last executing test programs:

3.866950853s ago: executing program 0 (id=263):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)

3.449938378s ago: executing program 0 (id=264):
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000300)={"200e7e5c16d0b3f9c5e3c316a39d38a8", 0x0, 0x0, {0x9, 0x6}, {0x7ff, 0x1}, 0x8, [0x7, 0x0, 0x8000000000000000, 0x9, 0x10, 0x4d5, 0x401, 0x3, 0x7, 0x6, 0x3b54, 0x6, 0x3, 0x8, 0x5, 0x6]})
syz_usb_connect(0x0, 0x1a0, &(0x7f0000000340)=ANY=[@ANYBLOB="12010002fba2fd20cd061401c7330102030109028e0101000000000904"], 0x0)

2.718523315s ago: executing program 1 (id=273):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
setreuid(0x0, 0xee00)
ioctl$VT_ACTIVATE(r0, 0x560d, 0x10000000000004)

2.604642988s ago: executing program 1 (id=274):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

1.84121552s ago: executing program 0 (id=282):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000001180)={@fallback, 0xffffffffffffffff, 0x18, 0x2008}, 0x20)

1.760703366s ago: executing program 0 (id=283):
pipe2$9p(&(0x7f0000000140), 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000100)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005020524", @ANYRES8=r0, @ANYBLOB="05"], 0x0)

1.264814883s ago: executing program 1 (id=291):
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x1800080, &(0x7f0000000440)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45aca9836c319f437199ff24212c651baef614d442ae89412ad3dcd0b7586d02fe296d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1e73fa85bae63db763c51fc02936b3b32dccbd0e3276c42c57f8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c500000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2680b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2100931ff60cdf666c25244218a6f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000008886b313bd01a22d576e414011a4f0a897514329f86d4585fa0ea17068f8af349696da4a2b37828931cf6a369db22b556a8e24310ca52ec51bc23d8c73e6410eb41ca6748e0b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515e34ac8c454a30dd54a580abcf2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55a0016ff1ec9da9ccc1191c2116322020c66d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d58633d97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575e2449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4ab225a2b9467d0da116ccc1652d861a420f08baf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cfe0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c863907079cbafe80d01f8a0000000000024589ec3f88e6e99bf1d4373f24d760da4d35e6658f54190e4ce3f5ae00b44b71e299d3f6c892d9abbafbc531d68a84b4688b282bf99dd29c2c037be31b0e7d320a941fb0000000000000036711cb34b2e9dfc0d4c66f115159f6fff49757213e55d2fabf77c6b130abe28a64c5110bff8a5c0ad3918d5a88aeeed9dc392767633e90d79d898ed1f061c98d3c92f88b4c76a1c5f8ad54da370", @ANYRES32, @ANYRES64, @ANYRESDEC, @ANYRES64, @ANYRESHEX, @ANYRES16, @ANYBLOB="94e2ecd74dadb7a3431a2a12d23da61f44f9a92b3ef85e0fe56697a91ef504722569085c499f5d85778bbc9595c4a3e1bea2ed4dc5ea726f17a6bacc8686dade69d292d6ff76ba1afdc2b950a6b482c1e45cdf63255aa862514dbb67f2facedeed0c8b7db3cd59ecf07f92cc8bab529d9985773ac9d911501bb6fbba8df7703fc733e7ac3c4cfe47bcbc157dc5b3ab45e25bb371f6daeb571253be0839de582fd2335bd2ba08736dcc324ad2e135cf20efbacb994e9c2a0231ba78203ff0d920057f9fcba884a3c59d2ea98fab8f70514777b74986a7", @ANYRES32=0x0], 0x1, 0x5549, &(0x7f0000009300)="$eJzs3EtvG9UXAPA7TpP++/xHiAW7jlQhJVJt1elDsAvQiodIFfFYsALHdiy3tieKHSeEDRIsEQu+CQKJFUs+AwvW7BALEDskkOeOKaE8WtmJk/b3k8Zn5s74zLkjK9GZsRyAJ9Zi+stPSbgYzoQQ5kII55OQryfFkluN4ZkQwqUQQulPS1KM/zGwEEI4G0K4OEoecybFrs+uDC/f+PG1n7/+9vSpc59/9d3sZg3M2rMhhO5WXN/txpi1YrxbjNeG7Tx2rw+LGHd07xXbWYy7zY08w25tfFwtj9da8fhsa6c/ipudWn0UW+3NfHyrF0/YH7bGefI33K1t59uN5kYe2/0sj639WNfefvzbtt8fxDyNIt/7efowGIxjHG/uNeN8tu7lsd4bFOMxb9Zo7o3isIjF6UI96zTyOjYmudLH2+vt3s5eOmxu99tZL71RqT5Xqd4sV7ezRnPQvF6udRs3r6dLrc7osPKgWeuutrKs1WlW6ll3OV1q1evlajVdutXcaNd6abVauVa5Wr6xXKxdSV++83baaaRLo/hiu7ez0O70081sO43vWE5XKteeX04vV9M319bT9Tdu315bf+vdW+/ceWHt1ZeKgx4oK11aubqyUq5eLa9Ul4/B/Ef/dx9y/oNJ5v9xUfQjzD+Z7PLAv3v0D9gHC4dSCMDJ8UD/H/T/wOE76f1/mGb/P2qp9P//3f+WJu//J+p/j2v/f4LnDxNxgwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4In1/fwXr+Qri3H7XDF+oRh6qthOQgilEMJvf2MuLBzIOVfkmf+H4+f/UsM3ScgzjM5xuljOhhBWi+XX/x/2VQAAAIDH15cfXvo0duvxZXHWBXGU4k2b0vn3ppQvCSHML/4wpWyl0cvTU0qWf75Phb0pZctvYP1vSsniLbdT08r2UObG4aML9wfzCSUxlI60HAAA4EjMHQhH24UAAABwlD6ZdQHMRhLGjzLHz4Lzb97ff7R55sA+AAAA4ARKZl0AAAAAcOjy/t/v/wEAAMDjLf7+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzt3cJg6EYQD+bDA/+6NFq71vK3uDMraEPe4xUECaoATSQhqgBnJLCRFE2CMkRyCBsGOBnkfymLHR6xnw5RtLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2vRSrGZPD78fr83Z7q7TzGwAAACAYzbFalZ+mFT9r+n493ToZ+pnEZFHxLHavReDWmYv5RQnvl98GMNzRJmwv8YwbV8i4k/a3n60/SsAAADA/VovltOqWq+aSdcD4jNVizb5t78N5WURUUxeG0rL982vhsLK+7sf/xtKKxewRg2FVUtu/ePnBueGjC+6ZK+2SzMZzcs/sezlF8UBAAA3oV4JnKhCAAAAuAP/uh4A3cgOzeE547DapQeC41oPAAAAuEFZ1wMAAAAAWlfW/97/BwAAAPetev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdoUq9l6sZyeOj8/M2e7u05zMwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Z3/ebQCEwRgMmjd0KPsPizwBZZq76tNvpQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK81ydLYGm+SvdfG0fNIcnZqXJ0ad+fG0wdj9icAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC/63S//J6bGmWTutLF0PJKsXTW2rhp7DxpHD8bbvwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYuX/eOIooAODv9m4vfwBhDHJhQEGigIbYl5CQEgqQRcFHQLKcczBcCCQuSGSB3ECFXKdBUCKEBDJdvkPqWEoTuhQujEQN2r1dZ5MYfFjH7sX+/aTZeXsezbzZO1l+3rUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABK2+/ES0kRt7PD1DAuX7uzs7aU9VuP9JlbG3dns5bFrf0W+ubt8Sc/2V6unpyaqZx8VX8yAAAAHA3tsr6PiHvp5kLWJ1N5/Z+WY7Ka//tnhnFZzz9a92/trB0vvjRb1v+//Xr/hd2FpobrZJMurwz684+n0vmftjjxnt13RCe/8vnvXtr5G5K8v/78dppfz9a3t2+/283DY3VkCwAcxOmyL4Ly56Gs7zWZGABHRqdSeJf1f3uq2ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6rC9Hk+VcSsiZjsP4szWztrSXv2tjbuzZTt/8+ZGdc5sijQillcG/bTGvUy6a9dvfLI4GPSvjhIk/2XwvsGpiBjrhAcJPhxhTMS/jyk+ntHcLv45aE1GGo0GSfH+TEo+4wzKz974Z27oGxIAAIdWWrSsrr+Xbi5kr7WmI/764eH6/7VKHCPW//c/On+nula1/u/VtsPJN7d6+bO5a9dvvLFyefFS/1L/0zfP9N7qnb1w7tyFuexazc8tR9KfbzpNAAAAnmDdolXr/2T68fv/JytxjFj/f/5d78vqWm31/54e3PRrOhMAAICjqLsbPffKn3+09hjR6nbji8XV1au94XH3/MzwWGu6B3SsaNX6vz3ddFYAAABAHbbXWw/d/79YiWPE+/9P//jiz9U52xFxIuJKRPRPL10ZXKxvOxOtjj9UzhfqNr1TAAAAmnKiaNX7/2n+/H+y+8hDEhGvvzqMy/91NUr9337v65+qa1Wf/z9b3xYnUjIzvB55PxPRmWk6IwAAAA6z40XLiv3f082Fj385+UHX8/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdfs7AAD//5X/Nho=")

538.121807ms ago: executing program 0 (id=302):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0xa0, &(0x7f0000000100)={0x0, 0x200089bb, 0x1, 0x5, 0x1c3}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, 0x0, 0x0, 0x1e})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

425.02437ms ago: executing program 1 (id=304):
r0 = syz_open_dev$vim2m(&(0x7f0000000380), 0x5, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x2, 0x1, 0x0, "6040a71902000020000000feffffff008beb175006ff00", 0x4c47504a})

423.144054ms ago: executing program 0 (id=305):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x26c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x2, 0x4, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x7, 0xfe}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "b188303f"}]}}, 0x0}, 0x0)

310.649149ms ago: executing program 2 (id=308):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f0000001040)={[{@noload}, {@noblock_validity}, {@discard}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x6}, 0x0}, {@dax}, {@resgid}, {@noinit_itable}, {@mblk_io_submit}, {@noacl}, {@usrjquota}, {@nolazytime}, {@noauto_da_alloc}, {@norecovery}, {@nobarrier}, {@data_writeback}, {@dax_never}], [{@hash}, {@uid_lt={'uid<', 0xee01}}], 0x2c}, 0x2, 0x4f8, &(0x7f0000000700)="$eJzs3EtvVGUfAPD/mbaUvtC3fXm9cVFG0dhopLRcFy6AaMLGxERjcFnbQpAChtYESCPFGEhcaPgEXnYmfgJXujFqXGjcStwaE2K6AV2YY87MmTrt6fTGtGPp75fM8JzbPM//nPMwz2VOA9iwytlbErE1In6OiJ7q4uwdytV/7k5PDv8xPTmcRJq+8ntS2e/O9ORwbdfacVvyhb5SROm9JHYWs+0cv3zl7NDY2OjFfEX/RClPnRs6PXp69PzgkSMH9ncdPjR4sClxZmW6s+OdC7u2n3j95kvDJ2++8e3nWXnTfHt9HFW9lfdNS86hrbCmHOXZ57LOU0sv+rrQXZdO2rP3UusKw5Jld212uToq9b8n2ipLVT3x4rstLRywqtI0TTsLa2e+y6bSeklSPSBNr6XAfSCJVpcAaI3aF/2d6aynOjlc7Aff324fi0oPKIv7bv6qbmmv9GDLvdW+Uccq5f9ARJyc+vOj7BXzjkMAADTXl8cibhyvtjtqr+qWUjxUt99/87mh3oj4X0Rsi4j/5+2XByMq+z4cEY/UHdO9hFmA8pzlYvvnx648Ud9cbZqs/fd8Prc1u/03U/LetnypuxJ/R3LqzNjovvyc9EVHZ7Y8UPzomWG1r1746cNG+Zfr2n/ZK8u/1hbMy/Fb+5wBupGhiaF7jbvm9rXKib1ajD+J9qSWitgeETtW8PnZOTvzzGe7Gm2fFX8WZyH+Dxp/ePsKCjRH+knE09XrPxVz4o98/i+pzE+ee6t//PKV587Uz08OHD40eLB/c4yN7uuv3RVF3/1w/eU8WehGLHD9a1VjVSfSsuv/n3nv/5mZy94sNTNfO778PK7futGwT7PS+39T8molXZufvTQ0MXFxIGJTMlVcP/jPsZeGumbtn8Xft2f++r8t4q+P8+N2RkR2Ez8aEY9FxO687I9HxBMRsWeB+L85/uSbjbqQi8e/urL4R5Z1/Rsljn4fMf+mtrNff1HI+P1yIf6OaHT9D1RSffmakaGJzYvFtVBJ6xP3fAIBAABgHdgdEVsjKe3NB5q2Rqm0d2/ElpkRlPGJZ09dePv8SPUZgd7oKNVGunrqxkMH8rHhbDk7arBuOdu+vzJunKZp2pUtZ/33se7Whg4b3pYG9T/za/GRFuB+s6x5tEZPtAHr0tz6f2vJRzb/BxnA2mrC72iAdUr9h41ryfV/tZ6CA1pmvvp/NeJuC4oCrLH56v9rhTVH16QswNrS/4eNa+X1348BYL3z/Q8b0pIekl9BYtuJBfZJ2lcn08aJUiz8VwB6I2pram2ahT/wl1JEc0rY1tRIu2Zd09K8+2yOZuQVpUX3aV/GH2JY20Tp31GMaqIzIha5e2dutqu1xJXVLlilEnza2v+dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7t3fAQAA///tUdPr")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x194)
getdents(r0, 0x0, 0x0)

