590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.67'.
[   86.328051][   T26] audit: type=1326 audit(1777890390.077:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   86.351864][    C0] vkms_vblank_simulate: vblank timer overrun
[   86.428143][ T4598] loop1: detected capacity change from 0 to 64
[   86.456474][   T26] audit: type=1326 audit(1777890390.127:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   86.459793][ T4599] Zero length message leads to an empty skb
[   86.506733][ T4579] loop3: detected capacity change from 0 to 32768
[   86.536687][ T4579] 
[   86.536687][ T4579]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.536687][ T4579] 
[   86.581552][   T26] audit: type=1326 audit(1777890390.127:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   86.684144][   T26] audit: type=1326 audit(1777890390.127:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   86.789448][   T26] audit: type=1326 audit(1777890390.127:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   86.855767][ T2185] cfg80211: failed to load regulatory.db
[   86.891495][   T46] read_mapping_page failed!
[   86.896414][   T46] ERROR: (device loop3): txCommit: 
[   86.896414][   T46] 
[   86.922641][ T4606] loop0: detected capacity change from 0 to 256
[   86.929424][   T26] audit: type=1326 audit(1777890390.147:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   86.953200][    C0] vkms_vblank_simulate: vblank timer overrun
[   86.992841][   T46] jfs_write_inode: jfs_commit_inode failed!
[   86.999218][ T4281] 
[   86.999218][ T4281]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.999218][ T4281] 
[   87.019516][ T4608] loop1: detected capacity change from 0 to 512
[   87.022073][ T4281] 
[   87.022073][ T4281]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   87.022073][ T4281] 
[   87.048749][ T4606] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66dc59, utbl_chksum : 0xe619d30d)
[   87.048776][   T26] audit: type=1326 audit(1777890390.157:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   87.084928][    C0] vkms_vblank_simulate: vblank timer overrun
[   87.234414][ T4608] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.72: invalid indirect mapped block 256 (level 2)
[   87.310104][   T26] audit: type=1326 audit(1777890390.277:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   87.350606][ T4608] EXT4-fs (loop1): Remounting filesystem read-only
[   87.358004][ T4608] EXT4-fs (loop1): 2 truncates cleaned up
[   87.399268][   T26] audit: type=1326 audit(1777890390.277:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4593 comm="syz.2.68" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6e79cdd9 code=0x7ffc0000
[   87.420346][ T4608] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   87.440695][ T2185] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   87.650645][ T2185] usb 5-1: Using ep0 maxpacket: 16
[   87.661925][ T2185] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[   87.716396][ T2185] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   87.747298][ T2185] usb 5-1: config 1 has no interface number 0
[   87.754303][ T2185] usb 5-1: config 1 interface 105 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0
[   87.756014][ T4627] process 'syz.3.79' launched './file0' with NULL argv: empty string added
[   87.774453][ T2185] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0
[   87.785657][ T4627] Invalid argument reading file caps for ./file0
[   87.820989][ T2185] usb 5-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   87.849491][ T2185] usb 5-1: config 1 interface 105 has no altsetting 0
[   87.861922][ T4278] EXT4-fs (loop1): unmounting filesystem.
[   87.870114][ T2185] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[   87.880068][ T2185] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[   87.900777][ T2185] usb 5-1: Product: syz
[   87.905117][ T2185] usb 5-1: Manufacturer: syz
[   87.909747][ T2185] usb 5-1: SerialNumber: syz
[   88.124698][ T4637] loop3: detected capacity change from 0 to 128
[   88.127496][ T4633] loop0: detected capacity change from 0 to 2048
[   88.172200][ T2185] aqc111: probe of 5-1:1.105 failed with error -22
[   88.199432][ T2185] usb 5-1: USB disconnect, device number 3
[   88.210775][ T4633] hpfs: hpfs_map_sector(): read error
[   88.545492][ T4641] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   88.678131][ T4643] loop3: detected capacity change from 0 to 2048
[   88.730605][ T4643] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[   88.768233][ T4643] NILFS (loop3): mounting unchecked fs
[   88.888003][ T4643] NILFS (loop3): recovery complete
[   88.899435][ T4635] loop1: detected capacity change from 0 to 32768
[   88.949384][ T4651] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   89.020537][ T4635] (syz.1.80,4635,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   89.034560][ T4653] loop0: detected capacity change from 0 to 128
[   89.133197][ T4635] (syz.1.80,4635,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   89.148450][ T4653] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   89.198801][ T4653] ext4 filesystem being mounted at /15/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   89.315930][ T4635] JBD2: Ignoring recovery information on journal
[   89.420600][ T2185] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   89.504134][ T4635] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   89.563039][ T4270] EXT4-fs (loop0): unmounting filesystem.
[   89.637167][ T2185] usb 3-1: Using ep0 maxpacket: 32
[   89.649922][ T2185] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[   89.685440][ T2185] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[   89.717081][ T4665] loop3: detected capacity change from 0 to 128
[   89.718723][ T2185] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[   89.769406][ T2185] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[   89.771822][ T4665] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   89.797561][ T2185] usb 3-1: config 0 interface 0 has no altsetting 0
[   89.809609][ T4665] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   89.844077][ T2185] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   89.853377][ T2185] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   89.862006][ T2185] usb 3-1: Product: syz
[   89.866297][ T2185] usb 3-1: Manufacturer: syz
[   89.871099][ T2185] usb 3-1: SerialNumber: syz
[   89.879476][ T2185] usb 3-1: config 0 descriptor??
[   89.888737][ T2185] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   89.903387][ T2185] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   90.157872][ T4278] ocfs2: Unmounting device (7,1) on (node local)
[   90.256026][ T4657] ldusb 3-1:0.0: Write buffer overflow, 64885 bytes dropped
[   90.344473][ T4281] EXT4-fs (loop3): unmounting filesystem.
[   90.356516][ T2185] usb 3-1: USB disconnect, device number 3
[   90.357915][    C0] ldusb 3-1:0.0: usb_submit_urb failed (-19)
[   90.429642][ T2185] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[   90.533340][ T4677] input: syz0 as /devices/virtual/input/input7
[   90.954730][ T4686] loop1: detected capacity change from 0 to 4096
[   90.983538][ T4686] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512)
[   91.000764][   T22] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   91.095435][ T4686] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[   91.192454][   T22] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   91.219882][   T22] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   91.276743][   T22] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   91.314159][   T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.362519][   T22] usb 5-1: config 0 descriptor??
[   91.530679][ T4481] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   91.629370][ T4700] syz.1.108 uses obsolete (PF_INET,SOCK_PACKET)
[   91.710716][ T2185] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   91.729148][ T4481] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[   91.748750][ T4481] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.773431][ T4481] usb 3-1: config 0 descriptor??
[   91.787906][   T22] elan 0003:04F3:0755.0003: unknown main item tag 0x0
[   91.789383][ T4481] cp210x 3-1:0.0: cp210x converter detected
[   91.802495][   T22] elan 0003:04F3:0755.0003: unknown main item tag 0x0
[   91.815775][   T22] elan 0003:04F3:0755.0003: unknown main item tag 0x0
[   91.844500][   T22] elan 0003:04F3:0755.0003: unknown main item tag 0x0
[   91.852785][   T22] elan 0003:04F3:0755.0003: unknown main item tag 0x0
[   91.860390][   T22] elan 0003:04F3:0755.0003: failed to start in urb: -90
[   91.878058][   T22] elan 0003:04F3:0755.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0
[   91.892891][ T4286] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   91.901577][ T4286] Bluetooth: hci1: Injecting HCI hardware error event
[   91.907581][ T4706] loop1: detected capacity change from 0 to 1024
[   91.910592][ T4282] Bluetooth: hci1: hardware error 0x00
[   91.935855][ T2185] usb 4-1: unable to get BOS descriptor or descriptor too short
[   91.953490][ T2185] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7
[   91.955096][ T4706] EXT4-fs: Ignoring removed orlov option
[   91.972270][ T2185] usb 4-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40
[   91.988049][ T2185] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.996788][ T2185] usb 4-1: Product: syz
[   92.001276][ T2185] usb 4-1: Manufacturer: syz
[   92.005999][ T2185] usb 4-1: SerialNumber: syz
[   92.065654][   T22] usb 5-1: USB disconnect, device number 4
[   92.179503][ T4706] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   92.221419][ T4481] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[   92.228275][ T2185] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[   92.319985][ T4707] fido_id[4707]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[   92.435982][ T4481] usb 3-1: cp210x converter now attached to ttyUSB0
[   92.453518][ T2185] usb 4-1: 2:1 : unknown format tag 0x4 is detected.  processed as MPEG.
[   92.481712][ T2185] usb 4-1: found format II with max.bitrate = 4, frame size=7372
[   92.523962][ T2185] usb 4-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22)
[   92.536919][ T2185] usb 4-1: 2:1 : unknown format tag 0x4 is detected.  processed as MPEG.
[   92.555813][ T4278] EXT4-fs (loop1): unmounting filesystem.
[   92.562649][ T2185] usb 4-1: found format II with max.bitrate = 4, frame size=7372
[   92.579309][ T2185] usb 4-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22)
[   92.659565][ T4481] usb 3-1: USB disconnect, device number 4
[   92.700219][ T4481] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[   92.743685][ T4481] cp210x 3-1:0.0: device disconnected
[   92.800907][ T4286] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[   92.811850][ T4286] CPU: 1 PID: 4286 Comm: kworker/u5:7 Not tainted syzkaller #0
[   92.819508][ T4286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   92.829594][ T4286] Workqueue: hci2 hci_rx_work
[   92.834331][ T4286] Call Trace:
[   92.837645][ T4286]  <TASK>
[   92.840606][ T4286]  dump_stack_lvl+0x188/0x24e
[   92.845339][ T4286]  ? show_regs_print_info+0x12/0x12
[   92.850675][ T4286]  ? load_image+0x400/0x400
[   92.855230][ T4286]  sysfs_create_dir_ns+0x26a/0x290
[   92.860387][ T4286]  ? sysfs_warn_dup+0xa0/0xa0
[   92.865105][ T4286]  ? do_raw_spin_unlock+0x11d/0x230
[   92.870346][ T4286]  kobject_add_internal+0x61c/0xcc0
[   92.875677][ T4286]  kobject_add+0x160/0x230
[   92.880121][ T4286]  ? kobject_init+0x1d0/0x1d0
[   92.884923][ T4286]  ? klist_children_get+0x50/0x50
[   92.889962][ T4286]  ? get_device_parent+0x121/0x3f0
[   92.895285][ T4286]  device_add+0x483/0xfb0
[   92.899713][ T4286]  ? kmem_cache_free+0xf7/0x290
[   92.904584][ T4286]  hci_conn_add_sysfs+0xd1/0x1e0
[   92.909546][ T4286]  le_conn_complete_evt+0x1062/0x1670
[   92.914965][ T4286]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[   92.921228][ T4286]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[   92.926881][ T4286]  ? skb_pull_data+0xf7/0x200
[   92.931574][ T4286]  hci_le_conn_complete_evt+0x183/0x440
[   92.937141][ T4286]  ? hci_remote_host_features_evt+0x270/0x270
[   92.943226][ T4286]  hci_event_packet+0x7b9/0x1280
[   92.948290][ T4286]  ? bis_list+0x280/0x280
[   92.952637][ T4286]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   92.958574][ T4286]  ? kcov_remote_start+0x4c7/0x7e0
[   92.963722][ T4286]  ? netdev_warn+0x3e/0x16c
[   92.968273][ T4286]  ? hci_send_to_monitor+0x9c/0x4a0
[   92.973511][ T4286]  hci_rx_work+0x3eb/0xd40
[   92.977966][ T4286]  ? _raw_spin_unlock+0x40/0x40
[   92.982849][ T4286]  ? process_one_work+0x7b0/0x1160
[   92.987983][ T4286]  process_one_work+0x8a2/0x1160
[   92.992953][ T4286]  ? worker_detach_from_pool+0x240/0x240
[   92.998607][ T4286]  ? _raw_spin_lock_irq+0xb7/0xf0
[   93.003644][ T4286]  ? _raw_spin_lock_irqsave+0x100/0x100
[   93.009205][ T4286]  ? kthread_data+0x4b/0xc0
[   93.013735][ T4286]  worker_thread+0xaa2/0x1270
[   93.018451][ T4286]  ? __kthread_parkme+0x162/0x1c0
[   93.023499][ T4286]  kthread+0x29d/0x330
[   93.027579][ T4286]  ? worker_clr_flags+0x1a0/0x1a0
[   93.032619][ T4286]  ? kthread_blkcg+0xd0/0xd0
[   93.037247][ T4286]  ret_from_fork+0x1f/0x30
[   93.041718][ T4286]  </TASK>
[   93.047859][ T4286] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   93.061592][ T4286] Bluetooth: hci2: failed to register connection device
[   93.322267][ T4337] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   93.344979][ T2185] usb 4-1: USB disconnect, device number 2
[   93.540764][ T4337] usb 2-1: Using ep0 maxpacket: 8
[   93.556931][ T4337] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[   93.561064][ T4731] loop0: detected capacity change from 0 to 4096
[   93.575279][ T4337] usb 2-1: config 0 has no interface number 0
[   93.596694][ T4337] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   93.627202][ T4337] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   93.656696][ T4337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.674142][ T4562] udevd[4562]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   93.684651][ T4337] usb 2-1: config 0 descriptor??
