last executing test programs:

54.924869933s ago: executing program 2 (id=585):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)

54.043299252s ago: executing program 2 (id=597):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x100000001)

53.914030244s ago: executing program 2 (id=601):
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0)
write$sequencer(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="810100000000000081", @ANYRES8=r0], 0x10)

53.913880816s ago: executing program 2 (id=602):
syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[], 0x1, 0x6276, &(0x7f0000003680)="$eJzs3c1vHGcdB/Df7JtfStOoh6pECLlteCmleS0hUKDtAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFBQogjJ/6AHrhy4w8gUoIE6qmD1n4eZzxde+2k3ln7+XwkZ+Y3z4z3mXx3vLueGT8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQPf/Dj81VEXP1VWnAy4nPRj+hFLI3rlYhYWjmZ1x9ExPOx2RzPRcRwIaLKjc9EvBYRH52IePDw7up40YV99uP7f/nnH37y1I/+8efh2f/99Xb/9d3Wu3Pnt//9273H318AAAAoUV3XdZU+5p9Kn+97XXcKAJiJ/PpfJ3m5eu7q9Tnrj1qtVquPYN1UT3avWUTEenOb8XsGp+MB4IhZj4+77gIdkn/RBhHxVNedAOZa1XUHOBQPHt5drVK+VfP1YGWrPV8LsiP/9Wr7/o7dptO0rzGZ1fNrI/rx7C79WZpRH+ZJzr/Xzv/qVvsorXfY+c/KbvmPtm59Kk7Ov9/Ov+X45N+bmH+pcv6DA+Xflz8AAAAAAMyx/Pv/kx2f/1148l3Zl73O/67MqA8AAAAAAAAA8Fl70vH/tlXG/wMAAIB5Nf6sPva7E4+WNa/1H8XO5VeqiKdb6wOFSTfLLHfdDwAAAAAAAAAAAAAoyWDrGt4rVcQwIp5eXq7revzV1K4P6km3P+pK338oWdc/5AEAYMtHJ1r38lcRixFxJf2tv+Hy8nJdLy4t18v10kJ+PztaWKyXGp9r83S8bGG0jzfEg1E9/maLje2apn1entbe/n7jxxrV/X10bDY6DBwAImLr1eiBV6Rjpq6fia7f5XA0OP6PH8c/+9H18xQAAAA4fHVd11X6c96n0jn/XtedAgBmIr/+t88LqNVqtVqtPn51Uz3ZvWYREevNbcbvGQzHDwBHzHp83HUX6JD8izaIiOe77gQw16quO8ChePDw7mqV8q2arwdpfPd8LciO/Nerze3y9pOm07SvMZnV82sj+vHsLv15bkZ9mCc5/147/6tb7aO03mHnPyu75T/ez5Md9KdrOf9+O/+W45N/b2L+pcr5Dw6Uf1/+AAAAAAAwx/Lv/0/O1fnf0ePuzlR7nf9dObRHBQAAAAAAAIDD9eDh3dV832s+//+FCeu5//N4yvlX8i9Szr/Xyv+rrfX6jfn7bz3K/z8P767+8fa/P5+n+81/Ic9U6ZlVpWdElR6pGqTpk+zdp20M+6PxIw2rXn+Qrvmph+/E9bgRa3Fux7q99P/xqP38jvZxT4eb7XV/q/3CjvbBdnve/uKO9mG60qleyu1nYjV+Hjfi7c32cdvClP1fnNJeT2nP+fcd/0XK+Q8aX+P8l1N71ZqO3f+w96njvjmd9DhvXv/ib84d/u5MtRH97X1rGu/fix30Z/P/5KlR/PLW2s0zd67dvn3zfKTJjqUXIk0+Yzn/Yfra/vn/0lZ7/rnfPF7vfzg6cP7zYiMGu+b/UmN+vL8vz7hvXcj5j9JXzv/t1D75+D9A/r0/zWxf9mOv4/+VDvoDAAAAAAAAAAAAAAAAe6nrevMW0Tcj4lK6/6erezMBgNnKr/91kpfPqu7P+PHU6iNeV3PWn5nWn9Tz1R+1+ijWTfVkbzSLiPh7c5vxe4ZfT/pmAMA8+yQi/tV1J+iM/AuW/97feHq6684AM3Xr/Q9+eu3GjbWbt7ruCQAAAAAAAADwuPL4nyuN8Z9P13V9r7XejvFf34qVJx3/dZBntgcY3WWg6v7B92kvG71Rv9cYbvyF2G387+H23F7jfw+mPN5wSvtoSvvClPbFKe0Tb/RoyPm/0Bjv/HREnGoNv/7Y47/Omb3Gf22PeV+CnP+LjefzOP+vtNZr5l///ijn39uR/9nb7/3i7K33P3j1+nvX3l17d+1nF8+fP3fx0qXLly+ffef6jbVzW/922OPDlfPPY1+7DrQsOf+cufzLkvP/UqrlX5ac/5dTLf+y5Pzz+z35lyXnnz/7yL8sOf+XUy3/suT8v5Zq+Zcl5/9KquVflpz/11Mt/7Lk/F9NtfzLkvM/k2r5lyXnfzbV+8x/6bD7xWzk/PMZLsd/WXL++coG+Zcl538h1fIvS87/YqrlX5ac/2upln9Zcv7fSLX8y5Lzv5Rq+Zcl5//NVMu/LDn/y6mWf1ly/t9KtfzLkvP/dqrlX5ac/+upln9Zcv7fSbX8y5Lz/26q5V+WnP/3Ui3/suT830i1/Mvy6O//mzFjxkye6fonEwAAAAAAAAAAAADQNovLibveRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCnt3FyPXWd4B/Mx+eeNAYiCkTmrCxjHGOJvs+iP+oHUx4bPhqySEQj+wXe/aLPgLr10CjWpHgRIJo6KKtuGiLSDU5qbCqrigFaBcoFaVKkF7QW8QFSoXURVQQKrUVsBWM+d9352ZnZ3Z9Y7XZ875/ST78c6cmfedM++c2WfX/zkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANLv7DbOfqmVZVqvV8gs2ZdmL6vWmiU2NS157Y+cHAAAArN3PG3+/cGu64PAKbtS0zT/d9e2vLiwsLGTvG/7T0c8tLKQrJrJsdEOWNa6Lrv7g/bXmbYIns/HaUNPXQz2GH+5x/UiP60d7XD/W4/oNPa4f73H9kh2wxE1ZLd3ZtsY/N+W7NLstG21ct63DrZ6sbRiq77t026zWuM3C6IlsLjuVzWbTLdvn29Ya23/97vpYb83iWENNY22pr5CfPH48zqEW9vG2lrEW7zP60euziZ/+5PHjf33h+Ts61Z67oeX+8nnu2Fqf5yfCJflca9mGtE/iPIea5rmlw3My3DLPWuN29X+3z/OFFc5zeHGa66r9OR/Phhr//k5jP43Usg77aUu47H/uybLs8uK027dZMlY2lG1suWRo8fkZz1dk/T7qS+ml2Uj3dbpQa1mnd69gndbrzLbWddr+mojP/93hdiPLzKH5afrRE2NNz/vPFq5lnUb1R73ca6V9Dfb7tVKUNRjXxXcaD/qpjmtwW3j8j29ffg12XDsd1mB63E1rcGuvNTg0NtyYc3oSao3bLK7BXS3bDzdGqjXqc9u7r8GpC6fPTc1/7OP3zZ0+dnL25OyZPbt2Te/Zt+/AgQNTJ+ZOzU7nf1/j3i6+jdlQeg1sDfsuvgZe3bZt81Jd+OLYkuPvtb4Ox7u8Dje1bdvv1+FI+4Orrc8Lcumazl8b76nv9PErQ9kyr7HG87Nz7a/D9LibXocjTa/Dju8pHV6HIyt4Hda3ObdzZd+zjDT96TSH5d8L1rYGNzWtwfbvR9rXYL+/HynKGhwP6+J7O5d/L9gS5vvU5Gq/HxlesgbTww3Hnvol6fv98QON0mld3lm/4uax7OL87Pn7Hzt24cL5XVko6+JlTWulfb1ubHpM2ZL1OrTq9Xp47q6n7uxw+aawr8bvq/81vuxzVd9m7/3dn6vGu1vn/dly6e4slD4L+3Nhwzrtz07v5vX9OZZln//WEw9/4/HPv2HZ/VnvNz8xtfbvxVNf2nT8HV3m+Bv7/l/k46W7enJ4dCR//Q6nvTPacjxufapGGseuWmPsF6ZWdjweDX/W+3h8W5fj8ea2bft9PB5tf3DxeFzr9dOOtWl/PsfDOjk13f14XN9m8+7VrsmRrsfje0Kthf3/mtAppL6oae0st27TWCMjo+FxjcQRWtfpnpbtR0NvVh/rmd3Xtk533JPf13B6dIvWa51OtG3b73Wafva13Dqt9frp27Vpfz7Hw7q4bU/3dVrf5tm9az923hT/2XTsHOu1BkeHx+pzHk2LsHG8zxZuimvw/ux4djY7lc00rh1rrKdaY6zJB1a2BsfCn/U+Vm7usgZ3tG3b7zWY3seWW3u1kaUPvg/an8/xsC6efqD7Gqxv88b9/f3edUe4JG3T9L1r+8/XlvuZ151tu+l6rZWRMM9v7e/+s9n6NqcOrLbP7L6f7g2X3NxhP7W/fpd7Tc1k67OfNod5Pn9g+f1Un099m88dXOF6Opxl2aWPPNj4eW/4/crfXfzuV1t+79LpdzqXPvLgj1984h9XM38ABt8v8rIxf69r+s3USn7/DwAAAAyE2PcPhZro/wEAAKA0Yt8f/1d4ov8HAACA0oh9/0ioSUX6/81vfH7uF5eylMxfCOL1aTc8lG8XM67T4euJhUX1yx/88ux//8OllY09lGXZzx76g47bb34ozis3EeZ59U2tly/x1ftWNPbRRy+lcZvz618I9x8fz0qXQacI7nSWZV+/9TONcSbef6VRn33oaKM+fPmpJ+vbvHAw/zre/rmX5dv/RQj/Hj5xrOX2z4X98MNQp9/WeX/E233lymu27H/v4njxdrWttzQe9tMfyO83fk7OZ5/Mt4/7ebn5f+PTz3ylvv1jr+o8/0tDnef/TLjfL4f6v6/It29+Dupfx9t9Msw/jhdvd/+Xvtlx/lc/lW9/7s35dkdDjePvCF9ve/Pzc83767HasZbHlb0l3y6OP/3dP25cH+8v3n/7/MePXGnZH+3r49l/y+9nqm37eHkcJ/r7tvHr99O8PuP4z/zR0Zb93Gv8qw8/94r6/baPf2/bduc+srMx/uL9tX5i019+8jMdx4vzOfy351oez+F3h9dxGP/pD4T1GK7/v6v5/bV/usLRd7cef+L2X9h0qeXxRG/9aT7+1dedbNQN4zdtvPlFL77l8ivr+y7LvrMhv79e45/8q7Mt8//i7fn+iNfHjH77+MuJ45//6OSZs/MX52bSXn381sZn57w9n0+c763h2Nr+9ZGzFz44e35iemI6yybK+xF61+xLof44L5e7b72w5Ai689HwfN7551/fuP1fPx0v//f35JdfeVv+vvXqsN1nw+WbwvO3uvGXevru2xuv79qzYYYLSz8veC22bPuvAyvaMDz+9u8L4no/9/IPNvZD/brG+0Z8Xa9x/t+fye/na2G/LoRPZt56++J4zdvHz0a48kj+el/z/guHufi8/k14vt/xw/z+47zi4/1++D7mm5tbj3dxfXzt0lD7/Tc+xeNyOJ5kl/Pr41Zxf1954faO04ufQ5JdvqPx9Z+k+7ljVQ9zOfMfm586NXfm4mNTF2bnL0zNf+zjR06fvXjmwpHGZ3ke+VCv2y8enzY2jk8zs/v2Zo2j1dm8XGc3ev7nHj0+s396+8zsiWMXT1x49Nzs+ZPH5+ePz87Mbz924sTsR3vdfm7m0K7dB/fs3z15cm7m0IGDB/ccnJw7c7Y+jXxSPeyb/vDkmfNHGjeZP7T34K4HHtg7PXn67Mzsof3T05MXe92+8d40Wb/170+enz117MLc6dnJ+bmPzx7adXDfvt09Pw3w9LkT8xNT5y+embo4P3t+Kn8sExcaF9ff+3rdnnKa/4/8+9l2tfyD+LJ33bsvfT5r3ZefWPau8k3aPkD0+fBZNP/8knMHVvJ17PtHQ00q0v8DAABAFcS+fyzURP8PAAAApRH7/g2hJvp/AAAAKI3Y94+HmlSk/y9d/n/zpRWNL/8v/9+8v+T/K5b/f6Ro+f/8eCH/3x9rzd/L/wfy//L/8v8Dk/9fCG9I8v8UUdHy/7HvvynLKtn/AwAAQBXEvn9jqIn+HwAAAEoj9v03h5ro/wEAAKA0Yt//olCTivT/8v/y//L/8v/y/53Hl/8fTPL/3cn/9yD/P5VVK/9/uZ/zd/5/+X+WKlr+P/b9Lw41qUj/DwAAAFUQ+/5bQk30/wAAAFAase+/NdRE/w8AAAClEfv+TaEmFen/5f/l/+X/5f/l/zuPL/8/mOT/u5P/70H+3/n/5f/l/+mrouX/Y9//klCTivT/AAAAUAWx739pqIn+HwAAAIpn5NpuFvv+l4WaLOn/r3EAAAAA4IaLff9tWVsQvCK//5f/l/8vfv5/Q7pO/l/+Pytk/n84k/8vDvn/7uT/e5D/l/+X/5f/p6+Klv9v9P3ZePbyUJOK9P8AAABQBbHvvz3URP8PAAAApRH7/l8KNdH/AwAAQGnEvn9zqElF+n/5f/n/G53/H22bu/P/L95O/j9X/Py/8/8Xifx/d/L/Pcj/y//L/8v/01dFy//Hvv+OUJOK9P8AAABQBbHvvzPURP8PAAAApRH7/l8ONdH/AwAAQGnEvn9LqElF+n/5/4Ln/2NytMT5/97n/5f/l/+X/5f/Xzn5/+7k/3uQ/5f/l/+X/6evipb/j33/K0JNKtL/AwAAQBXEvv+uUBP9PwAAAJRG7PtfGWqi/wcAAIDSiH3/RKhJRfp/+f+C5//zHPxYmc//L/8v/y//L//fT/L/3cn/9xAOcz/Kskz+X/5f/l/+n7UrWv4/9v13h5pUpP8HAACAKoh9/9ZQE/0/AAAAlEbs++8JNdH/AwAAQGnEvn9bqElF+n/5/4HI/2fy//L/8v/y//L/KyP/3538fw/O/y//L/8v/09fFS3/H/v+V4WaVKT/BwAAgCqIff/2UBP9PwAAAJRG7PtfHWqi/wcAAIDSiH3/jlCTivT/8v/y//L/8v/y/53Hl/8fTPL/3cn/9yD/L/8v/y//T18VLf8f+/7XhJpUpP8HAACAKoh9/85QE/0/AAAAlEbs++8NNdH/AwAAQGnEvn8y1KQi/b/8v/y//L/8v/x/5/Hl/weT/H938v89yP/L/8v/y//TV0XL/8e+/75Qk4r0/wAAAFAFse+/P9RE/w8AAAClEfv+qVAT/T8AAACURuz7p0NNKtL/y//L/8v/y/+vKv//ysX7lf/Pyf8Xi/x/d/L/Pcj/y//f8Pz/qPw/pVK0/H/s+3eFmqTGb+waHiUAAABQJLHv3x1qUpHf/wMAAEAVxL5/T6iJ/h8AAABKI/b9e0NNKtL/y//L/8v/y/87/3/n8eX/B5P8f3f9z//Hhyj/L/8v/+/8//L/LFW0/H/s+x8INalI/w8AAABVEPv+faEm+n8AAAAojdj37w810f8DAABAacS+/0CoSUX6f/l/+X/5f/l/+f/O48v/Dyb5/+6c/7+H4uX/X9d88/XM/9fHkv+X/5f/Z/Ue+cPmr4qW/499/8FQk4r0/wAAAFAFse9/baiJ/h8AAABKI/b9vxJq0r3/33B9ZwUAAAD0U+z7fzXUpCK//5f/l/+X/5f/l//vPL78/2CS/+9O/r+H4uX/Wzj/f7HnL/8v/89SRcv/x77/UKhJRfp/AAAAqILY9/9aqIn+HwAAAEoj9v2vCzXR/wMAAEBpxL7/cKhBpzh3Kcn/y/8PZv5/XP5f/r90+f+xeL/y/2si/9+d/H8P8v/y//L/8v/0VdHy/7Hvf32oid//AwAAQGnEvv/BUBP9PwAAAJRG7PvfEGqi/wcAAIDSiH3/G0NNKtL/y//L/w9m/t/5/zP5/9Ll/53/vz/k/7uT/+9B/l/+X/5f/p++Klr+P/b9bwo1qUj/DwAAAFUQ+/43h5ro/wEAAKA0Yt//llAT/T8AAACURuz73xpqUpH+X/5f/v9G5v9zl+X/5f8b5P/l//tB/r87+f8e5P/l/+X/5f/pq6Ll/2Pf/+uhJhXp/wEAAKAKYt//UKiJ/h8AAABKI/b9bws10f8DAABAacS+/+2hJhXp/+X/5f+d/1/+X/6/8/jy/4NJ/r+7Acv///yWcLn8f07+v9jzX23+f6Tt6+uS///Bcvn/hQ3tt5f/53ooWv4/9v3vCDWpSP8PAAAAVRD7/neGmuj/AQAAoDRi3/+uUJOm/r+v//EOAAAAWHex7/+NUJOK/P5f/r8+j8X0svy//H/jAvl/+X/5/4El/9/dgOX/nf+/jfx/sefv/P/y/yxVtPx/7PvfHWpSkf4fAAAAqiD2/Q+Hmuj/AQAAoDRi3/9IqIn+HwAAAEoj9v3vCTWpSP8v/+/8//L/8v/y/53Hl/8fTPL/3cn/9yD/L/9ftPz/f8r/M9iKlv+Pff+joSYV6f8BAACgCmLf/95QE/0/AAAAlEbs+38z1ET/DwAAAKUR+/73hZpUpP+X/x+U/P/EgOb/n5D/v475/7tuybeT/5f/Z5H8f3fy/z3I/8v/Fy3/7/z/DLii5f9j3//+UJOV9//jK94SAAAAuI5Glr0m9v2/FWpSkd//AwAAQBXEvv+3Q030/wAAAFAase//nVCTivT/8v+Dkv93/v9M/t/5/9sej/y//H8n65f/j0ce+X/5/2Ll/zet6gG3utH5+bW60fOvbv4/f2eU/6eTouX/Y9//u6EmFen/AQAAoApi3/+BUBP9PwAAAAyETv8nu13s+4+Emuj/AQAAoDRi33801KQi/b/8v/y//H9B8/9/tvVfvvftdx7dJf8v/y//vyrrev7/+ovf+f/l/wuW/1+LG52fX6/515Y5NZj8v/P/039Fy//Hvv9YqElF+n8AAACogtj3/16oif4fAAAASiP2/cdDTfT/AAAAUBqx758JNalI/y//L/8v/1/Q/P8An/8/7g/5/1Z9y//Hg678f0frmv9/72JOXP5/tfn/sY6Xyv/L/w/y/OX/5f9Zqmj5/9j3z4aaVKT/BwAAgCoIff/QibwuXqH/BwAAgNKIff/JUBP9PwAAAJRG7Ps/GGpSkf5f/l/+X/5f/t/5/zuP3y3/Xxtx/v+ikv/vrjj5/87k/+X/B3n+8v/y/yxVtPx/7PvnQk0q0v8DAABAFcS+/0OhJvp/AAAAKI3Y93841ET/DwAAAKUR+/5ToSYV6f/l/+X/5f/l/+X/O49f2PP/y/93Jf/fnfx/D/L/8v/y//L//8/enXxZWtd3HL8FDV19yCK7LLLJOVnmT2AR1sk+WWSTRXJOTs4JRFFxpnEeUVScFcVZwQEEERXnCZxQnEFFxXnECVFPe6j6fr9dw1P3VlXf6vs8v9/rteCbrlB9r31a6E9Xv31YqrH1/7n7/y9u6WT/AwAAQA9y918ct9j/AAAA0Izc/ZfELfY/AAAANCN3///HLZ3sf/2//r/Z/v+f9f97vb7+X//fMv3/fPr/BfT/+n/9v/6fpRpb/5+7/2FxSyf7HwAAAHqQu//hcYv9DwAAAM3I3X9p3GL/AwAAQDNy9z8ibulk/+/o/9dmffb/mfHq/1vq/z3/f8/X1/+fQf9/rv5/7M5u/3/FQ//k0//r//X/Qf+/r/7/+F6fr/+nRWPr/3P3PzJu6WT/AwAAQA9y9z8qbrH/AQAAoBm5+y+LW+x/AAAAaEbu/kfHLZ3s/+U9///Exscn2v8X/b/+f+MD+n/9/179/7HT39b/j5Pn/8/XU/9/6V0XXHz/zX9/y0FeX/+v//f8f/0/yzW2/j93/2Pilk72PwAAAPQgd/9j4xb7HwAAAJqRu/9xcYv9DwAAAM3I3f/4uKWT/b+8/n/Sz/8v+n/9/8YH9P/6/736/3/z/P+x0//P11P/f5jX1//r//X/+n+Wa9X9f37H+e3c/U+IWzrZ/wAAANCD3P1PjFvsfwAAAGhG7v7L4xb7HwAAAJqRu/9k3NLJ/tf/H33//xf9v/4/rv5f/6//P3r6//n0/wvo//X/+n/9P0u16v5/57dz918Rt3Sy/wEAAKAHufufFLfY/wAAANCM3P1PjlvsfwAAAGhG7v6nxC2d7H/9v+f/6//1//r/4dfX/0+T/n8+/f8C+v8z7efP0/9PsP+PX0jp/zkKB+z/H5zzj+2l9P+5+58at3Sy/wEAAKAHufufFrfY/wAAANCM3P1Pj1vsfwAAAGhG7v5nxC2d7H/9v/5f/6//P3T/v/un3gb9/zD9/9mh/59vNP3/2rHBD+v/J9//e/7/FPv/oP/nKIzt+f+5+58Zt3Sy/wEAAKAHufufFbfM2f8H/s18AAAAYKVy9z87bvH1fwAAAJi8rM5y9z8nbulk/+v/9f/6f/2/5/8Pv/68/v+WLe9P/z8u+v/5RtP/70H/r/+f8vvX/+v/2W1s/X/u/ufGLZ3sfwAAAOhB7v4r4xb7HwAAAJqRu/95cYv9DwAAAM3I3f/8uKWT/T/c/5/+/+v/90f/v/396/+Hf34sq//P71H/P7f/v8jz//uk/5/v7Pf/x/X/279//f8RWvX7b7z/P7Ho8/X/DBlb/5+7/6q4pZP9DwAAAD3I3f+CuMX+BwAAgGbk7n9h3GL/AwAAQDNy978obulk/6/4+f9XnL/X+9L/b9D/6/89/3+cz/+fnfX+/5j+f5/0//N5/v8C+n/9v/7f8/9ZqrH1/7n7r45bOtn/AAAA0IOrH5ht7P4Xz2b2PwAAAEzR1j87sPMPlIbc/S+JW+x/AAAAaEbu/pfGLZ3s/xX3/0f1/P/zFr22/l//v/XHS/+v/x96/XH1/57/v1/6//n0/wvo/4+inz/WWP9/zV6fP4b+/3L9PyOzrf+/7fTHV9X/5+5/WdzSyf4HAACAHuTuf3ncYv8DAABAM3L3vyJusf8BAACgGbn7Xxm3dLL/j7z/P7H3ax9h/7+Q/l//v/XHS/+v/x96ff3/NOn/59P/L6D/9/x/z//X/7NU2/r/LVbV/+fuf1Xc0sn+BwAAgB7k7n913GL/AwAAQDNy918Tt9j/AAAA0Izc/a+JWzrZ/40+/38h/b/+f+uPl/5f/z/0+vr/adL/z6f/X0D/r//X/y/u/3f+izro/xkytv4/d/9r45ZO9j8AAAD0IHf/tXGL/Q8AAADNyN3/urjF/gcAAIBm5O5/fdzSyf7X/x9t/58f1//r/2cH6f/jE/T/m/T/+v+DmFr/v/O/P4fu19eG/k202x79/x3/c/Jft39E/6//1//r/z3/nyUYRf9/6vSvLnP3vyFu6WT/AwAAQA9y978xbrH/AQAAoBm5+98Ut9j/AAAA0Izc/W+OWw64//92qe/q7NH/e/6//n+E/X/Q/2/S/+v/D2Jq/f9Onv+v/9f/T/f96//1/+w2iv5/y7dz978lbvH1fwAAAGhG7v63xi32PwAAADQjd//b4hb7HwAAAJqRu/+6uKWT/a//1//r//X/+v/h1z9s/78+G6b/Pzv0//Pp/xfQ/+v/9f/6f5ZqbP1/7v7r45ZO9j8AAAD0IHf/2+MW+x8AAACakbv/HXGL/Q8AAABTkunYoNz974xbOtn/+n/9v/5f/6//H359z/+fpon2//WPwan2/+dOqf+/Yc4bGOr/Tx3X/+v/9f/6fw5pbP1/7v53xS2d7H8AAADoQe7+G+IW+x8AAACakbv/xrjF/gcAAIBm5O5/d9zSyf7X/+v/9f/6f/3/8Ovr/6dpov1/mWr/7/n/+v+Z/l//r/9nwNj6/9z9N8Utnex/AAAA6EHu/pvjFvsfAAAAmpG7/z1xi/0PAAAAzcjdf0vc0sn+1//r//X/+n/9//Dr6/+n6ej6/9nq+v/7zjnod7Mn/f8C+n/9v/5f/89Sja3/z93/3rilk/0PAAAAPcjdf2vcYv8DAABAM3L3vy9usf8BAACgGbn73x+3dLL/9f/6/2n2/1etD71//b/+f6b/757n/8+n/19A/6//1//r/1mqsfX/ufs/ELd0sv8BAACgB7n7b4tb7H8AAABoRu7+D8Yt9j8AAAA0I3f/h+KWTva//l//v73/n82m0f97/v9M/99C/78+0/8vnf5/vv31/xfp//X/bfX/58wa6v9P7Pn5+n/GaGz9f+7+D8ctnex/AAAA6EHu/o/ELfY/AAAANGDzz87k7v9o3GL/AwAAwJgdO8jfnLv/Y3FLJ/t/+v3/8R2fqP+fzWZ3X9b88//1/zP9fwv9f/2o6v+XR/8/n+f/L6D/b7P/9/x//T8rM7b+P3f/x+OWTvY/AAAA9CB3/yfiFvsfAAAAmpG7/5Nxi/0PAAAAzcjd/6m4pZP9P/3+f+cn6v9nZ/T8f/3/xgf0//p//f9k6f/n0/8voP9f2M+v7fHrnpn+X/+v/2fA2Pr/3P2fjls62f8AAADQg9z9t8ct9j8AAAA0I3f/HXGL/Q8AAADNyN3/mbilk/2v/9f/6/+n2f+v6//1//r/QWPp/y+88F/u1P/r/1vs/+fR/+v/9f/sNLb+P3f/Z+OWTvY/AAAA9CB3/+fiFvsfAAAAmpG7//Nxi/0PAAAAzcjd/4W4pZP9v7v/P2+2WahuGur/o1HT/2+h/9/+/vX/wz8/PP9f/6//P3pj6f89//9w71//r/+f8vs/UP//D7s/X/9Pi8bW/+fuvzNu6WT/AwAAQA9y938xbrH/AQAAoBm5+78Ut9j/AAAA0Izc/XfFLZ3sf8//1//r//X/+v/h19f/T5P+fz79/wL6f/2/5/9f8l/n6v9ZnrH1/7n7vxy3bAy/f/ybQ/7HBAAAAEYkd/9X4pZOvv4PAAAAPcjd/9W4xf4HAACAZuTu/1rc0sn+1//r//X/+n/9//Dr6/+nSf8/n/5/gX76//WhD666nz9Tq37/zfT/nv/PEo2t/8/d//W4pZP9DwAAAD3I3f+NuMX+BwAAgGbk7v9m3GL/AwAAQDNy998dt3Sy//X/+v/2+///1P/veH39v/6/Zfr//Df6MP3/Av30/4NW3c9P/f3r//X/7Da2/j93/z1xSyf7HwAAAHqQu/9bcYv9DwAAAM3I3f/tuMX+BwAAgGbk7v9O3NLJ/tf/99X/r8167P89/1//r//vyXT6/2uPDX3U8//1//r/6b5//b/+n93G1v/n7r937ViX+x8AAACm6t//6X/v2e/fe+/GX9dn341b7H8AAABoRu7+78Ut9j8AAAA0I3f/9+OWTva//r+v/r/P5//r//X/+v+eTKf/H6b/1//r/6f7/vX/+n92G1v/n7v/vrhly/Ab/B/oAQAAACYjd/8P4pZOvv4PAAAAPcjd/8O4Zdf+P7XPP9UOAAAAjE3u/h/FLZ18/V//P/L+f3ZE/X/8ffr/Tfp//f/Q6+v/p6m1/v/4bFT9/6k1/b/+fw79v/5f/89OY+v/c/ffetOsy/0PAAAAjdr2Owo/3vjr+uwncYv9DwAAAM3I3f/TuMX+BwAAgGbk7v9Z3NLJ/tf/j7z/P9Tz/0/U/+X5/533/1euD76+/l//37LW+n/P/9/8uP5/k/5/3O9f/6//Z7cD9P8bg/So+//c/T+PWzrZ/wAAANCD3P2/iFvsfwAAAGhG7v5fxi32PwAAADQjd/+v4pZO9r/+fwX9/1XHZ7Mj7f/38fx//X8f/f8er99O//93F5y8/T/++8br9f+cdjb7//y5oP/X/6+g/78ufv7p/0f0/vX/+n92G9vz/3P3/zpu6WT/AwAAQA9y998ft9j/AAAA0Izc/b+JW+x/AAAAaEbu/t/GLZ3sf/1/i8//n2b/nz/WK+j/T06v/8+muPf+3/P/9f+7ef7/fPr/BabT/2982/P/x/X+9f/6f3YbW/+fu/93cUsn+x8AAAB6kLv/93FL7v+1A//WPQAAADAyufv/ELf4+j8AAAA0I3f/A3FLJ/tf/6//H0v/nzz///Tnef7/Jv2//v8g9P/z6f8X0P/r//X/+n+Wamz9f+7+P8Ytnex/AAAA6EHu/gfjFvsfAAAAmpG7/09xi/0PAAAAzcjd/+e4pZP9r//X/+v/9f/6/+HX1/9Pk/5/Pv3/Q87f+w3o//X/+n/9P0s1tv4/d/9fAwAA//+9M2Fu")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000200)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