256.608984ms ago: executing program 2 (id=309):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000ff070000000000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x46)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

160.958223ms ago: executing program 2 (id=310):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

160.77948ms ago: executing program 2 (id=311):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)

90.803437ms ago: executing program 2 (id=312):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e7, 0x0)

90.443522ms ago: executing program 1 (id=313):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x1}, 0xe)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x0, 0x1}, 0xe)

249.392µs ago: executing program 2 (id=314):
ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000300)={0x7, 0xa, 0x4, 0x100, 0x8, {0x0, 0x2710}, {0x5, 0x1, 0x4, 0x9, 0x2, 0x3, "719c5f51"}, 0x5, 0x4, {}, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
syz_mount_image$bcachefs(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x2800000, &(0x7f0000000040)=ANY=[], 0xfd, 0x5aa4, &(0x7f000000c100)="$eJzs3WuQXNV9IPBzu3s0Lz1GAgcZzGiQ0Ybg2BrxKj9SsZJN7BQ4LrmcchArGwY0IrIlodIjgExiKQteq8AuO+VUgpMPxIW9i1FcVMHGKJQJj5VYG1vFxkttYWrtLPYHbxEWVQAt5fJ6tqb7np7u233n9vT0CEn8fgVz+54+/b/nnnv69v2fvpoJAAAAvCkcvWP3iQ+f+7vf/bPJ1z7ze/+w/UAYLlfLB2KFkXR5yxvVQk6m/srK6jI7Ln7109/46dgNv/2dB4a+9vqRzRds+eHvnHXDI5+88vDdf/34q0se+uULRXHjeLp4Zj15KQlh4NvH/+KzR54+Z7osWTr9s7Q/hOXJiseXJyHc3hhi/OchhM3pyspM/Adfu3TL9PLAnf1N5csy9Yz3N7fp45yEEPaduPkd4Ue/tfH276/65t/1HXpx/0yVZKBhPIWw9LrG1/eFEAbT/6fF0RbHY5IuN4QQhhpe9+6Cdr29g3ZPW5spj+vnpctF6XK4IF58fnVmvZSpl12P+jLLoYLtzVdeO7qtV2RxZj3pUdwor52xfHm6/Fa6vHiO8cvpPpSTUEpCpd78bcnMGAkNxy0JSfVYDtTXS/VjG9L9z6wnmfVSZr3cl9mv6nbTgVZOkubyWC9THk/HlbT8gsZzdRsfbXjcWO+tsSx9o76erZMJOtzyoL5fVbFdx2dpy8lQajgHtSuvH/j0YAynZcPJipbXTLURnzuy8a415U1PHB3JaUfyQJLGT7qKv+97yxd/4v6De7Of6/X415XS+KWu4v/4qmMvX3Pwq1/Jjf/FGL/cVfxLHh166aon71id2z/HY/9Uuoo/8cJTn1919vWHctt/T4w/0FX89YeP9S858ehjue0fj/0z2FX859/3gZ/c9+zDL+bGDzH+UFfxNx3e+YX+0RMX5cZ/LPbPcHfj55VDVzw3Ovqzsbz4z8T4S7qK//X9/e+9d9mdV+Ye3w2xf0a6iv+hCx+5ffGJh8/PO3cm9/TqkxPgzems9Brrc+l6t3nmfKX5woEQwl+NVWrXfIvT/5f0ckOZi89sngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvfCWd/zXD/6vj428VEnX+9MHz5dqy1i+KIRkMISwe8/Erj1bd9w49smb9u7aMbFtbGLP2OSOPbtuHbvs18d2Te7cNnHr9LPj77y09roVIaktk/Nbtt0/NTVVGmkui9v7txce+tGad//vfwlh/C0/GK3ktn/t3dvvPbvNz4xk/dT7t+/98A8u/9t0v0bSdo20adfU1NRUyGnX/7n6F/f++fGfXhTC+K/M1q6nnv/Nf2xqULVgJk6q1B9qDepPhtq2o97qtD2xvypbtm6bHJ+9f6dfX87Zj3/36Rd/vuWWL/2i1r8DufvRYf8Orp/aVvrLjR/6f395W62gqF1v1HGf7u9yTszpdsW9iO2L/TeQ9vfSdL+W5uxXJWe/7vj+Y89++9yDr+4P45VXVrUe66L96ksHQF/y1o62G7cwlCxvKh9I68cjHl+3ds/2nWt337rvnVu3T9w4eePkjvesu2zdFeOXX3H52uqer+3x/sft/5sO9//kjKdlf7z/W/FnZ+OpuV2L5twf0+0q7o/GFuW9/4Y++tkvv+fuJz9cKyg6r8Ta9fNJuhyaPs7rQsN4a+2rdvtVdHxCCGPt+uHlV68M5/yPrbcXnYcaj0zjz4xk/dTTq//1b9/9Nyt/o1ZwUs7zjQ3q8jxfb/VMe6r9NZAej6lTtH/707NpfzLctl3rnn6y766j//In9fYtWhRumdizZ9e62s/FaUsXJ+e1bVe2NO7XqurPcki7JdSHaZvxOq0v1NqXPX/G6udnXjecPjecrGi7X1nxuSMb71pT3vTE0byeTh6obWgwLKktk7fl1NyWeWG53uB22z9V339F42P0g3/z0Mce+vvLWsbHJbWfRfuV5OzXN5/9+pe/9qX/8Pe9268P/uaxkX/9n3+0plZwEs4rYV7nlXKtIfVWp+1JGs8rl4RQ9P5bFdrvR+77r9R+f4ref9ntzNRvH28ssz4cyl29Xy95dOilq568Y3Xu+/X4bO/Xxp29rel15YL366nyuZR9fyWV5nYs3PuraaAk66e+87mz9j/+mQ3n1gqKPi/rtduN60s7yD9y9usfr3lu9Kaxf//fe3fe+MavP3jtDyfW/2mtoPvjHtvSm+M+kPbvQE7/1lsd887G/n3XDTdt21wrL+rnN+76N10W5D/xVLL71n2fmti2bXLX7s72q9PP07idbC93+3kaz24rCvar1LJfC/egk/7q9P0W27+56/5qfr8Nh6Srz4V931u++BP3H9w70vKqdEPXldL4pa7i//iqYy9fc/CrX8mN/8UYv9JV/IkXnvr8qrOvP5Qb/54kjT9QHH9paIm//vCx/iUnHn0sN/54bP9gV+1//n0f+Ml9zz78Ym78EOMPd9f/rxy64rnR0Z/lxn8mSbczfY0UwoOvXbqltp6EvvT9FtvR19SukF1PMuulzHq5cb0UZxHSDZSTpLk81kvLL2hoSzt/mFMer8IGVtaWr8f1kH0we/mpptRw7m9XXnSdCgBwpovf/8dr0Pj9/2R6oZQ/0wAz5puHrcyJG/Owmfmc5u9YV6bx4+vjPODou8L49PLAWO1Cf67fI8T3Q3aeM27norc3x2g7P3G4cSPV7bfMcxbNv6/OrMd21ebLKw15aKo1r6mEDubfW7cz+/x7ZveLv88a+1xLs8Ya5q2yx68vnTFrd79Dpr2V6Qh54yM7Lxbv5xhdGjZUt9fh+MjeRxOPQ/Y+mridczMnzm7vo8kbHyOt/dDUrjg+Yr1Zxke1ycXfR7YevzBL/84cv/bRssdvDsd7YLr+Qn8/24N5w7antJM3b7iw34edEvOSbeLPaV5y72tt68wWPzMvubglfvoGO9XnDWN57KdKh/OJH8sp79V8YjxdxHYdn6UtJ4P5ROBMFfP/+Bkxnf9PX4D/30y9ojwle9UY4+XeJ5RzE3ZR3pG9Oh8OQ11dJ2w6vPML/aMnLsq9znms0/v0djatDRXc91PUj2sy64X9mDNBU5TvZbdT1O/Z+zKGw5Ku+v3r++9+773L7rwyt9831D5Ii/v9y01rSwr6/TTIF9rHly+cOvnCKXwfQ9H8WX4+Uq63Y0HykfTGp4XKR/4gp3yu+chQy4P6flWduvnIzAdpUz7Sd3LbBQCcPmL+X//+LM3//zleWKTXEUV568WZ9RgvN2/NuT7Jy1t/P13ekqk/nP6LirleN3/owkduX3zi4fNz85Z7Os1D/1PT2khhHtpd3jwY4+e1d0Nv7hfPzSPqedb88sTc9tfzxPnl6Tlf0zbk6fPLo3P7p55HN88DfPnYTKYxW/w4D5Abvz4P0MM895czlU5enlswX5fZWFztdL7uZOfR0yV9S5v3szkvHupNHp3+89mFyqM/mlM+1zx6uOVBfb+qTt08urlcHg0AnKli/h8v46r5f38IT8YKMfGc5/fsuXlBj67bs78PpB7/mQXJK2fi9+j73+K8b6Hz1oXO6xd6XuJ0//53fvdTFM8LjVR/gedCzZO9Yfe7Lkhe/M/1Rx3nxelG5cUAAJzKYv4f0/z4/f+TmXrzzU9a8re+2iXkTH5y+uXnjfVO4/z86nCy8vP+0zk/P93nvxb2PpkzK/+f0eX34q9PncH5f7XN8n8AgNNSzP/jP3uMv//vv6Tr2d9b32Gefk/2dl7fo/sePcjTO8jTezzPFuM33gdwGs8DlOc/DzB40u+PH5ypfybNA1T1BZMBAACngb5qptT67+w/ni6z/84+79/lX5NTv1OV9PL4+j27Jiev3btz88SeyWt33LR5cve1N+/aumfPZP3aeX55Y27ekuaNfaGS9kf7etm8bVn6+xCW5fw+hGz9GPa86oPW34eQ3exgwe8RmDl+nbU37/iVZqnfbnzkHe+8+H+YUz+qH/8b/uiSa7fsvnbrjq17tk5s27pvsrneSPVfUnf+dzPj95Rz+nupmR8tSnP/+53x8MyvHaWWdvSl/ZH399mTTDuWpy1Znvf3D3La/d3/9ud/fOHUL+4LYfwt5bfNq/+S9VP/+erJ399z9Ac7p9tfmrX99Zppu4r+Xmm2ftyfyrabdu95x5ab9u7I/kXJ7sT5jFJ9fYHua0jf/uUO5yc25ZTP9d/vl1senJo6np8AAKBJ/P4/Xs/G7w+/lF5AxfLCPH1Hrd58vz/OzdPHO8vTs3+XrChPz9aP+9tpnj4wzzw9u/2iPL1d/XZ5el7enRf/D3Lqz1Xn46SL+zwqaT/cf3Bv7ji5rrNxkv17BkXjJFt/ruMkmec4yW6/aJy0q99unOQd97z4H8mpn6doPFTq42F+9+XkjocvdjYefi2zXjQesvXnOh5K8xwP2e0XjYd29duNh7zj2xq/eYKgN/O/0wOjOi4mr735pl2faqi30H//IrTektFJ+xbNvHZh//5Htzrv34W972v+7Q9hfbUkr/3x+4FFc2p/p/eVzb/9Rf0/h/vKloaW+8py2//M/GbCOm//nO5LPBCf6/Tvu2TkVW99/cmar02HXdH9Z0XzuBtzyuc6j7uo5cGpyTwuvHFi/h+v5mL+f2e67PXXQKf/30nr4v77eA72d8zy+7/D65g33ed59it3n+cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ4T+ysrq8ugdu098+Nzf/e6fTb72md/7h+0HfvXT3/jp2A2//Z0Hhr72+pHNF2z54e+cdcMjn7zy8N1//firSx765QuFgUeqPysXp6sDISQvJSEMfPv4X3z2yNPnTJclIYRyMrI/hOXJiseXJ5kI4z8PIWyut7P5yQdfu3TL9PLAnf1N5csyQbL7FYbLsT2N7QzhlsI94jQ0kI6zfSdufkf40W9tvP37q775d32HXtw/UyUZaBhPISy9rvH1fSGEwfT/aXG0rYwvTpcbQghDDa97d0G73t5h+9fmrJ+XLhely+GCOPH51Zn1UqZedj3qyywb9nWwYNNdyWtHt/WKLM6sZ09G85XXzli+PF1+K11ePMf45fh/EkpJqNSbvy2ZGSOh4bglIakey4H6eql+bEO6/5n1JLNeyqyX+zL7Vd1uOtDKSdJcHutlyuPpuJKWX9B4rm7joznlb02XA+kb9fW4HrIPaoZbHtT3qyq263jTs9lPm6r/2L5FlZyWzk2p4RzUrrx+4NODMZyWDScrWl4z1UZ87sjGu9aUNz1xdCSnHckDSRo/6Sr+vu8tX/yJ+w/uXdnyqtdq8a8rpfFLXcX/8VXHXr7m4Fe/0ho/bf8XY/xyV/EveXTopauevGN1bv8cj/1T6Sr+xAtPfX7V2dcfym3/PTH+QFfx1x8+1r/kxKOP5bZ/PPbPYFfxn3/fB35y37MPv5gbP8T4Q13F33R45xf6R09clBv/sdg/w92Nn1cOXfHc6OjPxvLiPxPjL+kq/tf33/3ee5fdeWXu8d0Q+2ekq/gfuvCR2xefePj8vHNnck+vPjkB3pzOSq+xPpeud5tnzldDvvBXY5XaNd/i9P8lvdxQxvR2li5gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzkz/dNtlH7/6/R/ZWElCSHLqTLURnysvWr9+rIvtTrzw1OdXnX39ocaylV3EAQAAAIrFPLxULxkIK8PNyWA4r239OEdwXlxLmsuzcwgxTnaOoNs4pTZxSl3EKfeoPZUexenrUZxFPYrT36M4AwVxBkJncQZniVOZHgEdtmdo1vZ0Hme4R3EW9yjOkkyIbuMs7VF7lvUozsiscTofh8t7FGdFj+Kc1aM4Z2d6qNs4b+lRe36lR3HO6VGc7JzyXMfhkrTmuXlxqg/KhXEqSbn+RLv59HPS7Zw/z+0MF2xnSdHncYfbGexwO2/PvK40x+0MdLidy+a5naTD7fzaPLdTKthOHLe3ZNsXtxPXOhz/t/Yozr4exfl0j+Lc1qM4f9KjOH/aozifCc0Xp3ONA9CpmP/P5Hsjob/yG2EoPeNkZwFivruq+rP18y7vhBTjvS1TvqgoXjZRz8Rb1Wn7jqdPZCcQMvFWZ8r7muJV6lfb9fa1xhtojLcm8+Rs+/u+9e3b1hjv4kx5/yzxmnYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6Cf7rtso9f/f6PbAxJmP6vrak24nPlRevXj3Wx3SMb71pT3vTE0cay/koXgQAAAIBCMQ/vq5cMhP7KutCfLGqqN5DOAwyk6+WR2nJ0adgwvUzGStX1oWT5rK+rpK9bu2f7zrW7b933zq3bJ26cvHFyx3vWXbbuivHLr7h87Zat2ybHaz9D6C+IF0KoTj/svnXfpya2bZvctbtWmG3/yvR1K9P1JH3d6LvC+PTyQNr+FQXbK7Vsb+EeFB89AAAAAAAAAAAAAAAA/j+79hsiaV0HAPz7zMzOjKuXG/4bD+8czlOsrPRaQ0vcB4IE/xwuQsxamxx5krR6h96J2aQHqSlFoBwcF77owiRNeuOflMg/HBhmCe11hEr5ol4UWoaKL0KZ2N155t/OONskt+f1+byY55nv7/v7fX+/h+Pg+8wCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBozdcnZ2tT0zPjSUQyIKfRRzaWL6ZpdYS6X3ly+w9K6985szNWKoywEAAAADBU1oePtSLlKBXykY+TF79tiI6BaPf9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/5/5+uRsbWp65ugkIhmQ0+gjG8sX07Q6Qt1X33r4sy+tX/+3zlhlhHUAAACA4bI+PNeKlKMSp8VYcvJC59+KZu8G1vbMX8pry9ZZt8K83ncHg/JOW2HeGSvM+9iQvM3N680BAAAAH35Z/19oRSaiVFizrB/O+v9hfX2Wd2pPXr55rXYmva/iSpIAAACAFcj6/1IrUolSodLq11fa729ohxZ/Os/mD/vdPpt/ek9eNn/Y7/mXNa9+pwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD4/5+uRsbWp6Jp9EJANyGn1kY/limlZHqLvpqfF/XLL/jg2dsVJhhIUAAACAobI+vN16l6NUGI+xOHqx719/0X2PfunRxycjYqnNLxbj5i07dtywaeEzNmV557ywf+z7z73+7WV55yx9rtoBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD8x8fXK2NjU9c1QSkQzIafSRjeWLaVodoe4rn//iXx48+MRrnbHKCOsAAAAAw2V9eLv3L0clilGMExe/dfb6C3I98we9MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOHDd+85ZvbJmb23qDm9W5aeQjDoNt/I832T+nw2U/H/6b8mpvY3X/XwIAAD54p0YSjf/SSZev9q4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDwXx9crY2NT1TTiKSATmNTKkdyMbyxTStjlA3ffLF0pp3nnqmM1YZYR0AAABguKwPb/f+5ajEWIzFCYvf+r0TaCz0/xOHcJMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYWW+Pjlbm5qeWZNEJANyGn1kY/limlZHqPvArr2fu//Y713cGSsVRlgIAAAAGCrrw4utSDlKhY9HKU5pfp/rnpDkm9f+7wXa87Z3TRtf8bx617z8+81LChGteXf1nKzQPM3SvHK23sTStVWv2p6Xa86rdsyrRKt8tTVv8WHt7qq2Zsj5lj95AAAAOHSy/r/UikxEqVDq6P9/2rwe1bwO6nNzh3bjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBhZ74+OVubmp5JkohkQE6jj2wsX0zT6gh1b/ntR4/56s/u3tkZq4ywDgAAADBc1oe3e/9yVGJdfCTWLfb9MdGdn+X9s/bu/ff+669nRpx94oH1hd5lf5Td/PqVC5/u/YjIdWfnIo5t1ksG1PvN7++9aWPj3Qcjzj4hf8qyevH+9bqXTBuP1bZetuO5A9uHPBwAAAA4QmT9/1grMhGlwvUD+/+s8x7S/7csNuDH3rTrF8c3P5sdec+M3ESzXm5AvS9sfPjPp5/399cX+v/l9T7Zuvv03uvuP76r4FKkR5I2pq7bufnAufty2amX6ud76mfP5cvfeu3f19x8z7tL9ctRbsbX9mxlqdryz57ykTbmcntmLn1vT727fmHA+e/43TMHf7X27rcX6r916nir/hnRr/7SyQsD68dRaWP8ijt3n793/+bu+hFR7Vf/jbcvjpP+eO3tvecfj4NdC3c++c7P3geQNl7Y8Oa+8+6rXNBdP+mpnz3/nx98YPdP7vnu41n97G9FzjwtVlg/11P/+buO2/XsbZev7a6fG3D+p698af226nf+0Hv+q7tWLQzcxfLzP3TWI1e9vCW9tXcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgyDJfn5ytTU3P5JKIZEBOo49sLF9M0+oIdV+95MU3rrz7xz/sjFVGWAcAAAAYLuvD271/OSpRjGKML/b9j9W2XrbjuQPbY2JpNGleC3PbbtzxiWu27bz+6lXaOQAAALBSr16SLPb/hVZkIkqFjTHW7P+nrtu5+cC5+3JZ/59buCYRcc21c1vPjlbe83cdt+vZ2y5f23pPELH4ZwHlhbzPtPMuuvDFiTf/9PXT++Ztaue9sOHNfefdV7kgy4vOvHOi9X7iobMeuerlLemtrf115n3qa9vmmq8nsnXHr7hz9/l792/OZe8xmtfx5rpZ3lxuz8yl7+2p5yaitDCeb+aVm+cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJabr0/O1qamZyIfkQzIaXRqBrKxfDFNqyPUvXTjL28/5p0n1nXGSoURFgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX9+gmNo+zjAP48u8mbTTZpk/YFo2KaVkWphxYFEb2oqEgrUvBUKVJt7UEUBBGlHkylFUtVvAhWL0VUUKMUKthYLK2Siv+KFw8qKFQPQikGNUvxoJLNM5vNZKcbt1VQPh9YnnmemfnOb+Z5MpsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5VerqG6+2xXQ/Vbr/g5k+euHf68Vvfe2DHZY+98cPolhs/3t/36unJrSu3fX3T8i2H7ls3sfelo78OvPP7ibbBj842q1O3EkI8FUOovD/1/JOTn543MxZDCOU4OBbCUFx2dCjmEtb+FkLY2qhz/s4D01dtm2l37OmZN740F5K/r1AtZ/XMGpxfL/8tlbTOttceuSJ8e8PGnZ+vePut7vGTY3OHxJljymk9hbBkc/P53SGE3vSZka224ezk1G4IIfQ1nXdNm7ouXmT9a0Ko5fp1F6b2f6mttsnJ9q/K9Uu54/L9THeu7WtzvbNVVEfb43o7u17/3ObPPU3zeq6UymljTW48tUOpfTe1q/9ifjn7xFCKoatR/v1xbo2EpnmLIdbnstLolxpzG9L95/ox1y/l+uXu3H3Vr5sWWjnG+ePZcbnx7HXclcZXNr+rW7ijYPz81FbSH+rprB/yG7OqCzYa91WX1TV1hlr+CaWmd1Cr8cbEp8moprFqXLbgnD9ayPZNbnz60vKmD44NFtQR98eUHzvK3/7ZUP9db+5+eLgof3Mp5Zc6yv9u/fGf7tz98ouF+c9l+eWO8q883Hdq/Ye7VhU+n6m5N8hi8mPqZ/vuPvHRMyv+f894q7muZ+7Lnn+lo/qvnzjeM1A7fKSw/rXZ8+ntKP+b6275/vUvD54szA9Zfl9H+ZsmHny2Z6R2eWH+kdk/hWp9hXawfn4Zv/qrkZEfR4vyv8ie/0CL/Ng2/7Wxvde+snTPusL1uSF7PoMpf+EX25nyb7vk0M7+2sGLit6dcd9iv2EBaGV5+h/rqdRv9zvzwHSp5e/Ms9X0e+GF0a7Zb6D+9Bk4lxfKmbnOkr8xHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAP9mBAxIAAAAAQf9ftyNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//742DgQ=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0xf000)