[   93.692880][ T4733] loop4: detected capacity change from 0 to 4096
[   93.748675][ T4731] ntfs3: loop0: failed to convert "0000" to iso8859-14
[   93.774787][ T4337] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[   93.834362][ T4733] ntfs3: loop4: ntfs_set_state r=3 failed, -22.
[   94.050651][ T4282] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   94.245953][ T4621] ntfs3: loop4: ntfs3_write_inode r=3 failed, -22.
[   94.269764][ T4276] ntfs3: loop4: ntfs_set_state r=3 failed, -22.
[   94.312369][ T4276] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[   94.386144][ T4276] ntfs3: loop4: ntfs_set_state r=3 failed, -22.
[   94.427575][   T46] ntfs3: loop4: ntfs3_write_inode r=3 failed, -22.
[   94.449987][ T4276] ntfs3: loop4: ntfs_evict_inode r=3 failed, -22.
[   94.570396][ T4318] usb 2-1: USB disconnect, device number 2
[   94.833236][ T4759] loop2: detected capacity change from 0 to 1024
[   94.931422][ T4759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   94.949763][ T4759] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   95.076819][ T4271] EXT4-fs (loop2): unmounting filesystem.
[   95.288931][ T4770] loop3: detected capacity change from 0 to 256
[   95.344342][ T4770] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   95.390677][ T4770] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[   95.426133][ T4770] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d)
[   95.680214][ T4778] loop1: detected capacity change from 0 to 512
[   95.764318][ T4778] EXT4-fs (loop1): 1 truncate cleaned up
[   95.770327][ T4778] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   96.021938][ T4278] EXT4-fs (loop1): unmounting filesystem.
[   96.396232][ T4772] loop2: detected capacity change from 0 to 32768
[   96.440797][ T4772] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.137 (4772)
[   96.535219][ T4772] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   96.584495][ T4772] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[   96.625432][ T4772] BTRFS info (device loop2): setting nodatasum
[   96.645789][ T4772] BTRFS info (device loop2): force zlib compression, level 3
[   96.670527][ T4772] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[   96.730563][ T4772] BTRFS info (device loop2): use lzo compression, level 0
[   96.735664][ T4799] loop4: detected capacity change from 0 to 4096
[   96.737848][ T4772] BTRFS info (device loop2): turning on flush-on-commit
[   96.775211][ T4799] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[   96.782077][ T4772] BTRFS info (device loop2): enabling auto defrag
[   96.830682][ T4772] BTRFS info (device loop2): max_inline at 4096
[   96.847231][ T4772] BTRFS info (device loop2): using free space tree
[   96.874116][ T4784] loop3: detected capacity change from 0 to 32768
[   96.881645][ T4799] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[   96.913497][ T4784] (syz.3.140,4784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   96.929282][ T4784] (syz.3.140,4784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   97.100095][ T4784] JBD2: Ignoring recovery information on journal
[   97.205652][ T4772] BTRFS info (device loop2): enabling ssd optimizations
[   97.282451][ T4784] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   97.584846][ T4826] loop4: detected capacity change from 0 to 1024
[   97.613888][ T4826] hfsplus: unable to parse mount options
[   97.773998][ T4281] ocfs2: Unmounting device (7,3) on (node local)
[   97.864075][ T4271] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   98.320656][ T4739] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop2 scanned by udevd (4739)
[   98.599467][ T4851] netlink: 'syz.4.159': attribute type 29 has an invalid length.
[   98.647883][ T4851] netlink: 'syz.4.159': attribute type 29 has an invalid length.
[   98.764968][ T4846] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   98.788540][ T4855] netlink: 'syz.0.160': attribute type 1 has an invalid length.
[   98.962685][ T4846] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   98.988414][ T4846] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.036604][ T4846] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   99.081727][ T4846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.116520][ T4846] usb 2-1: config 0 descriptor??
[   99.170638][ T4282] Bluetooth: hci2: command 0x0406 tx timeout
[   99.222693][ T4862] loop2: detected capacity change from 0 to 4096
[   99.232322][ T4862] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512)
[   99.282671][ T4862] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[   99.321617][ T4864] loop4: detected capacity change from 0 to 1024
[   99.432452][ T4864] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   99.470752][ T4864] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   99.538752][ T4846] elan 0003:04F3:0755.0004: unknown main item tag 0x0
[   99.557998][ T4846] elan 0003:04F3:0755.0004: unknown main item tag 0x0
[   99.590574][ T4846] elan 0003:04F3:0755.0004: unknown main item tag 0x0
[   99.611000][ T4863] EXT4-fs error (device loop4): ext4_map_blocks:747: inode #15: comm syz.4.164: lblock 0 mapped to illegal pblock 0 (length 1)
[   99.616465][ T4846] elan 0003:04F3:0755.0004: unknown main item tag 0x0
[   99.655147][ T4846] elan 0003:04F3:0755.0004: unknown main item tag 0x0
[   99.696140][ T4863] EXT4-fs (loop4): Remounting filesystem read-only
[   99.721355][ T4846] elan 0003:04F3:0755.0004: failed to start in urb: -90
[   99.730150][ T4863] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #15: comm syz.4.164: lblock 0 mapped to illegal pblock 0 (length 1)
[   99.753300][ T4846] elan 0003:04F3:0755.0004: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[   99.781089][ T4863] EXT4-fs (loop4): Remounting filesystem read-only
[   99.798425][ T4863] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #15: comm syz.4.164: lblock 0 mapped to illegal pblock 0 (length 1)
[   99.828930][ T4846] usb 2-1: USB disconnect, device number 3
[   99.868753][ T4863] EXT4-fs (loop4): Remounting filesystem read-only
[   99.908181][ T4863] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #15: comm syz.4.164: lblock 0 mapped to illegal pblock 0 (length 1)
[   99.977388][ T4863] EXT4-fs (loop4): Remounting filesystem read-only
[  100.007670][ T4863] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #15: comm syz.4.164: lblock 0 mapped to illegal pblock 0 (length 1)
[  100.089964][ T4863] EXT4-fs (loop4): Remounting filesystem read-only
[  100.135049][ T4864] EXT4-fs error (device loop4): ext4_free_blocks:6220: comm syz.4.164: Freeing blocks not in datazone - block = 0, count = 1
[  100.179138][ T4878] fido_id[4878]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  100.218523][ T4864] EXT4-fs (loop4): Remounting filesystem read-only
[  100.336133][ T4276] EXT4-fs (loop4): unmounting filesystem.
[  100.476565][ T4884] loop3: detected capacity change from 0 to 256
[  100.592335][ T4884] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  101.090665][ T4282] Bluetooth: hci0: command 0x2016 tx timeout
[  101.472260][ T4891] mmap: syz.4.175 (4891) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  101.747793][ T4921] loop2: detected capacity change from 0 to 1024
[  101.783612][ T4922] loop1: detected capacity change from 0 to 1024
[  101.818375][ T4925] loop3: detected capacity change from 0 to 512
[  101.829810][ T4921] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  101.840216][ T4922] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  101.941057][ T4922] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.061589][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  102.101983][ T4932] loop4: detected capacity change from 0 to 2048
[  102.189935][ T4925] EXT4-fs (loop3): Test dummy encryption mode enabled
[  102.215786][ T4925] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  102.216979][ T4932] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  102.257895][ T4298] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm kworker/u4:5: bg 0: block 112: padding at end of block bitmap is not set
[  102.286829][ T4298] EXT4-fs (loop1): Remounting filesystem read-only
[  102.297789][ T4925] EXT4-fs error (device loop3): ext4_orphan_get:1431: comm syz.3.187: bad orphan inode 131083
[  102.327790][ T4278] EXT4-fs (loop1): unmounting filesystem.
[  102.354853][ T4925] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  102.529669][ T4281] EXT4-fs (loop3): unmounting filesystem.
[  103.365601][ T4957] capability: warning: `syz.2.198' uses deprecated v2 capabilities in a way that may be insecure
[  103.548676][ T4276] EXT4-fs (loop4): unmounting filesystem.
[  103.646393][ T4738] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.658169][ T4286] Bluetooth: hci5: command 0x1003 tx timeout
[  103.665923][ T4282] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  103.891810][ T4738] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.074300][ T4738] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.199129][ T4738] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.247264][ T4968] netlink: 8 bytes leftover after parsing attributes in process `syz.1.204'.
[  104.908858][ T4982] loop0: detected capacity change from 0 to 1024
[  104.950186][ T4982] EXT4-fs: Ignoring removed orlov option
[  105.049735][ T4982] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  105.127361][ T4286] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  105.137404][ T4286] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  105.145837][ T4286] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  105.182434][ T4286] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  105.193159][ T4286] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  105.202348][ T4286] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  105.582051][ T4270] EXT4-fs (loop0): unmounting filesystem.
[  105.741787][ T5002] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  105.780664][ T5002] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[  106.495464][ T5020] __sock_release: fasync list not empty!
[  106.538339][ T5023] loop1: detected capacity change from 0 to 1024
[  106.847311][ T4991] chnl_net:caif_netlink_parms(): no params data found
[  106.969940][ T4990] loop3: detected capacity change from 0 to 32768
[  107.223749][ T4990] XFS (loop3): Mounting V5 Filesystem
[  107.250705][ T4282] Bluetooth: hci2: command 0x0409 tx timeout
[  107.407319][ T5044] loop2: detected capacity change from 0 to 1024
[  107.426987][ T4990] XFS (loop3): Ending clean mount
[  107.512965][ T5044] EXT4-fs: Ignoring removed orlov option
[  107.783071][ T4990] XFS (loop3): Quotacheck needed: Please wait.
[  107.925682][ T5044] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  108.108455][ T4990] XFS (loop3): Quotacheck: Done.