53.55114212s ago: executing program 2 (id=611):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400b59500000000009b44082d"], 0x40}}, 0x0)

53.234731077s ago: executing program 2 (id=612):
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f00000001c0)={[{@acl}, {@direct_io}, {@wide_macs}, {@fsck}, {@errors_ro}, {@norecovery}, {@journal_transaction_names}, {@reconstruct_alloc}, {@no_data_io}]}, 0x1, 0x5919, &(0x7f0000000500)="$eJzs3W2QXFXdIPBzu3synZm8TAJIBJkMgSiCmglvhS+l0fWtAKlYWErYKAxkgtEkpJIgEFCCCy4UYKGlpagf0EJq0WhRBatESuRlE1ZRitWltpBa3UU/+BTykBLIQ1k+zlMzfU9Pz52+c3t6ekICv18lc/ucPv0/5557+vY9p3umAwAAAK8Je6/ftv+coz7wqy8Ov3TNh3+26drQWx7Lr8YCfen2ileqhRxI3ZUlY9vsuHjTVT/488DF7/vl3T3ff3nPumPX//79h118/2fO3H3btx96cf69/3ymKG4cTyeOp5PnkhCqP9/39S/teezI0bwkhFBO+naGsChZ/NCiJBNi8O8hhHVpYm7mznteOmX96Pbam7on5C/MlDPeX9uq6Tjbsf/yk8If3rvmut8s/fGPunY9u3O8SFJtGE8hLLiw8fFd6diL4y+OtiXxwel2dQihp+FxZxS067gW278iJ310up2TbnsL4sT7l2XSpUy5bDrqymx7Cuqbqbx2tFuuyLxMOnsymqm8dsb8Ren2p+n2xGnGL8f/SSgloVJv/sZkfIyEhuOWhGRsDFTr6VL92IZ0/zPpJJMuZdLlrsx+jdWbDrRykkzMj+Uy+fF0XEnzj208Vzdxbk7+69NtNX2ivhzTIXujpnfSjfp+jYnt2jdFWw6EUsM5qFl+/cCnB+OqNK83WTzpMSNNxPv2rLl5eXntw3v7ctqR3F2rqXdsJE0//o5fL5r3qR/eeNmSvPgXltL489qK/8ezHn/+/Bu/963c+LfG+OW24p/8QM9zZz1y/bLc/tkX+6fSVvyhZx69ZenhF+3Kbf/tMX61rfirdj/ePX//Aw/mtn8w9s/ctuI//c4P/umuJ+97Njd+iPF72oq/dveWL3f37z8hN/6DsX962xs/L+w6/an+/r8M5MV/Isaf31b8O3fe9o47Ft50Zu7xXR37p6+t+Gcff/918/bfd0zeuTO5vVOvnACvTYeFEEZfI25I0+3OM2eqPH7zmwOV2jXfvPT//E5WlLn4HK1nQSfjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAI4YiT/ueH/v/H+56rpOnu9MbTpdo25s8JIZkbQti2fWjr9g2bLxn4zKWXbd08tHFgaPvA8ObtW68cOPUtA1uHt2wcunL03sG3nlJ73OKQ1LbJMZPq7h4ZGSn1TcyL9f2n43f9YfkZ//LXEAaP+F1/Jbf9K27bdMfhTX5mJKtG3rPpsnN+d9p30/3qS9vV16RdIyMjIyGnXf963j/u+Oq+P58QwuDrpmrXo0+/+xcTGjSWMR4nVeoOtQZ1Jz1N21Fvddqe2F+V9Rs2Dg9O3b+jjy/n7Md/vurZv6+/4iv/qPVvNXc/WuzfuatGNpa+sebsf//G1bWMona9Use9qL/jXsT2xf6rpv29IN2vBTn7VcnZr+t/8+CTPz/qxhd3hsHKC0sn1120X13pAOhKXt9SvbGGnmTRhPxqWj4e8fi4Fds3bVmx7codb92waeiS4UuGN7995akrTx887fTTVozt+YoO73+s/40t7v+BGU8LP7fzp/Fna+OpqF1F/THaruL+aGxR3vOv59wvfe3ttz1yTi2jaJzH0vXzSbrtGT3OK0PDeJvcV832q6gfQggDzfrh+RfPDEf+nw3XFZ2HGo9M48+MZNXIY8v+9t0zvrPkXbWMA3Keb2xQm+f5eqvH2zPWX9X0eIwcpP3bHcrpfvU2bdfKxx7punnvXz9fb9+cOeGKoe3bt66s/ZyXtnRecnTTdmVz434tHftZDmm3hPowbTJeR3WFWvuy589YPNurvel9vcnipvuVFe/bs+bm5eW1D+/N6+nk7lqNc8P82jZ5Q07JjZkHlusNblb/wfr8Kxof/R/6zr0fv/cnp04aHyfXfhbtV5KzXz9+8s6vff8r//UnnduvD7378b6//d9PL69lHCrnlXqr0/YkjeeVk0Moev4tDc33I/f5V2q+P0XPv2w94+WbxxvIpHtDua3n68kP9Dx31iPXL8t9vu5r9fl69YRUueD5erCMn+zzK6lMbMfsPb8mDJRk1cgvbzhs50PXrD6qllE0ruulm43rU1qYf+Ts1y/Of6r/0oH/8r87d974wVvuueD3Q6u+UMto/7jHtnTmuFfT/q3m9G+91XHe2di/b7v40o3ravkH7/Vvui2Y/8RTybYrd3x2aOPG4a3bWtuvVl9PYz3ZXm739TSe3RYX7Fdp0n7N3o1W+qvV51ts/7q2+2vi8603JG29Luz49aJ5n/rhjZf1TXpUWtGFpTR+qa34fzzr8efPv/F738qNf2uMX2kr/tAzj96y9PCLduXGvz1J41fbir9q9+Pd8/c/8GBu/MHY/rltxX/6nR/8011P3vdsbvwQ4/e21/8v7Dr9qf7+v+TGfyJJ6xm9RgrhnpdOWV9LJ6Erfb7FdnRNaFfIppNMupRJlxvTpdpaa72CcpJMzI/l0vxjG9rSzCdy8uNVWHVJbftyTIfsjanzDzalhnN/s/yi61QAgFe7+P5/vAaN7/8PpxdK+SsNvLYlE4bGTOdhS/JqSedh4+s5cybcvySNHx8f1wH73xYGR7fXDtQu9Kf7PkJ8PmTXOWM9Jxw3MUa765xF6+/LMunYrtp6eaVhHpqaPK+phBbW3yfXM/X6e2b3i9fHB26Y1KyBhnWr7PHrSlfMmn3eIdPeymiEvPGRXReLn+foXxBWj9XX4vjIfo4mHofxz9GUJ6xfHZU5cbb7OZqZjo/Y7CnGx1iTi9/fmHz8whT9O378mkfLHr9pHO/qaPnZfn+2A+uGTU9pB27dcHbfD7MumRM/fYId7OuGMT/uR6XF9cSP5+R3aj0xni5iu/ZN0ZYDwXoi8GoV5//xNWJ0/j96Af5vmXJF16HZq8YYL/dzQuXm7Smad0z+nF5PW6/ja3dv+XJ3//4Tcq9zHmz1cz9bJqR6Cj73U9SPyzPpwn7MWaApmu9l6ynq9+znMnrD/Lb6/c6dt73jjoU3nZnb76trL6TF/f61Can5Bf1+CMwXmsc3X3hNzBdme/3sFZuPpB98mq35yMdy8qc7H+mZdKO+X2MOuflI14FtFwBw6Ijz//r7Z+n8///FAul1RNG89cRMOsbLnbfmXJ/kzVs/km6vyJTvTX+jYrrXzWcff/918/bfd0zuvOX2Vueh/21Cqq9wHjqzeXPuPGJ1Zz4vnjuPqM+zZjZPzG1/fZ44s3l6bvz6PH1m8+jc/qnPo2e2DpAbv74OcKjPcwvW6zKVxWSr63Wv2nl0+uuzszWPPjcnf7rz6N5JN+r7NcY8GgDglRXn//EyLs7/H8mUm+n77Lnzgg5dt2f/Hkg9/hMHal452/O+2Z63zva8frbXJQ71efFsrwvN7jrZa35enFZqXgwAwMEszv/npun8+f/M5ifN5m9dE+Yn5udN45ufHyTz80N9/cv83/vixcz/AQBe3eL8P/7aY/z7f/8jTWf/br15ek5883Tz9KnGT8vz9M6vswWfA3hl1wHmjpe3DgAAwCuha2ymNPn37D+ZbrO/Z5/3e/nn55RvVSW9PL5o+9bh4Qsu27JuaPvwBZsvXTe87YLLt27Yvn14c63cTOeNufOWdN7YFSppfzQvl523LUz/HsLCnL+HkC0fwx49dmPy30PIVju34O8IjB+/1tqbPX7xz9WWpijfbHzkHe+88fGJnPJR/fhf/OmTL1i/7YINmzds3zC0ccOO4YnlRmetPdP43szYLdP6vtTMj0lK0//+zs60ozSpHV1pf+R9P3uSaceitCWL8r7/IKfdv/pfX/3c8SP/uCuEwSPKb5hR/yWrRv77ecMf2b73d1tG21+asv31kmm7ir6vNFs+7k9l46Xbtp+0/tLLNme/UbI9cT2jVE/P0npG+vQvt7g+sTYnf7qfUyhPunFwanl9AgCACeL7//F6Nr5/+JX0Airmtz5Pn9n7x7nz9MHW5unZ7yUrmqdny8f9bXWeXp3hPD1bf948ujRF+Wbz9Lx5d178j+WUn67Wx8nMPueRO04ubG2cZL/PoGicZMtPd5wkMxwn2fqLxkmz8s3GSd5xz4v/0ZzyeVofDzP7XE7ueLi1tfHw5ky6aDxky093PJRmOB6y9ReNh2blm42HvOObF/+cnPKtmjg+RgfG2LgYvuDyS7d+tqHcbH//xczbN7vf/9Gu1ts/u5/7mv32z+7nyma//TP7XFlu+5+Y2UpY6+2f3e93adcBW69NP2xW9PmzonXcNTn5013HnTPpxsHJOi68cuL8P77dE+f/N6XbTr8NdOh/T5rvMWsav0PfY1Z0HeP1fIrKDgJezwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa011ZMrbde/22/ecc9YFffXH4pWs+/LNN177pqh/8eeDi9/3y7p7vv7xn3bHrf//+wy6+/zNn7r7t2w+9OP/efz5TGLhv7GflxDRZDSF5Lgmh+vN9X//SnseOHM1LQgjlpG9nCIuSxQ8tSjIRBv8eQlhXb+fEO+956ZT1o9trb+qekL8wEyS7X6G3HNvT2M4QrijcIw5B1XSc7dh/+UnhD+9dc91vlv74R127nt05XiSpNoynEBZc2Pj4rhDC3PT/qDjalsQHp9vVIYSehsedUdCu41ps/4qc9NHpdk667S2IE+9flkmXMuWy6agrs+0pqG+m8trRbrki8zLp7MlopvLaGfMXpdufptsTpxm/HP8noZSESr35G5PxMRIajlsSkrFjWa2nS/VjG9L9z6STTLqUSZe7Mvs1Vm860MpJMjE/lsvkx9NxJc0/tvFc3cS5OfmvT7fV9In6ckyH7I2a3kk36vs1JrZr3xRtORBKDeegZvn1A58ejN40rzdZPOkxI03E+/asuXl5ee3De/ty2pHcnaTxk7bi7/j1onmf+uGNly3Ji39hKY1faiv+H896/Pnzb/zet3Lj3xrjl9uKf/IDPc+d9cj1y3L7Z1/sn0pb8YeeefSWpYdftCu3/bfH+NW24q/a/Xj3/P0PPJjb/sHYP3Pbiv/0Oz/4p7uevO/Z3Pghxu9pK/7a3Vu+3N2//4Tc+A/G/ultb/y8sOv0p/r7/zKQF/+JGH9+W/Hv3HnbO+5YeNOZucd3deyfvrbin338/dfN23/fMXnnzuT2Tr1yArw2HZZeY92QptudZ85Uw3zhmwOV2jXfvPT//E5WlDFaz4JZjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKvTb68+9ZPnveejaypJCElOmZEm4n3lOatWDbRR79Azj96y9PCLdjXmLWkjDgAAAFAszsNL9ZxqWBIuT+aGo5uWj2sER8dUMjE/CaHSWD7Gya4RtBAnNItT6lCccofiVDoUp6tDceZ0KE53h+JUC+JUQ2tx5k4RpzI6KlpsT8+U7Wk9Tm+H4szrUJz5HYqzoENxFnYoTt+UcVofh4s6FGdxh+Ic1qE4h3cozhEdivO6DsU5skNxsmvK0x2H89OSR+XFGbtRLoxTScr1O5qtpx+Z1nPMDOvpLahnftHrcYv1zG2xnuMyjytNs55qi/W8cYb1JC3W8+YZ1lMqqCeO2yuy7Yv1xFSL4//KDsXZ0aE4V3UoztUdivP5DsX5QofiXDPDOACtivP/8fleX+iuvCv0pGec7CpAnO8uHfs5+fUu74QU470hkz+nKF52op6Jt3S67csuIGTiLcvkd02IV6nPR6aIV22MtzxzZ+H+ZhcUMu07MZPfXRQvu7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALPot1ef+snz3vPRNSEJo/+aGmki3lees2rVQBv17llz8/Ly2of3NuZ1V9oIBAAAABSK8/Cuek41dFdWhu5kzoRy1XQdoJqmy321bf+CsHp0mwyUxtI9yaIpH1dJH7di+6YtK7ZdueOtGzYNXTJ8yfDmt688deXpg6edftqK9Rs2Dg/WfobQXRAvhDC2/LDtyh2fHdq4cXjrtlpmtv1L0sctSdNJ+rj+t4XB0e21afsXF9RXmlTf7N0oPnoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/wa7dhch51X8AP8/M7Mx02/yzf/o2Dc1myEuJWjSJW0m1dB8QLLRJyFKQ2epagk2wuGlCm5RYxzZgWxMUoSUQIrkwEoutxZu+2CL2hUCkRgNuDNIW7YVeKK1W0pILSRnJ7pzZmdmZzDqWpo2fz8U8M+f8zvk9Zy4Wvs8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8sKaqIxOV0bHxwSSEpEtNrYM4l82nabmPvl9+fvv3C8OnVzaPFXJ9bAQAAAD0FHP4QGOkGAq5bMiGq6Y/LQ1NE2E29wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP97pqojE5XRsfGLkxCSLjW1DuJcNp+m5T76vvHOk595dXj4r81jpT72AQAAAHqLOTzTGCmGUlgWBpKrWuris4FFbevb6+I+i+dZ1/7soFvdsnnWXTPPuo/1qNtQv+4KAAAA8NEX83+uMTIUCrkFXfN/r1wf65a01WXr135+KwAAAAD8d2L+LzRGSqGQK8W8nuxuq++W95e21cW83+v/9nH9ii7re/0/f3396v/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDRMVUdmaiMjo1nkxCSLjW1DuJcNp+m5T76rnlh8O+3HHloafNYIdfHRgAAAEBPMYfPRu9iKOQGw0C4eDr3D9908OkvPv3sSAhhJubn82HXph077l4z8xrrVh87MvC9o299a07d6pnX83ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfTNVHZmojI6NX5SEkHSpqXUQ57L5NC330ff1z33hz4+ffO7N5rFSH/sAAAAAvcUcPpv9i6EU8iEfrpj+1Jz1z8q0re/2zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4cNzzjfu+vmlycvPd3njjjTeNN+f7LxMAAPB+WxKSUPsPXbnxfN81AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwYTBVHZmojI6NF5MQki41tQ7iXDafpuU++qbPHy8sOP3CS81jpT72AQAAAHqLOXw2+xdDKQyEgXD59KdOzwSm8//QB3iTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIfKVHVkojI6Nr4gCSHpUlPrIM5l82la7qPvY7sPfPbwwu/e3DxWyPWxEQAAANBTzOH5xkgxFHIfD4Vwdf3zZOuCJFu/dn4uMLtue8uywXmvq7asy8573Z62k+Xqp5lZV4z7Dc1cG+vKc9eVm9aVQqN9uWVd2NeyakGP+wwAAABwHsX8X2iMDIVCrtCUc3/SUj8k5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXUxVRyYqo2PjSRJC0qWm1kGcy+bTtNxH3/t+8/+XfOWne3c2j5X62AcAAADoLebw2exfDKWwOPxfWDyd+8NQa32s+0flzOFH//mXlSGsuuLEcK592x/GN796/cYX219CyLRWZ0JYWO+XdOn36989eu/y2pnHQ1h1efbqOf3Cufu1bpnWnqlsXr/j6IntPb4cAAAAuEDE/D/QGBkKhdxdXfN/TN498n/DdABfeO/un19Wf60n8rYVmaF6v0yXfp9f/uSfVqz921tn8/+5+n3qwNbDl7U0nBlpk6S10a07N5y47lAmnnqmf7atf/xevvTNN/+1ZdcjZ2b6F0OxPr4o16n/3Nc2F6W1ycz+8XXv7a+29s91Of9Dv33p5C8X7X33bP93lgw2+l9zjvOfu//grQ/vu/7AkQ2t/UMI5U7933735nDlH+58sP38g20bN3/zza9tkrR2bOmpQ2sPlm5o7Z+09Y/f/89OPrbvx49859nYP/5WZOWy+fbPtPV/Zc+lu19+YOOi1v6ZLud/8bZXh7eVv/379vPf0bJrrutdzD3/E9c+dftrm9L726cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLFPVkYnK6Nh4Jgkh6VJT6yDOZfNpWu6j7xu3HH/7tr0/+kHzWKmPfQAAAIDeYg6fzf7FUAr5kA+D07n/mcrm9TuOntgehmZmk/o1N7ntnh2f2LJt5113nKc7BwAAAOYr5v9cY2QoFHLLw0A9/49u3bnhxHWHMjH/Z2L+33Ln5OZVoVH3yp5Ld7/8wMZFjecEIUz/LKB4tu7Ts3U33Xh86NQfv7aiY92a2bpjS08dWnuwdEOsC811q0Pj+cQT1z51+2ub0vsb99dc98mvbpusP56I+w7e+vC+6w8c2dA4R/06WN831k1m9o+ve29/NdZl69di/dwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFxT1ZGJyujYeMiGkHSpqXUQ57L5NC330Xfd8l88eMnp5xY3jxVyfWwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9mBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCvv1FyJVFccB/JyZ3Xbc2dVdDbKidbWisIekIKJeKipCI4SeDAlL8yEKgojCHlpDI7GilyDrRaKCaguhIDdJtFijf9JLDxUUWA+BSAvlID1U7My54+x1bmN3Lag+H7icPefe+72/e8+ZOzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAv8pA39Jme2j7g43bzrvpk8fvOf7YLe/dv/WSR1//YXzjDR/vGXzlxPSm5Zu/vnHJxn33rp7a9eLBX4bf+e1Iz+BHWs3K1K2FEI/FEGrvzzz3xPSn58yOxRBCNY5MhDAaFx8cjbmEVb+GEDa165y78+3jV26ebbfuHJgzvigXkr+vUK9m9bSMzK2X/5ZaWmdbGg9fFr69ft22z5e99Wb/5NGJk4fEWsd6CmHhhs7z+0MIC9I2K1ttS7OTU7s2hDDYcd7VPeq68DTrv7ygf35qz0ptvUdOtn9Frl/JHZfvZ/pz7WCP681Xvo7qaR5X1lCun38ZzVdRndn4aGrfTe3Kv5hfzbYYKjH0tcu/L55cI6Fj3mKIzbmstfuV9tyGdP+5fsz1K7l+tT93X83rpoVWjXHueHZcbjx7Hfel8eWd7+oubi8YPze1tfRBPZH1Q/6Plvopf7Tvqymra+ZPavknVDreQd3G2xOfJqOexupx8Snn/N5Ftm963VMXV9d/cGikoI64J6b8WCp/y2ejQ3e+seOhpUX5Gyopv1Iq/7s1h3+6Y8dLLxTmP5vlV0vlX7F/8NiaD7evKHw+M9nz6SuVf9eRj55edvbdk93mupm/O8uvlcq/burwwHBj/4HC+ldlz2dBqfxvrr35+9e+3Hu0MD9k+YOl8tdPPfDMwFjj0sL8A62PQr25Qkusn58nr/pqbOzH8aL8L7LnP9wlP/bMf3Vi1zUvL9q5unB9rs2ez0ip+m+9aN+2ocbeC4renXH3mfrmBPh/WpL+x3oy9cv+zpyvjt8Lz4/3tb6BhtI2fCYvlDN7nYV/Yz4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+wAwckAAAAAIL+v25HoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPBQAA///PSyjp")