0s ago: executing program 1 (id=315):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105142, 0x40)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:11774' (ED25519) to the list of known hosts.
syzkaller login: [   65.478523][ T5851] cgroup: Unknown subsys name 'net'
[   65.606928][ T5851] cgroup: Unknown subsys name 'cpuset'
[   65.615765][ T5851] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   68.285568][ T5851] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.335909][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.338353][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   75.705853][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   75.712738][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   75.716918][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   75.720944][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   75.724973][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   75.846838][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   75.853839][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   75.860438][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   75.879341][ T5239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   75.884956][ T5869] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   75.888540][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   75.892355][ T5239] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   75.921925][ T5239] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   75.941903][ T5239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   75.948611][ T5869] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   76.113617][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   76.287871][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.292840][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.297610][ T5859] bridge_slave_0: entered allmulticast mode
[   76.302963][ T5859] bridge_slave_0: entered promiscuous mode
[   76.318763][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.322072][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.325313][ T5859] bridge_slave_1: entered allmulticast mode
[   76.329708][ T5859] bridge_slave_1: entered promiscuous mode
[   76.375647][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.383866][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.447832][ T5859] team0: Port device team_slave_0 added
[   76.492424][ T5859] team0: Port device team_slave_1 added
[   76.552213][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.555161][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.567362][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.579239][ T5865] chnl_net:caif_netlink_parms(): no params data found
[   76.589237][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.592333][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.603330][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.663948][ T5867] chnl_net:caif_netlink_parms(): no params data found
[   76.724427][ T5859] hsr_slave_0: entered promiscuous mode
[   76.728000][ T5859] hsr_slave_1: entered promiscuous mode
[   76.867282][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.870671][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.875443][ T5865] bridge_slave_0: entered allmulticast mode
[   76.879992][ T5865] bridge_slave_0: entered promiscuous mode
[   76.904139][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.907423][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.910646][ T5865] bridge_slave_1: entered allmulticast mode
[   76.916618][ T5865] bridge_slave_1: entered promiscuous mode
[   76.926810][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.929962][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.933825][ T5867] bridge_slave_0: entered allmulticast mode
[   76.937969][ T5867] bridge_slave_0: entered promiscuous mode
[   76.972750][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.975839][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.978873][ T5867] bridge_slave_1: entered allmulticast mode
[   76.985626][ T5867] bridge_slave_1: entered promiscuous mode
[   77.030121][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.037973][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.065521][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.096976][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.147859][ T5865] team0: Port device team_slave_0 added
[   77.166956][ T5865] team0: Port device team_slave_1 added
[   77.190055][ T5867] team0: Port device team_slave_0 added
[   77.195156][ T5867] team0: Port device team_slave_1 added
[   77.248906][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.252554][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.264311][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.269659][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.273820][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.285468][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.291763][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.294825][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.305469][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.311136][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.314902][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.325933][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.436827][ T5867] hsr_slave_0: entered promiscuous mode
[   77.439682][ T5867] hsr_slave_1: entered promiscuous mode
[   77.443228][ T5867] debugfs: 'hsr0' already exists in 'hsr'
[   77.445768][ T5867] Cannot create hsr debugfs directory
[   77.453048][ T5865] hsr_slave_0: entered promiscuous mode
[   77.455788][ T5865] hsr_slave_1: entered promiscuous mode
[   77.458326][ T5865] debugfs: 'hsr0' already exists in 'hsr'
[   77.460463][ T5865] Cannot create hsr debugfs directory
[   77.503805][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.543097][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.577491][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.605940][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.814010][ T5869] Bluetooth: hci0: command tx timeout
[   77.872960][ T5867] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   77.882579][ T5867] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   77.890827][ T5867] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   77.899352][ T5867] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   77.973854][ T5869] Bluetooth: hci2: command tx timeout
[   77.973896][   T55] Bluetooth: hci1: command tx timeout
[   77.988694][ T5865] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   78.000807][ T5865] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   78.020175][ T5865] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   78.028520][ T5865] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   78.074203][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.142802][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   78.164526][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.167725][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.188645][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.191822][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.237217][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.284143][ T5867] 8021q: adding VLAN 0 to HW filter on device team0
[   78.315827][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.319053][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.345011][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.348315][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.428179][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.469534][ T5865] 8021q: adding VLAN 0 to HW filter on device team0
[   78.504190][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.507265][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.549757][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.552591][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.625344][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.720234][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.726703][ T5859] veth0_vlan: entered promiscuous mode
[   78.748146][ T5859] veth1_vlan: entered promiscuous mode
[   78.823722][ T5859] veth0_macvtap: entered promiscuous mode
[   78.830079][ T5867] veth0_vlan: entered promiscuous mode
[   78.842825][ T5859] veth1_macvtap: entered promiscuous mode
[   78.869103][ T5867] veth1_vlan: entered promiscuous mode
[   78.894920][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.906089][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.919817][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.954603][ T5756] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.962942][ T5756] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.970569][ T5756] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.979201][ T5756] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.000937][ T5867] veth0_macvtap: entered promiscuous mode
[   79.022733][ T5867] veth1_macvtap: entered promiscuous mode
[   79.077289][ T5865] veth0_vlan: entered promiscuous mode
[   79.140218][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.149097][ T5865] veth1_vlan: entered promiscuous mode
[   79.163255][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.166925][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.183400][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.223346][ T5881] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.236084][ T5881] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.248600][ T5881] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.254942][ T5881] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.263349][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.266981][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.315940][ T5865] veth0_macvtap: entered promiscuous mode
[   79.348054][ T5865] veth1_macvtap: entered promiscuous mode
[   79.375513][ T5859] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   79.437752][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.476124][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.482109][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.482137][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.525247][ T5881] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.555579][ T5881] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.589170][ T5881] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.618536][ T5881] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.622441][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.625704][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.749680][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.753737][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.818440][ T4514] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.822081][ T4514] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.894157][   T55] Bluetooth: hci0: command tx timeout
[   79.920008][ T5940] loop1: detected capacity change from 0 to 1024
[   79.993404][   T32] hfsplus: b-tree write err: -5, ino 4
[   80.052220][   T55] Bluetooth: hci2: command tx timeout
[   80.052383][ T5927] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   80.069952][   T55] Bluetooth: hci1: command tx timeout
[   80.078056][ T5945] program syz.1.7 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   80.212160][ T5927] usb 3-1: Using ep0 maxpacket: 16
[   80.217869][ T5927] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   80.224855][ T5927] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   80.235952][ T5927] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   80.239734][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.251146][ T5927] usb 3-1: Product: syz
[   80.254470][ T5927] usb 3-1: Manufacturer: syz
[   80.267582][ T5927] usb 3-1: SerialNumber: syz
[   80.492733][ T5927] usb 3-1: 0:2 : does not exist
[   80.498042][ T5949] loop1: detected capacity change from 0 to 32768
[   80.508801][ T5927] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[   80.539073][ T5949] JBD2: Ignoring recovery information on journal
[   80.610651][ T5949] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[   80.642337][ T5927] usb 3-1: USB disconnect, device number 2
[   80.713965][ T5864] udevd[5864]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   80.746508][ T5865] ocfs2: Unmounting device (7,1) on (node local)
[   81.191503][ T5927] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   81.203723][ T5974] process 'syz.2.19' launched './file0' with NULL argv: empty string added
[   81.229250][ T5971] loop1: detected capacity change from 0 to 32768
[   81.236808][ T5971] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.18 (5971)
[   81.255670][ T5971] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[   81.266071][ T5971] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[   81.325979][ T5971] BTRFS info (device loop1): enabling ssd optimizations
[   81.329641][ T5971] BTRFS info (device loop1): enabling free space tree
[   81.346435][ T5927] usb 1-1: unable to get BOS descriptor or descriptor too short
[   81.353683][ T5927] usb 1-1: config 5 has an invalid interface number: 58 but max is 0
[   81.360399][ T5927] usb 1-1: config 5 has no interface number 0
[   81.367891][ T5927] usb 1-1: config 5 interface 58 has no altsetting 0
[   81.378285][ T5927] usb 1-1: New USB device found, idVendor=045e, idProduct=0775, bcdDevice= a.af
[   81.386734][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.390038][ T5927] usb 1-1: Product: syz
[   81.392146][ T5927] usb 1-1: Manufacturer: syz
[   81.394801][ T5927] usb 1-1: SerialNumber: syz