[  108.132775][ T4991] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.140747][ T4991] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.149229][ T4991] device bridge_slave_0 entered promiscuous mode
[  108.297966][ T4738] device hsr_slave_0 left promiscuous mode
[  108.360803][ T4738] device hsr_slave_1 left promiscuous mode
[  108.476036][ T4281] XFS (loop3): Unmounting Filesystem
[  108.509137][ T4738] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.519849][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  108.520634][ T4738] batman_adv: batadv0: Removing interface: batadv_slave_0
[  108.572063][ T4738] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.630557][ T4738] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.752598][ T4738] device bridge_slave_1 left promiscuous mode
[  108.789295][ T4738] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.844024][ T4738] device bridge_slave_0 left promiscuous mode
[  108.870702][ T4738] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.902766][ T5076] 9pnet: p9_errstr2errno: server reported unknown error �@íÎ
[  109.202264][ T4738] device veth1_macvtap left promiscuous mode
[  109.208941][ T4738] device veth0_macvtap left promiscuous mode
[  109.270637][ T4738] device veth1_vlan left promiscuous mode
[  109.287043][ T4738] device veth0_vlan left promiscuous mode
[  109.318080][ T5082] loop0: detected capacity change from 0 to 8
[  109.330675][ T4282] Bluetooth: hci2: command 0x041b tx timeout
[  109.760294][ T5086] loop2: detected capacity change from 0 to 4096
[  109.857121][ T5086] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  110.425811][ T5094] overlayfs: failed index dir cleanup (-512)
[  110.485420][ T5094] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  110.709159][ T5106] kvm [5105]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0x8000000000000
[  110.735571][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  111.260655][ T2185] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  111.413005][ T4282] Bluetooth: hci2: command 0x040f tx timeout
[  111.490564][ T2185] usb 3-1: Using ep0 maxpacket: 8
[  111.511044][ T2185] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  111.540043][ T2185] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  111.558574][ T2185] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  111.569101][ T2185] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  111.584062][ T2185] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  111.598936][ T2185] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  111.608267][ T2185] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.887337][ T2185] usb 3-1: GET_CAPABILITIES returned 0
[  111.915891][ T2185] usbtmc 3-1:16.0: can't read capabilities
[  111.973702][ T4738] team0 (unregistering): Port device team_slave_1 removed
[  112.076838][ T5123] loop0: detected capacity change from 0 to 512
[  112.151656][ T5123] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  112.182802][ T5123] EXT4-fs (loop0): orphan cleanup on readonly fs
[  112.223035][ T4738] team0 (unregistering): Port device team_slave_0 removed
[  112.233310][ T4486] usb 3-1: USB disconnect, device number 5
[  112.236727][ T5110] usbtmc 3-1:16.0: usb_control_msg returned -71
[  112.259005][ T5123] EXT4-fs warning (device loop0): ext4_enable_quotas:7093: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  112.295251][ T5123] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  112.327855][ T4738] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.335781][ T5123] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2916: inode #16: comm syz.0.248: corrupted xattr block 31
[  112.338856][   T57] Bluetooth: Error in BCSP hdr checksum
[  112.373303][ T5123] EXT4-fs warning (device loop0): ext4_evict_inode:301: xattr delete (err -117)
[  112.383448][ T5123] EXT4-fs (loop0): 1 orphan inode deleted
[  112.389461][ T5123] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  112.442000][ T4738] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  112.809418][ T4738] bond0 (unregistering): Released all slaves
[  112.915240][ T4991] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.922656][ T4991] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.932051][ T4991] device bridge_slave_1 entered promiscuous mode
[  113.067370][ T4991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.150119][ T4991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.288571][ T5135] loop1: detected capacity change from 0 to 16
[  113.360809][ T5135] erofs: (device loop1): mounted with root inode @ nid 36.
[  113.382941][ T4991] team0: Port device team_slave_0 added
[  113.431115][ T4991] team0: Port device team_slave_1 added
[  113.440867][ T5137] loop2: detected capacity change from 0 to 512
[  113.461004][ T5137] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  113.500741][ T4279] Bluetooth: hci2: command 0x0419 tx timeout
[  113.510015][ T5137] EXT4-fs error (device loop2): ext4_orphan_get:1405: inode #15: comm syz.2.251: iget: bad i_size value: 38620345925642
[  113.576057][ T4991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.593881][ T4991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.600582][ T5137] EXT4-fs error (device loop2): ext4_orphan_get:1410: comm syz.2.251: couldn't read orphan inode 15 (err -117)
[  113.668790][ T5142] loop1: detected capacity change from 0 to 1024
[  113.680996][ T5137] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  113.732140][ T5142] EXT4-fs: Ignoring removed bh option
[  113.742765][ T4991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.758591][ T4991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.775941][ T4991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.831772][ T5142] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  113.887118][ T4991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.937853][ T5142] EXT4-fs (loop1): re-mounted. Quota mode: none.
[  113.998855][ T5148] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.251: bg 0: block 5: invalid block bitmap
[  114.044790][ T5151] EXT4-fs (loop2): shut down requested (1)
[  114.059999][ T4278] EXT4-fs (loop1): unmounting filesystem.
[  114.062146][ T4991] device hsr_slave_0 entered promiscuous mode
[  114.073375][ T4991] device hsr_slave_1 entered promiscuous mode
[  114.080103][ T4991] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.104477][ T4991] Cannot create hsr debugfs directory
[  114.140755][ T4286] Bluetooth: hci5: command 0x1003 tx timeout
[  114.140787][ T4282] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  114.411934][ T4270] EXT4-fs (loop0): unmounting filesystem.
[  114.458326][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  114.753529][ T4991] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  114.808932][ T4991] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  114.868833][ T4991] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  114.905164][ T4991] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  115.192055][ T4991] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.242501][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  115.288460][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.323912][ T4991] 8021q: adding VLAN 0 to HW filter on device team0
[  115.376622][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  115.396521][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  115.430016][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.437268][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.500052][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  115.560256][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  115.585040][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.638376][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.646884][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.708191][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  115.724344][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  115.796305][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  115.838117][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  115.856392][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  115.879954][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  115.901808][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  115.924287][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.946003][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  115.971980][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  115.996769][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  116.066985][ T5193] loop3: detected capacity change from 0 to 8192
[  116.092465][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  116.140092][ T5193] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  116.240607][ T5193] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  116.250056][ T5193] REISERFS (device loop3): using ordered data mode
[  116.258154][ T5193] reiserfs: using flush barriers
[  116.267725][ T5193] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  116.288063][ T5193] REISERFS (device loop3): checking transaction log (loop3)
[  116.679272][ T5193] REISERFS (device loop3): Using r5 hash to sort names
[  116.708836][ T5193] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  117.001187][ T5193] REISERFS warning (device loop3): reiserfs-13077 reiserfs_fh_to_dentry: nfsd/reiserfs, fhtype=3, len=2 - odd
[  117.055467][   T26] audit: type=1804 audit(1777890421.814:13): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.267" name="/newroot/48/file7/file0" dev="loop3" ino=2 res=1 errno=0
[  117.292032][ T5221] loop2: detected capacity change from 0 to 4096
[  117.397127][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  117.432709][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  117.446259][ T4991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.699829][ T5234] loop3: detected capacity change from 0 to 256
[  117.770298][ T5234] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  118.436693][ T5251] loop3: detected capacity change from 0 to 2048
[  118.511080][ T5251] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.579367][   T26] audit: type=1800 audit(1777890423.334:14): pid=5251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.281" name="file1" dev="loop3" ino=1367 res=0 errno=0
[  118.602036][ T4486] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  118.820656][ T4486] usb 1-1: Using ep0 maxpacket: 32
[  118.828397][ T4486] usb 1-1: config 2 has an invalid interface number: 88 but max is 0
[  118.848612][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  118.858307][ T4486] usb 1-1: config 2 has no interface number 0
[  118.863751][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  118.868447][ T4486] usb 1-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256
[  118.905017][ T4486] usb 1-1: config 2 interface 88 has no altsetting 0
[  118.928036][ T4738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  118.947111][ T4486] usb 1-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  118.972547][ T5257] loop1: detected capacity change from 0 to 512
[  118.989297][ T4738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  118.990536][ T4486] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.005024][ T5257] EXT4-fs: Ignoring removed mblk_io_submit option
[  119.008173][ T4991] device veth0_vlan entered promiscuous mode
[  119.029657][ T5257] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  119.049742][ T5240] loop2: detected capacity change from 0 to 32768
[  119.061928][ T5257] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e028, mo2=0002]
[  119.073354][ T5257] EXT4-fs (loop1): orphan cleanup on readonly fs
[  119.080656][ T4738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  119.089041][ T4738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  119.105960][ T5257] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.292: bg 0: block 361: padding at end of block bitmap is not set
[  119.115439][ T4486] usb 1-1: Product: syz
[  119.133506][ T5257] EXT4-fs (loop1): Remounting filesystem read-only
[  119.140103][ T5257] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6180: Corrupt filesystem
[  119.199366][ T4991] device veth1_vlan entered promiscuous mode
[  119.215924][ T4486] usb 1-1: Manufacturer: syz
[  119.260844][ T4486] usb 1-1: SerialNumber: syz
[  119.269130][ T5257] EXT4-fs (loop1): Remounting filesystem read-only
[  119.284877][ T5257] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.292: attempt to clear invalid blocks 33619980 len 1
[  119.313591][ T5249] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  119.317769][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  119.365132][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  119.387890][ T5257] EXT4-fs (loop1): Remounting filesystem read-only
[  119.418134][ T5257] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.292: invalid indirect mapped block 1811939328 (level 0)
[  119.421635][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  119.443881][ T5257] EXT4-fs (loop1): Remounting filesystem read-only
[  119.464213][ T5257] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.292: invalid indirect mapped block 2185560079 (level 1)
[  119.519151][ T5257] EXT4-fs (loop1): Remounting filesystem read-only
[  119.527147][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  119.543823][ T5257] EXT4-fs (loop1): 1 truncate cleaned up
[  119.549588][ T5257] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  119.569156][ T4991] device veth0_macvtap entered promiscuous mode
[  119.601186][ T5249] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  119.678737][ T4991] device veth1_macvtap entered promiscuous mode
[  119.693297][ T5257] EXT4-fs (loop1): unmounting filesystem.
[  119.809684][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  119.880261][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  119.949457][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.003326][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.052706][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.077459][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.146279][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.180533][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.212512][ T4991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.222933][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  120.232057][ T4486] asix 1-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  120.244633][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  120.250594][ T4486] asix: probe of 1-1:2.88 failed with error -71
[  120.296298][ T4486] usb 1-1: USB disconnect, device number 2
[  120.327069][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  120.372337][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  120.429672][ T5276] netlink: 7 bytes leftover after parsing attributes in process `syz.1.285'.
[  120.453982][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.479932][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.495581][ T5285] FAT-fs (nullb0): bogus number of reserved sectors
[  120.516484][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.520531][ T5285] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  120.584861][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.604938][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.630585][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.650515][ T4991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.670322][ T4991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.693060][ T4991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.702311][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  120.723909][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  120.754284][ T4991] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.797587][ T4991] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.836943][ T4991] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.860316][ T4991] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.342065][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.349929][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.411122][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  121.780795][ T5303] loop2: detected capacity change from 0 to 32768
[  121.804192][ T5303] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  121.813123][ T5303] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  121.886887][ T5303] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  121.900825][ T4839] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  121.908077][ T4839] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  121.912716][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.976266][ T4839] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 68ms
[  121.996288][ T4839] gfs2: fsid=syz:syz.0: jid=0: Done
[  122.001813][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.018575][ T5303] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  122.029439][ T4738] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  122.283390][ T5303] gfs2: fsid=syz:syz.0: found 1 quota changes
[  122.301608][ T4839] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  122.368935][ T5322] loop5: detected capacity change from 0 to 64
[  122.392143][ T5303] syz.2.297: attempt to access beyond end of device
[  122.392143][ T5303] loop2: rw=12288, sector=6755399441055880, nr_sectors = 8 limit=32768
[  122.454774][ T5322] MINIX-fs: bad superblock or unable to read bitmaps
[  122.510881][ T4839] usb 2-1: Using ep0 maxpacket: 16
[  122.518619][ T4839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.575576][ T4839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.609757][ T4271] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  122.609757][ T4271]   inode = 11 2339
[  122.609757][ T4271]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  122.610528][ T4839] usb 2-1: config 0 interface 0 has no altsetting 0
[  122.676278][ T4271] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  122.728468][ T4271] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:4271 [syz-executor] gfs2_quota_sync+0x32c/0x700
[  122.733624][ T4839] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  122.787039][ T4839] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.793961][ T4271] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  122.816617][ T4839] usb 2-1: config 0 descriptor??