53.073910654s ago: executing program 32 (id=612):
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f00000001c0)={[{@acl}, {@direct_io}, {@wide_macs}, {@fsck}, {@errors_ro}, {@norecovery}, {@journal_transaction_names}, {@reconstruct_alloc}, {@no_data_io}]}, 0x1, 0x5919, &(0x7f0000000500)="$eJzs3W2QXFXdIPBzu3synZm8TAJIBJkMgSiCmglvhS+l0fWtAKlYWErYKAxkgtEkpJIgEFCCCy4UYKGlpagf0EJq0WhRBatESuRlE1ZRitWltpBa3UU/+BTykBLIQ1k+zlMzfU9Pz52+c3t6ekICv18lc/ucPv0/5557+vY9p3umAwAAAK8Je6/ftv+coz7wqy8Ov3TNh3+26drQWx7Lr8YCfen2ileqhRxI3ZUlY9vsuHjTVT/488DF7/vl3T3ff3nPumPX//79h118/2fO3H3btx96cf69/3ymKG4cTyeOp5PnkhCqP9/39S/teezI0bwkhFBO+naGsChZ/NCiJBNi8O8hhHVpYm7mznteOmX96Pbam7on5C/MlDPeX9uq6Tjbsf/yk8If3rvmut8s/fGPunY9u3O8SFJtGE8hLLiw8fFd6diL4y+OtiXxwel2dQihp+FxZxS067gW278iJ310up2TbnsL4sT7l2XSpUy5bDrqymx7Cuqbqbx2tFuuyLxMOnsymqm8dsb8Ren2p+n2xGnGL8f/SSgloVJv/sZkfIyEhuOWhGRsDFTr6VL92IZ0/zPpJJMuZdLlrsx+jdWbDrRykkzMj+Uy+fF0XEnzj208Vzdxbk7+69NtNX2ivhzTIXujpnfSjfp+jYnt2jdFWw6EUsM5qFl+/cCnB+OqNK83WTzpMSNNxPv2rLl5eXntw3v7ctqR3F2rqXdsJE0//o5fL5r3qR/eeNmSvPgXltL489qK/8ezHn/+/Bu/963c+LfG+OW24p/8QM9zZz1y/bLc/tkX+6fSVvyhZx69ZenhF+3Kbf/tMX61rfirdj/ePX//Aw/mtn8w9s/ctuI//c4P/umuJ+97Njd+iPF72oq/dveWL3f37z8hN/6DsX962xs/L+w6/an+/r8M5MV/Isaf31b8O3fe9o47Ft50Zu7xXR37p6+t+Gcff/918/bfd0zeuTO5vVOvnACvTYeFEEZfI25I0+3OM2eqPH7zmwOV2jXfvPT//E5WlLn4HK1nQSfjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAI4YiT/ueH/v/H+56rpOnu9MbTpdo25s8JIZkbQti2fWjr9g2bLxn4zKWXbd08tHFgaPvA8ObtW68cOPUtA1uHt2wcunL03sG3nlJ73OKQ1LbJMZPq7h4ZGSn1TcyL9f2n43f9YfkZ//LXEAaP+F1/Jbf9K27bdMfhTX5mJKtG3rPpsnN+d9p30/3qS9vV16RdIyMjIyGnXf963j/u+Oq+P58QwuDrpmrXo0+/+xcTGjSWMR4nVeoOtQZ1Jz1N21Fvddqe2F+V9Rs2Dg9O3b+jjy/n7Md/vurZv6+/4iv/qPVvNXc/WuzfuatGNpa+sebsf//G1bWMona9Use9qL/jXsT2xf6rpv29IN2vBTn7VcnZr+t/8+CTPz/qxhd3hsHKC0sn1120X13pAOhKXt9SvbGGnmTRhPxqWj4e8fi4Fds3bVmx7codb92waeiS4UuGN7995akrTx887fTTVozt+YoO73+s/40t7v+BGU8LP7fzp/Fna+OpqF1F/THaruL+aGxR3vOv59wvfe3ttz1yTi2jaJzH0vXzSbrtGT3OK0PDeJvcV832q6gfQggDzfrh+RfPDEf+nw3XFZ2HGo9M48+MZNXIY8v+9t0zvrPkXbWMA3Keb2xQm+f5eqvH2zPWX9X0eIwcpP3bHcrpfvU2bdfKxx7punnvXz9fb9+cOeGKoe3bt66s/ZyXtnRecnTTdmVz434tHftZDmm3hPowbTJeR3WFWvuy589YPNurvel9vcnipvuVFe/bs+bm5eW1D+/N6+nk7lqNc8P82jZ5Q07JjZkHlusNblb/wfr8Kxof/R/6zr0fv/cnp04aHyfXfhbtV5KzXz9+8s6vff8r//UnnduvD7378b6//d9PL69lHCrnlXqr0/YkjeeVk0Moev4tDc33I/f5V2q+P0XPv2w94+WbxxvIpHtDua3n68kP9Dx31iPXL8t9vu5r9fl69YRUueD5erCMn+zzK6lMbMfsPb8mDJRk1cgvbzhs50PXrD6qllE0ruulm43rU1qYf+Ts1y/Of6r/0oH/8r87d974wVvuueD3Q6u+UMto/7jHtnTmuFfT/q3m9G+91XHe2di/b7v40o3ravkH7/Vvui2Y/8RTybYrd3x2aOPG4a3bWtuvVl9PYz3ZXm739TSe3RYX7Fdp0n7N3o1W+qvV51ts/7q2+2vi8603JG29Luz49aJ5n/rhjZf1TXpUWtGFpTR+qa34fzzr8efPv/F738qNf2uMX2kr/tAzj96y9PCLduXGvz1J41fbir9q9+Pd8/c/8GBu/MHY/rltxX/6nR/8011P3vdsbvwQ4/e21/8v7Dr9qf7+v+TGfyJJ6xm9RgrhnpdOWV9LJ6Erfb7FdnRNaFfIppNMupRJlxvTpdpaa72CcpJMzI/l0vxjG9rSzCdy8uNVWHVJbftyTIfsjanzDzalhnN/s/yi61QAgFe7+P5/vAaN7/8PpxdK+SsNvLYlE4bGTOdhS/JqSedh4+s5cybcvySNHx8f1wH73xYGR7fXDtQu9Kf7PkJ8PmTXOWM9Jxw3MUa765xF6+/LMunYrtp6eaVhHpqaPK+phBbW3yfXM/X6e2b3i9fHB26Y1KyBhnWr7PHrSlfMmn3eIdPeymiEvPGRXReLn+foXxBWj9XX4vjIfo4mHofxz9GUJ6xfHZU5cbb7OZqZjo/Y7CnGx1iTi9/fmHz8whT9O378mkfLHr9pHO/qaPnZfn+2A+uGTU9pB27dcHbfD7MumRM/fYId7OuGMT/uR6XF9cSP5+R3aj0xni5iu/ZN0ZYDwXoi8GoV5//xNWJ0/j96Af5vmXJF16HZq8YYL/dzQuXm7Smad0z+nF5PW6/ja3dv+XJ3//4Tcq9zHmz1cz9bJqR6Cj73U9SPyzPpwn7MWaApmu9l6ynq9+znMnrD/Lb6/c6dt73jjoU3nZnb76trL6TF/f61Can5Bf1+CMwXmsc3X3hNzBdme/3sFZuPpB98mq35yMdy8qc7H+mZdKO+X2MOuflI14FtFwBw6Ijz//r7Z+n8///FAul1RNG89cRMOsbLnbfmXJ/kzVs/km6vyJTvTX+jYrrXzWcff/918/bfd0zuvOX2Vueh/21Cqq9wHjqzeXPuPGJ1Zz4vnjuPqM+zZjZPzG1/fZ44s3l6bvz6PH1m8+jc/qnPo2e2DpAbv74OcKjPcwvW6zKVxWSr63Wv2nl0+uuzszWPPjcnf7rz6N5JN+r7NcY8GgDglRXn//EyLs7/H8mUm+n77Lnzgg5dt2f/Hkg9/hMHal452/O+2Z63zva8frbXJQ71efFsrwvN7jrZa35enFZqXgwAwMEszv/npun8+f/M5ifN5m9dE+Yn5udN45ufHyTz80N9/cv83/vixcz/AQBe3eL8P/7aY/z7f/8jTWf/br15ek5883Tz9KnGT8vz9M6vswWfA3hl1wHmjpe3DgAAwCuha2ymNPn37D+ZbrO/Z5/3e/nn55RvVSW9PL5o+9bh4Qsu27JuaPvwBZsvXTe87YLLt27Yvn14c63cTOeNufOWdN7YFSppfzQvl523LUz/HsLCnL+HkC0fwx49dmPy30PIVju34O8IjB+/1tqbPX7xz9WWpijfbHzkHe+88fGJnPJR/fhf/OmTL1i/7YINmzds3zC0ccOO4YnlRmetPdP43szYLdP6vtTMj0lK0//+zs60ozSpHV1pf+R9P3uSaceitCWL8r7/IKfdv/pfX/3c8SP/uCuEwSPKb5hR/yWrRv77ecMf2b73d1tG21+asv31kmm7ir6vNFs+7k9l46Xbtp+0/tLLNme/UbI9cT2jVE/P0npG+vQvt7g+sTYnf7qfUyhPunFwanl9AgCACeL7//F6Nr5/+JX0Airmtz5Pn9n7x7nz9MHW5unZ7yUrmqdny8f9bXWeXp3hPD1bf948ujRF+Wbz9Lx5d178j+WUn67Wx8nMPueRO04ubG2cZL/PoGicZMtPd5wkMxwn2fqLxkmz8s3GSd5xz4v/0ZzyeVofDzP7XE7ueLi1tfHw5ky6aDxky093PJRmOB6y9ReNh2blm42HvOObF/+cnPKtmjg+RgfG2LgYvuDyS7d+tqHcbH//xczbN7vf/9Gu1ts/u5/7mv32z+7nyma//TP7XFlu+5+Y2UpY6+2f3e93adcBW69NP2xW9PmzonXcNTn5013HnTPpxsHJOi68cuL8P77dE+f/N6XbTr8NdOh/T5rvMWsav0PfY1Z0HeP1fIrKDgJezwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa011ZMrbde/22/ecc9YFffXH4pWs+/LNN177pqh/8eeDi9/3y7p7vv7xn3bHrf//+wy6+/zNn7r7t2w+9OP/efz5TGLhv7GflxDRZDSF5Lgmh+vN9X//SnseOHM1LQgjlpG9nCIuSxQ8tSjIRBv8eQlhXb+fEO+956ZT1o9trb+qekL8wEyS7X6G3HNvT2M4QrijcIw5B1XSc7dh/+UnhD+9dc91vlv74R127nt05XiSpNoynEBZc2Pj4rhDC3PT/qDjalsQHp9vVIYSehsedUdCu41ps/4qc9NHpdk667S2IE+9flkmXMuWy6agrs+0pqG+m8trRbrki8zLp7MlopvLaGfMXpdufptsTpxm/HP8noZSESr35G5PxMRIajlsSkrFjWa2nS/VjG9L9z6STTLqUSZe7Mvs1Vm860MpJMjE/lsvkx9NxJc0/tvFc3cS5OfmvT7fV9In6ckyH7I2a3kk36vs1JrZr3xRtORBKDeegZvn1A58ejN40rzdZPOkxI03E+/asuXl5ee3De/ty2pHcnaTxk7bi7/j1onmf+uGNly3Ji39hKY1faiv+H896/Pnzb/zet3Lj3xrjl9uKf/IDPc+d9cj1y3L7Z1/sn0pb8YeeefSWpYdftCu3/bfH+NW24q/a/Xj3/P0PPJjb/sHYP3Pbiv/0Oz/4p7uevO/Z3Pghxu9pK/7a3Vu+3N2//4Tc+A/G/ultb/y8sOv0p/r7/zKQF/+JGH9+W/Hv3HnbO+5YeNOZucd3deyfvrbin338/dfN23/fMXnnzuT2Tr1yArw2HZZeY92QptudZ85Uw3zhmwOV2jXfvPT//E5WlDFaz4JZjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKvTb68+9ZPnveejaypJCElOmZEm4n3lOatWDbRR79Azj96y9PCLdjXmLWkjDgAAAFAszsNL9ZxqWBIuT+aGo5uWj2sER8dUMjE/CaHSWD7Gya4RtBAnNItT6lCccofiVDoUp6tDceZ0KE53h+JUC+JUQ2tx5k4RpzI6KlpsT8+U7Wk9Tm+H4szrUJz5HYqzoENxFnYoTt+UcVofh4s6FGdxh+Ic1qE4h3cozhEdivO6DsU5skNxsmvK0x2H89OSR+XFGbtRLoxTScr1O5qtpx+Z1nPMDOvpLahnftHrcYv1zG2xnuMyjytNs55qi/W8cYb1JC3W8+YZ1lMqqCeO2yuy7Yv1xFSL4//KDsXZ0aE4V3UoztUdivP5DsX5QofiXDPDOACtivP/8fleX+iuvCv0pGec7CpAnO8uHfs5+fUu74QU470hkz+nKF52op6Jt3S67csuIGTiLcvkd02IV6nPR6aIV22MtzxzZ+H+ZhcUMu07MZPfXRQvu7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALPot1ef+snz3vPRNSEJo/+aGmki3lees2rVQBv17llz8/Ly2of3NuZ1V9oIBAAAABSK8/Cuek41dFdWhu5kzoRy1XQdoJqmy321bf+CsHp0mwyUxtI9yaIpH1dJH7di+6YtK7ZdueOtGzYNXTJ8yfDmt688deXpg6edftqK9Rs2Dg/WfobQXRAvhDC2/LDtyh2fHdq4cXjrtlpmtv1L0sctSdNJ+rj+t4XB0e21afsXF9RXmlTf7N0oPnoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/wa7dhch51X8AP8/M7Mx02/yzf/o2Dc1myEuJWjSJW0m1dB8QLLRJyFKQ2epagk2wuGlCm5RYxzZgWxMUoSUQIrkwEoutxZu+2CL2hUCkRgNuDNIW7YVeKK1W0pILSRnJ7pzZmdmZzDqWpo2fz8U8M+f8zvk9Zy4Wvs8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8sKaqIxOV0bHxwSSEpEtNrYM4l82nabmPvl9+fvv3C8OnVzaPFXJ9bAQAAAD0FHP4QGOkGAq5bMiGq6Y/LQ1NE2E29wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP97pqojE5XRsfGLkxCSLjW1DuJcNp+m5T76vvHOk595dXj4r81jpT72AQAAAHqLOTzTGCmGUlgWBpKrWuris4FFbevb6+I+i+dZ1/7soFvdsnnWXTPPuo/1qNtQv+4KAAAA8NEX83+uMTIUCrkFXfN/r1wf65a01WXr135+KwAAAAD8d2L+LzRGSqGQK8W8nuxuq++W95e21cW83+v/9nH9ii7re/0/f3396v/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDRMVUdmaiMjo1nkxCSLjW1DuJcNp+m5T76rnlh8O+3HHloafNYIdfHRgAAAEBPMYfPRu9iKOQGw0C4eDr3D9908OkvPv3sSAhhJubn82HXph077l4z8xrrVh87MvC9o299a07d6pnX83ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfTNVHZmojI6NX5SEkHSpqXUQ57L5NC330ff1z33hz4+ffO7N5rFSH/sAAAAAvcUcPpv9i6EU8iEfrpj+1Jz1z8q0re/2zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4cNzzjfu+vmlycvPd3njjjTeNN+f7LxMAAPB+WxKSUPsPXbnxfN81AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwYTBVHZmojI6NF5MQki41tQ7iXDafpuU++qbPHy8sOP3CS81jpT72AQAAAHqLOXw2+xdDKQyEgXD59KdOzwSm8//QB3iTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIfKVHVkojI6Nr4gCSHpUlPrIM5l82la7qPvY7sPfPbwwu/e3DxWyPWxEQAAANBTzOH5xkgxFHIfD4Vwdf3zZOuCJFu/dn4uMLtue8uywXmvq7asy8573Z62k+Xqp5lZV4z7Dc1cG+vKc9eVm9aVQqN9uWVd2NeyakGP+wwAAABwHsX8X2iMDIVCrtCUc3/SUj8k5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXUxVRyYqo2PjSRJC0qWm1kGcy+bTtNxH3/t+8/+XfOWne3c2j5X62AcAAADoLebw2exfDKWwOPxfWDyd+8NQa32s+0flzOFH//mXlSGsuuLEcK592x/GN796/cYX219CyLRWZ0JYWO+XdOn36989eu/y2pnHQ1h1efbqOf3Cufu1bpnWnqlsXr/j6IntPb4cAAAAuEDE/D/QGBkKhdxdXfN/TN498n/DdABfeO/un19Wf60n8rYVmaF6v0yXfp9f/uSfVqz921tn8/+5+n3qwNbDl7U0nBlpk6S10a07N5y47lAmnnqmf7atf/xevvTNN/+1ZdcjZ2b6F0OxPr4o16n/3Nc2F6W1ycz+8XXv7a+29s91Of9Dv33p5C8X7X33bP93lgw2+l9zjvOfu//grQ/vu/7AkQ2t/UMI5U7933735nDlH+58sP38g20bN3/zza9tkrR2bOmpQ2sPlm5o7Z+09Y/f/89OPrbvx49859nYP/5WZOWy+fbPtPV/Zc+lu19+YOOi1v6ZLud/8bZXh7eVv/379vPf0bJrrutdzD3/E9c+dftrm9L726cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLFPVkYnK6Nh4Jgkh6VJT6yDOZfNpWu6j7xu3HH/7tr0/+kHzWKmPfQAAAIDeYg6fzf7FUAr5kA+D07n/mcrm9TuOntgehmZmk/o1N7ntnh2f2LJt5113nKc7BwAAAOYr5v9cY2QoFHLLw0A9/49u3bnhxHWHMjH/Z2L+33Ln5OZVoVH3yp5Ld7/8wMZFjecEIUz/LKB4tu7Ts3U33Xh86NQfv7aiY92a2bpjS08dWnuwdEOsC811q0Pj+cQT1z51+2ub0vsb99dc98mvbpusP56I+w7e+vC+6w8c2dA4R/06WN831k1m9o+ve29/NdZl69di/dwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFxT1ZGJyujYeMiGkHSpqXUQ57L5NC330Xfd8l88eMnp5xY3jxVyfWwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9mBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCvv1FyJVFccB/JyZ3Xbc2dVdDbKidbWisIekIKJeKipCI4SeDAlL8yEKgojCHlpDI7GilyDrRaKCaguhIDdJtFijf9JLDxUUWA+BSAvlID1U7My54+x1bmN3Lag+H7icPefe+72/e8+ZOzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAv8pA39Jme2j7g43bzrvpk8fvOf7YLe/dv/WSR1//YXzjDR/vGXzlxPSm5Zu/vnHJxn33rp7a9eLBX4bf+e1Iz+BHWs3K1K2FEI/FEGrvzzz3xPSn58yOxRBCNY5MhDAaFx8cjbmEVb+GEDa165y78+3jV26ebbfuHJgzvigXkr+vUK9m9bSMzK2X/5ZaWmdbGg9fFr69ft22z5e99Wb/5NGJk4fEWsd6CmHhhs7z+0MIC9I2K1ttS7OTU7s2hDDYcd7VPeq68DTrv7ygf35qz0ptvUdOtn9Frl/JHZfvZ/pz7WCP681Xvo7qaR5X1lCun38ZzVdRndn4aGrfTe3Kv5hfzbYYKjH0tcu/L55cI6Fj3mKIzbmstfuV9tyGdP+5fsz1K7l+tT93X83rpoVWjXHueHZcbjx7Hfel8eWd7+oubi8YPze1tfRBPZH1Q/6Plvopf7Tvqymra+ZPavknVDreQd3G2xOfJqOexupx8Snn/N5Ftm963VMXV9d/cGikoI64J6b8WCp/y2ejQ3e+seOhpUX5Gyopv1Iq/7s1h3+6Y8dLLxTmP5vlV0vlX7F/8NiaD7evKHw+M9nz6SuVf9eRj55edvbdk93mupm/O8uvlcq/burwwHBj/4HC+ldlz2dBqfxvrr35+9e+3Hu0MD9k+YOl8tdPPfDMwFjj0sL8A62PQr25Qkusn58nr/pqbOzH8aL8L7LnP9wlP/bMf3Vi1zUvL9q5unB9rs2ez0ip+m+9aN+2ocbeC4renXH3mfrmBPh/WpL+x3oy9cv+zpyvjt8Lz4/3tb6BhtI2fCYvlDN7nYV/Yz4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+wAwckAAAAAIL+v25HoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPBQAA///PSyjp")