[   81.539417][ T5865] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[   81.648487][ T5927] usb 1-1: USB disconnect, device number 2
[   81.972855][   T55] Bluetooth: hci0: command tx timeout
[   82.142032][   T55] Bluetooth: hci1: command tx timeout
[   82.142783][ T5869] Bluetooth: hci2: command tx timeout
[   82.584096][ T6016] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   82.775109][ T6025] mmap: syz.2.27 (6025) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   82.878151][ T6032] =======================================================
[   82.878151][ T6032] WARNING: The mand mount option has been deprecated and
[   82.878151][ T6032]          and is ignored by this kernel. Remove the mand
[   82.878151][ T6032]          option from the mount to silence this warning.
[   82.878151][ T6032] =======================================================
[   82.893808][ T6032] tmpfs: Bad value for 'mpol'
[   83.407354][ T6044] loop2: detected capacity change from 0 to 32768
[   83.450894][ T6044] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   83.517771][ T5867] ocfs2: Unmounting device (7,2) on (node local)
[   83.606273][ T6046] loop0: detected capacity change from 0 to 32768
[   83.610438][ T6046] XFS: noikeep mount option is deprecated.
[   83.613589][ T6046] XFS: noikeep mount option is deprecated.
[   83.631085][ T6046] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   83.641819][ T5926] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   83.696340][ T6046] XFS (loop0): Ending clean mount
[   83.704032][ T6046] XFS (loop0): Quotacheck needed: Please wait.
[   83.728592][ T6046] XFS (loop0): Quotacheck: Done.
[   83.757421][ T6063] loop2: detected capacity change from 0 to 1024
[   83.783503][ T6063] hfsplus: extend alloc file! (8192,8,110)
[   83.836486][ T5926] usb 2-1: unable to get BOS descriptor or descriptor too short
[   83.850739][ T5926] usb 2-1: config 3 has an invalid interface number: 8 but max is 3
[   83.872553][ T5926] usb 2-1: config 3 has an invalid descriptor of length 70, skipping remainder of the config
[   83.899585][ T5926] usb 2-1: config 3 has 1 interface, different from the descriptor's value: 4
[   83.916763][ T5926] usb 2-1: config 3 has no interface number 0
[   83.919572][ T5926] usb 2-1: config 3 interface 8 altsetting 6 endpoint 0x82 has an invalid bInterval 248, changing to 11
[   83.927243][ T5859] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   83.935033][ T5926] usb 2-1: config 3 interface 8 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   83.959791][ T5926] usb 2-1: config 3 interface 8 has no altsetting 0
[   84.008290][ T5926] usb 2-1: New USB device found, idVendor=05ac, idProduct=921d, bcdDevice=c2.be
[   84.012660][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.015875][ T5926] usb 2-1: Product: syz
[   84.017632][ T5926] usb 2-1: Manufacturer: syz
[   84.019562][ T5926] usb 2-1: SerialNumber: syz
[   84.032137][ T6065] xt_socket: unknown flags 0x50
[   84.062912][ T5869] Bluetooth: hci0: command tx timeout
[   84.213233][ T5869] Bluetooth: hci2: command tx timeout
[   84.214465][   T55] Bluetooth: hci1: command tx timeout
[   84.282805][ T5926] appledisplay 2-1:3.8: Error while getting initial brightness: -71
[   84.301600][ T5926] appledisplay 2-1:3.8: probe with driver appledisplay failed with error -71
[   84.317333][ T5926] usbhid 2-1:3.8: can't add hid device: -22
[   84.334486][ T5926] usbhid 2-1:3.8: probe with driver usbhid failed with error -22
[   84.363590][ T5926] usb 2-1: USB disconnect, device number 2
[   84.426264][ T6067] loop2: detected capacity change from 0 to 40427
[   84.435901][ T6067] F2FS-fs (loop2): invalid crc value
[   84.487140][ T6067] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   84.493369][ T6067] F2FS-fs (loop2): Start checkpoint disabled!
[   84.502051][ T6067] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   84.523819][   T33] audit: type=1800 audit(1758542594.827:2): pid=6067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.41" name="file1" dev="loop2" ino=10 res=0 errno=0
[   84.787404][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41'.
[   84.790937][ T6077] netlink: 348 bytes leftover after parsing attributes in process `syz.2.41'.
[   84.795039][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41'.
[   84.799470][ T6077] netlink: 348 bytes leftover after parsing attributes in process `syz.2.41'.
[   84.803939][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41'.
[   84.942650][ T6078] syz.2.41: attempt to access beyond end of device
[   84.942650][ T6078] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[   84.956549][ T6078] syz.2.41: attempt to access beyond end of device
[   84.956549][ T6078] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[   84.969695][ T6078] syz.2.41: attempt to access beyond end of device
[   84.969695][ T6078] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[   84.979175][ T6078] syz.2.41: attempt to access beyond end of device
[   84.979175][ T6078] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[   84.989105][ T6078] syz.2.41: attempt to access beyond end of device
[   84.989105][ T6078] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[   85.004705][ T6078] syz.2.41: attempt to access beyond end of device
[   85.004705][ T6078] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[   85.013966][ T6078] syz.2.41: attempt to access beyond end of device
[   85.013966][ T6078] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[   85.053074][ T6078] syz.2.41: attempt to access beyond end of device
[   85.053074][ T6078] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[   85.060760][ T6078] syz.2.41: attempt to access beyond end of device
[   85.060760][ T6078] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[   85.067420][ T6078] syz.2.41: attempt to access beyond end of device
[   85.067420][ T6078] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[   85.303810][   T32] CPU: 0 UID: 0 PID: 32 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[   85.303825][   T32] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.303832][   T32] Workqueue: writeback wb_workfn (flush-7:2)
[   85.303849][   T32] Call Trace:
[   85.303854][   T32]  <TASK>
[   85.303859][   T32]  dump_stack_lvl+0x189/0x250
[   85.303883][   T32]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.303893][   T32]  ? __pfx_queue_work_on+0x10/0x10
[   85.303901][   T32]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   85.303914][   T32]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.303932][   T32]  f2fs_handle_critical_error+0x37c/0x540
[   85.303948][   T32]  f2fs_write_end_io+0x886/0xb60
[   85.303967][   T32]  __submit_merged_bio+0x27a/0x6a0
[   85.303982][   T32]  __submit_merged_write_cond+0x255/0x530
[   85.303996][   T32]  f2fs_write_data_pages+0x261d/0x3000
[   85.304019][   T32]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.304033][   T32]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   85.304057][   T32]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   85.304075][   T32]  ? trace_f2fs_writepages+0x7f/0x200
[   85.304087][   T32]  ? f2fs_write_node_pages+0x478/0x6e0
[   85.304100][   T32]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   85.304118][   T32]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.304126][   T32]  do_writepages+0x32e/0x550
[   85.304140][   T32]  ? reacquire_held_locks+0x127/0x1d0
[   85.304148][   T32]  ? writeback_sb_inodes+0x384/0x1010
[   85.304162][   T32]  __writeback_single_inode+0x145/0xff0
[   85.304173][   T32]  ? do_raw_spin_unlock+0x4d/0x240
[   85.304184][   T32]  writeback_sb_inodes+0x6c7/0x1010
[   85.304249][   T32]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   85.304279][   T32]  ? rcu_is_watching+0x15/0xb0
[   85.304293][   T32]  wb_writeback+0x43b/0xaf0
[   85.304307][   T32]  ? queue_io+0x381/0x590
[   85.304318][   T32]  ? __pfx_wb_writeback+0x10/0x10
[   85.304332][   T32]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.304346][   T32]  wb_workfn+0x409/0xef0
[   85.304362][   T32]  ? __pfx_wb_workfn+0x10/0x10
[   85.304372][   T32]  ? __lock_acquire+0xab9/0xd20
[   85.304389][   T32]  ? process_scheduled_works+0x9ef/0x17b0
[   85.304400][   T32]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.304412][   T32]  ? process_scheduled_works+0x9ef/0x17b0
[   85.304418][   T32]  ? process_scheduled_works+0x9ef/0x17b0
[   85.304441][   T32]  process_scheduled_works+0xae1/0x17b0
[   85.304462][   T32]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.304478][   T32]  worker_thread+0x8a0/0xda0
[   85.304500][   T32]  kthread+0x711/0x8a0
[   85.304512][   T32]  ? __pfx_worker_thread+0x10/0x10
[   85.304519][   T32]  ? __pfx_kthread+0x10/0x10
[   85.304530][   T32]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.304542][   T32]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.304549][   T32]  ? __pfx_kthread+0x10/0x10
[   85.304560][   T32]  ret_from_fork+0x439/0x7d0
[   85.304570][   T32]  ? __pfx_ret_from_fork+0x10/0x10
[   85.304581][   T32]  ? __switch_to_asm+0x39/0x70
[   85.304591][   T32]  ? __switch_to_asm+0x33/0x70
[   85.304600][   T32]  ? __pfx_kthread+0x10/0x10
[   85.304611][   T32]  ret_from_fork_asm+0x1a/0x30
[   85.304629][   T32]  </TASK>
[   85.304634][   T32] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   85.549725][ T6089] sg_write: process 50 (syz.0.49) changed security contexts after opening file descriptor, this is not allowed.
[   85.572824][ T5927] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   85.591806][ T6089] program syz.0.49 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   85.664848][ T6091] loop0: detected capacity change from 0 to 256
[   85.719658][ T6091] FAT-fs (loop0): Directory bread(block 64) failed
[   85.722804][ T6091] FAT-fs (loop0): Directory bread(block 65) failed
[   85.729217][ T6091] FAT-fs (loop0): Directory bread(block 66) failed
[   85.731522][ T5927] usb 2-1: Using ep0 maxpacket: 32
[   85.737493][ T6091] FAT-fs (loop0): Directory bread(block 67) failed
[   85.740456][ T6091] FAT-fs (loop0): Directory bread(block 68) failed
[   85.740722][ T5927] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[   85.746725][ T5927] usb 2-1: config 0 has no interface number 0
[   85.749258][ T5927] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[   85.750308][ T6091] FAT-fs (loop0): Directory bread(block 69) failed
[   85.760109][ T5927] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[   85.764421][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.767745][ T5927] usb 2-1: Product: syz
[   85.769782][ T5927] usb 2-1: Manufacturer: syz
[   85.770774][ T6091] FAT-fs (loop0): Directory bread(block 70) failed
[   85.774111][ T5927] usb 2-1: SerialNumber: syz
[   85.775047][ T6091] FAT-fs (loop0): Directory bread(block 71) failed
[   85.782104][ T5927] usb 2-1: config 0 descriptor??
[   85.786097][ T6083] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   85.789335][ T6091] FAT-fs (loop0): Directory bread(block 72) failed
[   85.799334][ T6091] FAT-fs (loop0): Directory bread(block 73) failed
[   85.972077][ T6095] tmpfs: Bad value for 'mpol'
[   86.016575][ T5927] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz)
[   86.032537][ T5927] usb 2-1: USB disconnect, device number 3
[   86.158087][ T6093] loop2: detected capacity change from 0 to 32768
[   86.338913][ T6099] loop0: detected capacity change from 0 to 4096
[   86.361893][ T6099] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[   86.696321][   T10] cfg80211: failed to load regulatory.db
[   86.790671][ T6119] Bluetooth: MGMT ver 1.23
[   86.905575][ T6128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.67'.
[   87.631372][ T5927] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   87.683423][ T6154] loop2: detected capacity change from 0 to 512
[   87.689208][ T6154] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   87.716257][ T6154] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.721217][ T6154] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.736355][ T6154] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   87.753463][ T6154] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   87.777350][ T5867] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.782998][ T5927] usb 1-1: Using ep0 maxpacket: 16
[   87.788499][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   87.793864][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   87.798883][ T5927] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   87.808382][ T5927] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   87.812306][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.818301][ T5927] usb 1-1: config 0 descriptor??
[   88.249170][ T5927] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max
[   88.277858][ T5927] microsoft 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[   88.282268][ T5927] microsoft 0003:045E:07DA.0001: no inputs found
[   88.286660][ T5927] microsoft 0003:045E:07DA.0001: could not initialize ff, continuing anyway
[   88.460332][ T6176] loop1: detected capacity change from 0 to 1024
[   88.469488][   T10] usb 1-1: USB disconnect, device number 3
[   88.476743][ T6176] EXT4-fs: Ignoring removed oldalloc option
[   88.489385][ T6176] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   88.527717][ T6176] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.614636][ T5865] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.668150][ T6180] loop1: detected capacity change from 0 to 256
[   88.690380][ T6180] FAT-fs (loop1): error, clusters badly computed (1 != 0)
[   89.270646][ T6202] loop8: detected capacity change from 0 to 8