[  122.823662][ T5322] loop5: detected capacity change from 0 to 4096
[  122.839945][ T4271] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  122.901464][ T4271] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  122.957785][ T4271] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  123.021784][ T4271] gfs2: fsid=syz:syz.0: File system withdrawn
[  123.056559][ T4271] CPU: 0 PID: 4271 Comm: syz-executor Not tainted syzkaller #0
[  123.064221][ T4271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  123.074329][ T4271] Call Trace:
[  123.077650][ T4271]  <TASK>
[  123.080730][ T4271]  dump_stack_lvl+0x188/0x24e
[  123.085467][ T4271]  ? kobject_uevent_env+0x35f/0x8a0
[  123.090820][ T4271]  ? show_regs_print_info+0x12/0x12
[  123.096097][ T4271]  ? load_image+0x400/0x400
[  123.100706][ T4271]  ? kobject_uevent_env+0x35f/0x8a0
[  123.105988][ T4271]  gfs2_withdraw+0xde6/0x15d0
[  123.110747][ T4271]  ? gfs2_lm+0x240/0x240
[  123.115060][ T4271]  ? gfs2_consist_inode_i+0xf1/0x110
[  123.120392][ T4271]  gfs2_inode_refresh+0xb64/0xfd0
[  123.125566][ T4271]  ? gfs2_inode_metasync+0xf0/0xf0
[  123.130826][ T4271]  ? gfs2_glock_nq+0xcf0/0x14e0
[  123.135747][ T4271]  gfs2_instantiate+0x15e/0x210
[  123.140702][ T4271]  gfs2_glock_wait+0x1d0/0x2a0
[  123.145626][ T4271]  do_sync+0x4bf/0xc40
[  123.150012][ T4271]  ? gfs2_quota_sync+0x32c/0x700
[  123.155018][ T4271]  ? slot_put+0x1e0/0x1e0
[  123.159452][ T4271]  ? gfs2_quota_sync+0x32c/0x700
[  123.164449][ T4271]  ? do_raw_spin_unlock+0x11d/0x230
[  123.169890][ T4271]  gfs2_quota_sync+0x32c/0x700
[  123.174712][ T4271]  gfs2_sync_fs+0x48/0xb0
[  123.179102][ T4271]  sync_filesystem+0xe6/0x220
[  123.183846][ T4271]  generic_shutdown_super+0x6b/0x340
[  123.189284][ T4271]  kill_block_super+0x7c/0xe0
[  123.194062][ T4271]  deactivate_locked_super+0x93/0xf0
[  123.200014][ T4271]  cleanup_mnt+0x42c/0x4b0
[  123.204483][ T4271]  ? lockdep_hardirqs_on+0x94/0x140
[  123.209743][ T4271]  task_work_run+0x1d0/0x260
[  123.214392][ T4271]  ? task_work_cancel+0x220/0x220
[  123.219476][ T4271]  ? exit_to_user_mode_loop+0x3b/0x110
[  123.225097][ T4271]  exit_to_user_mode_loop+0xe6/0x110
[  123.230872][ T4271]  exit_to_user_mode_prepare+0xee/0x180
[  123.236483][ T4271]  syscall_exit_to_user_mode+0x16/0x40
[  123.242003][ T4271]  do_syscall_64+0x58/0xa0
[  123.246470][ T4271]  ? clear_bhb_loop+0x60/0xb0
[  123.248395][ T5312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.251186][ T4271]  ? clear_bhb_loop+0x60/0xb0
[  123.251223][ T4271]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  123.251248][ T4271] RIP: 0033:0x7fda6e79e017
[  123.251268][ T4271] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  123.251284][ T4271] RSP: 002b:00007ffd8ff0e4c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  123.251308][ T4271] RAX: 0000000000000000 RBX: 00007fda6e832120 RCX: 00007fda6e79e017
[  123.251323][ T4271] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8ff0e580
[  123.251336][ T4271] RBP: 00007ffd8ff0e580 R08: 00007ffd8ff0f580 R09: 00000000ffffffff
[  123.251350][ T4271] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd8ff0f610
[  123.251363][ T4271] R13: 00007fda6e832120 R14: 000000000001ddf7 R15: 00007ffd8ff0f650
[  123.251394][ T4271]  </TASK>
[  123.251417][    C0] vkms_vblank_simulate: vblank timer overrun
[  123.428215][ T4991] ntfs3: loop5: ntfs_evict_inode r=5 failed, -22.
[  123.475751][ T4991] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  123.514538][ T5336] loop0: detected capacity change from 0 to 4096
[  123.711880][ T5312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.789593][ T4839] hid (null): usage index exceeded
[  123.807519][ T4839] hid (null): unknown global tag 0xd
[  123.849240][ T4839] hid (null): unknown global tag 0xd
[  124.051138][ T4271] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  124.106406][ T4271] CPU: 0 PID: 4271 Comm: syz-executor Not tainted syzkaller #0
[  124.113672][ T4839] kernel write not supported for file /vcs (pid: 4839 comm: kworker/1:11)
[  124.114022][ T4271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  124.114063][ T4271] Call Trace:
[  124.114071][ T4271]  <TASK>
[  124.114079][ T4271]  dump_stack_lvl+0x188/0x24e
[  124.144447][ T4271]  ? gfs2_assert_warn_i+0xc3/0x2c0
[  124.149583][ T4271]  ? show_regs_print_info+0x12/0x12
[  124.154888][ T4271]  ? load_image+0x400/0x400
[  124.159438][ T4271]  ? preempt_schedule+0xbc/0xd0
[  124.164313][ T4271]  ? do_raw_spin_unlock+0x11d/0x230
[  124.169549][ T4271]  gfs2_assert_warn_i+0x18f/0x2c0
[  124.174703][ T4271]  gfs2_quota_cleanup+0x4b4/0x6a0
[  124.179862][ T4271]  gfs2_put_super+0x22f/0x8c0
[  124.184576][ T4271]  ? gfs2_evict_inode+0x11d0/0x11d0
[  124.189808][ T4271]  generic_shutdown_super+0x130/0x340
[  124.195204][ T4271]  kill_block_super+0x7c/0xe0
[  124.199901][ T4271]  deactivate_locked_super+0x93/0xf0
[  124.205309][ T4271]  cleanup_mnt+0x42c/0x4b0
[  124.209766][ T4271]  ? lockdep_hardirqs_on+0x94/0x140
[  124.215016][ T4271]  task_work_run+0x1d0/0x260
[  124.219654][ T4271]  ? task_work_cancel+0x220/0x220
[  124.224733][ T4271]  ? exit_to_user_mode_loop+0x3b/0x110
[  124.230254][ T4271]  exit_to_user_mode_loop+0xe6/0x110
[  124.235672][ T4271]  exit_to_user_mode_prepare+0xee/0x180
[  124.241271][ T4271]  syscall_exit_to_user_mode+0x16/0x40
[  124.247021][ T4271]  do_syscall_64+0x58/0xa0
[  124.251468][ T4271]  ? clear_bhb_loop+0x60/0xb0
[  124.256173][ T4271]  ? clear_bhb_loop+0x60/0xb0
[  124.260869][ T4271]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.266866][ T4271] RIP: 0033:0x7fda6e79e017
[  124.271749][ T4271] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  124.291718][ T4271] RSP: 002b:00007ffd8ff0e4c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  124.300145][ T4271] RAX: 0000000000000000 RBX: 00007fda6e832120 RCX: 00007fda6e79e017
[  124.308213][ T4271] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8ff0e580
[  124.316287][ T4271] RBP: 00007ffd8ff0e580 R08: 00007ffd8ff0f580 R09: 00000000ffffffff
[  124.324458][ T4271] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd8ff0f610
[  124.332463][ T4271] R13: 00007fda6e832120 R14: 000000000001ddf7 R15: 00007ffd8ff0f650
[  124.340483][ T4271]  </TASK>
[  124.343567][    C0] vkms_vblank_simulate: vblank timer overrun
[  124.417224][    T7] usb 2-1: USB disconnect, device number 4
[  124.584001][ T5355] netlink: 'syz.0.313': attribute type 11 has an invalid length.
[  124.940781][ T4839] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  125.155331][ T5376] loop5: detected capacity change from 0 to 7
[  125.161598][ T4839] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.183300][ T5376] Dev loop5: unable to read RDB block 7
[  125.193517][ T4839] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  125.205670][ T5376]  loop5: unable to read partition table
[  125.220683][ T4839] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  125.225573][ T5376] loop5: partition table beyond EOD, truncated
[  125.248030][ T4839] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  125.249244][ T5376] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  125.295084][ T4839] usb 6-1: Product: syz
[  125.327163][ T4839] usb 6-1: SerialNumber: syz
[  125.658434][ T5385] loop1: detected capacity change from 0 to 128
[  125.797525][ T5385] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  125.861040][ T5385] ext4 filesystem being mounted at /61/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  126.160694][   T26] audit: type=1804 audit(1777890430.914:15): pid=5385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.319" name="/newroot/61/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop1" ino=12 res=1 errno=0
[  126.199869][ T5395] loop0: detected capacity change from 0 to 128
[  126.263239][ T5395] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  126.300711][ T5395] hpfs: filesystem error: improperly stopped
[  126.314685][ T5395] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  126.344600][ T5395] hpfs: You really don't want any checks? You are crazy...
[  126.381246][ T5395] hpfs: hpfs_map_sector(): read error
[  126.386721][ T5395] hpfs: code page support is disabled
[  126.397416][ T4278] EXT4-fs (loop1): unmounting filesystem.
[  126.412275][ T4839] cdc_ncm 6-1:1.0: bind() failure
[  126.428182][ T4839] cdc_ncm: probe of 6-1:1.1 failed with error -71
[  126.479205][ T4839] cdc_mbim: probe of 6-1:1.1 failed with error -71
[  126.488696][ T5395] hpfs: hpfs_map_4sectors(): unaligned read
[  126.517009][ T4839] usbtest: probe of 6-1:1.1 failed with error -71
[  126.554702][ T5395] hpfs: hpfs_map_4sectors(): unaligned read
[  126.561865][ T4839] usb 6-1: USB disconnect, device number 2
[  126.578575][ T5395] hpfs: filesystem error: unable to find root dir
[  127.856776][ T5446] loop2: detected capacity change from 0 to 128
[  127.882808][ T5445] loop8: detected capacity change from 0 to 7
[  127.921799][ T5445] Dev loop8: unable to read RDB block 7
[  127.949375][ T5446] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  127.958927][ T5445]  loop8: unable to read partition table
[  127.974416][ T5445] loop8: partition table beyond EOD, truncated
[  127.981151][ T5446] ext4 filesystem being mounted at /75/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  128.036061][ T5445] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  128.392488][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  128.790662][ T4486] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  129.030901][ T4486] usb 2-1: Using ep0 maxpacket: 32
[  129.045904][ T4486] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.070463][    C1] sched: RT throttling activated
[  129.154068][ T4486] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.194100][ T5453] loop5: detected capacity change from 0 to 131072
[  129.230710][ T4486] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  129.268211][ T5453] F2FS-fs (loop5): Found nat_bits in checkpoint
[  129.271563][ T4486] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.315149][ T4486] usb 2-1: config 0 descriptor??