8.101338813s ago: executing program 1 (id=1059):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000404001a8014001280090001007866726d"], 0x40}}, 0x0)

8.101070675s ago: executing program 1 (id=1060):
r0 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1, {0x0, r3}})
io_uring_enter(r0, 0x234f, 0xb1e6, 0x1, 0x0, 0x0)

8.04048168s ago: executing program 1 (id=1062):
r0 = socket$phonet(0x23, 0x2, 0x1)
sendto$phonet(r0, 0x0, 0xfffffffffffffff2, 0x0, &(0x7f0000000480)={0x23, 0x28, 0xfd, 0x3}, 0x10)

7.98050878s ago: executing program 1 (id=1064):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0)

7.919652532s ago: executing program 1 (id=1066):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40800, 0x0)
read$FUSE(r3, &(0x7f0000002ac0)={0x2020}, 0x2020)

7.858433753s ago: executing program 1 (id=1068):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000004ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2.331234357s ago: executing program 3 (id=1122):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f00000001c0)={0xa, 0xe1c, 0x80000, @private2, 0x800}, 0x1c, 0x0, 0x0, &(0x7f0000001dc0)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x6c}}}, @dstopts_2292={{0x18, 0x29, 0x4, {0x5c}}}], 0x30}, 0x40c0)

2.281168268s ago: executing program 3 (id=1123):
syz_usb_connect(0x2, 0x3b, &(0x7f0000001b80)=ANY=[@ANYBLOB="12010102a39ab910b80c0bc9ae0d01020301090229000101f8400409048afc0101033e08072401"], &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})

1.110855997s ago: executing program 3 (id=1132):
syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x210014, &(0x7f0000000040)=ANY=[], 0x5, 0x1c4, &(0x7f00000002c0)="$eJzsVc1u00AQ/tbexDEHxBWExAEEySGJY36ucEJ5AB6AKDEhwhEQR4JEHMwp74GQ8hocUF+hh1a9pIeqUg/ttapc7e74L4mU/ihNDvtJ9nzz7axn1mvPfg6+BxaACwNtvIOEifvYYwwcwBOmtPeWssdFZWvkH3FlK6T/IbtPNhiNv7R83xssJVEZyCsm5pXVJGZVXGtaSqwrBttqTbhBivUTtmQovNtSdywsbEEIYCvez+YJfT3ID8HYaGF2VjFW/rHrJYznFOu2D0zdt78NnMhetnv6qy3IRwBRFEVC66iLZWNEJ/qvYuR//4jLi5mIkhjR/ITzAsD53/63ejAaV3v9Vtfresx1X75xXjnOa7f+qed7jrqzTAqDPghhKwAsydPxAoADarD3sIi4fBpn9lz5McpPU84oXzw3IsLwL5lLvR3iGR/wHCUAP0J1Eti5CuSSmmAwwaXT4Jk8am0lOVBrf/U7EzAwinSm4DDiaTMUEsdNHJ5LNgEeitKekd8kOyU7E7diembFZxEXPQiH5JVDEfSzNRwOGkJSTGpxzUpzH4TIbJDIelbML+6xtWRXNDQ0NDQ0NDS2GpcBAAD//z7uSuY=")
pivot_root(&(0x7f0000000040)='./file0/file0\x00', 0x0)

1.039541088s ago: executing program 3 (id=1135):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c00)={0x38, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x1c, 0x2c, 0x0, 0x1, [{0x18, 0x0, 0xed}, {0x8, 0x0, 0xffff}, {0x8, 0x0, 0x3}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512)

979.49971ms ago: executing program 3 (id=1137):
syz_mount_image$f2fs(&(0x7f00000002c0), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="6e6f646973636172642c6163746976655f6c6f67733d362c646973636172645f756e69743d73656374696f6e2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6661756c745f747970653d30303030303030303030303030303030303030372c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c626172726965722c6167655f657874656e745f63616368652c757365725f78617474722c71756f74612c0089e5afa1e5917778089d53bf1e7976b8101ed131cec59926dc45294c5c18206d0a669306b1d0cc8e4f7753c03396a2734f10a3d75d435a08eff937580007aaad0ec81f842b74c22ac48ca4fbfd6fc3a509f51ebd287101d13d198d9a644e3d8216f29bc51a3a607656666d4d54e20072d115c3f57de32b7eb4964b4a45b355bb9d1a8cb6259ad2a4a5ef3e291451b10a28707e7964398a2d7a8a8d2b9e2ada5657"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)

687.555729ms ago: executing program 3 (id=1139):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000c80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000c00)={0x44, &(0x7f0000000980)={0x40, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

120.627318ms ago: executing program 0 (id=1148):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000003540)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x44, r1, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x2, 0x2cc2, 0x8, 0x6, 0x30, 0x9, 0x7]}}]}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x44}, 0x1, 0x0, 0x0, 0xc044014}, 0x8004)

120.502221ms ago: executing program 0 (id=1149):
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x3, 0x1}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf})

57.97257ms ago: executing program 0 (id=1150):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x91, 0x1, 0x1, 0xb8}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)

57.750568ms ago: executing program 0 (id=1151):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x3, &(0x7f0000006700), 0x9, 0x61d, &(0x7f0000000700)="$eJzs3c9rXNUeAPDvnfxO3ntJw+M960IDoi1okyZtpYhgi+CqlPpjIbhxbNJSO/1BE9HUSlOoG0HcuBBcubAu/B+0ILjyH3DhxpVUikg3StGRO7kzTpO5yUzMzLSZzwfGOeeemznnmnx7zpw5504APWsq/U8hYndEXEwiJuvK+iMrnFo9786vV06mjyTK5Zd/SeLK1WSl/rWS7HksItKCP8Yj+TYiJvvW17u4fPlssVRauJTlZ5bOXZxZXL6878y54umF0wvn556eO3zo4KHDs/vrfurUC61e36669LHrb749/sHx1z7/9G4y+8UPx5M4Umt0el2tvvZmpmIqypn64+n/18PbXVmX9NX+Tv6WrD2w1vNtbBAtqf7+BiLi/zEefXW/zfF4/8WuNg5oq3IStT4K6DWJ+IceVR0HVN/bN/c+eLDNoxKgE24fjXiiFv8DEVGN//7VucEYrswNjN5J7pnnSSJi/zbUn9bx3TfHr6ePaNM8HNDYyrWhbAp8bf+fVGJzIoYrudE7hXviv5BN405k84cvbVzNeF7B1Jp8Vv/QVq8HaN7KtYh4qNH4f/P4fz17To+/scX6c+IfAAAAAAAA2IKbRyPiqUaf/xVq638GG6z/GYuII9tQ/+af/xVubUM1QAO3j0Y823D9b6F6ykRflvt3ZT3AQHLqTGlhf0T8JyL2xsBQmp+tf9Ev6346IvZ9OPlJXv316//SR1p/dS1g1o5b/WtWA80Xl4rbcOnQ825fi3i4P3/9T9r/Jw36/zS+LzZZx+TjN07klW0e/0C7lD+L2NOw/09q5yQb359jpjIemKmOCtZ75N2PvsqrX/xD96T9/+jG8T+U1N+vZ7G11x+MiAPL/eW88q2O/weTV/qibifiO8WlpUuzEYPJsfXH51prMzxIhps/9b2IqMRDNV7S+N/72Mbzf7Xxf10cjmT3+GrG//4c+zGvTP8P3ZPG//zG/f/Evf1/64m5GxNf59V/oqn+/2ClT9+bHTH/BxtrNkC73U4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBAVIuJfkRSma+lCYXo6Yiwi/hujhdKFxaUnT1146/x8Wlb5/v9C9Zt+x1fzSfX7/yfq8nNr8gciYldEfNw3UslPn7xQmu/2xQMAAAAAAAAAAAAAAAAAAMB9Ymz1ad3+/9RPfV1tGtAJ/dmzeIfe09/tBgBdI/6hd4l/6F358f/b3XJFR5sDdFCz/X/5apsbAnTcFsf/Pi6AHcD7f+hVA82dNtzudgDdoP8HAAAAAIAdZdejN79PImLlmZHKIzWYldU+GBzpVuuAdirkFQx1th1A51nDC73L0h/oXU0u/gV2sKSW+r3hZv/81f9JexoEAAAAAAAAAAAAAKyzZ3cT+/+BHSl3/z+w422w/7/Rxh63C4AdxP5/6F1u8wVUB/t53/Rv/z8AAAAAAAAAAAAA3AeGL58tlkoLlxaXm05cbeXkf574OfKKnutkM7YrsVK8L5rxICQGImJNUXl89c/2bLH0anS2PdWI6URdgx2sKyfRpX+PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4KAAD//3XcKC0=")

263.156µs ago: executing program 0 (id=1152):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r3, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000001c0)='\\', 0x1}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004)

0s ago: executing program 0 (id=1153):
openat(0xffffffffffffff9c, 0x0, 0x0, 0x72)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

kernel console output (not intermixed with test programs):