[   89.287312][ T6202] Dev loop8: unable to read RDB block 8
[   89.289816][ T6202]  loop8: unable to read partition table
[   89.297772][ T6203] loop1: detected capacity change from 0 to 512
[   89.301641][ T6202] loop8: partition table beyond EOD, truncated
[   89.304247][ T6202] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5)
[   89.380512][ T6203] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.403333][ T6203] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.590579][ T6207] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[   89.597715][ T6207] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   89.827062][ T5865] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.918855][   T33] audit: type=1326 audit(1758542600.227:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.1.100" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f229f18ec29 code=0x0
[   90.236166][ T6224] virtiofs: Unknown parameter 'always'
[   90.591741][ T5927] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   90.769292][ T5927] usb 1-1: unable to get BOS descriptor or descriptor too short
[   90.776600][ T5927] usb 1-1: config 160 has an invalid interface number: 19 but max is 0
[   90.780556][ T5927] usb 1-1: config 160 has no interface number 0
[   90.789471][ T5927] usb 1-1: config 160 interface 19 has no altsetting 0
[   90.804819][ T5927] usb 1-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=31.f3
[   90.815593][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.819108][ T5927] usb 1-1: Product: syz
[   90.820834][ T5927] usb 1-1: Manufacturer: syz
[   90.826108][ T5927] usb 1-1: SerialNumber: syz
[   91.078655][ T5927] usb 1-1: USB disconnect, device number 4
[   91.137192][ T6267] capability: warning: `syz.1.124' uses deprecated v2 capabilities in a way that may be insecure
[   91.404192][ T6283] GUP no longer grows the stack in syz.2.132 (6283): 200000003000-20000000a000 (200000001000)
[   91.408822][ T6283] CPU: 1 UID: 0 PID: 6283 Comm: syz.2.132 Not tainted syzkaller #0 PREEMPT(full) 
[   91.408837][ T6283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   91.408843][ T6283] Call Trace:
[   91.408849][ T6283]  <TASK>
[   91.408854][ T6283]  dump_stack_lvl+0x189/0x250
[   91.408871][ T6283]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.408881][ T6283]  ? __pfx__printk+0x10/0x10
[   91.408891][ T6283]  ? find_vma+0xe7/0x160
[   91.408909][ T6283]  __get_user_pages+0x24d0/0x2ce0
[   91.408920][ T6283]  ? __bpf_trace_mmap_lock_acquire_returned+0x13b/0x190
[   91.408943][ T6283]  ? rcu_is_watching+0x15/0xb0
[   91.408954][ T6283]  __gup_longterm_locked+0xde9/0x1660
[   91.408971][ T6283]  ? sanity_check_pinned_pages+0x123a/0x1300
[   91.408990][ T6283]  gup_fast_fallback+0x1e6a/0x2010
[   91.409038][ T6283]  ? __pfx_gup_fast_fallback+0x10/0x10
[   91.409058][ T6283]  ? pin_user_pages_fast+0x4d/0xb0
[   91.409069][ T6283]  iov_iter_extract_pages+0x35a/0x5e0
[   91.409087][ T6283]  extract_iter_to_sg+0xe46/0x24e0
[   91.409104][ T6283]  ? __pfx_extract_iter_to_sg+0x10/0x10
[   91.409123][ T6283]  ? __asan_memset+0x22/0x50
[   91.409134][ T6283]  af_alg_get_rsgl+0x436/0x810
[   91.409155][ T6283]  aead_recvmsg+0x4a6/0x1440
[   91.409163][ T6283]  ? finish_task_switch+0x266/0x950
[   91.409176][ T6283]  ? aa_sk_perm+0x81e/0x950
[   91.409194][ T6283]  ? __pfx_aead_recvmsg+0x10/0x10
[   91.409203][ T6283]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   91.409213][ T6283]  ? __pfx_aead_recvmsg+0x10/0x10
[   91.409220][ T6283]  sock_recvmsg_nosec+0x186/0x1c0
[   91.409232][ T6283]  ____sys_recvmsg+0x3aa/0x460
[   91.409246][ T6283]  ? __pfx_____sys_recvmsg+0x10/0x10
[   91.409282][ T6283]  ? import_iovec+0x74/0xa0
[   91.409296][ T6283]  ___sys_recvmsg+0x1b5/0x510
[   91.409309][ T6283]  ? __pfx____sys_recvmsg+0x10/0x10
[   91.409335][ T6283]  ? __might_fault+0xb0/0x130
[   91.409348][ T6283]  do_recvmmsg+0x307/0x770
[   91.409362][ T6283]  ? __pfx_do_recvmmsg+0x10/0x10
[   91.409371][ T6283]  ? __ia32_sys_rt_sigreturn+0x6a2/0x7b0
[   91.409390][ T6283]  ? __pfx_do_futex+0x10/0x10
[   91.409409][ T6283]  __x64_sys_recvmmsg+0x190/0x240
[   91.409420][ T6283]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   91.409430][ T6283]  ? rcu_is_watching+0x15/0xb0
[   91.409440][ T6283]  ? do_syscall_64+0xbe/0x3b0
[   91.409452][ T6283]  do_syscall_64+0xfa/0x3b0
[   91.409462][ T6283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.409469][ T6283]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   91.409479][ T6283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.409488][ T6283] RIP: 0033:0x7f4932f8ec29
[   91.409497][ T6283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.409504][ T6283] RSP: 002b:00007f4933d4c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   91.409513][ T6283] RAX: ffffffffffffffda RBX: 00007f49331d5fa0 RCX: 00007f4932f8ec29
[   91.409518][ T6283] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000007
[   91.409523][ T6283] RBP: 00007f4933011e41 R08: 0000000000000000 R09: 0000000000000000
[   91.409528][ T6283] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000000
[   91.409533][ T6283] R13: 00007f49331d6038 R14: 00007f49331d5fa0 R15: 00007ffc30feb808
[   91.409556][ T6283]  </TASK>
[   91.527960][    C1] vkms_vblank_simulate: vblank timer overrun
[   91.748203][ T6280] loop1: detected capacity change from 0 to 32768
[   91.763128][ T6280] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section errors: entries out of order
[   91.763128][ T6280] errors (size 64):
[   91.763128][ T6280] (unknown error 63098)           98139432299383  16981954538416098692
[   91.763128][ T6280] backpointer_to_missing_ptr      0               34376515584
[   91.763128][ T6280] (unknown error 62899)           26163           1611530240
[   91.763128][ T6280] 
[   91.805649][ T6280] bcachefs: bch2_fs_get_tree() error: invalid_sb_errors
[   92.137570][ T6293] loop2: detected capacity change from 0 to 32768
[   92.142275][ T5926] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   92.154694][ T6293] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.137 (6293)
[   92.170178][ T6293] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   92.176075][ T6293] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[   92.255746][ T6293] BTRFS info (device loop2): turning off barriers
[   92.258731][ T6293] BTRFS info (device loop2): enabling free space tree
[   92.277481][ T6293] BTRFS info (device loop2): use zlib compression, level 3
[   92.293149][ T5926] usb 1-1: Using ep0 maxpacket: 32
[   92.309558][ T5926] usb 1-1: New USB device found, idVendor=046d, idProduct=0960, bcdDevice=a5.af
[   92.331574][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.341739][ T5926] usb 1-1: Product: syz
[   92.343582][ T5926] usb 1-1: Manufacturer: syz
[   92.345524][ T5926] usb 1-1: SerialNumber: syz
[   92.372529][ T5926] usb 1-1: config 0 descriptor??
[   92.379522][ T5926] gspca_main: sunplus-2.14.0 probing 046d:0960
[   92.457060][ T5867] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   92.662129][ T5926] gspca_sunplus: reg_w_riv err -71
[   92.664720][ T5926] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[   92.670130][ T5926] usb 1-1: USB disconnect, device number 5
[   92.844623][ T6327] hub 9-0:1.0: USB hub found
[   92.849839][ T6327] hub 9-0:1.0: 1 port detected
[   93.443002][ T6328] loop2: detected capacity change from 0 to 32768
[   93.449221][ T6328] OCFS2: ERROR (device loop2): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: i_blkno is 67108929
[   93.456561][ T6328] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[   93.462309][ T6328] OCFS2: File system is now read-only.
[   93.464569][ T6328] (syz.2.144,6328,0):ocfs2_read_locked_inode:597 ERROR: status = -30
[   93.469252][ T6328] (syz.2.144,6328,0):ocfs2_init_global_system_inodes:444 ERROR: status = -30
[   93.475144][ T6328] (syz.2.144,6328,0):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[   93.493245][ T6328] (syz.2.144,6328,0):ocfs2_initialize_super:2198 ERROR: status = -30
[   93.496856][ T6328] (syz.2.144,6328,0):ocfs2_fill_super:1177 ERROR: status = -30
[   94.179617][ T6361] loop2: detected capacity change from 0 to 64
[   94.591546][ T5926] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   94.720641][ T6379] TCP: TCP_TX_DELAY enabled
[   94.751391][ T5926] usb 2-1: Using ep0 maxpacket: 32
[   94.757380][ T5926] usb 2-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid wMaxPacketSize 0
[   94.760694][ T5926] usb 2-1: config 0 interface 0 altsetting 252 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   94.778652][ T5926] usb 2-1: config 0 interface 0 has no altsetting 0
[   94.786828][ T5926] usb 2-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00
[   94.801792][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.818563][ T5926] usb 2-1: config 0 descriptor??
[   95.028419][ T6385] netlink: 20 bytes leftover after parsing attributes in process `syz.0.170'.
[   95.281745][ T5926] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[   95.294903][ T5926] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[   95.308375][ T5926] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[   95.318587][ T5926] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[   95.333094][ T5926] magicmouse 0003:05AC:0324.0002: unknown main item tag 0x0
[   95.367336][ T5926] magicmouse 0003:05AC:0324.0002: hidraw0: USB HID v80.00 Device [HID 05ac:0324] on usb-dummy_hcd.1-1/input0
[   95.388797][ T5926] magicmouse 0003:05AC:0324.0002: magicmouse input not registered
[   95.402502][ T5926] magicmouse 0003:05AC:0324.0002: probe with driver magicmouse failed with error -12
[   95.453222][ T6397] netlink: 'syz.2.176': attribute type 1 has an invalid length.
[   95.460699][ T6369] loop1: detected capacity change from 0 to 8
[   95.492487][ T6369] unable to read inode lookup table
[   95.504956][ T5927] usb 2-1: USB disconnect, device number 4
[   95.544035][ T6397] 8021q: adding VLAN 0 to HW filter on device bond1
[   95.629066][ T6399] bond1: (slave veth3): Enslaving as an active interface with a down link
[   95.635684][ T6402] loop0: detected capacity change from 0 to 1024
[   95.659922][ T6402] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   95.686090][ T6402] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   95.707209][ T6400] bond1: (slave syz_tun): making interface the new active one
[   95.714314][ T6402] JBD2: no valid journal superblock found
[   95.716413][ T6402] EXT4-fs (loop0): Could not load journal inode
[   95.737893][ T6400] syz_tun: entered promiscuous mode
[   95.751262][ T6400] bond1: (slave syz_tun): Enslaving as an active interface with an up link
[   96.096776][ T6416] loop1: detected capacity change from 0 to 2048
[   96.129883][ T6416] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   96.186489][ T6420] loop0: detected capacity change from 0 to 256
[   96.191156][ T6420] exfat: Deprecated parameter 'namecase'
[   96.203356][   T10] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   96.222775][ T6420] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf4419509, utbl_chksum : 0xe619d30d)
[   96.374700][   T10] usb 3-1: config 0 has an invalid interface number: 56 but max is 0
[   96.890210][   T10] usb 3-1: config 0 has no interface number 0
[   97.174219][   T10] usb 3-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=c7.76
[   97.177499][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.180111][   T10] usb 3-1: Product: syz
[   97.182521][   T10] usb 3-1: Manufacturer: syz
[   97.184264][   T10] usb 3-1: SerialNumber: syz
[   97.188914][   T10] usb 3-1: config 0 descriptor??
[   97.355814][ T6434] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   97.359729][ T6434] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   97.404470][   T10] peak_usb 3-1:0.56: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[   97.698803][   T10] peak_usb 3-1:0.56 can0: unable to request usb[type=2 value=5] err=-71
[   97.742617][   T10] peak_usb 3-1:0.56: unable to tell PCAN-USB X6 driver is loaded (err -71)
[   97.781180][ T6438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.192'.
[   97.786546][ T6438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.192'.
[   97.845232][   T10] peak_usb 3-1:0.56: probe with driver peak_usb failed with error -71
[   97.856591][   T10] usb 3-1: USB disconnect, device number 3
[   98.095676][ T6442] loop1: detected capacity change from 0 to 32768
[   98.099236][ T6442] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.194 (6442)
[   98.105890][ T6442] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   98.110375][ T6442] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[   98.208518][ T6442] BTRFS info (device loop1): enabling ssd optimizations
[   98.211032][ T6442] BTRFS info (device loop1): enabling free space tree
[   98.238385][ T5865] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   98.357413][ T6464] netlink: 16 bytes leftover after parsing attributes in process `syz.0.198'.
[   98.497137][ T6472] loop0: detected capacity change from 0 to 512
[   98.555532][ T6472] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   98.591671][ T6472] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   98.631085][ T6479] loop2: detected capacity change from 0 to 256
[   98.637233][ T6472] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.201: bg 0: block 360: padding at end of block bitmap is not set
[   98.650651][ T6479] exfat: Deprecated parameter 'utf8'
[   98.674185][ T6472] Quota error (device loop0): write_blk: dquota write failed
