last executing test programs:

1.986754464s ago: executing program 2 (id=291):
syz_emit_ethernet(0x86, &(0x7f0000000100)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x17, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @remote, {[@noop, @timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@remote}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x20}}, {}, {@multicast2}, {@local}, {@local}, {@multicast1}]}]}}}}}}}, 0x0)

1.941165824s ago: executing program 2 (id=294):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f00000000c0)='./file1\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0x9362, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0x40049366, 0x0)

1.939491449s ago: executing program 2 (id=298):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0)
memfd_create(0x0, 0x3)
socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000240)={0x0, 0x45888, 0x800, 0x10000, 0x36c}, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000007c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x221f, 0x0, 0x23, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x8001}, 0x8)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x101, 0x7ffc, 0xcc}, 0x50)

1.517646057s ago: executing program 1 (id=304):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})

1.454385939s ago: executing program 1 (id=305):
pipe2$9p(&(0x7f0000000240), 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000240)={0x80000011})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40))

1.454083908s ago: executing program 1 (id=306):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)

1.362967447s ago: executing program 1 (id=307):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r3, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000cc0)={{r2}, &(0x7f0000000c40), &(0x7f0000000c80)=r0}, 0x20)

1.361861165s ago: executing program 1 (id=308):
syz_mount_image$bcachefs(&(0x7f0000000140), &(0x7f0000000000)='./file1\x00', 0x2800000, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRESHEX, @ANYBLOB="40d4823deffdbbeb65eeddb31203a829679a7a18f01faefa691c80df4e49f2c92d0c9708f605177b1f5699ee9c5167d17178b4e0c590345bad5de906894ef754ec7a8c3b32c7b9d0f74abf43c4dee78decff644fd28d7d874518bd960a098875b53d2005df3fb15a953031adb9887615b59f3caef2de95c9495a7154700055ef1a7240da60a2186b6965fc7286c47e09b8db5de09ed9186421aaa8840694ed374c8fa3f9a6075b7433423ca771d80209f8e7577e9e1e090f4b47588e720a01d0e6c597c88991c7d549ee261225fc011c7c02ced3cb9f638675", @ANYRESOCT, @ANYRES32=0x0, @ANYRES8], 0xec, 