1-1: config 0 descriptor??
[  100.068467][ T5926] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -32
[  100.122574][ T6864] netlink: 76 bytes leftover after parsing attributes in process `syz.2.337'.
[  100.130665][ T6864] netlink: 76 bytes leftover after parsing attributes in process `syz.2.337'.
[  100.191700][ T5864] BTRFS info (device loop1): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  100.284011][   T10] usb 1-1: USB disconnect, device number 9
[  100.388597][ T6867] loop2: detected capacity change from 0 to 4096
[  100.424032][ T6867] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  100.458370][ T6867] ntfs3(loop2): ino=b, mi_enum_attr
[  100.460591][ T6867] ntfs3(loop2): Failed to load $Extend (-22).
[  100.469261][ T6867] ntfs3(loop2): Failed to initialize $Extend.
[  100.602325][ T5926] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  100.753302][ T5926] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  100.764996][ T5926] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  100.772304][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.775481][ T5926] usb 2-1: Product: syz
[  100.776937][ T5926] usb 2-1: Manufacturer: syz
[  100.778378][ T5926] usb 2-1: SerialNumber: syz
[  100.798630][ T5926] usb 2-1: config 0 descriptor??
[  100.803516][ T5926] powermate 2-1:0.0: probe with driver powermate failed with error -22
[  101.011310][  T791] usb 2-1: USB disconnect, device number 10
[  101.091381][ T5926] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  101.111145][ T5311] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  101.243511][ T5926] usb 1-1: config 0 has an invalid interface number: 73 but max is 0
[  101.246834][ T5926] usb 1-1: config 0 has no interface number 0
[  101.251924][ T5926] usb 1-1: New USB device found, idVendor=06f8, idProduct=300c, bcdDevice=39.64
[  101.255568][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.258870][ T5926] usb 1-1: Product: syz
[  101.260604][ T5926] usb 1-1: Manufacturer: syz
[  101.263272][ T5311] usb 3-1: Using ep0 maxpacket: 32
[  101.265376][ T5926] usb 1-1: SerialNumber: syz
[  101.269452][ T5311] usb 3-1: config 0 has an invalid interface number: 74 but max is 1
[  101.274059][ T5311] usb 3-1: config 0 has no interface number 1
[  101.278017][ T5926] usb 1-1: config 0 descriptor??
[  101.285197][ T5311] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa
[  101.288110][ T5311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.291267][ T5311] usb 3-1: Product: syz
[  101.293010][ T5311] usb 3-1: Manufacturer: syz
[  101.294956][ T5311] usb 3-1: SerialNumber: syz
[  101.300626][ T5311] usb 3-1: config 0 descriptor??
[  101.334364][ T5311] snd-usb-audio 3-1:0.74: probe with driver snd-usb-audio failed with error -22
[  101.365128][ T5984] udevd[5984]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.74/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  101.486648][ T5926] uvcvideo 1-1:0.73: probe with driver uvcvideo failed with error -22
[  101.493636][ T5926] usb 1-1: USB disconnect, device number 10
[  101.513772][   T10] usb 3-1: USB disconnect, device number 8
[  101.607932][ T6893] loop1: detected capacity change from 0 to 256
[  101.619637][ T6893] exfat: Deprecated parameter 'utf8'
[  101.644235][ T6893] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4d7dfc9d, utbl_chksum : 0xe619d30d)
[  101.931009][ T5311] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  102.091303][ T5311] usb 2-1: Using ep0 maxpacket: 16
[  102.102720][ T5311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  102.108714][ T5311] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  102.118321][ T5311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.120831][ T5311] usb 2-1: Product: syz
[  102.124845][ T5311] usb 2-1: Manufacturer: syz
[  102.126633][ T5311] usb 2-1: SerialNumber: syz
[  102.129497][ T5311] usb 2-1: config 0 descriptor??
[  102.137399][ T5311] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  102.138805][ T6904] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  102.141733][ T5311] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  102.585330][ T6915] loop2: detected capacity change from 0 to 32768
[  102.588902][ T6915] XFS: noikeep mount option is deprecated.
[  102.693498][ T6915] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  102.739652][ T5311] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  102.739861][ T6915] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  102.779213][ T6915] XFS (loop2): Starting recovery (logdev: internal)
[  102.818077][ T6915] XFS (loop2): Ending recovery (logdev: internal)
[  102.867039][ T5860] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  103.056072][ T6944] loop2: detected capacity change from 0 to 128
[  103.086915][ T6944] syz.2.367: attempt to access beyond end of device
[  103.086915][ T6944] loop2: rw=2049, sector=138, nr_sectors = 2 limit=128
[  103.097863][ T6944] syz.2.367: attempt to access beyond end of device
[  103.097863][ T6944] loop2: rw=2049, sector=138, nr_sectors = 2 limit=128
[  103.151356][   T60] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  103.313184][   T60] usb 1-1: Using ep0 maxpacket: 16
[  103.317210][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 92, changing to 10
[  103.326129][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 17487, setting to 1024
[  103.330700][   T60] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  103.337037][   T60] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  103.340772][   T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.352417][ T5311] em28xx 2-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  103.356372][ T5311] em28xx 2-1:0.0: board has no eeprom
[  103.357843][   T60] usb 1-1: config 0 descriptor??
[  103.360643][ T6941] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  103.373375][   T60] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input7
[  103.439602][ T5311] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  103.443112][ T5311] em28xx 2-1:0.0: dvb set to bulk mode.
[  103.445697][  T791] em28xx 2-1:0.0: Binding DVB extension
[  103.475469][ T5311] usb 2-1: USB disconnect, device number 11
[  103.494795][ T5311] em28xx 2-1:0.0: Disconnecting em28xx
[  103.503598][  T791] em28xx 2-1:0.0: Registering input extension
[  103.512575][ T5311] em28xx 2-1:0.0: Closing input extension
[  103.538211][ T5311] em28xx 2-1:0.0: Freeing device
[  103.576840][ T5926] usb 1-1: USB disconnect, device number 11
[  103.652928][ T6948] loop2: detected capacity change from 0 to 40427
[  103.670852][ T6948] F2FS-fs (loop2): invalid crc value
[  103.715481][ T6948] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  103.721781][ T6948] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  104.151597][   T60] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  104.319905][   T60] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  104.324453][   T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.329696][   T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.334416][   T60] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  104.346635][   T60] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  104.350783][   T60] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  104.360236][   T60] usb 2-1: Manufacturer: syz
[  104.369916][   T60] usb 2-1: config 0 descriptor??
[  104.411112][   T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  104.541173][ T6973] loop0: detected capacity change from 0 to 32768
[  104.559223][ T6973] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  104.573562][   T10] usb 3-1: Using ep0 maxpacket: 8
[  104.581068][   T10] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  104.585318][   T10] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  104.588518][   T10] usb 3-1: Product: syz
[  104.590296][   T10] usb 3-1: Manufacturer: syz
[  104.593120][   T10] usb 3-1: SerialNumber: syz
[  104.598689][   T10] usb 3-1: config 0 descriptor??
[  104.606077][ T6973] XFS (loop0): Ending clean mount
[  104.607159][   T10] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  104.635873][   T33] audit: type=1800 audit(1755550487.523:10): pid=6973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.378" name="file1" dev="loop0" ino=6150 res=0 errno=0
[  104.665302][ T5856] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  104.784771][   T60] appleir 0003:05AC:8243.0003: unknown main item tag 0x0
[  104.801117][   T60] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  104.819218][   T10] gspca_zc3xx: reg_w_i err -71
[  104.832872][   T10] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  104.837658][   T10] usb 3-1: USB disconnect, device number 9
[  105.356206][ T7004] netlink: 8 bytes leftover after parsing attributes in process `syz.2.389'.
[  105.361304][ T7004] netlink: 660 bytes leftover after parsing attributes in process `syz.2.389'.
[  105.792805][ T7008] binder: 7007:7008 ioctl c018620c 200000000040 returned -22
[  106.411172][ T5923] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  106.562224][ T5923] usb 1-1: Using ep0 maxpacket: 8
[  106.570496][ T5923] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  106.574451][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.577735][ T5923] usb 1-1: Product: syz
[  106.579331][ T5923] usb 1-1: Manufacturer: syz
[  106.587898][ T5923] usb 1-1: SerialNumber: syz
[  106.592135][ T5923] usb 1-1: config 0 descriptor??
[  106.603216][ T5923] gspca_main: se401-2.14.0 probing 047d:5003
[  106.831075][ T5926] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  106.875650][  T791] usb 2-1: USB disconnect, device number 12
[  106.915146][ T7060] trusted_key: encrypted_key: master key parameter is missing
[  106.981495][ T5926] usb 3-1: Using ep0 maxpacket: 8
[  106.994655][ T5926] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  106.997893][ T5926] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  107.005497][ T5926] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  107.009140][ T5926] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  107.009339][ T5923] gspca_se401: Wrong descriptor type
[  107.015105][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  107.029332][ T5926] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  107.038311][ T5926] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  107.044757][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.048036][ T5926] usb 3-1: Product: syz
[  107.049702][ T5926] usb 3-1: Manufacturer: syz
[  107.057392][ T5926] usb 3-1: SerialNumber: syz
[  107.067698][ T5926] usb 3-1: config 0 descriptor??
[  107.076029][ T5926] hub 3-1:0.0: bad descriptor, ignoring hub
[  107.078352][ T5926] hub 3-1:0.0: probe with driver hub failed with error -5
[  107.086027][ T5926] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input9
[  107.259551][ T5926] usb 1-1: USB disconnect, device number 12
[  107.327254][ T5923] usb 3-1: USB disconnect, device number 10
[  107.327255][    C1] usb_acecad 3-1:0.0: can't resubmit intr, dummy_hcd.2-1/input0, status -19
[  108.425846][ T7084] loop0: detected capacity change from 0 to 1024
[  108.448972][ T7084] hfsplus: inconsistency in B*Tree (1,0,1,0,2)
[  108.452526][ T7084] hfsplus: xattr searching failed
[  108.454745][ T7084] syz.0.426: attempt to access beyond end of device
[  108.454745][ T7084] loop0: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  108.456927][ T7076] loop2: detected capacity change from 0 to 32768
[  108.460503][ T7084] Buffer I/O error on dev loop0, logical block 2889, async page read
[  108.475581][ T7076] lmLogInit: exit(-22)
[  108.476013][ T7084] syz.0.426: attempt to access beyond end of device
[  108.476013][ T7084] loop0: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  108.477167][ T7076] lmLogOpen: exit(-22)
[  108.487727][ T7084] Buffer I/O error on dev loop0, logical block 2889, async page read
[  108.491813][   T33] audit: type=1800 audit(1755550491.383:11): pid=7084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.426" name="file1" dev="loop0" ino=20 res=0 errno=0
[  108.748366][ T7090] loop0: detected capacity change from 0 to 32768
[  108.769151][ T7097] loop2: detected capacity change from 0 to 1764
[  108.783580][ T7090] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  108.817036][ T7090] XFS (loop0): Ending clean mount
[  108.836126][ T7090] XFS (loop0): Quotacheck needed: Please wait.
[  108.884567][ T7090] XFS (loop0): Quotacheck: Done.
[  108.907722][   T33] audit: type=1800 audit(1755550491.793:12): pid=7090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.428" name="file1" dev="loop0" ino=9286 res=0 errno=0
[  108.962563][ T7111] loop2: detected capacity change from 0 to 512
[  108.996595][ T7111] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.434: casefold flag without casefold feature
[  109.007460][ T7111] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.434: couldn't read orphan inode 15 (err -117)
[  109.014544][ T7111] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.062313][ T5860] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.277053][ T5856] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  110.105690][ T7138] netlink: 'syz.2.444': attribute type 74 has an invalid length.
[  110.431973][ T5890] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  110.445185][   T54] Bluetooth: hci0: link tx timeout
[  110.448781][   T54] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  110.588010][ T5890] usb 3-1: unable to read config index 0 descriptor/start: -71
[  110.592931][ T5890] usb 3-1: can't read configurations, error -71
[  110.663222][ T7153] capability: warning: `syz.0.451' uses deprecated v2 capabilities in a way that may be insecure
[  110.942947][  T791] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  111.091061][  T791] usb 1-1: Using ep0 maxpacket: 32
[  111.095184][  T791] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  111.098776][  T791] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.105897][  T791] usb 1-1: config 0 descriptor??
[  111.116562][  T791] gspca_main: nw80x-2.14.0 probing 055f:d001
[  111.222175][ T5923] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  112.151039][ T5923] usb 2-1: Using ep0 maxpacket: 16
[  112.176653][ T5923] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  112.180339][ T5923] usb 2-1: config 0 has no interface number 0
[  112.183086][ T5923] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  112.187377][ T5923] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  112.191387][ T5923] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  112.195709][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.206792][ T5923] usb 2-1: config 0 descriptor??
[  112.208567][ T7169] syz.2.458 (7169): drop_caches: 2
[  112.427185][ T7159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.433513][ T7159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  112.497574][   T54] Bluetooth: hci0: command 0x0406 tx timeout
[  112.852207][ T5923] uclogic 0003:28BD:0071.0004: failed retrieving string descriptor #100: -71
[  112.855032][ T5923] uclogic 0003:28BD:0071.0004: failed retrieving pen parameters: -71
[  112.857489][ T5923] uclogic 0003:28BD:0071.0004: pen probing failed: -71
[  112.859675][ T5923] uclogic 0003:28BD:0071.0004: failed probing parameters: -71
[  112.865762][ T5923] uclogic 0003:28BD:0071.0004: probe with driver uclogic failed with error -71
[  112.871477][ T5923] usb 2-1: USB disconnect, device number 13
[  112.984596][  T791] gspca_nw80x: reg_w err -71
[  112.986118][  T791] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[  113.000027][  T791] usb 1-1: USB disconnect, device number 13
[  113.313103][ T7194] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  113.555646][ T7204] loop0: detected capacity change from 0 to 256
[  113.561028][ T7204] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  113.571026][ T7204] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  113.584344][ T7204] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x2d0d25cc, utbl_chksum : 0xe619d30d)
[  113.642641][ T5890] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  113.826975][ T5890] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  113.836221][ T5890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  113.848332][ T5890] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  113.857478][ T5890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  113.863005][ T5890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  113.867101][ T5890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 255, changing to 11
[  113.875866][ T5890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 59391, setting to 1024
[  113.882794][ T5890] usb 3-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  113.889214][ T5890] usb 3-1: New USB device found, idVendor=05ac, idProduct=921c, bcdDevice=9d.fb
[  113.896736][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.908821][ T7216] ALSA: seq fatal error: cannot create timer (-22)
[  113.916930][ T5890] usb 3-1: config 0 descriptor??
[  113.926992][ T7197] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  113.947637][ T5890] appledisplay 3-1:0.0: Submitting URB failed
[  113.954593][ T5890] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -5
[  114.766090][ T5890] usb 3-1: USB disconnect, device number 13
[  115.145118][ T7218] loop1: detected capacity change from 0 to 32768
[  115.159445][ T7218] bcachefs (/dev/loop1): error validating superblock: Not a bcachefs superblock layout
[  115.164019][ T7218] bcachefs: bch2_fs_get_tree() error: invalid_sb_layout
[  115.359314][ T7238] lo speed is unknown, defaulting to 1000
[  115.365884][ T7238] lo speed is unknown, defaulting to 1000
[  115.369211][ T7238] lo speed is unknown, defaulting to 1000
[  115.379322][ T7237] sp0: Synchronizing with TNC
[  115.397002][ T7237] sp0: Found TNC
[  115.462472][ T7234] loop0: detected capacity change from 0 to 32768
[  115.465745][ T7234] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section replicas_v0: duplicate replicas entry journal: 1/1 [0]
[  115.465745][ T7234] replicas_v0 (size 24):
[  115.465745][ T7234] journal: 1 [0] journal: 1 [0] user: 1 [0]
[  115.465745][ T7234] 
[  115.480828][ T7234] bcachefs: bch2_fs_get_tree() error: invalid_sb_replicas
[  115.519128][ T7238] infiniband sz1: set active
[  115.523789][   T10] lo speed is unknown, defaulting to 1000
[  115.526641][ T7238] infiniband sz1: added lo
[  115.574434][ T7238] RDS/IB: sz1: added
[  115.576115][ T7238] smc: adding ib device sz1 with port count 1
[  115.578114][ T7238] smc:    ib device sz1 port 1 has pnetid 
[  115.592230][   T10] lo speed is unknown, defaulting to 1000
[  115.594405][ T7238] lo speed is unknown, defaulting to 1000
[  115.672273][ T7243] loop0: detected capacity change from 0 to 1024
[  115.704147][   T33] audit: type=1800 audit(1755550498.593:13): pid=7243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.488" name="file1" dev="loop0" ino=20 res=0 errno=0
[  115.722978][ T7238] lo speed is unknown, defaulting to 1000
[  115.725524][ T7243] syz.0.488: attempt to access beyond end of device
[  115.725524][ T7243] loop0: rw=34817, sector=393274, nr_sectors = 2048 limit=1024
[  115.730453][ T7243] syz.0.488: attempt to access beyond end of device
[  115.730453][ T7243] loop0: rw=34817, sector=395322, nr_sectors = 454 limit=1024
[  115.798700][ T7240] loop2: detected capacity change from 0 to 32768
[  115.843769][ T7238] lo speed is unknown, defaulting to 1000
[  115.910698][ T7240] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  115.910720][ T7240]   allowing incompatible features above 0.0: (unknown version)
[  115.910728][ T7240]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  115.929559][ T7240] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  115.944744][ T7240] bcachefs (loop2): initializing new filesystem
[  115.970002][ T7240] bcachefs (loop2): going read-write
[  115.995051][ T7240] bcachefs (loop2): marking superblocks
[  116.017363][ T7240] bcachefs (loop2): initializing freespace
[  116.046849][ T7240] bcachefs (loop2): done initializing freespace
[  116.057807][ T7240] bcachefs (loop2): reading snapshots table
[  116.060096][ T7240] bcachefs (loop2): reading snapshots done
[  116.084529][ T7240] bcachefs (loop2): done starting filesystem
[  116.189311][ T7245] loop0: detected capacity change from 0 to 32768
[  116.204521][ T7245] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  116.279303][ T5856] (syz-executor,5856,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  116.288300][ T5856] ocfs2: Unmounting device (7,0) on (node local)
[  116.487029][ T5860] bcachefs (loop2): shutting down
[  116.489291][ T5860] bcachefs (loop2): going read-only
[  116.502632][ T5860] bcachefs (loop2): finished waiting for writes to stop
[  116.514734][ T5860] bcachefs (loop2): flushing journal and stopping allocators, journal seq 75
[  116.527750][ T7279] netlink: 24 bytes leftover after parsing attributes in process `syz.0.500'.
[  116.561981][ T5860] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 77
[  116.567152][ T5860] bcachefs (loop2): clean shutdown complete, journal seq 78
[  116.572328][ T5860] bcachefs (loop2): marking filesystem clean
[  116.594982][ T5860] bcachefs (loop2): shutdown complete
[  116.634463][ T7286] netlink: 8 bytes leftover after parsing attributes in process `syz.0.503'.
[  116.653770][ T7286] netlink: 8 bytes leftover after parsing attributes in process `syz.0.503'.
[  116.683624][ T7288] loop1: detected capacity change from 0 to 736
[  116.715710][ T7290] loop0: detected capacity change from 0 to 1024
[  116.788131][ T7294] loop1: detected capacity change from 0 to 512
[  116.791781][ T7294] EXT4-fs: Ignoring removed oldalloc option
[  116.793974][ T7294] EXT4-fs: quotafile must be on filesystem root
[  116.813353][ T7296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.508'.
[  116.847804][ T7298] loop0: detected capacity change from 0 to 1764
[  116.916792][ T7300] loop0: detected capacity change from 0 to 4096
[  116.919506][ T7300] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  117.051417][ T5923] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  117.121010][ T7302] loop0: detected capacity change from 0 to 32768
[  117.152880][ T7302]  loop0: p9 p11 p16
[  117.242755][ T5923] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  117.246438][ T5923] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  117.262647][ T5923] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  117.265978][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  117.268944][ T5923] usb 2-1: SerialNumber: syz
[  117.487576][ T5923] usb 2-1: 0:2 : does not exist
[  117.495300][ T5923] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[  117.501323][ T5923] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  117.503819][ T5923] usb 2-1: unit 6 not found!
[  117.513229][ T5923] usb 2-1: USB disconnect, device number 14
[  117.552146][   T60] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  117.725556][   T60] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  117.728563][   T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.731250][   T60] usb 1-1: Product: syz
[  117.732602][   T60] usb 1-1: Manufacturer: syz
[  117.734100][   T60] usb 1-1: SerialNumber: syz
[  117.738012][   T60] usb 1-1: config 0 descriptor??
[  117.901916][ T7306] loop2: detected capacity change from 0 to 32768
[  117.910696][ T7306] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  117.937367][ T7306] XFS (loop2): Ending clean mount
[  117.941925][ T7306] XFS (loop2): Quotacheck needed: Please wait.
[  117.953717][   T60] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  117.965259][ T7306] XFS (loop2): Quotacheck: Done.
[  117.974773][ T7306] XFS (loop2): User initiated shutdown received.
[  117.977357][ T7306] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:476).  Shutting down filesystem.
[  117.982689][ T7306] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  118.014412][ T5860] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  118.223043][ T7324] loop2: detected capacity change from 0 to 4096
[  118.404360][ T7322] loop1: detected capacity change from 0 to 32768
[  118.432713][ T7322] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  118.497818][ T5864] ocfs2: Unmounting device (7,1) on (node local)
[  118.638711][ T7341] tipc: Started in network mode
[  118.640496][ T7341] tipc: Node identity e698af8c076a, cluster identity 4711
[  118.643854][ T7341] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  118.647276][ T7341] syzkaller0: entered promiscuous mode
[  118.649356][ T7341] syzkaller0: entered allmulticast mode
[  118.665662][ T7341] tipc: Resetting bearer <eth:syzkaller0>
[  118.670369][ T7340] tipc: Resetting bearer <eth:syzkaller0>
[  118.685706][ T7340] tipc: Disabling bearer <eth:syzkaller0>
[  118.897471][ T7347] trusted_key: syz.2.525 sent an empty control message without MSG_MORE.
[  119.071102][  T791] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  119.222965][  T791] usb 2-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00
[  119.226429][  T791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.232429][  T791] usb 2-1: config 0 descriptor??
[  119.649175][  T791] pantherlord 0003:0F30:0111.0005: item fetching failed at offset 0/4
[  119.655233][  T791] pantherlord 0003:0F30:0111.0005: parse failed
[  119.657827][  T791] pantherlord 0003:0F30:0111.0005: probe with driver pantherlord failed with error -22
[  119.714387][ T7354] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  119.775496][   T60] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  119.783348][   T60] usb 1-1: USB disconnect, device number 14
[  119.857068][ T5923] usb 2-1: USB disconnect, device number 15
[  120.181036][   T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  120.332016][   T10] usb 3-1: Using ep0 maxpacket: 32
[  120.336653][   T10] usb 3-1: config 6 has an invalid interface number: 111 but max is 0
[  120.339809][   T10] usb 3-1: config 6 has no interface number 0
[  120.346408][   T10] usb 3-1: config 6 interface 111 has no altsetting 0
[  120.353416][   T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice=fa.e9
[  120.356930][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.360024][   T10] usb 3-1: Product: syz
[  120.362371][   T10] usb 3-1: Manufacturer: syz
[  120.364258][   T10] usb 3-1: SerialNumber: syz
[  120.374932][   T10] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:6.111/input/input11
[  120.587518][ T5278] bcm5974 3-1:6.111: could not read from device
[  120.590793][  T791] usb 3-1: USB disconnect, device number 14
[  120.598577][ T5278] bcm5974 3-1:6.111: could not read from device
[  120.733071][ T7378] loop0: detected capacity change from 0 to 40427
[  120.776422][ T7378] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  120.780544][ T7378] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  120.791018][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  120.815173][ T5856] syz-executor: attempt to access beyond end of device
[  120.815173][ T5856] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  120.823193][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  120.823213][ T5856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  120.823220][ T5856] Call Trace:
[  120.823234][ T5856]  <TASK>
[  120.823244][ T5856]  dump_stack_lvl+0x189/0x250
[  120.823266][ T5856]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.823281][ T5856]  ? __pfx_queue_work_on+0x10/0x10
[  120.823294][ T5856]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  120.823310][ T5856]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  120.823333][ T5856]  f2fs_handle_critical_error+0x37c/0x540
[  120.823356][ T5856]  f2fs_write_end_io+0x886/0xb60
[  120.823381][ T5856]  __submit_merged_bio+0x27a/0x6a0
[  120.823402][ T5856]  __submit_merged_write_cond+0x255/0x530
[  120.823423][ T5856]  f2fs_write_data_pages+0x261d/0x3000
[  120.823466][ T5856]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  120.823519][ T5856]  ? __pfx_hlock_conflict+0x10/0x10
[  120.823531][ T5856]  ? __bfs+0x154/0x2a0
[  120.823555][ T5856]  ? __lock_acquire+0xab9/0xd20
[  120.823578][ T5856]  ? do_raw_spin_lock+0x121/0x290
[  120.823608][ T5856]  ? do_raw_spin_unlock+0x4d/0x240
[  120.823623][ T5856]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  120.823641][ T5856]  do_writepages+0x32e/0x550
[  120.823666][ T5856]  ? do_raw_spin_unlock+0x4d/0x240
[  120.823683][ T5856]  filemap_fdatawrite+0x199/0x240
[  120.823700][ T5856]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  120.823779][ T5856]  ? do_raw_spin_unlock+0x4d/0x240
[  120.823798][ T5856]  f2fs_sync_dirty_inodes+0x31f/0x830
[  120.823822][ T5856]  f2fs_write_checkpoint+0x95a/0x1df0
[  120.823852][ T5856]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  120.823899][ T5856]  ? kill_f2fs_super+0x298/0x6c0
[  120.823915][ T5856]  kill_f2fs_super+0x2c3/0x6c0
[  120.823932][ T5856]  ? __pfx_kill_f2fs_super+0x10/0x10
[  120.823943][ T5856]  ? radix_tree_delete_item+0x2b6/0x400
[  120.823964][ T5856]  ? shrinker_free+0x2ce/0x3e0
[  120.823980][ T5856]  deactivate_locked_super+0xbc/0x130
[  120.823996][ T5856]  cleanup_mnt+0x425/0x4c0
[  120.824010][ T5856]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.824028][ T5856]  task_work_run+0x1d4/0x260
[  120.824046][ T5856]  ? __pfx_task_work_run+0x10/0x10
[  120.824060][ T5856]  ? __x64_sys_umount+0x122/0x160
[  120.824080][ T5856]  ? exit_to_user_mode_loop+0x40/0x110
[  120.824100][ T5856]  exit_to_user_mode_loop+0xec/0x110
[  120.824117][ T5856]  do_syscall_64+0x2bd/0x3b0
[  120.824133][ T5856]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.824148][ T5856]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.824160][ T5856]  ? exc_page_fault+0x9f/0xf0
[  120.824177][ T5856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.824189][ T5856] RIP: 0033:0x7fd27ef8ff17
[  120.824201][ T5856] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  120.824212][ T5856] RSP: 002b:00007ffe90cd90f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  120.824225][ T5856] RAX: 0000000000000000 RBX: 00007fd27f011c05 RCX: 00007fd27ef8ff17
[  120.824233][ T5856] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe90cd91b0
[  120.824240][ T5856] RBP: 00007ffe90cd91b0 R08: 0000000000000000 R09: 0000000000000000
[  120.824248][ T5856] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe90cda240
[  120.824255][ T5856] R13: 00007fd27f011c05 R14: 000000000001d776 R15: 00007ffe90cda280
[  120.824276][ T5856]  </TASK>
[  120.824281][ T5856] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  120.943974][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.948269][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  120.954173][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  120.960122][   T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  120.965072][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.970499][   T10] usb 2-1: config 0 descriptor??
[  121.269996][ T7401] process 'syz.0.550' launched './file0' with NULL argv: empty string added
[  121.280026][ T7402] netlink: 132 bytes leftover after parsing attributes in process `syz.2.551'.
[  121.392909][   T10] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  121.418431][ T7412] loop0: detected capacity change from 0 to 256
[  121.421379][ T7412] exfat: Unknown parameter 'sys_tz'
[  121.881041][  T791] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  121.912366][ T7444] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  121.992266][ T7448] loop2: detected capacity change from 0 to 256
[  121.995520][ T7448] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  122.001750][ T7448] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  122.009387][ T7448] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  122.020513][   T33] audit: type=1800 audit(1755550504.903:14): pid=7448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.574" name="file1" dev="loop2" ino=1048604 res=0 errno=0
[  122.042784][  T791] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  122.047047][  T791] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.052632][  T791] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.056344][  T791] usb 1-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  122.059724][  T791] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.071927][  T791] usb 1-1: config 0 descriptor??
[  122.197450][ T7454] loop2: detected capacity change from 0 to 4096
[  122.216767][ T7455] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  122.486793][  T791] sony 0003:054C:024B.0007: unexpected long global item
[  122.489792][  T791] sony 0003:054C:024B.0007: parse failed
[  122.496389][  T791] sony 0003:054C:024B.0007: probe with driver sony failed with error -22
[  122.523677][ T7467] loop2: detected capacity change from 0 to 4096
[  122.532786][ T7467] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.571489][ T5860] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.683330][  T791] usb 1-1: USB disconnect, device number 15
[  123.632983][ T5311] usb 2-1: USB disconnect, device number 16
[  123.867349][ T7516] loop1: detected capacity change from 0 to 512
[  123.903235][ T7516] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  124.141147][ T7518] loop2: detected capacity change from 0 to 32768
[  124.148575][ T7518] 
[  124.148575][ T7518]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  124.148575][ T7518] 
[  124.188282][ T5860] non-latin1 character 0x3ff found in JFS file name
[  124.192682][ T5860] mount with iocharset=utf8 to access
[  124.196655][ T5860] 
[  124.196655][ T5860]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  124.196655][ T5860] 
[  124.205737][ T5860] 
[  124.205737][ T5860]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  124.205737][ T5860] 
[  124.210538][ T5860] 
[  124.210538][ T5860]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  124.210538][ T5860] 
[  124.215410][ T5860] 
[  124.215410][ T5860]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  124.215410][ T5860] 
[  124.231613][  T116] 
[  124.231613][  T116]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  124.231613][  T116] 
[  124.237253][ T5860] read_mapping_page failed!
[  124.239110][ T5860] ERROR: (device loop2): txCommit: 
[  124.239110][ T5860] 
[  124.244298][ T5860] ERROR: (device loop2): remounting filesystem as read-only
[  124.411110][ T5311] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  124.490820][ T5871] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.563515][ T5311] usb 1-1: Using ep0 maxpacket: 32
[  124.575036][ T5311] usb 1-1: config 4 has an invalid interface number: 128 but max is 0
[  124.580829][ T5871] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.585243][ T5311] usb 1-1: config 4 has no interface number 0
[  124.589394][ T5311] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.599791][ T5311] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.606256][ T5311] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  124.610427][ T5311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.618778][ T5311] hub 1-1:4.128: USB hub found
[  124.677260][ T5871] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.785331][ T5871] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.829367][ T5311] hub 1-1:4.128: 2 ports detected
[  124.831837][ T5311] hub 1-1:4.128: Using single TT (err -22)
[  124.921508][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  124.927136][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  124.933060][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  124.938788][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  124.943259][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  124.949547][ T5871] bridge_slave_1: left allmulticast mode
[  124.961881][ T5871] bridge_slave_1: left promiscuous mode
[  124.965848][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.984849][ T5871] bridge_slave_0: left allmulticast mode
[  124.987147][ T5871] bridge_slave_0: left promiscuous mode
[  124.990128][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.251564][ T5311] usb 1-1: USB disconnect, device number 16
[  125.642879][ T5871] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.659311][ T5871] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.677886][ T5871] bond0 (unregistering): Released all slaves
[  125.791141][ T7537] lo speed is unknown, defaulting to 1000
[  125.963010][ T7544] syz_tun: refused to change device tx_queue_len
[  125.965153][ T7544] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  126.137867][ T7546] ip6gre1: entered allmulticast mode
[  126.546675][ T5871] hsr_slave_0: left promiscuous mode
[  126.554365][ T5871] hsr_slave_1: left promiscuous mode
[  126.571247][ T5871] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  126.573983][ T5871] batman_adv: batadv0: Removing interface: batadv_slave_0
[  126.582682][ T5871] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  126.585694][ T5871] batman_adv: batadv0: Removing interface: batadv_slave_1
[  126.592781][ T5871] batman_adv: batadv0: Interface deactivated: vlan1
[  126.594976][ T5871] batman_adv: batadv0: Removing interface: vlan1
[  126.620363][ T5871] veth1_macvtap: left promiscuous mode
[  126.623710][ T5871] veth0_macvtap: left promiscuous mode
[  126.625795][ T5871] veth1_vlan: left promiscuous mode
[  126.820359][ T7551] loop0: detected capacity change from 0 to 32768
[  126.826074][ T7551] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.618 (7551)
[  126.843181][ T7551] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  126.847212][ T7551] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  126.850759][ T7551] BTRFS info (device loop0): disk space caching is enabled
[  126.854046][ T7551] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  126.928612][ T7551] BTRFS info (device loop0): rebuilding free space tree
[  126.956969][ T7551] BTRFS info (device loop0): disabling free space tree
[  126.959966][ T7551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  126.970072][ T7551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  126.978782][   T54] Bluetooth: hci1: command tx timeout
[  127.091134][ T5856] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  127.093540][   T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[  127.174199][ T5871] team0 (unregistering): Port device team_slave_1 removed
[  127.244194][ T5871] team0 (unregistering): Port device team_slave_0 removed
[  127.718373][ T7589] tunl0: entered promiscuous mode
[  127.733886][ T7589] netlink: 'syz.0.627': attribute type 4 has an invalid length.
[  127.736334][ T7589] netlink: 9 bytes leftover after parsing attributes in process `syz.0.627'.
[  127.746495][ T7537] chnl_net:caif_netlink_parms(): no params data found
[  127.826805][ T7537] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.829173][ T7537] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.831798][ T7537] bridge_slave_0: entered allmulticast mode
[  127.839602][ T7537] bridge_slave_0: entered promiscuous mode
[  127.846931][ T7537] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.849599][ T7597] loop7: detected capacity change from 0 to 7
[  127.852472][ T7537] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.854980][ T7537] bridge_slave_1: entered allmulticast mode
[  127.861743][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.865203][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.871194][ T7537] bridge_slave_1: entered promiscuous mode