[   98.677528][ T6472] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[   98.707538][ T6479] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   98.714692][ T6472] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.201: Failed to acquire dquot type 0
[   98.737448][ T6481] loop1: detected capacity change from 0 to 2048
[   98.792361][ T6482] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   98.797777][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   99.030952][ T6491] loop1: detected capacity change from 0 to 4096
[   99.465096][ T6498] loop2: detected capacity change from 0 to 1764
[   99.535692][   T10] IPVS: starting estimator thread 0...
[   99.791566][ T6499] IPVS: using max 39 ests per chain, 93600 per kthread
[  100.531609][   T55] Bluetooth: hci2: command tx timeout
[  101.063850][ T6511] loop1: detected capacity change from 0 to 32768
[  101.072416][ T6511] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.214 (6511)
[  101.117082][ T6511] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  101.120855][ T6511] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  101.252930][ T6511] BTRFS info (device loop1): rebuilding free space tree
[  101.283498][ T6511] BTRFS info (device loop1): setting nodatasum
[  101.285750][ T6511] BTRFS info (device loop1): enabling ssd optimizations
[  101.288443][ T6511] BTRFS info (device loop1): enabling free space tree
[  101.290664][ T6511] BTRFS info (device loop1): force clearing of disk cache
[  101.293370][ T6511] BTRFS info (device loop1): enabling auto defrag
[  101.336830][ T6538] netlink: 'syz.2.219': attribute type 1 has an invalid length.
[  101.341056][ T6538] netlink: 'syz.2.219': attribute type 2 has an invalid length.
[  101.351366][ T6538] netlink: 1172 bytes leftover after parsing attributes in process `syz.2.219'.
[  101.392951][ T5865] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  101.798872][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.821859][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.835879][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.850360][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.872234][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.883243][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.902913][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.911723][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.926506][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.938567][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  101.971699][ T6553] loop1: detected capacity change from 0 to 2048
[  101.993370][ T6553] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  102.001860][   T10] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.43 Device [syz1] on syz1
[  102.147834][   T33] audit: type=1800 audit(1758542612.457:4): pid=6554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.226" name="file1" dev="loop1" ino=1346 res=0 errno=0
[  102.729720][ T6551] loop0: detected capacity change from 0 to 32768
[  102.764310][ T6551] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.225 (6551)
[  102.802623][ T6551] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  102.808097][ T6551] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  102.886367][ T6551] BTRFS info (device loop0): enabling ssd optimizations
[  102.889030][ T6551] BTRFS info (device loop0): enabling free space tree
[  103.204543][ T5859] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  103.784591][ T6596] dlm: Unknown command passed to DLM device : 11
[  103.784591][ T6596] 
[  103.895454][ T6603] loop1: detected capacity change from 0 to 256
[  103.926739][ T6603] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000e8a4, chksum : 0x7bc75166, utbl_chksum : 0xe619d30d)
[  103.971918][ T6603] exFAT-fs (loop1): error, in sector 160, dentry 11 should be unused, but 0xc1
[  103.977975][ T6603] exFAT-fs (loop1): Filesystem has been set read-only
[  104.172060][ T6611] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  104.322491][ T6613] loop0: detected capacity change from 0 to 64
[  104.431453][ T6613] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
[  104.446225][ T6615] loop1: detected capacity change from 0 to 2048
[  104.768451][ T6621] loop0: detected capacity change from 0 to 32768
[  104.778357][ T6621] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.247 (6621)
[  104.804634][ T6621] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  104.809860][ T6621] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  104.911545][   T96] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  104.915512][ T6632] loop2: detected capacity change from 0 to 4096
[  104.923336][ T6632] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  104.957999][ T6621] BTRFS info (device loop0): enabling ssd optimizations
[  104.961099][ T6621] BTRFS info (device loop0): enabling free space tree
[  104.982476][ T6632] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  105.085812][ T6640] ntfs3(loop2): ino=1e, mi_enum_attr
[  105.241434][   T96] usb 2-1: Using ep0 maxpacket: 8
[  105.278686][   T96] usb 2-1: unable to get BOS descriptor or descriptor too short
[  105.671500][   T96] usb 2-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice= e.bf
[  105.676146][   T96] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.759761][   T96] usb 2-1: Product: syz
[  105.762322][   T96] usb 2-1: Manufacturer: syz
[  105.763763][   T96] usb 2-1: SerialNumber: syz
[  105.788331][ T6645] loop2: detected capacity change from 0 to 256
[  105.798505][ T6645] exfat: Deprecated parameter 'namecase'
[  105.800536][ T6645] exfat: Deprecated parameter 'utf8'
[  105.846032][ T5859] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  105.854830][ T6645] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  106.038289][   T96] usb 2-1: selecting invalid altsetting 1
[  106.042369][   T96] catc 2-1:8.0: Can't set altsetting 1.
[  106.051475][   T96] catc 2-1:8.0: probe with driver catc failed with error -5
[  106.079935][   T96] usb 2-1: USB disconnect, device number 5
[  106.291591][   T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  106.395729][ T6658] loop0: detected capacity change from 0 to 128
[  106.446692][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[  106.464292][   T10] usb 3-1: config 3 has an invalid interface number: 51 but max is 0
[  106.468046][   T10] usb 3-1: config 3 has no interface number 0
[  106.483292][   T10] usb 3-1: New USB device found, idVendor=0b57, idProduct=2c68, bcdDevice=6e.32
[  106.492871][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.496513][   T10] usb 3-1: Product: syz
[  106.498528][   T10] usb 3-1: Manufacturer: syz
[  106.511443][   T10] usb 3-1: SerialNumber: syz
[  106.547393][   T10] usbhid 3-1:3.51: couldn't find an input interrupt endpoint
[  106.591024][ T6662] loop0: detected capacity change from 0 to 512
[  106.605869][ T6664] loop1: detected capacity change from 0 to 16
[  106.637451][ T6662] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.645366][ T6664] erofs (device loop1): mounted with root inode @ nid 36.
[  106.675382][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.737139][   T10] usb 3-1: USB disconnect, device number 4
[  106.806623][ T6673] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  107.075465][ T6675] loop1: detected capacity change from 0 to 32768
[  107.110041][ T6675] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  107.126174][ T6675] XFS (loop1): Ending clean mount
[  107.135515][ T6675] XFS (loop1): Quotacheck needed: Please wait.
[  107.164633][ T6677] loop0: detected capacity change from 0 to 32768
[  107.176666][ T6675] XFS (loop1): Quotacheck: Done.
[  107.195893][ T6677] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  107.214588][ T6675] XFS (loop1): User initiated shutdown received.
[  107.217863][ T6675] XFS (loop1): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:476).  Shutting down filesystem.
[  107.224599][ T6675] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  107.249936][ T5865] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  107.251677][ T5859] ocfs2: Unmounting device (7,0) on (node local)
[  107.364329][ T6689] loop2: detected capacity change from 0 to 128
[  107.368524][ T6689] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  107.383165][ T6689] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  107.504459][ T6693] loop2: detected capacity change from 0 to 64
[  107.574103][ T5881] syz_tun: left promiscuous mode
[  107.657527][ T6697] loop1: detected capacity change from 0 to 2048
[  107.670641][ T6697] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  107.677174][ T6648] udevd[6648]: incorrect nilfs2 checksum on /dev/loop1
[  107.697050][ T6700] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  107.825831][ T6699] loop2: detected capacity change from 0 to 32768
[  107.829642][ T6699] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.269 (6699)
[  107.845826][ T6699] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  107.849314][ T6699] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  107.852343][   T96] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  107.878146][ T6705] netlink: 36 bytes leftover after parsing attributes in process `syz.1.271'.
[  107.942413][ T6699] BTRFS info (device loop2): rebuilding free space tree
[  108.002218][ T6699] BTRFS info (device loop2): enabling ssd optimizations
[  108.005205][ T6699] BTRFS info (device loop2): turning on sync discard
[  108.020014][ T6699] BTRFS info (device loop2): enabling free space tree
[  108.024811][ T6699] BTRFS info (device loop2): force clearing of disk cache
[  108.028727][ T6699] BTRFS info (device loop2): enabling auto defrag
[  108.031928][ T6699] BTRFS info (device loop2): max_inline set to 0
[  108.042786][   T96] usb 1-1: Using ep0 maxpacket: 32
[  108.053617][   T96] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.057855][   T96] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 128, using maximum allowed: 30
[  108.071397][   T96] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 128
[  108.088034][   T96] usb 1-1: New USB device found, idVendor=06cd, idProduct=0114, bcdDevice=33.c7
[  108.092496][   T96] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.095838][   T96] usb 1-1: Product: syz
[  108.097520][   T96] usb 1-1: Manufacturer: syz
[  108.099331][   T96] usb 1-1: SerialNumber: syz
[  108.125359][   T96] usb 1-1: config 0 descriptor??
[  108.132596][   T96] hub 1-1:0.0: bad descriptor, ignoring hub
[  108.135042][   T96] hub 1-1:0.0: probe with driver hub failed with error -5
[  108.157149][   T96] keyspan 1-1:0.0: Keyspan - (without firmware) converter detected
[  108.242691][ T5867] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  108.421397][ T5926] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  108.441926][   T96] usb 1-1: USB disconnect, device number 6
[  108.454732][   T96] keyspan 1-1:0.0: device disconnected
[  108.601746][ T5926] usb 2-1: Using ep0 maxpacket: 8
[  108.607546][ T5926] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  108.610954][ T5926] usb 2-1: config 0 has no interface number 0
[  108.628014][ T5926] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  108.636095][ T5926] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  108.643823][ T5926] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  108.647918][ T5926] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  108.659414][ T5926] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  108.665834][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.673094][ T5926] usb 2-1: config 0 descriptor??
[  108.691907][ T5926] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  108.899066][ T5926] usb 2-1: USB disconnect, device number 6
[  108.923333][ T5926] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  109.056772][ T6744] loop2: detected capacity change from 0 to 32768
[  109.074240][ T6744] jfs_mount: Mount Failure: superblock is corrupt!
[  109.090035][ T6744] Mount JFS Failure: -22
[  109.096870][ T6744] jfs_mount failed w/return code = -22
[  109.232013][ T5898] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  109.384433][ T5898] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  109.388032][ T5898] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  109.396663][ T5898] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  109.400099][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  109.403936][ T5898] usb 1-1: SerialNumber: syz
[  109.634642][ T5898] usb 1-1: 0:2 : does not exist
[  109.637274][ T6772] binder: 6771:6772 ioctl c018620c 200000000000 returned -22
[  109.693120][ T5898] usb 1-1: USB disconnect, device number 7
[  109.736365][ T6648] udevd[6648]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  109.829995][ T6776] loop2: detected capacity change from 0 to 2048
[  109.848121][ T6776] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  110.041663][ T6768] loop1: detected capacity change from 0 to 40427
[  110.059072][ T6768] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  110.069562][ T6768] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  110.108071][ T6768] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  110.209817][ T6768] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  110.219076][ T6768] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  110.228821][ T6768] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  110.591650][   T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  110.946492][ T6820] loop1: detected capacity change from 0 to 32768
[  110.999697][ T6820] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  111.039728][ T6820] 
[  111.040577][ T6820] ======================================================