0x5ac4, &(0x7f0000008380)="$eJzs3WuQXNV9IPBzu3s0Lz1GAgcZzGjAaENwbI14lR+pWM4mdgocl1xOOYiVDQMaEdmSUOkRkEyCyILXKrDLTjmV4OQDcWHv2pZdVNkbo7AmYFZi/VKx8VJbNrV2FvuDtwiLyoCWcnk9qe6+p6f7dt+5PT09QoLfr2Bu39On//fcc0/fvv/TVzMBAACAV4Vjd+05+Z5zf+/bfz794u2//w877gij5Vr5UKwwli5vfblayKk0WFldW2bHxa9/5Is/nbjxd771wMjnXjq65YKtP/zds2586ENXHbn3bx59YdnXfvV0Udw4ni6ZXU+eTUIY+saJv/zo0e+cUy1Llld/lg6GsDJZ9ejKJIQ7m0NM/iKEsCVdWZ2J/9UXL9saQihnt7sis268v7pVj3MSQjhw8pY3hB+9Y9Od31vzlS8PHH7m4GyVZGh2PIUQll/f/PqBEMJw+n/VYLqM4zFJlxtDCCNNr3tzQbte30W7q9ZlyuP6eelySbocLYgXn78ws17K1MuuRwOZ5UjB9hYqrx291iuyNLOe9ClulNfOWL4yXX49XV4yz/jldB/KSSglodJo/vZkdoyEpuOWhKR2LIca66XGsQ3p/mfWk8x6KbNeHsjsV2276UArJ0lreayXKY+n40pafkHzubqD9zU9bq732liWvlFfytbJBB1te9DYr5rYrhNztOVUKDWdgzqVNw58ejBG07LRpH1Ez3QQnzu66Z615c3fPDaW047kgSSNn6TxV80r/oHvrlz6wS8d2pf9XG/Ev76Uxi/1FP/HVx9/7tpDn/1MbvxPxvjlnuJf+vDIs1c/dteFuf1zIvZPpaf4U08//vE1Z99wOLf998X4Qz3F33Dk+OCykw8/ktv+ydg/wz3Ff+pt7/zJF5588Jnc+CHGH+kp/uYjuz4xOH7y4tz4j8T+Ge1t/Dx/+MofjI//bCIv/hMx/rKe4n/+4OBb719x91W5x3dj7J+xnuK/+6KH7lx68sHz886dyX39+uQEeHU6K73G+li63mueuVBN+cJfT1Tq13xL0/+X9XNDmYvPbJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3wmjf8t3f97/ePPVtJ1wfTB0+V6stYviSEZDiEsGfv1O6923beNPGhm/ft3jm1fWJq78T0zr27909c/psTu6d3bZ/aX3128o2X1V+3KiT1ZXJ+27YHZ2ZmSmOtZXF7//aiwz9a++b/8y8hTL7m++OV3Pavu3fH/Wd3+JmRbJh5+4597/n+FX+X7tdY2q6xDu2amZmZCTnt+r/X/PL+vzjx04tDmPy1udr1+FO//Y/NDSqHasFsnFRpMNQbNJiMdGxHo9Vpe2J/VbZu2z49OXf/Vl9fztmPf/eRZ36x9dZP/bLev0O5+9Fl/w5vmNle+qtN7/7/f3VbvaCoXS/Xca/2dzknZrVdcS9i+2L/DaX9vTzdr+U5+1XJ2a+7vvfIk98499ALB8Nk5fk17ce6aL8G0gEwkLy2q+3GLYwkK1vKh9L68YjH163bu2PXuj37D7xx246pm6Zvmt75lvWXr79y8oorr1hX2/N1fd7/uP1/0+X+n5rxtOJPDn49/uxuPLW2a8m8+6ParuL+aG5R3vtv5H0f/fRb7n3sPfWCpvPKund06K9Yu3E+SZcj1eO8PjSNt/a+6rRfRccnhDDRqR+ee+GqcM7/3HZn0Xmo+cg0/8xINsx858Kf/92b/3b1b9ULTsl5vrlBj/d2nm+0erY9tf4aSo/HzGnav4Pp2XQwGe3YrvXfeWzgnmP/8qeN9i1ZEm6d2rt39/r6z6VpS5cm53VsV7Y07tea2s9ySLslNIZph/FaNRDq7cueP2P1Rq8OtT43mqzquF9Z8bmjm+5ZW978zWN5PZ08UN/icFhWXyavy6m5PfPCcqNRnbZ/ur7/isbH+Lv+9mvv/9rfX942Pi6t/yzaryRnv77y5Oc//blP/Ye/799+veu3j4/9/H/98dp6wSk4r4QFnVfK9YY0Wp22J2k+r1waQtH7b03ovB+5779S5/0pev9ltzNbv3O8icz6aCj39H699OGRZ69+7K4Lc9+vJ+Z6vzbv7G0trysXvF9Pl8+l7PsrqbS2Y/HeXy0DJdkw862PnXXw0ds3nlsvKPq8bNTuNK4v6yL/yNmvf7z2B+M3T/z7/9G/88YXf/Or1/1wasOf1Qt6P+6xLf057kNp/w7l9G+j1THvbO7fN9148/Yt9fKifn75rn/TZUH+E08le/Yf+PDU9u3Tu/d0t1/dfp7G7WR7udfP03h2W1WwX6W2/Vq8B930V7fvt9j+LT33V+v7bTQkPX0uHPjuyqUf/NKhfWNtr0o3dH0pjV/qKf6Prz7+3LWHPvuZ3PifjPErPcWfevrxj685+4bDufHvS9L4Q8Xxl4e2+BuOHB9cdvLhR3LjT8b2D/fU/qfe9s6ffOHJB5/JjR9i/NHe+v/5w1f+YHz8Z7nxn0jS7VSvkUL46ouXba2vJ2GgKU2otmOgpV0hu55k1kuZ9XLzeinOIqQbKCdJa3msl5Zf0JqytPmjnPJ4FTa0ur58Ka6H7IO5y083paZzf6fyoutUAIBXuvj9f7wGjd//T6cXSvkzDTBroXnY6py4MQ+bnc9p/Y51dRo/vj7OA46/KUxWl3dM1C/05/s9Qnw/ZOc543Yufn1rjI7zE0eaN1Lbfts8Z9H8+4WZ9diu+nx5pSkPTbXnNZXQxfx7+3bmnn/P7H7x91kTH2tr1kTTvFX2+A2kM2ad7nfItLdSjZA3PrLzYvF+jvHlYWNte12