[  127.874316][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.877284][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.880034][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.883359][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.886311][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.890198][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.893878][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.898048][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.903452][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.906656][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.909303][ T7597] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.913381][ T7597] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.916493][ T7597] ldm_validate_partition_table(): Disk read failed.
[  127.919134][ T7597] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.924393][ T7597] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.930043][ T7597] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.935700][ T7597] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.938380][ T7597] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  127.942526][ T7597] Buffer I/O error on dev loop7, logical block 0, async page read
[  127.945208][ T7597] Dev loop7: unable to read RDB block 0
[  127.948573][ T7537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.951946][ T7597]  loop7: unable to read partition table
[  127.956548][ T7537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.957252][ T7597] loop7: partition table beyond EOD, truncated
[  127.964604][ T7597] loop_reread_partitions: partition scan of loop7 () failed (rc=-5)
[  127.992610][ T7537] team0: Port device team_slave_0 added
[  127.998108][ T7537] team0: Port device team_slave_1 added
[  128.030505][ T7537] batman_adv: batadv0: Adding interface: batadv_slave_0
[  128.034157][ T7537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.046635][ T7537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.053185][ T7537] batman_adv: batadv0: Adding interface: batadv_slave_1
[  128.055969][ T7537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.068383][ T7537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  128.100807][ T7537] hsr_slave_0: entered promiscuous mode
[  128.103393][ T7537] hsr_slave_1: entered promiscuous mode
[  128.105745][ T7537] debugfs: 'hsr0' already exists in 'hsr'
[  128.107652][ T7537] Cannot create hsr debugfs directory
[  128.224669][ T7537] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  128.229397][ T7537] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  128.233845][ T7537] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  128.238112][ T7537] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  128.266060][ T7537] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.268443][ T7537] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.272039][ T7537] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.274265][ T7537] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.311123][ T5926] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  128.318597][ T7537] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.328510][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.333816][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.343812][ T7537] 8021q: adding VLAN 0 to HW filter on device team0
[  128.352702][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.354979][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.360873][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.363386][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.473896][ T5926] usb 1-1: config 3 has an invalid interface number: 238 but max is 0
[  128.477125][ T5926] usb 1-1: config 3 has no interface number 0
[  128.479504][ T5926] usb 1-1: config 3 interface 238 has no altsetting 0
[  128.495324][ T5926] usb 1-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=92.99
[  128.499209][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.502813][ T5926] usb 1-1: Product: syz
[  128.504289][ T5926] usb 1-1: Manufacturer: syz
[  128.505872][ T5926] usb 1-1: SerialNumber: syz
[  128.538402][ T7537] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.569507][ T7614] netlink: 'syz.1.632': attribute type 6 has an invalid length.
[  128.578767][ T7537] veth0_vlan: entered promiscuous mode
[  128.579843][ T7614] netlink: 'syz.1.632': attribute type 6 has an invalid length.
[  128.588661][ T7537] veth1_vlan: entered promiscuous mode
[  128.617590][ T7537] veth0_macvtap: entered promiscuous mode
[  128.625330][ T7537] veth1_macvtap: entered promiscuous mode
[  128.644920][ T7537] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.657106][ T7537] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.665827][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.690276][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.694920][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.710503][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.716774][ T5926] usb 1-1: unsupported MDLM descriptors
[  128.725308][ T5926] usb 1-1: USB disconnect, device number 17
[  128.764386][ T6609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.767478][ T6609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.808253][ T6609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.815126][ T6609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.051198][   T54] Bluetooth: hci1: command tx timeout
[  129.151471][ T5926] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  129.319783][ T5926] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  129.328531][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.333090][ T5926] usb 4-1: config 0 descriptor??
[  129.564507][ T5926] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  129.771649][ T5926] [drm:udl_init] *ERROR* Selecting channel failed
[  129.854805][ T5926] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 3
[  129.864518][ T5926] [drm] Initialized udl on minor 3
[  129.893672][ T5926] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  129.905578][ T5926] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  129.924973][ T5926] usb 4-1: USB disconnect, device number 2
[  129.928246][   T51] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  129.937989][   T51] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  130.503873][ T7647] loop1: detected capacity change from 0 to 40427
[  130.520578][ T7647] F2FS-fs (loop1): invalid crc value
[  130.710820][ T7647] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  130.718826][ T7647] F2FS-fs (loop1): Start checkpoint disabled!
[  130.766172][ T7647] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  130.822233][ T7649] loop3: detected capacity change from 0 to 32768
[  130.941088][   T33] audit: type=1326 audit(1755550513.823:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7652 comm="syz.0.649" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd27ef8ebe9 code=0x7ffc0000
[  130.949317][   T33] audit: type=1326 audit(1755550513.823:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7652 comm="syz.0.649" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd27ef8ebe9 code=0x7ffc0000
[  130.979141][   T33] audit: type=1326 audit(1755550513.843:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7652 comm="syz.0.649" exe="/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7fd27ef8ebe9 code=0x7ffc0000
[  130.988058][   T33] audit: type=1326 audit(1755550513.843:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7652 comm="syz.0.649" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd27ef8ebe9 code=0x7ffc0000
[  131.042444][ T7657] loop3: detected capacity change from 0 to 512
[  131.082038][ T7657] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  131.085391][ T7657] System zones: 0-2, 18-18, 34-34
[  131.101280][ T7657] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.648: bg 0: block 248: padding at end of block bitmap is not set
[  131.123892][ T7657] Quota error (device loop3): write_blk: dquota write failed
[  131.127064][ T7657] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  131.130806][ T7657] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.648: Failed to acquire dquot type 1
[  131.135687][   T54] Bluetooth: hci1: command tx timeout
[  131.144967][ T7657] EXT4-fs (loop3): 1 truncate cleaned up
[  131.148530][ T7657] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.161272][ T7657] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  131.193715][ T7537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.371737][ T7659] loop0: detected capacity change from 0 to 32768
[  131.385381][ T7659] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  131.426559][   T33] audit: type=1804 audit(1755550514.303:19): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.651" name="/newroot/220/file1/bus" dev="loop0" ino=17058 res=1 errno=0
[  131.519374][ T5856] ocfs2: Unmounting device (7,0) on (node local)
[  131.789510][ T7703] loop1: detected capacity change from 0 to 1024
[  131.879963][ T7703] hfsplus: xattr searching failed
[  131.912529][ T7703] hfsplus: xattr searching failed
[  131.915346][ T7703] hfsplus: xattr searching failed
[  132.503425][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.506593][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  133.211365][   T54] Bluetooth: hci1: command tx timeout
[  133.230256][ T7714] loop1: detected capacity change from 0 to 40427
[  133.235645][ T7714] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  133.238881][ T7714] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  133.249001][ T7714] F2FS-fs (loop1): invalid crc value
[  133.289065][ T7714] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  133.298560][ T7714] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  133.301601][ T7714] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  133.581594][ T7714] F2FS-fs: heap/no_heap options were deprecated
[  133.587731][ T7714] F2FS-fs (loop1): Start checkpoint disabled!
[  133.879287][ T7734] overlayfs: missing 'lowerdir'
[  134.017181][ T7732] loop1: detected capacity change from 0 to 40427
[  134.019621][ T7732] F2FS-fs: heap/no_heap options were deprecated
[  134.022570][ T7732] F2FS-fs (loop1): build fault injection rate: 19
[  134.024732][ T7732] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  134.030022][ T7732] F2FS-fs (loop1): invalid crc value
[  134.036639][ T7732] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  134.070722][ T7732] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  134.077653][ T7732] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  134.082731][ T7732] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  134.107260][ T7732] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  134.111903][   T33] audit: type=1800 audit(1755550517.003:20): pid=7732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.676" name="file1" dev="loop1" ino=10 res=0 errno=0
[  134.123083][ T7732] F2FS-fs (loop1): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x1912/0x4130
[  134.139262][ T7732] syz.1.676: attempt to access beyond end of device
[  134.139262][ T7732] loop1: rw=34817, sector=45096, nr_sectors = 128 limit=40427
[  134.147528][ T7732] F2FS-fs (loop1): inject inconsistent blkaddr in f2fs_truncate_data_blocks_range of f2fs_do_truncate_blocks+0x994/0x10c0
[  134.188211][ T5864] syz-executor: attempt to access beyond end of device
[  134.188211][ T5864] loop1: rw=2049, sector=45224, nr_sectors = 8 limit=40427
[  134.202820][ T5864] CPU: 0 UID: 0 PID: 5864 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  134.202842][ T5864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  134.202850][ T5864] Call Trace:
[  134.202856][ T5864]  <TASK>
[  134.202862][ T5864]  dump_stack_lvl+0x189/0x250
[  134.202885][ T5864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.202900][ T5864]  ? __pfx_queue_work_on+0x10/0x10
[  134.202913][ T5864]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  134.202930][ T5864]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.202955][ T5864]  f2fs_handle_critical_error+0x37c/0x540
[  134.202979][ T5864]  f2fs_write_end_io+0x886/0xb60
[  134.203003][ T5864]  __submit_merged_bio+0x27a/0x6a0
[  134.203025][ T5864]  __submit_merged_write_cond+0x255/0x530
[  134.203047][ T5864]  f2fs_write_data_pages+0x261d/0x3000
[  134.203092][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.203121][ T5864]  ? arch_stack_walk+0xfc/0x150
[  134.203159][ T5864]  ? __mod_zone_page_state+0xd7/0x140
[  134.203185][ T5864]  ? folios_put_refs+0x560/0x640
[  134.203207][ T5864]  ? __pfx_folios_put_refs+0x10/0x10
[  134.203221][ T5864]  ? rcu_is_watching+0x15/0xb0
[  134.203240][ T5864]  ? __lock_acquire+0xab9/0xd20
[  134.203272][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.203292][ T5864]  do_writepages+0x32e/0x550
[  134.203318][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  134.203338][ T5864]  filemap_fdatawrite+0x199/0x240
[  134.203356][ T5864]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  134.203411][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  134.203430][ T5864]  f2fs_sync_dirty_inodes+0x31f/0x830
[  134.203455][ T5864]  f2fs_write_checkpoint+0x95a/0x1df0
[  134.203488][ T5864]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  134.203538][ T5864]  ? kill_f2fs_super+0x298/0x6c0
[  134.203557][ T5864]  kill_f2fs_super+0x2c3/0x6c0
[  134.203575][ T5864]  ? __pfx_kill_f2fs_super+0x10/0x10
[  134.203587][ T5864]  ? radix_tree_delete_item+0x2b6/0x400
[  134.203616][ T5864]  ? shrinker_free+0x2ce/0x3e0
[  134.203633][ T5864]  deactivate_locked_super+0xbc/0x130
[  134.203651][ T5864]  cleanup_mnt+0x425/0x4c0
[  134.203665][ T5864]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.203684][ T5864]  task_work_run+0x1d4/0x260
[  134.203705][ T5864]  ? __pfx_task_work_run+0x10/0x10
[  134.203720][ T5864]  ? __x64_sys_umount+0x122/0x160
[  134.203742][ T5864]  ? exit_to_user_mode_loop+0x40/0x110
[  134.203791][ T5864]  exit_to_user_mode_loop+0xec/0x110
[  134.203809][ T5864]  do_syscall_64+0x2bd/0x3b0
[  134.203827][ T5864]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.203844][ T5864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.203857][ T5864]  ? exc_page_fault+0x9f/0xf0
[  134.203875][ T5864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.203888][ T5864] RIP: 0033:0x7f163e38ff17
[  134.203901][ T5864] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  134.203913][ T5864] RSP: 002b:00007fffa1a31638 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  134.203928][ T5864] RAX: 0000000000000000 RBX: 00007f163e411c05 RCX: 00007f163e38ff17
[  134.203937][ T5864] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffa1a316f0
[  134.203945][ T5864] RBP: 00007fffa1a316f0 R08: 0000000000000000 R09: 0000000000000000
[  134.203952][ T5864] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffa1a32780
[  134.203961][ T5864] R13: 00007f163e411c05 R14: 0000000000020ba5 R15: 00007fffa1a327c0
[  134.203983][ T5864]  </TASK>
[  134.203989][ T5864] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  134.250699][ T7749] lo speed is unknown, defaulting to 1000
[  134.383555][ T7752] program syz.0.686 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  134.562143][    T9] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  134.727106][    T9] usb 4-1: config 0 has no interfaces?
[  134.734493][    T9] usb 4-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  134.738091][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.742458][    T9] usb 4-1: Product: syz
[  134.744152][    T9] usb 4-1: Manufacturer: syz
[  134.745959][    T9] usb 4-1: SerialNumber: syz
[  134.750302][    T9] usb 4-1: config 0 descriptor??
[  134.976726][    T9] usb 4-1: USB disconnect, device number 3
[  135.050769][ T7766] loop1: detected capacity change from 0 to 32768
[  135.056437][ T7766] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.690 (7766)
[  135.064431][ T7766] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  135.068809][ T7766] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  135.072789][ T7766] BTRFS info (device loop1): using free-space-tree
[  135.127517][   T33] audit: type=1800 audit(1755550518.013:21): pid=7766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.690" name="file1" dev="loop1" ino=260 res=0 errno=0
[  135.173937][ T5889] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  135.794318][ T7792] netlink: 20 bytes leftover after parsing attributes in process `syz.3.694'.
[  135.797185][ T7792] netlink: 20 bytes leftover after parsing attributes in process `syz.3.694'.
[  135.850444][ T5864] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  135.940308][ T7796] loop0: detected capacity change from 0 to 16
[  135.944674][ T7796] erofs (device loop0): mounted with root inode @ nid 36.
[  136.070220][ T7800] loop0: detected capacity change from 0 to 128
[  136.508723][   T33] audit: type=1800 audit(1755550519.383:22): pid=7807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.700" name="file1" dev="loop0" ino=1048612 res=0 errno=0
[  138.001214][   T60] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  138.161146][   T60] usb 1-1: Using ep0 maxpacket: 32
[  138.165146][   T60] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  138.187694][   T60] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  138.191975][   T60] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  138.195236][   T60] usb 1-1: Product: syz
[  138.196942][   T60] usb 1-1: Manufacturer: syz
[  138.198760][   T60] usb 1-1: SerialNumber: syz
[  138.208813][   T60] usb 1-1: config 0 descriptor??
[  138.212125][ T7814] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  138.216145][   T60] hub 1-1:0.0: bad descriptor, ignoring hub
[  138.219040][   T60] hub 1-1:0.0: probe with driver hub failed with error -5
[  138.294611][ T7830] mkiss: ax0: crc mode is auto.
[  138.486924][ T7838] loop3: detected capacity change from 0 to 164
[  138.495469][ T7838] rock: directory entry would overflow storage
[  138.498088][ T7838] rock: sig=0x4543, size=28, remaining=18
[  138.546157][ T7832] loop1: detected capacity change from 0 to 40427
[  138.553017][ T7832] F2FS-fs (loop1): invalid crc value
[  138.606854][ T7832] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  138.610830][ T7832] F2FS-fs (loop1): Start checkpoint disabled!
[  138.619835][ T7832] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  138.682537][ T7846] openvswitch: netlink: IP tunnel dst address not specified
[  138.692844][   T60] usb 1-1: reset high-speed USB device number 18 using dummy_hcd
[  138.762954][ T7847] F2FS-fs (loop1): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  138.796021][ T7852] netlink: 4 bytes leftover after parsing attributes in process `syz.3.720'.
[  138.857293][ T7814] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  139.000070][ T7860] loop3: detected capacity change from 0 to 512
[  139.028645][ T7860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.036929][ T7860] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.059283][ T7860] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.724: corrupted inode contents
[  139.068935][ T7860] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.724: mark_inode_dirty error
[  139.077610][ T7860] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.724: corrupted inode contents
[  139.084360][ T7860] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.724: mark_inode_dirty error
[  139.163359][ T6609] kworker/u9:4: attempt to access beyond end of device
[  139.163359][ T6609] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  139.173486][ T6609] kworker/u9:4: attempt to access beyond end of device
[  139.173486][ T6609] loop1: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  139.181646][    T9] usb 1-1: USB disconnect, device number 18
[  139.182935][ T6609] CPU: 1 UID: 0 PID: 6609 Comm: kworker/u9:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  139.182955][ T6609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  139.182965][ T6609] Workqueue: writeback wb_workfn (flush-7:1)
[  139.182989][ T6609] Call Trace:
[  139.182996][ T6609]  <TASK>
[  139.183003][ T6609]  dump_stack_lvl+0x189/0x250
[  139.183024][ T6609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.183040][ T6609]  ? __pfx_queue_work_on+0x10/0x10
[  139.183055][ T6609]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  139.183072][ T6609]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  139.183097][ T6609]  f2fs_handle_critical_error+0x37c/0x540
[  139.183122][ T6609]  f2fs_write_end_io+0x886/0xb60
[  139.183150][ T6609]  __submit_merged_bio+0x27a/0x6a0
[  139.183173][ T6609]  __submit_merged_write_cond+0x255/0x530
[  139.183197][ T6609]  f2fs_write_data_pages+0x261d/0x3000
[  139.183242][ T6609]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  139.183318][ T6609]  ? f2fs_write_meta_pages+0x357/0x450
[  139.183345][ T6609]  ? __lock_acquire+0xab9/0xd20
[  139.183368][ T6609]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  139.183417][ T6609]  do_writepages+0x32e/0x550
[  139.183441][ T6609]  ? reacquire_held_locks+0x127/0x1d0
[  139.183453][ T6609]  ? writeback_sb_inodes+0x384/0x1010
[  139.183478][ T6609]  __writeback_single_inode+0x145/0xff0
[  139.183495][ T6609]  ? do_raw_spin_unlock+0x4d/0x240
[  139.183515][ T6609]  writeback_sb_inodes+0x6c7/0x1010
[  139.183560][ T6609]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  139.183608][ T6609]  ? rcu_is_watching+0x15/0xb0
[  139.183630][ T6609]  wb_writeback+0x43b/0xaf0
[  139.183654][ T6609]  ? queue_io+0x3c1/0x590
[  139.183673][ T6609]  ? __pfx_wb_writeback+0x10/0x10
[  139.183696][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  139.183717][ T6609]  wb_workfn+0x409/0xef0
[  139.183743][ T6609]  ? __pfx_wb_workfn+0x10/0x10
[  139.183761][ T6609]  ? __lock_acquire+0xab9/0xd20
[  139.183789][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  139.183808][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  139.183822][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  139.183835][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  139.183850][ T6609]  process_scheduled_works+0xae1/0x17b0
[  139.183887][ T6609]  ? __pfx_process_scheduled_works+0x10/0x10
[  139.183914][ T6609]  worker_thread+0x8a0/0xda0
[  139.183930][ T6609]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.183955][ T6609]  ? __pfx_worker_thread+0x10/0x10
[  139.183976][ T6609]  kthread+0x711/0x8a0
[  139.183995][ T6609]  ? __pfx_worker_thread+0x10/0x10
[  139.184006][ T6609]  ? __pfx_kthread+0x10/0x10
[  139.184023][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  139.184037][ T6609]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.184054][ T6609]  ? __pfx_kthread+0x10/0x10
[  139.184071][ T6609]  ret_from_fork+0x3fc/0x770
[  139.184088][ T6609]  ? __pfx_ret_from_fork+0x10/0x10
[  139.184107][ T6609]  ? __switch_to_asm+0x39/0x70
[  139.184124][ T6609]  ? __switch_to_asm+0x33/0x70
[  139.184138][ T6609]  ? __pfx_kthread+0x10/0x10
[  139.184155][ T6609]  ret_from_fork_asm+0x1a/0x30
[  139.184185][ T6609]  </TASK>
[  139.184192][ T6609] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  139.299406][ T6609] CPU: 1 UID: 0 PID: 6609 Comm: kworker/u9:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  139.299429][ T6609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  139.299438][ T6609] Workqueue: writeback wb_workfn (flush-7:1)
[  139.299460][ T6609] Call Trace:
[  139.299466][ T6609]  <TASK>
[  139.299473][ T6609]  dump_stack_lvl+0x189/0x250
[  139.299493][ T6609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.299509][ T6609]  ? __pfx_queue_work_on+0x10/0x10
[  139.299531][ T6609]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  139.299549][ T6609]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  139.299575][ T6609]  f2fs_handle_critical_error+0x37c/0x540
[  139.299600][ T6609]  f2fs_write_end_io+0x886/0xb60
[  139.299629][ T6609]  __submit_merged_bio+0x27a/0x6a0
[  139.299652][ T6609]  __submit_merged_write_cond+0x255/0x530
[  139.299676][ T6609]  f2fs_write_data_pages+0x261d/0x3000
[  139.299726][ T6609]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  139.299809][ T6609]  ? f2fs_write_meta_pages+0x357/0x450
[  139.299836][ T6609]  ? __lock_acquire+0xab9/0xd20
[  139.299860][ T6609]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  139.299880][ T6609]  do_writepages+0x32e/0x550
[  139.299902][ T6609]  ? reacquire_held_locks+0x127/0x1d0
[  139.299915][ T6609]  ? writeback_sb_inodes+0x384/0x1010
[  139.299939][ T6609]  __writeback_single_inode+0x145/0xff0
[  139.299957][ T6609]  ? do_raw_spin_unlock+0x4d/0x240
[  139.299978][ T6609]  writeback_sb_inodes+0x6c7/0x1010
[  139.300016][ T6609]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  139.300070][ T6609]  ? rcu_is_watching+0x15/0xb0
[  139.300092][ T6609]  wb_writeback+0x43b/0xaf0
[  139.300116][ T6609]  ? queue_io+0x3c1/0x590
[  139.300137][ T6609]  ? __pfx_wb_writeback+0x10/0x10
[  139.300161][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  139.300183][ T6609]  wb_workfn+0x409/0xef0
[  139.300212][ T6609]  ? __pfx_wb_workfn+0x10/0x10
[  139.300232][ T6609]  ? __lock_acquire+0xab9/0xd20
[  139.300262][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  139.300281][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  139.300296][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  139.300308][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  139.300323][ T6609]  process_scheduled_works+0xae1/0x17b0
[  139.300396][ T6609]  ? __pfx_process_scheduled_works+0x10/0x10
[  139.300429][ T6609]  worker_thread+0x8a0/0xda0
[  139.300445][ T6609]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.300471][ T6609]  ? __pfx_worker_thread+0x10/0x10
[  139.300495][ T6609]  kthread+0x711/0x8a0
[  139.300515][ T6609]  ? __pfx_worker_thread+0x10/0x10
[  139.300535][ T6609]  ? __pfx_kthread+0x10/0x10
[  139.300554][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  139.300570][ T6609]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.300585][ T6609]  ? __pfx_kthread+0x10/0x10
[  139.300603][ T6609]  ret_from_fork+0x3fc/0x770
[  139.300620][ T6609]  ? __pfx_ret_from_fork+0x10/0x10
[  139.300639][ T6609]  ? __switch_to_asm+0x39/0x70
[  139.300655][ T6609]  ? __switch_to_asm+0x33/0x70
[  139.300670][ T6609]  ? __pfx_kthread+0x10/0x10
[  139.300688][ T6609]  ret_from_fork_asm+0x1a/0x30
[  139.300720][ T6609]  </TASK>
[  139.300726][ T6609] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  139.305070][ T7537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.733891][ T7871] random: crng reseeded on system resumption
[  139.937742][ T7866] loop3: detected capacity change from 0 to 40427
[  139.945134][ T7866] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  139.951615][ T7866] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  140.029538][ T7868] loop1: detected capacity change from 0 to 40427
[  140.032871][ T7868] F2FS-fs (loop1): build fault injection rate: 14
[  140.035679][ T7868] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  140.040228][ T7868] F2FS-fs (loop1): invalid crc value
[  140.047935][    C0] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  140.059596][    C0] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  140.130728][ T7868] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  140.136743][ T7866] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  140.140465][ T7868] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  140.147882][ T7868] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  140.153178][ T7866] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  140.156128][ T7866] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  140.179174][ T7868] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  140.196861][ T7868] F2FS-fs (loop1): inject dquot initialize in f2fs_dquot_initialize of f2fs_create+0x14c/0x5c0
[  140.215815][ T7866] syz.3.726: attempt to access beyond end of device
[  140.215815][ T7866] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  140.232150][ T5864] syz-executor: attempt to access beyond end of device
[  140.232150][ T5864] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  140.238928][ T5864] CPU: 0 UID: 0 PID: 5864 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  140.238942][ T5864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  140.238947][ T5864] Call Trace:
[  140.238951][ T5864]  <TASK>
[  140.238955][ T5864]  dump_stack_lvl+0x189/0x250
[  140.238971][ T5864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.238980][ T5864]  ? __pfx_queue_work_on+0x10/0x10
[  140.238988][ T5864]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  140.238999][ T5864]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  140.239014][ T5864]  f2fs_handle_critical_error+0x37c/0x540
[  140.239030][ T5864]  f2fs_write_end_io+0x886/0xb60
[  140.239047][ T5864]  __submit_merged_bio+0x27a/0x6a0
[  140.239061][ T5864]  __submit_merged_write_cond+0x255/0x530
[  140.239075][ T5864]  f2fs_write_data_pages+0x261d/0x3000
[  140.239104][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  140.239123][ T5864]  ? is_bpf_text_address+0x26/0x2b0
[  140.239152][ T5864]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  140.239161][ T5864]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.239184][ T5864]  ? __lock_acquire+0xab9/0xd20
[  140.239205][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  140.239217][ T5864]  do_writepages+0x32e/0x550
[  140.239234][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  140.239246][ T5864]  filemap_fdatawrite+0x199/0x240
[  140.239257][ T5864]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  140.239292][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  140.239329][ T5864]  f2fs_sync_dirty_inodes+0x31f/0x830
[  140.239345][ T5864]  f2fs_write_checkpoint+0x95a/0x1df0
[  140.239366][ T5864]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  140.239399][ T5864]  ? kill_f2fs_super+0x298/0x6c0
[  140.239410][ T5864]  kill_f2fs_super+0x2c3/0x6c0
[  140.239421][ T5864]  ? __pfx_kill_f2fs_super+0x10/0x10
[  140.239427][ T5864]  ? radix_tree_delete_item+0x2b6/0x400
[  140.239441][ T5864]  ? shrinker_free+0x2ce/0x3e0
[  140.239456][ T5864]  deactivate_locked_super+0xbc/0x130
[  140.239467][ T5864]  cleanup_mnt+0x425/0x4c0
[  140.239476][ T5864]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.239487][ T5864]  task_work_run+0x1d4/0x260
[  140.239500][ T5864]  ? __pfx_task_work_run+0x10/0x10
[  140.239508][ T5864]  ? __x64_sys_umount+0x122/0x160
[  140.239521][ T5864]  ? exit_to_user_mode_loop+0x40/0x110
[  140.239534][ T5864]  exit_to_user_mode_loop+0xec/0x110
[  140.239544][ T5864]  do_syscall_64+0x2bd/0x3b0
[  140.239554][ T5864]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.239564][ T5864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.239571][ T5864]  ? exc_page_fault+0x9f/0xf0
[  140.239582][ T5864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.239589][ T5864] RIP: 0033:0x7f163e38ff17
[  140.239598][ T5864] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  140.239605][ T5864] RSP: 002b:00007fffa1a31638 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  140.239615][ T5864] RAX: 0000000000000000 RBX: 00007f163e411c05 RCX: 00007f163e38ff17
[  140.239620][ T5864] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffa1a316f0
[  140.239625][ T5864] RBP: 00007fffa1a316f0 R08: 0000000000000000 R09: 0000000000000000
[  140.239629][ T5864] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffa1a32780
[  140.239634][ T5864] R13: 00007f163e411c05 R14: 0000000000022351 R15: 00007fffa1a327c0
[  140.239649][ T5864]  </TASK>
[  140.239652][ T5864] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  140.383476][ T7880] syz.3.726: attempt to access beyond end of device
[  140.383476][ T7880] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  140.393814][ T7866] syz.3.726: attempt to access beyond end of device
[  140.393814][ T7866] loop3: rw=34817, sector=45104, nr_sectors = 8 limit=40427
[  140.634027][ T7886] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  140.734887][ T7892] loop3: detected capacity change from 0 to 256
[  140.757413][ T7892] FAT-fs (loop3): Directory bread(block 64) failed
[  140.759730][ T7892] FAT-fs (loop3): Directory bread(block 65) failed
[  140.762686][ T7892] FAT-fs (loop3): Directory bread(block 66) failed
[  140.764989][ T7892] FAT-fs (loop3): Directory bread(block 67) failed
[  140.770569][ T7892] FAT-fs (loop3): Directory bread(block 68) failed
[  140.777834][ T7892] FAT-fs (loop3): Directory bread(block 69) failed
[  140.780574][ T7892] FAT-fs (loop3): Directory bread(block 70) failed
[  140.784581][ T7892] FAT-fs (loop3): Directory bread(block 71) failed
[  140.787782][ T7892] FAT-fs (loop3): Directory bread(block 72) failed
[  140.790480][ T7892] FAT-fs (loop3): Directory bread(block 73) failed
[  141.441185][   T51] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  141.594500][   T51] usb 4-1: config 5 has an invalid interface number: 123 but max is 0
[  141.597304][   T51] usb 4-1: config 5 has no interface number 0
[  141.599286][   T51] usb 4-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  141.604279][   T51] usb 4-1: config 5 interface 123 altsetting 7 endpoint 0x89 has invalid maxpacket 8981, setting to 64
[  141.609648][   T51] usb 4-1: config 5 interface 123 has no altsetting 0
[  141.617541][   T51] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  141.620518][   T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.623615][   T51] usb 4-1: Product: syz
[  141.625587][   T51] usb 4-1: Manufacturer: syz
[  141.627297][   T51] usb 4-1: SerialNumber: syz
[  141.646826][ T7912] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  141.748210][ T7917] loop1: detected capacity change from 0 to 64
[  141.885967][   T51] ni6501 4-1:5.123: driver 'ni6501' failed to auto-configure device.
[  141.896897][   T51] usb 4-1: USB disconnect, device number 4
[  142.239208][ T7921] loop1: detected capacity change from 0 to 4096
[  142.444595][   T28] ntfs3(loop1): ino=5, mi_enum_attr
[  142.757102][ T7937] netlink: 'syz.3.753': attribute type 2 has an invalid length.
[  142.839745][ T5311] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  142.991049][ T5311] usb 2-1: Using ep0 maxpacket: 16
[  142.994916][ T5311] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.998061][ T5311] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  143.006220][ T5311] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  143.009500][ T5311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.013559][ T5311] usb 2-1: Product: syz
[  143.015319][ T5311] usb 2-1: Manufacturer: syz
[  143.017158][ T5311] usb 2-1: SerialNumber: syz
[  143.171039][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  143.229951][ T5311] usb 2-1: 0:2 : does not exist
[  143.238225][ T5311] usb 2-1: USB disconnect, device number 17
[  143.322825][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.327229][    T9] usb 4-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  143.330895][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.338904][    T9] usb 4-1: config 0 descriptor??
[  143.754369][    T9] playstation 0003:054C:0BA0.0008: unknown main item tag 0x0
[  143.773797][    T9] playstation 0003:054C:0BA0.0008: hidraw0: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.3-1/input0
[  143.950320][    T9] playstation 0003:054C:0BA0.0008: Invalid reportID received, expected 18 got 158
[  143.956104][    T9] playstation 0003:054C:0BA0.0008: Failed to retrieve DualShock4 pairing info: -22
[  143.959813][    T9] playstation 0003:054C:0BA0.0008: Failed to get MAC address from DualShock4
[  143.964721][    T9] playstation 0003:054C:0BA0.0008: Failed to create dualshock4.
[  143.970705][    T9] playstation 0003:054C:0BA0.0008: probe with driver playstation failed with error -22
[  144.643933][   T51] usb 4-1: USB disconnect, device number 5
[  145.256199][ T7998] netlink: 28 bytes leftover after parsing attributes in process `syz.1.780'.
[  145.481485][   T51] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  145.641148][   T51] usb 4-1: Using ep0 maxpacket: 16
[  145.646004][   T51] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  145.649958][   T51] usb 4-1: config 0 has no interfaces?
[  145.654667][   T51] usb 4-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  145.658574][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.666877][   T51] usb 4-1: config 0 descriptor??
[  146.402543][ T5923] usb 4-1: USB disconnect, device number 6
[  146.794032][ T8022] loop3: detected capacity change from 0 to 32768
[  146.797375][ T8022] XFS: ikeep mount option is deprecated.
[  146.839445][ T8022] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  146.897129][ T8022] XFS (loop3): Ending clean mount
[  146.902710][ T8022] XFS (loop3): Quotacheck needed: Please wait.
[  146.936353][ T8022] XFS (loop3): Quotacheck: Done.
[  146.973127][ T7537] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.520407][ T8056] netlink: 12 bytes leftover after parsing attributes in process `syz.0.802'.
[  148.312785][ T5923] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  148.463081][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.467365][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.473022][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  148.477941][ T5923] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  148.482920][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.488848][ T5923] usb 2-1: config 0 descriptor??
[  148.911252][ T5923] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  149.570240][    C0] plantronics 0003:047F:FFFF.0009: hid_field_extract() called with n (132) > 32! (syz.3.828)
[  149.773818][   T51] usb 2-1: USB disconnect, device number 18
[  149.855215][ T8119] loop3: detected capacity change from 0 to 512
[  149.878715][ T8119] EXT4-fs: Ignoring removed nomblk_io_submit option
[  149.894010][ T8119] EXT4-fs (loop3): Test dummy encryption mode enabled
[  149.939698][ T8119] EXT4-fs (loop3): 1 truncate cleaned up
[  149.952898][ T8119] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.218053][ T8129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.832'.
[  150.373342][ T8139] netlink: 32 bytes leftover after parsing attributes in process `syz.1.837'.
[  150.376827][ T8139] netlink: 32 bytes leftover after parsing attributes in process `syz.1.837'.
[  150.466774][ T7537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.511095][   T51] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  150.550735][ T8147] loop3: detected capacity change from 0 to 1024
[  150.576190][   T28] hfsplus: b-tree write err: -5, ino 4
[  150.711155][ T8156] netlink: 28 bytes leftover after parsing attributes in process `syz.3.845'.
[  150.715171][ T8156] netlink: 28 bytes leftover after parsing attributes in process `syz.3.845'.
[  150.731225][   T51] usb 1-1: Using ep0 maxpacket: 32
[  151.099522][ T8159] loop3: detected capacity change from 0 to 128
[  151.109870][   T51] usb 1-1: config 0 has an invalid interface number: 20 but max is 0
[  151.113240][   T51] usb 1-1: config 0 has no interface number 0
[  151.117964][   T51] usb 1-1: New USB device found, idVendor=0d8e, idProduct=7811, bcdDevice= 3.81
[  151.122349][   T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.125647][   T51] usb 1-1: Product: syz
[  151.127418][   T51] usb 1-1: Manufacturer: syz
[  151.129448][   T51] usb 1-1: SerialNumber: syz
[  151.134293][   T51] usb 1-1: config 0 descriptor??
[  151.138970][   T51] usb 1-1: Could not find all expected endpoints
[  151.239259][ T8165] loop3: detected capacity change from 0 to 164
[  151.248984][ T8165] isofs: Unable to find the ".." directory for NFS.
[  151.342882][   T51] usb 1-1: USB disconnect, device number 19
[  151.373094][   T54] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  151.377192][   T54] Bluetooth: hci2: Injecting HCI hardware error event
[  151.381389][   T54] Bluetooth: hci2: hardware error 0x00
[  151.779362][ T8173] loop3: detected capacity change from 0 to 40427