[  111.043376][ T6820] WARNING: possible circular locking dependency detected
[  111.046539][ T6820] syzkaller #0 Not tainted
[  111.048459][ T6820] ------------------------------------------------------
[  111.052122][ T6820] syz.1.315/6820 is trying to acquire lock:
[  111.055255][ T6820] ffff88802a22b540 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  111.061124][ T6820] 
[  111.061124][ T6820] but task is already holding lock:
[  111.064179][ T6820] ffff88802a22cee0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_write_begin+0x198/0x310
[  111.068370][ T6820] 
[  111.068370][ T6820] which lock already depends on the new lock.
[  111.068370][ T6820] 
[  111.072794][ T6820] 
[  111.072794][ T6820] the existing dependency chain (in reverse order) is:
[  111.076574][ T6820] 
[  111.076574][ T6820] -> #5 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  111.080249][ T6820]        lock_acquire+0x120/0x360
[  111.082380][ T6820]        down_write+0x96/0x1f0
[  111.084439][ T6820]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  111.087199][ T6820]        ocfs2_xattr_set+0x595/0x11f0
[  111.089424][ T6820]        ocfs2_set_acl+0x701/0x7b0
[  111.091741][ T6820]        ocfs2_iop_set_acl+0x1aa/0x2a0
[  111.093136][   T24] usb 1-1: Using ep0 maxpacket: 32
[  111.094126][ T6820]        vfs_set_acl+0x887/0xb00
[  111.097803][   T24] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  111.098018][ T6820]        filename_setxattr+0x2e0/0x600
[  111.102282][   T24] usb 1-1: config 0 interface 0 has no altsetting 0
[  111.104455][ T6820]        path_setxattrat+0x364/0x3a0
[  111.104489][ T6820]        __x64_sys_setxattr+0xbc/0xe0
[  111.104502][ T6820]        do_syscall_64+0xfa/0x3b0
[  111.106948][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=026c, bcdDevice= 0.00
[  111.109349][ T6820]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.111754][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.113951][ T6820] 
[  111.113951][ T6820] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[  111.126457][ T6820]        lock_acquire+0x120/0x360
[  111.128484][ T6820]        down_read+0x46/0x2e0
[  111.130378][ T6820]        ocfs2_init_acl+0x2f9/0x720
[  111.132533][ T6820]        ocfs2_mknod+0x1321/0x2050
[  111.134830][ T6820]        ocfs2_create+0x1a5/0x440
[  111.137043][ T6820]        path_openat+0x14f4/0x3830
[  111.139344][ T6820]        do_filp_open+0x1fa/0x410
[  111.141638][ T6820]        do_sys_openat2+0x121/0x1c0
[  111.143891][ T6820]        __x64_sys_openat+0x138/0x170
[  111.146087][ T6820]        do_syscall_64+0xfa/0x3b0
[  111.148046][ T6820]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.150534][ T6820] 
[  111.150534][ T6820] -> #3 (jbd2_handle){++++}-{0:0}:
[  111.153760][ T6820]        lock_acquire+0x120/0x360
[  111.155962][ T6820]        start_this_handle+0x1fa7/0x21c0
[  111.158316][ T6820]        jbd2__journal_start+0x2c1/0x5b0
[  111.160571][ T6820]        jbd2_journal_start+0x2a/0x40
[  111.162836][ T6820]        ocfs2_start_trans+0x376/0x6d0
[  111.164981][ T6820]        ocfs2_shutdown_local_alloc+0x200/0xa10
[  111.167593][ T6820]        ocfs2_dismount_volume+0x201/0x8d0
[  111.170042][ T6820]        generic_shutdown_super+0x135/0x2c0
[  111.172526][ T6820]        kill_block_super+0x44/0x90
[  111.174604][ T6820]        deactivate_locked_super+0xbc/0x130
[  111.177027][ T6820]        cleanup_mnt+0x425/0x4c0
[  111.179018][ T6820]        task_work_run+0x1d4/0x260
[  111.180820][ T6820]        exit_to_user_mode_loop+0xec/0x110
[  111.182763][ T6820]        do_syscall_64+0x2bd/0x3b0
[  111.184403][ T6820]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.186451][ T6820] 
[  111.186451][ T6820] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  111.189849][ T6820]        lock_acquire+0x120/0x360
[  111.191880][ T6820]        down_read+0x46/0x2e0
[  111.193878][ T6820]        ocfs2_start_trans+0x36a/0x6d0
[  111.196239][ T6820]        ocfs2_shutdown_local_alloc+0x200/0xa10
[  111.198882][ T6820]        ocfs2_dismount_volume+0x201/0x8d0
[  111.201262][ T6820]        generic_shutdown_super+0x135/0x2c0
[  111.203654][ T6820]        kill_block_super+0x44/0x90
[  111.205745][ T6820]        deactivate_locked_super+0xbc/0x130
[  111.208249][ T6820]        cleanup_mnt+0x425/0x4c0
[  111.210452][ T6820]        task_work_run+0x1d4/0x260
[  111.212738][ T6820]        exit_to_user_mode_loop+0xec/0x110
[  111.215126][ T6820]        do_syscall_64+0x2bd/0x3b0
[  111.217182][ T6820]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.219325][ T6820] 
[  111.219325][ T6820] -> #1 (sb_internal#2){.+.+}-{0:0}:
[  111.222216][ T6820]        lock_acquire+0x120/0x360
[  111.224350][ T6820]        ocfs2_start_trans+0x26b/0x6d0
[  111.226882][ T6820]        ocfs2_mknod+0xe93/0x2050
[  111.229163][ T6820]        vfs_mknod+0x37f/0x3c0
[  111.231290][ T6820]        do_mknodat+0x385/0x4d0
[  111.233332][ T6820]        __x64_sys_mknodat+0xa7/0xc0
[  111.235592][ T6820]        do_syscall_64+0xfa/0x3b0
[  111.237622][ T6820]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.240328][ T6820] 
[  111.240328][ T6820] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  111.244696][ T6820]        validate_chain+0xb9b/0x2140
[  111.247126][ T6820]        __lock_acquire+0xab9/0xd20
[  111.249506][ T6820]        lock_acquire+0x120/0x360
[  111.251569][ T6820]        down_write+0x96/0x1f0
[  111.253559][ T6820]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  111.256397][ T6820]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[  111.259289][ T6820]        ocfs2_lock_allocators+0x2fa/0x5c0
[  111.261867][ T6820]        ocfs2_write_begin_nolock+0x2279/0x4340
[  111.264415][ T6820]        ocfs2_write_begin+0x1bb/0x310
[  111.266639][ T6820]        generic_perform_write+0x2c5/0x900
[  111.269102][ T6820]        ocfs2_file_write_iter+0x157a/0x1d10
[  111.271686][ T6820]        vfs_write+0x5c9/0xb30
[  111.273911][ T6820]        __x64_sys_pwrite64+0x193/0x220
[  111.276377][ T6820]        do_syscall_64+0xfa/0x3b0
[  111.278500][ T6820]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.281122][ T6820] 
[  111.281122][ T6820] other info that might help us debug this:
[  111.281122][ T6820] 
[  111.285247][ T6820] Chain exists of:
[  111.285247][ T6820]   &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &oi->ip_xattr_sem --> &ocfs2_file_ip_alloc_sem_key
[  111.285247][ T6820] 
[  111.292683][ T6820]  Possible unsafe locking scenario:
[  111.292683][ T6820] 
[  111.295711][ T6820]        CPU0                    CPU1
[  111.297876][ T6820]        ----                    ----
[  111.300093][ T6820]   lock(&ocfs2_file_ip_alloc_sem_key);
[  111.302502][ T6820]                                lock(&oi->ip_xattr_sem);
[  111.305207][ T6820]                                lock(&ocfs2_file_ip_alloc_sem_key);
[  111.307995][ T6820]   lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]);
[  111.310693][ T6820] 
[  111.310693][ T6820]  *** DEADLOCK ***
[  111.310693][ T6820] 
[  111.313896][ T6820] 3 locks held by syz.1.315/6820:
[  111.316018][ T6820]  #0: ffff88802070c428 (sb_writers#15){.+.+}-{0:0}, at: vfs_write+0x211/0xb30
[  111.319976][ T6820]  #1: ffff88802a22d240 (&sb->s_type->i_mutex_key#34){+.+.}-{4:4}, at: ocfs2_file_write_iter+0x429/0x1d10
[  111.324129][ T6820]  #2: ffff88802a22cee0 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_write_begin+0x198/0x310
[  111.328203][ T6820] 
[  111.328203][ T6820] stack backtrace:
[  111.330584][ T6820] CPU: 0 UID: 0 PID: 6820 Comm: syz.1.315 Not tainted syzkaller #0 PREEMPT(full) 
[  111.330629][ T6820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  111.330639][ T6820] Call Trace:
[  111.330647][ T6820]  <TASK>
[  111.330655][ T6820]  dump_stack_lvl+0x189/0x250
[  111.330671][ T6820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.330681][ T6820]  ? __pfx__printk+0x10/0x10
[  111.330693][ T6820]  ? print_lock_name+0xde/0x100
[  111.330704][ T6820]  print_circular_bug+0x2ee/0x310
[  111.330715][ T6820]  check_noncircular+0x134/0x160
[  111.330725][ T6820]  validate_chain+0xb9b/0x2140
[  111.330734][ T6820]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  111.330745][ T6820]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  111.330755][ T6820]  __lock_acquire+0xab9/0xd20
[  111.330768][ T6820]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  111.330777][ T6820]  lock_acquire+0x120/0x360
[  111.330809][ T6820]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  111.330817][ T6820]  ? is_bpf_text_address+0x26/0x2b0
[  111.330831][ T6820]  ? kernel_text_address+0xa5/0xe0
[  111.330844][ T6820]  down_write+0x96/0x1f0
[  111.330854][ T6820]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  111.330862][ T6820]  ? __pfx_down_write+0x10/0x10
[  111.330873][ T6820]  ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  111.330883][ T6820]  ? check_noncircular+0xe0/0x160
[  111.330892][ T6820]  ? lockdep_unlock+0x89/0x120
[  111.330903][ T6820]  ? validate_chain+0x897/0x2140
[  111.330910][ T6820]  ? __pfx_ocfs2_reserve_local_alloc_bits+0x10/0x10
[  111.330918][ T6820]  ? do_syscall_64+0xfa/0x3b0
[  111.330931][ T6820]  ? __lock_acquire+0xab9/0xd20
[  111.330946][ T6820]  ? do_raw_spin_unlock+0x4d/0x240
[  111.330957][ T6820]  ? _raw_spin_unlock+0x28/0x50
[  111.330969][ T6820]  ? ocfs2_alloc_should_use_local+0x152/0x310
[  111.330982][ T6820]  ? ocfs2_reserve_clusters_with_limit+0x16b/0xba0
[  111.330993][ T6820]  ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[  111.331004][ T6820]  ? __pfx_ocfs2_reserve_clusters_with_limit+0x10/0x10
[  111.331015][ T6820]  ? rcu_is_watching+0x15/0xb0
[  111.331024][ T6820]  ? ocfs2_num_free_extents+0x347/0x620
[  111.331034][ T6820]  ? __pfx_ocfs2_num_free_extents+0x10/0x10
[  111.331042][ T6820]  ? __brelse+0x59/0xa0
[  111.331051][ T6820]  ? ocfs2_get_clusters+0x2b3/0xa70
[  111.331065][ T6820]  ocfs2_lock_allocators+0x2fa/0x5c0
[  111.331077][ T6820]  ? __pfx_ocfs2_lock_allocators+0x10/0x10
[  111.331087][ T6820]  ? ocfs2_write_begin_nolock+0xeb9/0x4340
[  111.331097][ T6820]  ? rcu_is_watching+0x15/0xb0
[  111.331104][ T6820]  ? ocfs2_write_begin_nolock+0xeb9/0x4340
[  111.331113][ T6820]  ? kfree+0x4d/0x440
[  111.331124][ T6820]  ocfs2_write_begin_nolock+0x2279/0x4340
[  111.331142][ T6820]  ? __pfx_ocfs2_write_begin_nolock+0x10/0x10
[  111.331150][ T6820]  ? __bfs+0x154/0x2a0
[  111.331157][ T6820]  ? check_path+0x21/0x40
[  111.331165][ T6820]  ? check_noncircular+0xe0/0x160
[  111.331174][ T6820]  ? lockdep_unlock+0x89/0x120
[  111.331184][ T6820]  ? validate_chain+0x897/0x2140
[  111.331194][ T6820]  ? __pfx_ocfs2_journal_access_di+0x10/0x10
[  111.331206][ T6820]  ? __lock_acquire+0xab9/0xd20
[  111.331219][ T6820]  ? ocfs2_write_begin+0x198/0x310
[  111.331230][ T6820]  ? down_write+0x162/0x1f0
[  111.331239][ T6820]  ? __pfx_down_write+0x10/0x10
[  111.331250][ T6820]  ocfs2_write_begin+0x1bb/0x310
[  111.331259][ T6820]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  111.331270][ T6820]  ? __pfx_ocfs2_write_begin+0x10/0x10
[  111.331281][ T6820]  generic_perform_write+0x2c5/0x900
[  111.331295][ T6820]  ? __pfx_generic_perform_write+0x10/0x10
[  111.331304][ T6820]  ? file_update_time+0x2da/0x490
[  111.331314][ T6820]  ? __generic_file_write_iter+0xf9/0x230
[  111.331322][ T6820]  ? ocfs2_file_write_iter+0x1551/0x1d10
[  111.331330][ T6820]  ocfs2_file_write_iter+0x157a/0x1d10
[  111.331338][ T6820]  ? aa_file_perm+0x13a/0x1550
[  111.331350][ T6820]  ? __pfx_ocfs2_file_write_iter+0x10/0x10
[  111.331358][ T6820]  ? __pfx_aa_file_perm+0x10/0x10
[  111.331367][ T6820]  ? __lock_acquire+0xab9/0xd20
[  111.331381][ T6820]  ? rcu_read_lock_any_held+0xb3/0x120
[  111.331390][ T6820]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  111.331401][ T6820]  vfs_write+0x5c9/0xb30
[  111.331413][ T6820]  ? __pfx_ocfs2_file_write_iter+0x10/0x10
[  111.331421][ T6820]  ? __pfx_vfs_write+0x10/0x10
[  111.331433][ T6820]  ? __fget_files+0x2a/0x420
[  111.331441][ T6820]  __x64_sys_pwrite64+0x193/0x220
[  111.331453][ T6820]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  111.331464][ T6820]  ? rcu_is_watching+0x15/0xb0
[  111.331472][ T6820]  ? do_syscall_64+0xbe/0x3b0
[  111.331481][ T6820]  do_syscall_64+0xfa/0x3b0
[  111.331490][ T6820]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.331498][ T6820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.331506][ T6820]  ? exc_page_fault+0x9f/0xf0
[  111.331514][ T6820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.331522][ T6820] RIP: 0033:0x7f229f18ec29
[  111.331532][ T6820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.331544][ T6820] RSP: 002b:00007f22a00cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  111.331553][ T6820] RAX: ffffffffffffffda RBX: 00007f229f3d5fa0 RCX: 00007f229f18ec29
[  111.331559][ T6820] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000005
[  111.331564][ T6820] RBP: 00007f229f211e41 R08: 0000000000000000 R09: 0000000000000000
[  111.331569][ T6820] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000
[  111.331574][ T6820] R13: 00007f229f3d6038 R14: 00007f229f3d5fa0 R15: 00007fff98194158
[  111.331582][ T6820]  </TASK>
[  111.542324][   T24] usb 1-1: config 0 descriptor??
[  111.564315][   T33] audit: type=1800 audit(1758542621.867:5): pid=6823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.315" name="file2" dev="loop1" ino=17060 res=0 errno=0
[  111.654153][ T5865] ocfs2: Unmounting device (7,1) on (node local)
[  111.958025][   T24] apple 0003:05AC:026C.0004: hidraw0: USB HID v0.02 Device [HID 05ac:026c] on usb-dummy_hcd.0-1/input0
[  112.175106][   T24] usb 1-1: USB disconnect, device number 8