[  129.350209][ T5453] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  129.739391][ T5474] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  129.762157][ T4486] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  130.104867][ T5453] F2FS-fs (loop5): Start checkpoint disabled!
[  130.136025][ T4486] usb 2-1: USB disconnect, device number 5
[  130.166391][ T5451] loop0: detected capacity change from 0 to 32768
[  130.257327][ T5479] fido_id[5479]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  130.362751][ T5451] XFS (loop0): Mounting V5 Filesystem
[  130.474215][ T5451] XFS (loop0): Ending clean mount
[  130.747291][ T4270] XFS (loop0): Unmounting Filesystem
[  131.020710][ T4486] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  131.230571][ T4486] usb 4-1: Using ep0 maxpacket: 32
[  131.237870][ T4486] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.273767][ T4486] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.330520][ T4486] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  131.360094][ T4486] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.402928][ T5481] loop2: detected capacity change from 0 to 32768
[  131.436885][ T4486] usb 4-1: config 0 descriptor??
[  131.464764][ T5481] JBD2: Ignoring recovery information on journal
[  131.654972][ T5481] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  131.715889][ T5515] netlink: 'syz.1.359': attribute type 1 has an invalid length.
[  131.917999][ T4486] savu 0003:1E7D:2D5A.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  132.037308][ T4271] ocfs2: Unmounting device (7,2) on (node local)
[  132.220664][ T4481] usb 4-1: USB disconnect, device number 3
[  132.377531][ T5527] fido_id[5527]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  132.645773][ T5536] loop2: detected capacity change from 0 to 64
[  132.691876][ T5536] MINIX-fs: bad superblock or unable to read bitmaps
[  132.881526][ T5539] Invalid argument reading file caps for ./file0
[  132.936653][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  132.943229][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  132.994667][ T5526] loop0: detected capacity change from 0 to 32768
[  133.056259][ T5526] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.363 (5526)
[  133.076844][ T4739] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  133.168899][ T5526] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  133.221270][ T5526] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  133.240275][ T5526] BTRFS info (device loop0): using free space tree
[  133.336034][ T5536] loop2: detected capacity change from 0 to 4096
[  133.336176][ T4739] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  133.539655][ T5555] netlink: 12 bytes leftover after parsing attributes in process `syz.3.371'.
[  133.586947][ T5526] BTRFS info (device loop0): enabling ssd optimizations
[  134.361352][ T5573] loop5: detected capacity change from 0 to 32768
[  134.375203][ T5573] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  134.384229][ T5573] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  134.413494][ T5573] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  134.425108][ T2185] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  134.432404][ T2185] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  134.461708][ T2185] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms
[  134.475395][ T2185] gfs2: fsid=syz:syz.0: jid=0: Done
[  134.481498][ T5573] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  134.521708][ T4270] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  134.774178][ T5573] gfs2: fsid=syz:syz.0: found 1 quota changes
[  134.937099][ T5573] syz.5.374: attempt to access beyond end of device
[  134.937099][ T5573] loop5: rw=12288, sector=6755399441055880, nr_sectors = 8 limit=32768
[  135.138542][ T4991] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  135.138542][ T4991]   inode = 11 2339
[  135.138542][ T4991]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  135.240727][ T4991] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  135.261700][ T4991] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:4991 [syz-executor] gfs2_quota_sync+0x32c/0x700
[  135.314770][ T4991] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  135.351089][ T4991] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  135.385229][ T4991] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  135.410995][ T4279] Bluetooth: hci5: command 0x1003 tx timeout
[  135.419388][ T4282] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  135.426101][ T4991] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  135.486551][ T4991] gfs2: fsid=syz:syz.0: File system withdrawn
[  135.520777][ T4991] CPU: 0 PID: 4991 Comm: syz-executor Not tainted syzkaller #0
[  135.528451][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  135.538548][ T4991] Call Trace:
[  135.541864][ T4991]  <TASK>
[  135.544827][ T4991]  dump_stack_lvl+0x188/0x24e
[  135.549624][ T4991]  ? kobject_uevent_env+0x35f/0x8a0
[  135.554870][ T4991]  ? show_regs_print_info+0x12/0x12
[  135.560126][ T4991]  ? load_image+0x400/0x400
[  135.560791][ T5587] loop3: detected capacity change from 0 to 4096
[  135.564750][ T4991]  ? kobject_uevent_env+0x35f/0x8a0
[  135.564792][ T4991]  gfs2_withdraw+0xde6/0x15d0
[  135.581127][ T4991]  ? gfs2_lm+0x240/0x240
[  135.585420][ T4991]  ? gfs2_consist_inode_i+0xf1/0x110
[  135.590761][ T4991]  gfs2_inode_refresh+0xb64/0xfd0
[  135.595836][ T4991]  ? gfs2_inode_metasync+0xf0/0xf0
[  135.601026][ T4991]  ? gfs2_glock_nq+0xcf0/0x14e0
[  135.605928][ T4991]  gfs2_instantiate+0x15e/0x210
[  135.610831][ T4991]  gfs2_glock_wait+0x1d0/0x2a0
[  135.615656][ T4991]  do_sync+0x4bf/0xc40
[  135.619747][ T4991]  ? gfs2_quota_sync+0x32c/0x700
[  135.624709][ T4991]  ? slot_put+0x1e0/0x1e0
[  135.629161][ T4991]  ? gfs2_quota_sync+0x32c/0x700
[  135.634124][ T4991]  ? do_raw_spin_unlock+0x11d/0x230
[  135.639341][ T4991]  gfs2_quota_sync+0x32c/0x700
[  135.644136][ T4991]  gfs2_sync_fs+0x48/0xb0
[  135.648486][ T4991]  sync_filesystem+0xe6/0x220
[  135.653194][ T4991]  generic_shutdown_super+0x6b/0x340
[  135.658496][ T4991]  kill_block_super+0x7c/0xe0
[  135.663208][ T4991]  deactivate_locked_super+0x93/0xf0
[  135.668533][ T4991]  cleanup_mnt+0x42c/0x4b0
[  135.673076][ T4991]  ? lockdep_hardirqs_on+0x94/0x140
[  135.678295][ T4991]  task_work_run+0x1d0/0x260
[  135.682911][ T4991]  ? task_work_cancel+0x220/0x220
[  135.687957][ T4991]  ? exit_to_user_mode_loop+0x3b/0x110
[  135.693578][ T4991]  exit_to_user_mode_loop+0xe6/0x110
[  135.698923][ T4991]  exit_to_user_mode_prepare+0xee/0x180
[  135.704505][ T4991]  syscall_exit_to_user_mode+0x16/0x40
[  135.710008][ T4991]  do_syscall_64+0x58/0xa0
[  135.714478][ T4991]  ? clear_bhb_loop+0x60/0xb0
[  135.719190][ T4991]  ? clear_bhb_loop+0x60/0xb0
[  135.723894][ T4991]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  135.729822][ T4991] RIP: 0033:0x7f468579e017
[  135.734253][ T4991] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  135.754343][ T4991] RSP: 002b:00007ffee702df38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  135.762782][ T4991] RAX: 0000000000000000 RBX: 00007f4685832120 RCX: 00007f468579e017
[  135.770768][ T4991] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee702dff0
[  135.778749][ T4991] RBP: 00007ffee702dff0 R08: 00007ffee702eff0 R09: 00000000ffffffff
[  135.786730][ T4991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee702f080
[  135.794721][ T4991] R13: 00007f4685832120 R14: 0000000000020f00 R15: 00007ffee702f0c0
[  135.802720][ T4991]  </TASK>
[  135.807767][ T4991] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  135.841486][ T4991] CPU: 1 PID: 4991 Comm: syz-executor Not tainted syzkaller #0
[  135.849128][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  135.859217][ T4991] Call Trace:
[  135.862514][ T4991]  <TASK>
[  135.865464][ T4991]  dump_stack_lvl+0x188/0x24e
[  135.870168][ T4991]  ? gfs2_assert_warn_i+0xc3/0x2c0
[  135.875478][ T4991]  ? show_regs_print_info+0x12/0x12
[  135.880730][ T4991]  ? load_image+0x400/0x400
[  135.885291][ T4991]  ? do_raw_spin_unlock+0x11d/0x230
[  135.890543][ T4991]  gfs2_assert_warn_i+0x18f/0x2c0
[  135.895614][ T4991]  gfs2_quota_cleanup+0x4b4/0x6a0
[  135.900682][ T4991]  gfs2_put_super+0x22f/0x8c0
[  135.905491][ T4991]  ? gfs2_evict_inode+0x11d0/0x11d0
[  135.910716][ T4991]  generic_shutdown_super+0x130/0x340
[  135.916109][ T4991]  kill_block_super+0x7c/0xe0
[  135.920807][ T4991]  deactivate_locked_super+0x93/0xf0
[  135.926197][ T4991]  cleanup_mnt+0x42c/0x4b0
[  135.930721][ T4991]  ? lockdep_hardirqs_on+0x94/0x140
[  135.935935][ T4991]  task_work_run+0x1d0/0x260
[  135.940585][ T4991]  ? task_work_cancel+0x220/0x220
[  135.945672][ T4991]  ? exit_to_user_mode_loop+0x3b/0x110
[  135.951176][ T4991]  exit_to_user_mode_loop+0xe6/0x110
[  135.956495][ T4991]  exit_to_user_mode_prepare+0xee/0x180
[  135.962153][ T4991]  syscall_exit_to_user_mode+0x16/0x40
[  135.967654][ T4991]  do_syscall_64+0x58/0xa0
[  135.972118][ T4991]  ? clear_bhb_loop+0x60/0xb0
[  135.976811][ T4991]  ? clear_bhb_loop+0x60/0xb0
[  135.981597][ T4991]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  135.987505][ T4991] RIP: 0033:0x7f468579e017
[  135.991930][ T4991] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  136.011646][ T4991] RSP: 002b:00007ffee702df38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  136.020251][ T4991] RAX: 0000000000000000 RBX: 00007f4685832120 RCX: 00007f468579e017
[  136.028238][ T4991] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee702dff0
[  136.036320][ T4991] RBP: 00007ffee702dff0 R08: 00007ffee702eff0 R09: 00000000ffffffff
[  136.044475][ T4991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee702f080
[  136.052658][ T4991] R13: 00007f4685832120 R14: 0000000000020f00 R15: 00007ffee702f0c0
[  136.060666][ T4991]  </TASK>
[  136.095578][ T5590] loop0: detected capacity change from 0 to 256
[  136.365832][ T5587] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[  136.511943][ T5596] loop0: detected capacity change from 0 to 128
[  136.560715][ T4298] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[  136.580993][ T5596] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  136.640746][ T4281] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[  136.655530][ T5596] ext4 filesystem being mounted at /91/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  136.660520][ T4281] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  136.699960][ T4281] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[  136.707264][ T4298] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[  136.714475][ T4281] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22.
[  136.873317][ T5604] loop1: detected capacity change from 0 to 64
[  137.083651][   T26] audit: type=1800 audit(1777890441.844:16): pid=5604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.384" name="file1" dev="loop1" ino=21 res=0 errno=0
[  137.162809][ T4270] EXT4-fs (loop0): unmounting filesystem.
[  137.374674][ T5612] netlink: 40 bytes leftover after parsing attributes in process `syz.3.386'.
[  137.388353][ T4271] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22.