[  151.783898][ T8173] F2FS-fs (loop3): build fault injection rate: 771
[  151.789148][ T8173] F2FS-fs (loop3): invalid crc value
[  151.847114][ T8173] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  151.858450][ T8173] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  152.025755][ T7537] syz-executor: attempt to access beyond end of device
[  152.025755][ T7537] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  152.036235][ T7537] CPU: 0 UID: 0 PID: 7537 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  152.036278][ T7537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.036294][ T7537] Call Trace:
[  152.036301][ T7537]  <TASK>
[  152.036307][ T7537]  dump_stack_lvl+0x189/0x250
[  152.036334][ T7537]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.036351][ T7537]  ? __pfx_queue_work_on+0x10/0x10
[  152.036366][ T7537]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.036385][ T7537]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.036440][ T7537]  f2fs_handle_critical_error+0x37c/0x540
[  152.036469][ T7537]  f2fs_write_end_io+0x886/0xb60
[  152.036502][ T7537]  __submit_merged_bio+0x27a/0x6a0
[  152.036529][ T7537]  __submit_merged_write_cond+0x255/0x530
[  152.036562][ T7537]  f2fs_write_data_pages+0x261d/0x3000
[  152.036619][ T7537]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.036653][ T7537]  ? arch_stack_walk+0xfc/0x150
[  152.036699][ T7537]  ? __mod_zone_page_state+0xd7/0x140
[  152.036729][ T7537]  ? folios_put_refs+0x560/0x640
[  152.036755][ T7537]  ? __pfx_folios_put_refs+0x10/0x10
[  152.036769][ T7537]  ? rcu_is_watching+0x15/0xb0
[  152.036793][ T7537]  ? __lock_acquire+0xab9/0xd20
[  152.036830][ T7537]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.036852][ T7537]  do_writepages+0x32e/0x550
[  152.036883][ T7537]  ? do_raw_spin_unlock+0x4d/0x240
[  152.036905][ T7537]  filemap_fdatawrite+0x199/0x240
[  152.036926][ T7537]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.036992][ T7537]  ? do_raw_spin_unlock+0x4d/0x240
[  152.037015][ T7537]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.037043][ T7537]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.037080][ T7537]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.037133][ T7537]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  152.037148][ T7537]  ? kfree+0x18e/0x440
[  152.037167][ T7537]  ? kill_f2fs_super+0x298/0x6c0
[  152.037187][ T7537]  kill_f2fs_super+0x2c3/0x6c0
[  152.037227][ T7537]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.037242][ T7537]  ? radix_tree_delete_item+0x2b6/0x400
[  152.037270][ T7537]  ? shrinker_free+0x2ce/0x3e0
[  152.037289][ T7537]  deactivate_locked_super+0xbc/0x130
[  152.037309][ T7537]  cleanup_mnt+0x425/0x4c0
[  152.037326][ T7537]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.037348][ T7537]  task_work_run+0x1d4/0x260
[  152.037371][ T7537]  ? __pfx_task_work_run+0x10/0x10
[  152.037388][ T7537]  ? __x64_sys_umount+0x122/0x160
[  152.037437][ T7537]  ? exit_to_user_mode_loop+0x40/0x110
[  152.037462][ T7537]  exit_to_user_mode_loop+0xec/0x110
[  152.037482][ T7537]  do_syscall_64+0x2bd/0x3b0
[  152.037502][ T7537]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.037519][ T7537]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.037533][ T7537]  ? exc_page_fault+0x9f/0xf0
[  152.037572][ T7537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.037586][ T7537] RIP: 0033:0x7f3aabf8ff17
[  152.037599][ T7537] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.037612][ T7537] RSP: 002b:00007ffd3481c048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.037628][ T7537] RAX: 0000000000000000 RBX: 00007f3aac011c05 RCX: 00007f3aabf8ff17
[  152.037638][ T7537] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd3481c100
[  152.037646][ T7537] RBP: 00007ffd3481c100 R08: 0000000000000000 R09: 0000000000000000
[  152.037655][ T7537] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd3481d190
[  152.037664][ T7537] R13: 00007f3aac011c05 R14: 0000000000025152 R15: 00007ffd3481d1d0
[  152.037691][ T7537]  </TASK>
[  152.070660][ T7537] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  152.072893][    C0] hpet: Lost 1 RTC interrupts
[  152.074855][ T7537] CPU: 1 UID: 0 PID: 7537 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  152.074872][ T7537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.074881][ T7537] Call Trace:
[  152.074887][ T7537]  <TASK>
[  152.074893][ T7537]  dump_stack_lvl+0x189/0x250
[  152.074915][ T7537]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.074932][ T7537]  ? __pfx_queue_work_on+0x10/0x10
[  152.074945][ T7537]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.074961][ T7537]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.074988][ T7537]  f2fs_handle_critical_error+0x37c/0x540
[  152.075014][ T7537]  f2fs_write_end_io+0x886/0xb60
[  152.075045][ T7537]  __submit_merged_bio+0x27a/0x6a0
[  152.075070][ T7537]  __submit_merged_write_cond+0x255/0x530
[  152.075095][ T7537]  f2fs_write_data_pages+0x261d/0x3000
[  152.075148][ T7537]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.075180][ T7537]  ? arch_stack_walk+0xfc/0x150
[  152.075222][ T7537]  ? __mod_zone_page_state+0xd7/0x140
[  152.075251][ T7537]  ? folios_put_refs+0x560/0x640
[  152.075276][ T7537]  ? __pfx_folios_put_refs+0x10/0x10
[  152.075289][ T7537]  ? rcu_is_watching+0x15/0xb0
[  152.075312][ T7537]  ? __lock_acquire+0xab9/0xd20
[  152.075355][ T7537]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.075376][ T7537]  do_writepages+0x32e/0x550
[  152.075406][ T7537]  ? do_raw_spin_unlock+0x4d/0x240
[  152.075457][ T7537]  filemap_fdatawrite+0x199/0x240
[  152.075477][ T7537]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.075541][ T7537]  ? do_raw_spin_unlock+0x4d/0x240
[  152.075562][ T7537]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.075590][ T7537]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.075628][ T7537]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.075683][ T7537]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  152.075697][ T7537]  ? kfree+0x18e/0x440
[  152.075715][ T7537]  ? kill_f2fs_super+0x298/0x6c0
[  152.075734][ T7537]  kill_f2fs_super+0x2c3/0x6c0
[  152.075754][ T7537]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.075766][ T7537]  ? radix_tree_delete_item+0x2b6/0x400
[  152.075791][ T7537]  ? shrinker_free+0x2ce/0x3e0
[  152.075809][ T7537]  deactivate_locked_super+0xbc/0x130
[  152.075828][ T7537]  cleanup_mnt+0x425/0x4c0
[  152.075845][ T7537]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.075865][ T7537]  task_work_run+0x1d4/0x260
[  152.075887][ T7537]  ? __pfx_task_work_run+0x10/0x10
[  152.075903][ T7537]  ? __x64_sys_umount+0x122/0x160
[  152.075925][ T7537]  ? exit_to_user_mode_loop+0x40/0x110
[  152.075948][ T7537]  exit_to_user_mode_loop+0xec/0x110
[  152.075968][ T7537]  do_syscall_64+0x2bd/0x3b0
[  152.075985][ T7537]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.076002][ T7537]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.076015][ T7537]  ? exc_page_fault+0x9f/0xf0
[  152.076035][ T7537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.076048][ T7537] RIP: 0033:0x7f3aabf8ff17
[  152.076062][ T7537] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.076074][ T7537] RSP: 002b:00007ffd3481c048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.076088][ T7537] RAX: 0000000000000000 RBX: 00007f3aac011c05 RCX: 00007f3aabf8ff17
[  152.076098][ T7537] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd3481c100
[  152.076106][ T7537] RBP: 00007ffd3481c100 R08: 0000000000000000 R09: 0000000000000000
[  152.076114][ T7537] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd3481d190
[  152.076123][ T7537] R13: 00007f3aac011c05 R14: 0000000000025152 R15: 00007ffd3481d1d0
[  152.076150][ T7537]  </TASK>
[  152.076156][ T7537] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  152.533306][ T8194] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  152.677616][ T8203] netlink: 2036 bytes leftover after parsing attributes in process `syz.1.864'.
[  152.684495][ T8203] netlink: 24 bytes leftover after parsing attributes in process `syz.1.864'.
[  152.871780][    T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  153.050998][    T9] usb 4-1: Using ep0 maxpacket: 16
[  153.054951][    T9] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  153.058707][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.064632][    T9] usb 4-1: config 0 descriptor??
[  153.069691][    T9] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  153.274236][    T9] usb 4-1: Detected FT232A
[  153.277260][    T9] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  153.282908][    T9] usb 4-1: USB disconnect, device number 7
[  153.288623][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  153.292673][    T9] ftdi_sio 4-1:0.0: device disconnected
[  153.451135][   T54] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  153.583057][ T8216] syzkaller0: entered promiscuous mode
[  153.584987][ T8216] syzkaller0: entered allmulticast mode
[  153.752690][ T8228] genirq: Flags mismatch irq 4. 00200000 (pcl816) vs. 00200080 (ttyS0)
[  153.866580][ T8238] loop1: detected capacity change from 0 to 256
[  153.895197][ T8238] FAT-fs (loop1): Directory bread(block 64) failed
[  153.897627][ T8238] FAT-fs (loop1): Directory bread(block 65) failed
[  153.899987][ T8238] FAT-fs (loop1): Directory bread(block 66) failed
[  153.904862][ T8238] FAT-fs (loop1): Directory bread(block 67) failed
[  153.907362][ T8238] FAT-fs (loop1): Directory bread(block 68) failed
[  153.909717][ T8238] FAT-fs (loop1): Directory bread(block 69) failed
[  153.927446][ T8238] FAT-fs (loop1): Directory bread(block 70) failed
[  153.929633][ T8238] FAT-fs (loop1): Directory bread(block 71) failed
[  153.931924][ T8238] FAT-fs (loop1): Directory bread(block 72) failed
[  153.934109][ T8238] FAT-fs (loop1): Directory bread(block 73) failed
[  154.095414][ T8250] loop1: detected capacity change from 0 to 8192
[  154.105128][ T8252] loop3: detected capacity change from 0 to 1024
[  154.142293][ T8250]  loop1: AHDI p3 p4
[  154.144416][ T8250] loop1: p3 size 4294967042 extends beyond EOD, truncated
[  154.147137][  T945] hfsplus: b-tree write err: -5, ino 4
[  154.160175][ T8250] loop1: p4 size 16777216 extends beyond EOD, truncated
[  154.241440][ T8259] trusted_key: encrypted_key: keyword 'new/' not recognized
[  154.279752][ T8262] loop3: detected capacity change from 0 to 2048
[  154.298425][ T8262] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  154.472852][ T8274] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  154.544401][ T8264] loop1: detected capacity change from 0 to 32768
[  154.655437][ T8264] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 255,nocow
[  154.655452][ T8264]   allowing incompatible features above 0.0: (unknown version)
[  154.655457][ T8264]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  154.679756][ T8264] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  154.691034][ T8264] bcachefs (loop1): initializing new filesystem
[  154.709021][ T8264] bcachefs (loop1): going read-write
[  154.733260][ T8264] bcachefs (loop1): marking superblocks
[  154.752980][ T8264] bcachefs (loop1): initializing freespace
[  154.757957][ T8264] bcachefs (loop1): done initializing freespace
[  154.764621][ T8264] bcachefs (loop1): reading snapshots table
[  154.766631][ T8264] bcachefs (loop1): reading snapshots done
[  154.785329][ T8264] bcachefs (loop1):  loop1: Superblock write was silently dropped! (seq 0 expected 42)
[  154.789267][ T8264] bcachefs (loop1): done starting filesystem
[  154.872271][ T8264] syz.1.893 (8264) used greatest stack depth: 15384 bytes left
[  154.895979][ T5864] bcachefs (loop1): shutting down
[  154.897560][ T5864] bcachefs (loop1): going read-only
[  154.904001][ T5864] bcachefs (loop1): finished waiting for writes to stop
[  154.907345][ T5864] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[  154.948148][ T5864] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4
[  154.962845][ T5864] bcachefs (loop1): clean shutdown complete, journal seq 5
[  154.965596][ T5864] bcachefs (loop1): marking filesystem clean
[  154.990546][ T8278] loop3: detected capacity change from 0 to 65536
[  154.994636][ T5864] bcachefs (loop1): shutdown complete
[  155.003095][ T8278] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  155.018718][ T8278] XFS (loop3): Ending clean mount
[  155.021962][ T8278] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  155.404666][ T8306] loop3: detected capacity change from 0 to 32768
[  155.407493][ T8306] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.908 (8306)
[  155.413689][ T8306] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  155.416898][ T8306] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  155.419605][ T8306] BTRFS info (device loop3): using free-space-tree
[  155.465977][ T7537] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  155.583209][ T8327] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  155.593063][ T8327] CIFS mount error: No usable UNC path provided in device string!
[  155.593063][ T8327] 
[  155.596323][ T8327] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  155.611410][    T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  155.782663][    T9] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  155.786495][    T9] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.789352][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  155.793869][    T9] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  155.796481][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.803960][    T9] usb 1-1: config 0 descriptor??
[  156.364302][ T8342] loop1: detected capacity change from 0 to 64
[  156.417875][    T9] usb 1-1: string descriptor 0 read error: -22
[  156.509061][ T8348] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  156.526135][ T8348] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  156.533491][ T8350] loop3: detected capacity change from 0 to 2048
[  156.573476][ T8350] Dev loop3: RDB in block 1 has bad checksum
[  156.622851][    T9] input: HID 256c:006d as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000A/input/input14
[  156.689840][ T8366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.927'.
[  156.697094][    T9] input: HID 256c:006d as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000A/input/input15
[  156.718335][    T9] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000A/input/input16
[  156.734164][    T9] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000A/input/input17
[  156.744019][    T9] uclogic 0003:256C:006D.000A: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0
[  156.832381][ T5926] usb 1-1: USB disconnect, device number 20
[  156.921118][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  157.121191][   T10] usb 4-1: Using ep0 maxpacket: 8
[  157.128152][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  157.133719][   T10] usb 4-1: config 3 has an invalid interface number: 199 but max is 0
[  157.137292][   T10] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  157.141754][   T10] usb 4-1: config 3 has no interface number 0
[  157.145134][   T10] usb 4-1: config 3 interface 199 has no altsetting 0
[  157.150515][   T10] usb 4-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice= e.70
[  157.154868][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.158211][   T10] usb 4-1: Product: syz
[  157.160690][   T10] usb 4-1: Manufacturer: syz
[  157.163326][   T10] usb 4-1: SerialNumber: syz
[  157.388783][   T10] usb 4-1: USB disconnect, device number 8
[  157.631040][ T5926] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  157.781160][ T5926] usb 1-1: Using ep0 maxpacket: 32
[  157.785463][ T5926] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  157.788967][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.794402][ T5926] usb 1-1: config 0 descriptor??
[  157.799031][ T5926] gspca_main: nw80x-2.14.0 probing 055f:d001
[  157.865359][   T33] audit: type=1326 audit(1755550540.753:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8379 comm="syz.1.934" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f163e38ebe9 code=0x0
[  158.393735][ T8397] : entered promiscuous mode
[  158.426730][ T5926] gspca_nw80x: reg_w err -110
[  158.431838][ T5926] nw80x 1-1:0.0: probe with driver nw80x failed with error -110
[  158.626856][ T8401] loop3: detected capacity change from 0 to 32768
[  158.711379][ T8401] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  158.711393][ T8401]   allowing incompatible features above 0.0: (unknown version)
[  158.711398][ T8401]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  158.723478][ T8401] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  158.725953][ T8401] bcachefs (loop3): initializing new filesystem
[  158.733762][ T8401] bcachefs (loop3): going read-write
[  158.738565][ T8401] bcachefs (loop3): marking superblocks
[  158.743979][ T8401] bcachefs (loop3): initializing freespace
[  158.747580][ T8401] bcachefs (loop3): done initializing freespace
[  158.751726][ T8401] bcachefs (loop3): reading snapshots table
[  158.754584][ T8401] bcachefs (loop3): reading snapshots done
[  158.782433][ T8401] bcachefs (loop3): done starting filesystem
[  158.834880][ T7537] bcachefs (loop3): shutting down
[  158.837098][ T7537] bcachefs (loop3): going read-only
[  158.838794][ T7537] bcachefs (loop3): finished waiting for writes to stop
[  158.844230][ T7537] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  158.866832][ T7537] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  158.870572][ T7537] bcachefs (loop3): clean shutdown complete, journal seq 4
[  158.878183][ T7537] bcachefs (loop3): marking filesystem clean
[  158.902695][ T7537] bcachefs (loop3): shutdown complete
[  159.141018][ T5926] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  159.291125][ T5926] usb 2-1: Using ep0 maxpacket: 8
[  159.297333][ T5926] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  159.301257][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.304356][ T5926] usb 2-1: Product: syz
[  159.306048][ T5926] usb 2-1: Manufacturer: syz
[  159.307922][ T5926] usb 2-1: SerialNumber: syz
[  159.312857][ T5926] usb 2-1: config 0 descriptor??
[  159.317744][ T5926] gspca_main: se401-2.14.0 probing 047d:5003
[  159.718661][ T5926] gspca_se401: ExtraFeatures: 117
[  159.721042][ T5926] gspca_se401: Too many frame sizes
[  159.922236][ T5926] usb 2-1: USB disconnect, device number 19
[  159.987416][ T8425] loop3: detected capacity change from 0 to 2048
[  159.995173][ T8425] NILFS (loop3): invalid segment: Magic number mismatch
[  159.998300][ T8425] NILFS (loop3): trying rollback from an earlier position
[  160.013369][ T8425] NILFS (loop3): recovery complete
[  160.016356][ T8426] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  160.470715][ T5311] usb 1-1: USB disconnect, device number 21
[  160.941131][ T5926] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  161.101203][ T5926] usb 2-1: Using ep0 maxpacket: 8
[  161.107051][ T5926] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.113598][ T5926] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  161.116817][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.134341][ T5926] usb 2-1: Product: syz
[  161.135908][ T5926] usb 2-1: Manufacturer: syz
[  161.137586][ T5926] usb 2-1: SerialNumber: syz
[  161.145293][ T5926] usb 2-1: config 0 descriptor??
[  161.150212][ T5926] streamzap 2-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  161.248099][ T8454] netlink: 'syz.0.962': attribute type 1 has an invalid length.
[  161.381243][ T5926] usb 2-1: USB disconnect, device number 20
[  162.007954][ T8466] snd_dummy snd_dummy.0: control 0:8:0:syz0:0 is already present
[  162.370844][ T8476] loop3: detected capacity change from 0 to 4096
[  162.405136][ T8476] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  162.425170][ T8476] ntfs3(loop3): Failed to load $Extend (-22).
[  162.427590][ T8476] ntfs3(loop3): Failed to initialize $Extend.
[  162.575114][ T8486] mkiss: ax0: crc mode is auto.
[  162.665184][ T8489] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  162.674171][ T8478] loop1: detected capacity change from 0 to 32768
[  162.679477][ T8478] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.972 (8478)
[  162.688474][ T8478] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  162.692801][ T8478] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  162.695873][ T8478] BTRFS info (device loop1): using free-space-tree
[  162.780209][ T8507] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  162.971170][ T5864] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  163.087314][ T8516] loop3: detected capacity change from 0 to 1024
[  163.096060][ T8516] EXT4-fs: Ignoring removed orlov option
[  163.153638][ T8516] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.272076][ T7537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.304229][ T8521] netlink: 'syz.1.981': attribute type 9 has an invalid length.
[  163.668654][ T8530] loop3: detected capacity change from 0 to 1024
[  163.771827][   T33] audit: type=1800 audit(1755550546.653:24): pid=8530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.988" name="file1" dev="loop3" ino=20 res=0 errno=0
[  163.800845][   T33] audit: type=1800 audit(1755550546.653:25): pid=8530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.988" name="file1" dev="loop3" ino=20 res=0 errno=0
[  164.248352][ T8541] loop3: detected capacity change from 0 to 32768
[  164.258195][ T8541] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.993 (8541)
[  164.269176][ T8541] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  164.272683][ T8541] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  164.276332][ T8541] BTRFS info (device loop3): using free-space-tree
[  164.325701][ T8539] loop1: detected capacity change from 0 to 40427
[  164.333760][ T8539] F2FS-fs (loop1): invalid crc value
[  164.347407][   T33] audit: type=1800 audit(1755550547.233:26): pid=8541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.993" name="file1" dev="loop3" ino=263 res=0 errno=0
[  164.414053][ T7537] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  164.442464][ T8539] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  164.446318][ T8539] F2FS-fs (loop1): Start checkpoint disabled!
[  164.492393][ T8539] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  164.788781][ T8568] loop3: detected capacity change from 0 to 256
[  164.805676][ T8568] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  165.535630][ T8582] afs: Unknown parameter 'A~|vN'
[  165.838756][ T8585] netlink: 'syz.1.1003': attribute type 10 has an invalid length.
[  165.842070][ T8585] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[  165.849939][ T8585] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  166.089950][ T8611] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1016'.
[  166.107718][ T8613] dummy0: entered allmulticast mode
[  166.174958][ T8621] loop1: detected capacity change from 0 to 1764
[  166.309813][ T8619] loop3: detected capacity change from 0 to 32768
[  166.359214][ T8624] loop1: detected capacity change from 0 to 32768
[  166.446816][ T8627] loop3: detected capacity change from 0 to 512
[  166.449919][ T8627] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  166.457985][ T8627] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1023: bad orphan inode 16
[  166.462302][ T8627] ext4_test_bit(bit=15, block=4) = 0
[  166.464057][ T8627] EXT4-fs (loop3): 1 orphan inode deleted
[  166.467259][ T8627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.497959][ T7537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.531937][ T8634] loop3: detected capacity change from 0 to 512
[  166.535373][ T8634] FAT-fs (loop3): bogus number of FAT sectors
[  166.537632][ T8634] FAT-fs (loop3): Can't find a valid FAT filesystem
[  166.571937][ T8636] ieee802154 phy0 wpan0: encryption failed: -22
[  166.751005][   T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  166.905239][   T10] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  166.909516][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.916709][   T10] usb 2-1: config 0 descriptor??
[  166.924379][   T10] gspca_main: spca508-2.14.0 probing 8086:0110
[  167.174138][   T10] gspca_spca508: reg_read err -32
[  167.177319][   T10] gspca_spca508: reg_read err -32
[  167.180052][   T10] gspca_spca508: reg_read err -32
[  167.183150][   T10] gspca_spca508: reg_read err -32
[  167.189704][ T8656] loop3: detected capacity change from 0 to 40427
[  167.205104][ T8656] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  167.208153][ T8656] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  167.297837][ T8656] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  167.303260][ T8656] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  167.305936][ T8656] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  167.391316][   T10] gspca_spca508: reg write: error -71
[  167.396912][   T10] spca508 2-1:0.0: probe with driver spca508 failed with error -71
[  167.405913][   T10] usb 2-1: USB disconnect, device number 21
[  168.117293][ T8681] loop3: detected capacity change from 0 to 512
[  168.119732][ T8681] EXT4-fs: Ignoring removed nomblk_io_submit option
[  168.122731][ T8681] EXT4-fs: old and new quota format mixing
[  168.165406][ T8683] loop3: detected capacity change from 0 to 256
[  168.168395][ T8683] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  168.169156][ T8683] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  168.219851][ T8687] netlink: 'syz.1.1048': attribute type 2 has an invalid length.
[  168.223126][ T8687] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1048'.
[  168.226769][ T8687] nbd: must specify at least one socket
[  168.312152][   T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  168.369317][ T8695] loop1: detected capacity change from 0 to 2048
[  168.383966][ T8695] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  168.481262][   T10] usb 1-1: Using ep0 maxpacket: 32
[  168.486476][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  168.489870][   T10] usb 1-1: config 2 has an invalid interface number: 189 but max is 0
[  168.496384][   T10] usb 1-1: config 2 has no interface number 0
[  168.498955][   T10] usb 1-1: config 2 interface 189 altsetting 11 has an invalid endpoint descriptor of length 3, skipping
[  168.504541][   T10] usb 1-1: config 2 interface 189 has no altsetting 0
[  168.510499][   T10] usb 1-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52
[  168.514698][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.517952][   T10] usb 1-1: Product: syz
[  168.519665][   T10] usb 1-1: Manufacturer: syz
[  168.522931][   T10] usb 1-1: SerialNumber: syz
[  168.751043][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  168.901040][    T9] usb 4-1: Using ep0 maxpacket: 8
[  168.904768][    T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  168.907411][    T9] usb 4-1: config 0 has no interface number 0
[  168.912883][    T9] usb 4-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.1d
[  168.916559][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.919593][    T9] usb 4-1: Product: syz
[  168.921181][    T9] usb 4-1: Manufacturer: syz
[  168.922987][    T9] usb 4-1: SerialNumber: syz
[  168.927345][    T9] usb 4-1: config 0 descriptor??
[  168.931352][    T9] usb 4-1: selecting invalid altsetting 2
[  168.933547][    T9] i2c-cp2615 4-1:0.1: probe with driver i2c-cp2615 failed with error -22
[  169.135929][  T791] usb 4-1: USB disconnect, device number 9
[  169.622191][ T8710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'.
[  169.625207][ T8710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1059'.
[  169.759854][ T8722] No control pipe specified
[  169.826391][ T8728] netfs: Couldn't get user pages (rc=-14)
[  169.828830][ T8728] netfs: Zero-sized read [R=1]
[  169.898545][ T8732] netlink: 'syz.3.1070': attribute type 34 has an invalid length.
[  169.988479][ T8736] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1072'.
[  170.144340][ T8744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1076'.
[  170.544570][   T10] usb 1-1: unknown interface protocol 0x3b, assuming v1
[  170.546847][   T10] usb 1-1: 189:2 : does not exist
[  170.567433][   T10] usb 1-1: USB disconnect, device number 22
[  171.330839][ T8773] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x1
[  172.181807][ T8789] qrtr: Invalid version 0
[  172.305128][ T8793] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1098'.
[  172.309001][ T8793] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1098'.
[  173.349581][ T8845] gretap0: entered promiscuous mode
[  173.352368][ T8845] vlan2: entered promiscuous mode
[  173.475356][ T8856] loop3: detected capacity change from 0 to 512
[  173.478452][ T8856] EXT4-fs: Ignoring removed mblk_io_submit option
[  173.481215][ T8856] EXT4-fs: inline encryption not supported
[  173.485343][ T8856] EXT4-fs: Ignoring removed mblk_io_submit option
[  173.487873][ T8856] EXT4-fs: Ignoring removed nomblk_io_submit option
[  173.494487][ T8856] EXT4-fs (loop3): Test dummy encryption mode enabled
[  173.497099][ T8856] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  173.504995][ T8856] EXT4-fs (loop3): 1 truncate cleaned up
[  173.508628][ T8856] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.648785][ T8856] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  173.675778][ T7537] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.344795][ T8946] loop3: detected capacity change from 0 to 2048
[  175.354953][ T8947] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  175.583133][ T8957] [U] V3Fپ"W/4:XTZWTLW=
[  175.587248][ T8957] [U] J"E:"
[  175.692237][   T10] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  175.843678][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  175.847684][   T10] usb 4-1: not running at top speed; connect to a high speed hub
[  175.854876][   T10] usb 4-1: config 1 has an invalid interface number: 138 but max is 0
[  175.857731][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  175.862075][   T10] usb 4-1: config 1 has no interface number 0
[  175.864258][   T10] usb 4-1: config 1 interface 138 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  175.868947][   T10] usb 4-1: config 1 interface 138 has no altsetting 0
[  175.874496][   T10] usb 4-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  175.878365][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.881469][   T10] usb 4-1: Product: syz
[  175.883071][   T10] usb 4-1: Manufacturer: syz
[  175.884846][   T10] usb 4-1: SerialNumber: syz
[  176.097649][   T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  176.133887][   T10] usb 4-1: USB disconnect, device number 10
[  176.646971][ T8971] loop3: detected capacity change from 0 to 8
[  176.664764][ T8971] SQUASHFS error: Unable to read directory block [629:0]
[  176.943386][ T8981] loop3: detected capacity change from 0 to 40427
[  176.946428][ T8981] F2FS-fs (loop3): build fault injection type: 0x7
[  176.949833][ T8981] F2FS-fs (loop3): invalid crc value
[  176.980603][ T8981] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  176.985228][ T8981] F2FS-fs (loop3): Start checkpoint disabled!
[  176.988798][ T8981] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  177.016157][ T6609] kworker/u9:4: attempt to access beyond end of device
[  177.016157][ T6609] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  177.022457][ T6609] CPU: 0 UID: 0 PID: 6609 Comm: kworker/u9:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  177.022473][ T6609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  177.022479][ T6609] Workqueue: writeback wb_workfn (flush-7:3)
[  177.022494][ T6609] Call Trace:
[  177.022498][ T6609]  <TASK>
[  177.022502][ T6609]  dump_stack_lvl+0x189/0x250
[  177.022516][ T6609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.022525][ T6609]  ? __pfx_queue_work_on+0x10/0x10
[  177.022533][ T6609]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  177.022565][ T6609]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  177.022582][ T6609]  f2fs_handle_critical_error+0x37c/0x540
[  177.022598][ T6609]  f2fs_write_end_io+0x886/0xb60
[  177.022615][ T6609]  __submit_merged_bio+0x27a/0x6a0
[  177.022630][ T6609]  __submit_merged_write_cond+0x255/0x530
[  177.022644][ T6609]  f2fs_write_data_pages+0x261d/0x3000
[  177.022672][ T6609]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  177.022691][ T6609]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  177.022723][ T6609]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  177.022734][ T6609]  ? look_up_lock_class+0x74/0x170
[  177.022750][ T6609]  ? trace_f2fs_writepages+0x7f/0x200
[  177.022761][ T6609]  ? f2fs_write_node_pages+0x478/0x6e0
[  177.022774][ T6609]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  177.022791][ T6609]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  177.022803][ T6609]  do_writepages+0x32e/0x550
[  177.022817][ T6609]  ? reacquire_held_locks+0x127/0x1d0
[  177.022825][ T6609]  ? writeback_sb_inodes+0x384/0x1010
[  177.022839][ T6609]  __writeback_single_inode+0x145/0xff0
[  177.022849][ T6609]  ? do_raw_spin_unlock+0x4d/0x240
[  177.022861][ T6609]  writeback_sb_inodes+0x6c7/0x1010
[  177.022884][ T6609]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  177.022916][ T6609]  ? rcu_is_watching+0x15/0xb0
[  177.022929][ T6609]  wb_writeback+0x43b/0xaf0
[  177.022944][ T6609]  ? queue_io+0x3c1/0x590
[  177.022955][ T6609]  ? __pfx_wb_writeback+0x10/0x10
[  177.022969][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  177.022981][ T6609]  wb_workfn+0x409/0xef0
[  177.022997][ T6609]  ? __pfx_wb_workfn+0x10/0x10
[  177.023008][ T6609]  ? __lock_acquire+0xab9/0xd20
[  177.023025][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  177.023036][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  177.023044][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  177.023051][ T6609]  ? process_scheduled_works+0x9ef/0x17b0
[  177.023060][ T6609]  process_scheduled_works+0xae1/0x17b0
[  177.023092][ T6609]  ? __pfx_process_scheduled_works+0x10/0x10
[  177.023116][ T6609]  worker_thread+0x8a0/0xda0
[  177.023131][ T6609]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.023153][ T6609]  ? __pfx_worker_thread+0x10/0x10
[  177.023175][ T6609]  kthread+0x711/0x8a0
[  177.023195][ T6609]  ? __pfx_worker_thread+0x10/0x10
[  177.023207][ T6609]  ? __pfx_kthread+0x10/0x10
[  177.023224][ T6609]  ? _raw_spin_unlock_irq+0x23/0x50
[  177.023239][ T6609]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.023254][ T6609]  ? __pfx_kthread+0x10/0x10
[  177.023268][ T6609]  ret_from_fork+0x3fc/0x770
[  177.023279][ T6609]  ? __pfx_ret_from_fork+0x10/0x10
[  177.023290][ T6609]  ? __switch_to_asm+0x39/0x70
[  177.023300][ T6609]  ? __switch_to_asm+0x33/0x70
[  177.023308][ T6609]  ? __pfx_kthread+0x10/0x10
[  177.023318][ T6609]  ret_from_fork_asm+0x1a/0x30
[  177.023337][ T6609]  </TASK>
[  177.023341][ T6609] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  177.476835][ T8998] ipip0: entered promiscuous mode
[  177.559157][   T54] Bluetooth: hci0: unexpected event for opcode 0x0411
[  177.582343][ T5926] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  177.731203][ T5926] usb 4-1: Using ep0 maxpacket: 8
[  177.738035][ T5926] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  177.742113][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.745152][ T5926] usb 4-1: Product: syz
[  177.746867][ T5926] usb 4-1: Manufacturer: syz
[  177.748699][ T5926] usb 4-1: SerialNumber: syz
[  177.758096][ T5926] usb 4-1: config 0 descriptor??
[  177.765079][ T9016] 
[  177.766557][ T9016] =============================
[  177.768792][ T9016] WARNING: suspicious RCU usage
[  177.770673][ T9016] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  177.774573][ T9016] -----------------------------
[  177.777213][ T9016] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage!
[  177.780665][ T9016] 
[  177.780665][ T9016] other info that might help us debug this:
[  177.780665][ T9016] 
[  177.784793][ T9016] 
[  177.784793][ T9016] rcu_scheduler_active = 2, debug_locks = 1
[  177.787943][ T9016] 1 lock held by syz.0.1153/9016:
[  177.789937][ T9016]  #0: ffffffff8e13a0c0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80
[  177.794106][ T9016] 
[  177.794106][ T9016] stack backtrace:
[  177.796585][ T9016] CPU: 1 UID: 0 PID: 9016 Comm: syz.0.1153 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  177.796603][ T9016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  177.796613][ T9016] Call Trace:
[  177.796620][ T9016]  <TASK>
[  177.796628][ T9016]  dump_stack_lvl+0x189/0x250
[  177.796654][ T9016]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.796677][ T9016]  ? __pfx__printk+0x10/0x10
[  177.796726][ T9016]  lockdep_rcu_suspicious+0x140/0x1d0
[  177.796746][ T9016]  get_callchain_entry+0x2b6/0x3c0
[  177.796770][ T9016]  get_perf_callchain+0xa1/0x6b0
[  177.796795][ T9016]  ? __pfx_get_perf_callchain+0x10/0x10
[  177.796812][ T9016]  ? futex_unqueue+0x22/0x240
[  177.796829][ T9016]  ? futex_unqueue+0x211/0x240
[  177.796842][ T9016]  ? __futex_wait+0x1d1/0x3e0
[  177.796861][ T9016]  ? __futex_wait+0x34f/0x3e0
[  177.796880][ T9016]  __bpf_get_stack+0x3fc/0xa60
[  177.796909][ T9016]  ? __pfx___bpf_get_stack+0x10/0x10
[  177.796932][ T9016]  ? __lock_acquire+0xab9/0xd20
[  177.796955][ T9016]  bpf_get_stack+0x33/0x50
[  177.796975][ T9016]  ? bpf_prog_d43750871481577d+0x46/0x4e
[  177.796988][ T9016]  bpf_get_stack_raw_tp+0x1a9/0x220
[  177.797010][ T9016]  bpf_prog_d43750871481577d+0x46/0x4e
[  177.797024][ T9016]  bpf_prog_run_pin_on_cpu+0x6a/0x150
[  177.797048][ T9016]  bpf_prog_test_run_syscall+0x312/0x4b0
[  177.797072][ T9016]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  177.797092][ T9016]  ? __fget_files+0x2a/0x420
[  177.797110][ T9016]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  177.797129][ T9016]  bpf_prog_test_run+0x2c7/0x340
[  177.797150][ T9016]  __sys_bpf+0x581/0x870
[  177.797169][ T9016]  ? __pfx___sys_bpf+0x10/0x10
[  177.797200][ T9016]  ? __pfx___se_sys_futex+0x10/0x10
[  177.797219][ T9016]  ? rcu_is_watching+0x15/0xb0
[  177.797239][ T9016]  __x64_sys_bpf+0x7c/0x90
[  177.797256][ T9016]  do_syscall_64+0xfa/0x3b0
[  177.797275][ T9016]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.797293][ T9016]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.797306][ T9016]  ? exc_page_fault+0x9f/0xf0
[  177.797324][ T9016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.797337][ T9016] RIP: 0033:0x7fd27ef8ebe9
[  177.797351][ T9016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.797364][ T9016] RSP: 002b:00007fd27fee4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  177.797379][ T9016] RAX: ffffffffffffffda RBX: 00007fd27f1b5fa0 RCX: 00007fd27ef8ebe9
[  177.797390][ T9016] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a
[  177.797399][ T9016] RBP: 00007fd27f011e19 R08: 0000000000000000 R09: 0000000000000000
[  177.797407][ T9016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  177.797416][ T9016] R13: 00007fd27f1b6038 R14: 00007fd27f1b5fa0 R15: 00007ffe90cd9e68
[  177.797438][ T9016]  </TASK>
[  177.971154][ T5926] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  178.778896][ T5926] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  178.783753][ T5926] usb 4-1: USB disconnect, device number 11
[  181.611271][   T54] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  181.615011][   T54] Bluetooth: hci0: Injecting HCI hardware error event
[  181.620429][   T54] Bluetooth: hci0: hardware error 0x00
[  183.692015][   T54] Bluetooth: hci0: Opcode 0x0c03 failed: -110