VM DIAGNOSIS:
12:03:41  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000012b2 RDI=00000000000012b3 RBP=00000000000003f8 RSP=ffffc90007556150
R8 =ffff8880208e8237 R9 =1ffff1100411d046 R10=dffffc0000000000 R11=ffffffff854fb260
R12=dffffc0000000000 R13=ffffffff99b0390c R14=ffffffff99df84e0 R15=0000000000000000
RIP=ffffffff854fb2dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f22a00cb6c0 ffffffff 00c00000
GS =0000 ffff8880b8612000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c382745 CR3=00000000276f8000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f229f212e7b
XMM06=0000000000000000 00007f229f212e75 XMM07=0000000000000000 00007f229f212e89
XMM08=0000000000000000 00007f229f212f0f XMM09=0000000000000000 00007f229f212fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=a4907d0c68792400 RBX=ffffffff819683f8 RCX=a4907d0c68792400 RDX=0000000000000001
RSI=ffffffff8be34260 RDI=ffffffff819683f8 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa3ac30 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200da000
RIP=ffffffff8b7a53f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c12000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4929bff000 CR3=0000000028028000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=00007f4933d4b5a0 00007f4933d4b580
XMM02=00007f4933d4b6e0 00007f4933d4b560 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00007f4933d4b5a0 XMM05=0000000000000000 00007f4933d4b6e0
XMM06=00007f4933d4b6e0 00007f4933d4b560 XMM07=00007f4933d4b5a0 00007f4933d4b580
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f4933012fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