[  137.400592][ T4271] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  137.448497][ T5612] tipc: Invalid UDP bearer configuration
[  137.448548][ T5612] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  137.522405][ T5615] loop1: detected capacity change from 0 to 2048
[  137.567773][ T5615] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  137.609739][ T5615] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  137.650772][ T2185] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  137.852459][ T2185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  137.914906][ T2185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  137.946478][ T2185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  137.974961][ T2185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  138.023266][ T2185] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  138.058061][ T2185] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.100588][ T2185] usb 1-1: Product: syz
[  138.104867][ T2185] usb 1-1: Manufacturer: syz
[  138.109507][ T2185] usb 1-1: SerialNumber: syz
[  138.169653][ T2185] usb 1-1: config 0 descriptor??
[  138.283505][ T5636] input: syz0 as /devices/virtual/input/input8
[  138.397274][ T2185] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  138.465627][ T5638] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.475663][ T5638] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.542708][ T5642] loop1: detected capacity change from 0 to 512
[  138.566848][ T5642] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  138.605092][ T2185] usb 1-1: USB disconnect, device number 3
[  138.727882][ T5642] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[  139.138390][ T5656] loop3: detected capacity change from 0 to 2048
[  139.211612][ T5656] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  139.487240][ T4281] EXT4-fs (loop3): unmounting filesystem.
[  139.743502][ T5675] netlink: 260 bytes leftover after parsing attributes in process `syz.3.407'.
[  139.764384][ T5646] loop2: detected capacity change from 0 to 32768
[  139.811521][ T5646] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  139.828979][ T5680] loop5: detected capacity change from 0 to 512
[  139.876990][ T5646] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  139.927687][ T5646] BTRFS info (device loop2): metadata ratio 2
[  139.947940][ T5646] BTRFS info (device loop2): allowing degraded mounts
[  140.022752][ T5646] BTRFS info (device loop2): force zlib compression, level 3
[  140.030397][ T5646] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  140.178006][ T5646] BTRFS info (device loop2): use zstd compression, level 3
[  140.242904][ T5680] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  140.243465][ T5682] loop0: detected capacity change from 0 to 32768
[  140.264888][ T5646] BTRFS info (device loop2): allowing degraded mounts
[  140.274488][ T5682] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  140.282767][ T5682] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  140.290234][ T5646] BTRFS info (device loop2): max_inline at 0
[  140.305702][ T5680] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.316917][ T5682] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  140.328126][ T4486] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  140.340150][ T4486] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  140.361931][ T5646] BTRFS info (device loop2): using free space tree
[  140.371251][   T26] audit: type=1800 audit(1777890445.134:17): pid=5680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.409" name="file1" dev="loop5" ino=15 res=0 errno=0
[  140.393231][ T4486] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 53ms
[  140.420380][ T4486] gfs2: fsid=syz:syz.0: jid=0: Done
[  140.432631][ T5682] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  140.562738][ T5646] BTRFS info (device loop2): enabling ssd optimizations
[  140.654303][ T5682] gfs2: fsid=syz:syz.0: found 1 quota changes
[  140.728482][   T26] audit: type=1800 audit(1777890445.484:18): pid=5646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.399" name="bus" dev="loop2" ino=263 res=0 errno=0
[  140.770057][ T4991] EXT4-fs (loop5): unmounting filesystem.
[  140.900676][ T5682] syz.0.410: attempt to access beyond end of device
[  140.900676][ T5682] loop0: rw=12288, sector=6755399441055880, nr_sectors = 8 limit=32768
[  141.035707][ T4271] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  141.081728][ T4270] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  141.081728][ T4270]   inode = 11 2339
[  141.081728][ T4270]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  141.211780][ T4270] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  141.239015][ T4337] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  141.260690][ T4270] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:4270 [syz-executor] gfs2_quota_sync+0x32c/0x700
[  141.310744][ T4270] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  141.356053][ T4270] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  141.424593][ T4270] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  141.445374][ T4337] usb 6-1: Using ep0 maxpacket: 16
[  141.462661][ T4337] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.475378][ T4270] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  141.512754][ T4337] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.520352][ T4270] gfs2: fsid=syz:syz.0: File system withdrawn
[  141.548766][ T4337] usb 6-1: config 0 interface 0 has no altsetting 0
[  141.560602][ T4270] CPU: 1 PID: 4270 Comm: syz-executor Not tainted syzkaller #0
[  141.568226][ T4270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  141.578330][ T4270] Call Trace:
[  141.579161][ T4337] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  141.581631][ T4270]  <TASK>
[  141.581645][ T4270]  dump_stack_lvl+0x188/0x24e
[  141.581680][ T4270]  ? kobject_uevent_env+0x35f/0x8a0
[  141.581707][ T4270]  ? show_regs_print_info+0x12/0x12
[  141.594178][ T4337] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.598371][ T4270]  ? load_image+0x400/0x400
[  141.598405][ T4270]  ? kobject_uevent_env+0x35f/0x8a0
[  141.598438][ T4270]  gfs2_withdraw+0xde6/0x15d0
[  141.598474][ T4270]  ? gfs2_lm+0x240/0x240
[  141.635948][ T4270]  ? gfs2_consist_inode_i+0xf1/0x110
[  141.641286][ T4270]  gfs2_inode_refresh+0xb64/0xfd0
[  141.646338][ T4270]  ? gfs2_inode_metasync+0xf0/0xf0
[  141.651474][ T4270]  ? gfs2_glock_nq+0xcf0/0x14e0
[  141.656352][ T4270]  gfs2_instantiate+0x15e/0x210
[  141.661218][ T4270]  gfs2_glock_wait+0x1d0/0x2a0
[  141.665996][ T4270]  do_sync+0x4bf/0xc40
[  141.670083][ T4270]  ? gfs2_quota_sync+0x32c/0x700
[  141.675073][ T4270]  ? slot_put+0x1e0/0x1e0
[  141.679429][ T4270]  ? gfs2_quota_sync+0x32c/0x700
[  141.684403][ T4270]  ? do_raw_spin_unlock+0x11d/0x230
[  141.689616][ T4270]  gfs2_quota_sync+0x32c/0x700
[  141.694499][ T4270]  gfs2_sync_fs+0x48/0xb0
[  141.698874][ T4270]  sync_filesystem+0xe6/0x220
[  141.703600][ T4270]  generic_shutdown_super+0x6b/0x340
[  141.708930][ T4270]  kill_block_super+0x7c/0xe0
[  141.713651][ T4270]  deactivate_locked_super+0x93/0xf0
[  141.718960][ T4270]  cleanup_mnt+0x42c/0x4b0
[  141.723406][ T4270]  ? lockdep_hardirqs_on+0x94/0x140
[  141.728625][ T4270]  task_work_run+0x1d0/0x260
[  141.733240][ T4270]  ? task_work_cancel+0x220/0x220
[  141.738287][ T4270]  ? exit_to_user_mode_loop+0x3b/0x110
[  141.743778][ T4270]  exit_to_user_mode_loop+0xe6/0x110
[  141.749083][ T4270]  exit_to_user_mode_prepare+0xee/0x180
[  141.754656][ T4270]  syscall_exit_to_user_mode+0x16/0x40
[  141.760137][ T4270]  do_syscall_64+0x58/0xa0
[  141.764577][ T4270]  ? clear_bhb_loop+0x60/0xb0
[  141.769618][ T4270]  ? clear_bhb_loop+0x60/0xb0
[  141.774403][ T4270]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  141.780315][ T4270] RIP: 0033:0x7fcae179e017
[  141.784750][ T4270] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  141.804462][ T4270] RSP: 002b:00007ffce5f57498 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  141.812982][ T4270] RAX: 0000000000000000 RBX: 00007fcae1832120 RCX: 00007fcae179e017
[  141.820968][ T4270] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce5f57550
[  141.829127][ T4270] RBP: 00007ffce5f57550 R08: 00007ffce5f58550 R09: 00000000ffffffff
[  141.837110][ T4270] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce5f585e0
[  141.845095][ T4270] R13: 00007fcae1832120 R14: 0000000000022641 R15: 00007ffce5f58620
[  141.853261][ T4270]  </TASK>
[  141.906746][ T4337] usb 6-1: config 0 descriptor??
[  141.950644][ T2185] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  142.155996][ T2185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  142.182239][ T2185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  142.227049][ T2185] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  142.241379][ T4270] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  142.279315][ T2185] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.288516][ T4270] CPU: 0 PID: 4270 Comm: syz-executor Not tainted syzkaller #0
[  142.296146][ T4270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  142.306768][ T4270] Call Trace:
[  142.307032][ T2185] usb 3-1: config 0 descriptor??
[  142.310235][ T4270]  <TASK>
[  142.310255][ T4270]  dump_stack_lvl+0x188/0x24e
[  142.323044][ T4270]  ? gfs2_assert_warn_i+0xc3/0x2c0
[  142.328210][ T4270]  ? show_regs_print_info+0x12/0x12
[  142.333471][ T4270]  ? load_image+0x400/0x400
[  142.338027][ T4270]  ? do_raw_spin_unlock+0x11d/0x230
[  142.343279][ T4270]  gfs2_assert_warn_i+0x18f/0x2c0
[  142.348442][ T4270]  gfs2_quota_cleanup+0x4b4/0x6a0
[  142.353524][ T4270]  gfs2_put_super+0x22f/0x8c0
[  142.358264][ T4270]  ? gfs2_evict_inode+0x11d0/0x11d0
[  142.363598][ T4270]  generic_shutdown_super+0x130/0x340
[  142.369105][ T4270]  kill_block_super+0x7c/0xe0
[  142.373831][ T4270]  deactivate_locked_super+0x93/0xf0
[  142.379169][ T4270]  cleanup_mnt+0x42c/0x4b0
[  142.383636][ T4270]  ? lockdep_hardirqs_on+0x94/0x140
[  142.388885][ T4270]  task_work_run+0x1d0/0x260
[  142.393694][ T4270]  ? task_work_cancel+0x220/0x220
[  142.398777][ T4270]  ? exit_to_user_mode_loop+0x3b/0x110
[  142.404298][ T4270]  exit_to_user_mode_loop+0xe6/0x110
[  142.409634][ T4270]  exit_to_user_mode_prepare+0xee/0x180
[  142.415234][ T4270]  syscall_exit_to_user_mode+0x16/0x40
[  142.420751][ T4270]  do_syscall_64+0x58/0xa0
[  142.425390][ T4270]  ? clear_bhb_loop+0x60/0xb0
[  142.430196][ T4270]  ? clear_bhb_loop+0x60/0xb0
[  142.434925][ T4270]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  142.441054][ T4270] RIP: 0033:0x7fcae179e017
[  142.445608][ T4270] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  142.465476][ T4270] RSP: 002b:00007ffce5f57498 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  142.473942][ T4270] RAX: 0000000000000000 RBX: 00007fcae1832120 RCX: 00007fcae179e017
[  142.482055][ T4270] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce5f57550
[  142.490096][ T4270] RBP: 00007ffce5f57550 R08: 00007ffce5f58550 R09: 00000000ffffffff
[  142.498120][ T4270] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce5f585e0
[  142.506314][ T4270] R13: 00007fcae1832120 R14: 0000000000022641 R15: 00007ffce5f58620
[  142.514431][ T4270]  </TASK>
[  142.521481][ T5739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.547988][ T5739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  142.576041][ T4337] hid (null): unknown global tag 0xc
[  142.587339][ T5742] loop1: detected capacity change from 0 to 128
[  142.651949][ T5742] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  142.700530][ T5742] hpfs: filesystem error: improperly stopped
[  142.716880][ T5742] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  142.728183][ T5722] loop3: detected capacity change from 0 to 32768
[  142.735069][ T5742] hpfs: You really don't want any checks? You are crazy...