VM DIAGNOSIS:
20:56:00  Registers:
info registers vcpu 0

CPU#0
RAX=d2ff12be67a31100 RBX=ffffffff81968308 RCX=d2ff12be67a31100 RDX=0000000000000001
RSI=ffffffff8d9b6dc6 RDI=ffffffff8be33400 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa37e30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c32e887 CR3=0000000023c7e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fd27f012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000128a RBX=ffffffff8e051f00 RCX=0000000000000000 RDX=0000000000000000
RSI=ffffc900065173f8 RDI=ffffffff8e051f00 RBP=ffffc90006517490 RSP=ffffc900065173d0
R8 =ffff888105b09cc0 R9 =0000000000000003 R10=00000000ffffffff R11=0000000000000002
R12=0000000000001289 R13=ffffc900065173f8 R14=ffffffff8e051f28 R15=0000000000001288
RIP=ffffffff81a17305 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd27fee46c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=0000000035fd6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fd27f187498 00007fd27f187470 XMM03=00007fd27f1874a8 00007fd27f1874a0
XMM04=00007fd27fced100 00007fd27f187460 XMM05=00007fd27f187478 00007fd27f1874c0
XMM06=00007fd27f1874b8 00007fd27f1874b0 XMM07=00007fd27f1874a8 00007fd27f1874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fd27f012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