[  142.753047][ T2185] isku 0003:1E7D:319C.0009: unknown main item tag 0x0
[  142.759981][ T2185] isku 0003:1E7D:319C.0009: unknown main item tag 0x0
[  142.766532][ T5722] 
[  142.766532][ T5722]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  142.766532][ T5722] 
[  142.786493][ T5742] hpfs: hpfs_map_sector(): read error
[  142.789448][ T2185] isku 0003:1E7D:319C.0009: unknown main item tag 0x0
[  142.810928][ T4487] usb 6-1: USB disconnect, device number 3
[  142.829623][ T5742] hpfs: code page support is disabled
[  142.848954][ T2185] isku 0003:1E7D:319C.0009: unknown main item tag 0x0
[  142.854935][ T5742] hpfs: hpfs_map_4sectors(): unaligned read
[  142.874715][ T5722] ERROR: (device loop3): diWrite: ixpxd invalid
[  142.874715][ T5722] 
[  142.880195][ T2185] isku 0003:1E7D:319C.0009: unknown main item tag 0x0
[  142.899564][ T5742] hpfs: hpfs_map_4sectors(): unaligned read
[  142.920847][ T5742] hpfs: filesystem error: unable to find root dir
[  142.938758][ T2185] isku 0003:1E7D:319C.0009: unknown main item tag 0x0
[  142.945798][ T2185] isku 0003:1E7D:319C.0009: unknown main item tag 0x0
[  142.962157][ T5722] ERROR: (device loop3): txCommit: 
[  142.962157][ T5722] 
[  142.998617][ T5742] hpfs: hpfs_map_4sectors(): unaligned read
[  142.998852][   T26] audit: type=1800 audit(1777890447.754:19): pid=5745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.416" name="file1" dev="loop3" ino=4 res=0 errno=0
[  143.038725][ T5746] ERROR: (device loop3): diWrite: ixpxd invalid
[  143.038725][ T5746] 
[  143.046585][ T5742] hpfs: hpfs_map_sector(): read error
[  143.057267][ T5746] ERROR: (device loop3): txCommit: 
[  143.057267][ T5746] 
[  143.078340][ T5747] hpfs: hpfs_map_4sectors(): unaligned read
[  143.125742][ T2185] isku 0003:1E7D:319C.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0
[  143.352563][ T4281] 
[  143.352563][ T4281]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  143.352563][ T4281] 
[  143.397783][ T4281] 
[  143.397783][ T4281]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  143.397783][ T4281] 
[  143.511231][ T4848] usb 3-1: USB disconnect, device number 6
[  143.609348][ T5749] fido_id[5749]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  144.464134][ T5772] device syzkaller1 entered promiscuous mode
[  145.161502][ T4337] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  145.255152][ T4337] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  145.432861][ T5792] loop5: detected capacity change from 0 to 1024
[  145.480042][ T5792] hfsplus: unable to parse mount options
[  146.313872][ T5817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.440'.
[  148.120320][ T5873] loop8: detected capacity change from 0 to 8
[  148.156647][ T5873] Dev loop8: unable to read RDB block 8
[  148.183257][ T5873]  loop8: unable to read partition table
[  148.200084][ T5873] loop8: partition table beyond EOD, truncated
[  148.227722][ T5873] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  148.553996][ T5881] loop5: detected capacity change from 0 to 128
[  148.625214][ T5881] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  148.644889][ T5881] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  148.772800][ T5881] fscrypt (loop5, inode 12): Unsupported encryption flags (0xbe)
[  148.906877][ T4991] EXT4-fs (loop5): unmounting filesystem.
[  149.039806][ T5875] loop0: detected capacity change from 0 to 32768
[  149.077345][ T5875] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.460 (5875)
[  149.156121][ T5875] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  149.200237][ T5875] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  149.224357][ T5875] BTRFS info (device loop0): using free space tree
[  149.335560][ T5875] BTRFS info (device loop0): enabling ssd optimizations
[  149.361127][ T5915] loop2: detected capacity change from 0 to 512
[  149.367825][ T5865] loop1: detected capacity change from 0 to 40427
[  149.373947][ T5915] EXT4-fs: Ignoring removed mblk_io_submit option
[  149.397575][ T5915] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  149.485973][ T5915] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  149.487414][ T5865] F2FS-fs (loop1): invalid crc value
[  149.504266][ T5915] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a000e018, mo2=0002]
[  149.523312][ T5915] System zones: 0-1, 15-15, 18-18, 34-34
[  149.532634][ T5915] EXT4-fs (loop2): orphan cleanup on readonly fs
[  149.539617][ T5915] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #4: comm syz.2.466: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  149.639925][ T5865] F2FS-fs (loop1): Found nat_bits in checkpoint
[  149.641793][ T4270] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  149.739421][ T5915] EXT4-fs error (device loop2): ext4_quota_enable:7052: comm syz.2.466: Bad quota inode: 4, type: 1
[  149.775810][ T5865] F2FS-fs (loop1): Start checkpoint disabled!
[  149.816486][ T5929] loop3: detected capacity change from 0 to 128
[  149.865992][ T5915] EXT4-fs warning (device loop2): ext4_enable_quotas:7093: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  149.883402][ T5924] loop5: detected capacity change from 0 to 4096
[  149.903353][ T5865] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  150.015446][ T5915] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  150.040991][ T5915] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  150.137808][ T5915] EXT4-fs error (device loop2): ext4_get_link:104: inode #16: comm syz.2.466: bad symlink.
[  150.261628][ T5915] EXT4-fs error (device loop2): ext4_get_link:104: inode #16: comm syz.2.466: bad symlink.
[  150.472438][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  150.562366][ T4991] ntfs3: loop5: ntfs_evict_inode r=5 failed, -22.
[  150.586578][ T4991] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  150.634099][ T4317] kernel read not supported for file /input/event0 (pid: 4317 comm: kworker/1:5)
[  150.895076][   T11] kworker/u4:1: attempt to access beyond end of device
[  150.895076][   T11] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  151.234808][ T5952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.476'.
[  151.333502][ T5957] loop3: detected capacity change from 0 to 64
[  151.397561][ T5957] MINIX-fs: bad superblock or unable to read bitmaps
[  151.767213][ T5957] loop3: detected capacity change from 0 to 4096
[  151.860251][ T5967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.480'.
[  151.889695][ T5967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.480'.
[  151.967427][ T5967] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  151.977169][ T5967] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  151.986091][ T5967] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  151.994887][ T5967] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  152.098203][ T5965] loop1: detected capacity change from 0 to 4096
[  152.171697][ T5965] EXT4-fs (loop1): Test dummy encryption mode enabled
[  152.239630][ T5965] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103]
[  152.296688][ T5965] System zones: 0-5
[  152.395498][ T5965] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  153.218424][ T5965] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  153.395271][ T4278] EXT4-fs (loop1): unmounting filesystem.
[  153.538197][ T5995] loop2: detected capacity change from 0 to 512
[  153.640318][ T5995] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  153.710723][ T5995] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  153.764846][ T5995] EXT4-fs error (device loop2): ext4_orphan_get:1405: inode #15: comm syz.2.486: iget: bad i_size value: 38620345925642
[  153.889863][ T5995] EXT4-fs error (device loop2): ext4_orphan_get:1410: comm syz.2.486: couldn't read orphan inode 15 (err -117)
[  153.923457][ T6003] netlink: 4 bytes leftover after parsing attributes in process `syz.5.489'.
[  154.007756][ T5995] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  154.275100][ T6014] loop0: detected capacity change from 0 to 256
[  154.287307][ T6017] loop6: detected capacity change from 0 to 7
[  154.310156][ T6014] exfat: Deprecated parameter 'utf8'
[  154.315986][ T4260] Dev loop6: unable to read RDB block 7
[  154.322917][ T4260]  loop6: AHDI p3 p4
[  154.334214][ T4260] loop6: partition table partially beyond EOD, truncated
[  154.347076][   T11] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm kworker/u4:1: bg 0: block 5: invalid block bitmap
[  154.351847][ T6014] exfat: Deprecated parameter 'utf8'
[  154.375981][   T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 180 with error 28
[  154.380725][ T4260] loop6: p3 start 736732045 is beyond EOD, 
[  154.400665][   T11] EXT4-fs (loop2): This should not happen!! Data will be lost
[  154.400665][   T11] 
[  154.420764][ T4260] truncated
[  154.436415][ T6017] Dev loop6: unable to read RDB block 7
[  154.440625][ T6014] exfat: Deprecated parameter 'utf8'
[  154.460830][ T6017]  loop6: AHDI p3 p4
[  154.464884][   T11] EXT4-fs (loop2): Total free blocks count 0
[  154.475051][ T6017] loop6: partition table partially beyond EOD, truncated
[  154.490497][   T11] EXT4-fs (loop2): Free/Dirty block details
[  154.500752][ T6017] loop6: p3 start 736732045 is beyond EOD, truncated
[  154.507689][   T11] EXT4-fs (loop2): free_blocks=0
[  154.523679][ T6014] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xc70f51ff, utbl_chksum : 0xe619d30d)
[  154.528112][   T11] EXT4-fs (loop2): dirty_blocks=184
[  154.598963][   T11] EXT4-fs (loop2): Block reservation details
[  154.635823][   T11] EXT4-fs (loop2): i_reserved_data_blocks=184
[  154.671988][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  154.893845][ T6026] loop5: detected capacity change from 0 to 1024
[  154.947404][ T6026] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  155.013182][ T6030] loop0: detected capacity change from 0 to 1024
[  155.097152][ T6026] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  155.182114][ T6026] EXT4-fs (loop5): Online defrag not supported with bigalloc
[  155.303940][ T4991] EXT4-fs (loop5): unmounting filesystem.
[  155.381299][ T6038] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  155.487899][ T6038] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  155.520353][ T6044] loop5: detected capacity change from 0 to 2048
[  155.541888][ T4481] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  155.561323][ T6038] overlayfs: failed to resolve './file1/file0': -2
[  155.573545][ T6044] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  155.629122][ T4281] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  155.649111][ T4281] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  155.690805][ T4317] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  155.743121][ T4481] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  155.794864][ T4481] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  155.856862][ T4481] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.897338][ T4481] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  155.902294][ T4317] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  155.925788][ T4481] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  155.936142][ T4317] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  155.945577][ T4481] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  155.985461][ T4317] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  156.000576][ T4481] usb 3-1: Manufacturer: syz
[  156.027820][ T4481] usb 3-1: config 0 descriptor??
[  156.039557][ T4317] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  156.088175][ T4317] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  156.162258][ T4317] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  156.206502][ T4317] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  156.227423][ T4317] usb 1-1: Product: syz
[  156.257788][ T4317] usb 1-1: Manufacturer: syz
[  156.286754][ T4317] cdc_wdm 1-1:1.0: skipping garbage
[  156.313135][ T4317] cdc_wdm 1-1:1.0: skipping garbage
[  156.345776][ T4317] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  156.375631][ T4317] cdc_wdm 1-1:1.0: Unknown control protocol
[  156.466019][ T4481] appleir 0003:05AC:8243.000B: unknown main item tag 0x0
[  156.494732][ T4481] appleir 0003:05AC:8243.000B: No inputs registered, leaving
[  156.540395][ T4481] appleir 0003:05AC:8243.000B: hiddev1,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  156.668348][ T4337] usb 3-1: USB disconnect, device number 7
[  156.669594][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  156.682059][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  156.690793][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  156.697543][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  156.705646][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  156.712296][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  156.718904][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  156.725557][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  156.732511][ T4839] usb 1-1: USB disconnect, device number 4
[  156.948340][ T6068] fido_id[6068]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  157.300733][ T4481] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  157.520138][ T4481] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  157.580581][ T4481] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.617003][ T4481] usb 2-1: config 0 descriptor??
[  157.647048][ T4481] gspca_main: cpia1-2.14.0 probing 0813:0001
[  157.688926][ T6099] loop3: detected capacity change from 0 to 512
[  157.732610][ T6101] loop0: detected capacity change from 0 to 1024
[  157.852717][ T6101] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  157.861830][ T6099] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  157.882650][ T6101] ext4 filesystem being mounted at /113/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.897462][ T6099] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.035955][ T6101] EXT4-fs error (device loop0): ext4_map_blocks:747: inode #15: block 3: comm syz.0.519: lblock 3 mapped to illegal pblock 3 (length 3)
[  158.071687][ T4481] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  158.089675][ T6110] EXT4-fs (loop3): shut down requested (2)
[  158.149634][ T6101] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  158.166354][ T6112] loop5: detected capacity change from 0 to 1024
[  158.190610][ T6101] EXT4-fs (loop0): This should not happen!! Data will be lost
[  158.190610][ T6101] 
[  158.209946][ T4281] EXT4-fs (loop3): unmounting filesystem.
[  158.224319][ T4298] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync!
[  158.233905][ T6113] EXT4-fs error (device loop0): ext4_map_blocks:747: inode #15: block 8: comm syz.0.519: lblock 8 mapped to illegal pblock 8 (length 8)
[  158.265807][ T6112] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  158.320663][ T6113] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  158.381061][ T6113] EXT4-fs (loop0): This should not happen!! Data will be lost
[  158.381061][ T6113] 
[  158.471901][ T4991] EXT4-fs (loop5): unmounting filesystem.
[  158.479506][ T4481] gspca_cpia1: usb_control_msg 02, error -32
[  158.486762][ T4282] block nbd2: Receive control failed (result -32)
[  158.487433][ T6098] block nbd2: shutting down sockets
[  158.506929][ T4481] gspca_cpia1: usb_control_msg 02, error -71
[  158.516579][ T4481] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  158.533270][ T4270] EXT4-fs (loop0): unmounting filesystem.
[  158.539101][ T4481] usb 2-1: USB disconnect, device number 6
[  158.662356][ T6119] loop3: detected capacity change from 0 to 4096
[  158.757068][ T6119] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  159.234948][ T6134] device syzkaller1 entered promiscuous mode
[  159.437839][ T6135] can0: slcan on pty20.
[  159.752885][ T6132] can0 (unregistered): slcan off pty20.
[  159.977877][ T6151] loop1: detected capacity change from 0 to 764
[  160.080097][   T26] audit: type=1326 audit(1777890464.834:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.0.535" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcae179cdd9 code=0x0
[  160.081446][ T6151] isofs_fill_super: get root inode failed
[  160.148500][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.536'.
[  160.169424][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.536'.
[  160.481653][ T6169] netlink: 27 bytes leftover after parsing attributes in process `syz.1.539'.
[  160.517775][ T6171] loop2: detected capacity change from 0 to 512
[  160.567879][ T6171] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  160.672190][ T6171] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.540: invalid indirect mapped block 9 (level 0)
[  160.798008][ T6171] EXT4-fs (loop2): 1 truncate cleaned up
[  160.833328][ T6171] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  161.034240][ T6187] Bluetooth: MGMT ver 1.22
[  161.076587][ T4271] EXT4-fs (loop2): unmounting filesystem.
[  161.334519][ T6190] loop3: detected capacity change from 0 to 4096
[  161.575765][ T6203] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  161.843994][ T6214] loop5: detected capacity change from 0 to 256
[  162.251017][ T6224] netlink: 236 bytes leftover after parsing attributes in process `syz.1.557'.
[  162.456787][ T6225] loop5: detected capacity change from 0 to 8192
[  162.470813][ T4481] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  162.508193][ T6225] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  162.541179][ T6225] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  162.550731][ T6225] REISERFS (device loop5): using ordered data mode
[  162.557556][ T6225] reiserfs: using flush barriers
[  162.564585][ T6225] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  162.581743][ T6225] REISERFS (device loop5): checking transaction log (loop5)
[  162.592328][ T6225] REISERFS (device loop5): Using r5 hash to sort names
[  162.599249][ T6225] REISERFS (device loop5): using 3.5.x disk format
[  162.606784][ T6225] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  162.692390][ T4481] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  162.720604][ T4481] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  162.797256][ T4481] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  162.846309][ T4481] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  162.878619][ T4481] usb 1-1: SerialNumber: syz
[  162.903103][ T6245] syz.1.564[6245] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  162.903283][ T6245] syz.1.564[6245] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  163.128367][ T4481] usb 1-1: 0:2 : does not exist
[  163.245129][ T6251] loop5: detected capacity change from 0 to 512
[  163.324823][ T6248] loop3: detected capacity change from 0 to 2048
[  163.340977][ T4481] usb 1-1: USB disconnect, device number 5
[  163.352219][ T6251] EXT4-fs error (device loop5): ext4_iget_extra_inode:4763: inode #17: comm syz.5.566: corrupted in-inode xattr
[  163.352710][ T6256] netlink: 'syz.1.568': attribute type 3 has an invalid length.
[  163.403077][ T4260] udevd[4260]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  163.431027][ T6251] EXT4-fs error (device loop5): ext4_orphan_get:1410: comm syz.5.566: couldn't read orphan inode 17 (err -117)
[  163.452667][ T6256] netlink: 152 bytes leftover after parsing attributes in process `syz.1.568'.
[  163.468905][ T6248] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  163.483577][ T6251] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  163.517296][   T26] audit: type=1800 audit(1777890468.274:21): pid=6251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.566" name="file2" dev="loop5" ino=16 res=0 errno=0
[  163.774462][ T4991] EXT4-fs (loop5): unmounting filesystem.
[  163.939194][ T6238] loop2: detected capacity change from 0 to 40427
[  164.015098][ T6238] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[  164.041974][ T6238] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  164.103977][ T6238] F2FS-fs (loop2): Found nat_bits in checkpoint
[  164.317035][ T6238] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  164.334292][ T6238] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  164.525933][ T4271] syz-executor: attempt to access beyond end of device
[  164.525933][ T4271] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  164.547528][ T6278] general protection fault, probably for non-canonical address 0xdffffc0000000221: 0000 [#1] PREEMPT SMP KASAN
[  164.559312][ T6278] KASAN: probably user-memory-access in range [0x0000000000001108-0x000000000000110f]
[  164.569064][ T6278] CPU: 1 PID: 6278 Comm: syz.5.575 Not tainted syzkaller #0
[  164.576379][ T6278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  164.586462][ T6278] RIP: 0010:dvb_dmxdev_feed_restart+0x402/0x6b0
[  164.592755][ T6278] Code: e8 03 48 bb 00 00 00 00 00 fc ff df 80 3c 18 00 74 05 e8 11 5e 0d fb 49 8b 4c 2f 08 48 8d b9 08 11 00 00 48 89 f8 48 c1 e8 03 <80> 3c 18 00 74 0b 48 89 cb e8 f0 5d 0d fb 48 89 d9 48 89 cf 48 83
[  164.612492][ T6278] RSP: 0018:ffffc9001e897c08 EFLAGS: 00010206
[  164.618574][ T6278] RAX: 0000000000000221 RBX: dffffc0000000000 RCX: 0000000000000000
[  164.626731][ T6278] RDX: 0000000000000000 RSI: ffffffff8d8af3e0 RDI: 0000000000001108
[  164.634712][ T6278] RBP: 0000000000000000 R08: ffff88807ccb0000 R09: 0000000000000002
[  164.642705][ T6278] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001
[  164.650858][ T6278] R13: ffffc9000630c060 R14: 1ffff92000c6180b R15: ffffc9000630c000
[  164.658842][ T6278] FS:  000055557c738500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  164.667810][ T6278] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  164.674576][ T6278] CR2: 00007fea8bc17dac CR3: 0000000074b3f000 CR4: 00000000003506e0
[  164.682563][ T6278] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  164.690552][ T6278] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  164.698546][ T6278] Call Trace:
[  164.701830][ T6278]  <TASK>
[  164.704773][ T6278]  dvb_dmxdev_filter_stop+0x620/0x710
[  164.710173][ T6278]  dvb_demux_release+0x92/0x640
[  164.715073][ T6278]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  164.721064][ T6278]  ? ima_file_free+0xe2/0x3e0
[  164.725803][ T6278]  ? dvb_demux_open+0x460/0x460
[  164.730667][ T6278]  __fput+0x22c/0x920
[  164.734664][ T6278]  task_work_run+0x1d0/0x260
[  164.739267][ T6278]  ? task_work_cancel+0x220/0x220
[  164.744304][ T6278]  ? exit_to_user_mode_loop+0x3b/0x110
[  164.749863][ T6278]  exit_to_user_mode_loop+0xe6/0x110
[  164.755165][ T6278]  exit_to_user_mode_prepare+0xee/0x180
[  164.760828][ T6278]  syscall_exit_to_user_mode+0x16/0x40
[  164.766307][ T6278]  do_syscall_64+0x58/0xa0
[  164.770740][ T6278]  ? clear_bhb_loop+0x60/0xb0
[  164.775429][ T6278]  ? clear_bhb_loop+0x60/0xb0
[  164.780296][ T6278]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  164.786201][ T6278] RIP: 0033:0x7f468579cdd9
[  164.790622][ T6278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  164.810332][ T6278] RSP: 002b:00007ffee702ee28 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  164.818761][ T6278] RAX: 0000000000000000 RBX: 00007ffee702ef10 RCX: 00007f468579cdd9
[  164.826855][ T6278] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  164.834836][ T6278] RBP: 000000000002821b R08: 0000000000000001 R09: 0000000000000000
[  164.842989][ T6278] R10: 0000001b32420000 R11: 0000000000000246 R12: 00007ffee702ef50
[  164.850977][ T6278] R13: 00007f4685a15fac R14: 000000000002829c R15: 00007f4685a15fa0
[  164.859145][ T6278]  </TASK>
[  164.862180][ T6278] Modules linked in:
[  164.920893][ T6278] ---[ end trace 0000000000000000 ]---
[  164.938433][ T6278] RIP: 0010:dvb_dmxdev_feed_restart+0x402/0x6b0
[  164.954754][ T6278] Code: e8 03 48 bb 00 00 00 00 00 fc ff df 80 3c 18 00 74 05 e8 11 5e 0d fb 49 8b 4c 2f 08 48 8d b9 08 11 00 00 48 89 f8 48 c1 e8 03 <80> 3c 18 00 74 0b 48 89 cb e8 f0 5d 0d fb 48 89 d9 48 89 cf 48 83
[  164.980090][ T6278] RSP: 0018:ffffc9001e897c08 EFLAGS: 00010206
[  164.986605][ T6278] RAX: 0000000000000221 RBX: dffffc0000000000 RCX: 0000000000000000
[  164.997544][ T6278] RDX: 0000000000000000 RSI: ffffffff8d8af3e0 RDI: 0000000000001108
[  165.005666][ T6278] RBP: 0000000000000000 R08: ffff88807ccb0000 R09: 0000000000000002
[  165.022033][ T6278] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001
[  165.033274][ T6278] R13: ffffc9000630c060 R14: 1ffff92000c6180b R15: ffffc9000630c000
[  165.041535][ T6278] FS:  000055557c738500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  165.050649][ T6278] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  165.057411][ T6278] CR2: 00007fda6ea17dac CR3: 0000000074b3f000 CR4: 00000000003506f0
[  165.065653][ T6278] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  165.073888][ T6278] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  165.082295][ T6278] Kernel panic - not syncing: Fatal exception
[  165.088507][ T6278] Kernel Offset: disabled
[  165.092835][ T6278] Rebooting in 86400 seconds..