Oj+x9NPE4ZO+jids5N3Pi7PU+mrzxMdbeDy3tiuMj1ptjfNSaXPx9ZPvxC3P07+zx6xwte/wG0hZ2cbyHqvVHF/n72T7MG3Y8pZ26ecPF/T7stJiX7BD/FM9LLm2Ln77BTvd5w1ge+6nS5Xzi+3PK+zWfGE8XsV0n5mjLqWA+EXilivl//Iyo5v/VC/D/l6lXlKdkrxpjvNz7hHJuwi7KO7JX56NhpKfP8c1Hdn1icPzkxbnXOY90e5/erpa1kYL7for6cW1mvbAfcyZoivK97HaK+j17X8ZoWNZTv3/+4L1vvX/F3Vfl9vvG+gdpcb9/umVtWUG/nwH5Quf48oVXUr7QHn+h9zH8l5mu5s/y85Fyox2Lko+kNz4tVj7yhznl881HRtoeNPar5vTNR2Y/SFvykYFT2y4A4MwR8//G92dp/v/P8cIivY4oylsvyazHeLl5a871SV7e+gfp8tZM/dH0X1TM97r53Rc9dOfSkw+en5u33NdtHvqfWtbGCvPQheXNuXnExv7cL56bRzTyrIXlibntb+SJC8vTc76mbcrTF5ZH5/ZPI49unQf49PHZTGOu+HEeIDd+Yx6gj3nur2Yrnbo8t2C+LrOxuNrtfN1i34eSzaOrJQPLW/ezNS8e6U8enf7z2cXKo9+XUz7fPHq07UFjv2pO3zy6tVweDQC8UsX8P17G1fL/wRAeixWG44OFfc+emxf06bo9+/tAGvGfWJS8cjZ+n77/Lc77FjtvXey8frHnJc70738Xe15orPYLPBdrnuxlu991UfLif2486jovTjcqLwYA4HQW8/+Y5sfv/x/L1FtoftKWvw3ULyFn85MzLz9vrncG5+fXhFOVnw+eyfn5mT7/tbj3ybyy8v9ZPX4v/tLMGZn/f/lI3jPN+X+tzfJ/AIAzUsz/4z97jL//77+m69nfW99lnn5f9nZe36P7Hj3I07vI0/s8zxbjN98HcAbPA5QXPg8wfMrvjx+erX9mzAPM9z4AkwEAAKe7gbNW1HL77L+z/0C6zP47+7x/l39tTv1uVdLL4xv27p6evm7fri1Te6ev23nzluk9192ye9vevdONa+eF5Y25eUuaNw6EStofnetl87YV6e9DWFH/fQhtr8rWjxXOqz1o/30I2QDDBb9HYKCW6Xbf3rzjV5qjfqfxkXe88+L/UU79qHH8b/zjS6/buue6bTu37d02tX3bgenWemO1f0nd/d/NjN9TzuvvpWZ+tCnN/+93xsOzsHaU2toxkPZH3t9nTzLtWJm2ZGXe3z/Iafe3//tf/MlFM7/8QgiTrym/bkH9l2yY+c/XTP/B3mPf31Vtf2nO9jdqpu0q+nul2fpxfyrbb96z9w1bb963M/sXJXsT5zNKjfVFuq8hffuXu5yf2JxTXjA/cXs2aLntwemp6/kJAABaxO//4/Vs/P7wU+kFVCwvzNN31ust9Pvj3Dx9srs8Pft3yTJ5emH9uL/d5ulDC8zTs9svytM71e+Up+fl3Xnx/zCn/nx1P056uM+jkvbDlw7tyx0n13c3TrJ/z6BonGTrz3ecJAscJ9ntF42TTvU7jZO8454X/7059fMUjYdKYzws7L6c3PHwye7Gw29k1ovGQ7b+fMdDaYHjIbv9ovHQqX6n8ZB3fNvjt04Q9Gf+tzowauNi+rpbbt794aZ6i/33L0L7LRndtG/J7GsX9+9/9Kr7/l3c+74W3v4QNtRK8tofvx9YMq/2d3tf2cLbX9T/87ivbHlou68st/1PLGwmrPv2z+u+xDvic93+fZeMvOrtrz9V87XpsCu6/6xoHndTTvl8fw/rkrYHpyfzuPDyifl/vJqL+f/d6bLfXwOd+X8nrYf77+M52N8xy+//Lq9jXnWf59mv3H2eAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwiDFZW15bH7tpz8j3n/t63/3z6xdt//x923PHrH/niTydu/J1vPTDyuZeObrlg6w9/96wbH/rQVUfu/ZtHX1j2tV89XRh4rPazckm6OhRC8mwSwtA3TvzlR49+55xqWRJCKCdjB0NYmax6dGWSiTD5ixDClkY7W5/86ouXba0u77h7sKV8RSZIdr/CaDm2p7mdIdxauEecgYbScXbg5C1vCD96x6Y7v7fmK18eOPzMwdkqyVDTeAph+fXNrx8IIQyn/1fF0bY6vjhdbgwhjDS97s0F7Xp9l+1fl7N+Xrpcki5HC+LE5y/MrJcy9bLr0UBm2bSvwwWb7kleO3qtV2RpZj17MlqovHbG8pXp8uvp8pK5gnXo8XL8PwmlJFQazd+ezI6R0HTckpDUjuVQY73UOLYh3f/MepJZL2XWywOZ/aptNx1o5SRpLY/1MuXxdFxJyy9oPld38L6c8temy6H0jfpSXA/ZB3WjbQ8a+1UT23Vijrak/mPn4krxK7tQajoHdSpvHPj0YIymZaPJqrbXzHQQnzu66Z615c3fPDaW047kgSSNn/QU/8B3Vy794JcO7VudF//6Uhq/1FP8H199/LlrD332M7nxPxnjl3uKf+nDI89e/dhdF+b2z4nYP5We4k89/fjH15x9w+Hc9t8X4w/1FH/DkeODy04+/Ehu+ydj/wz3FP+pt73zJ1948sFncuOHGH+kp/ibj+z6xOD4yYtz4z8S+2e0t/Hz/OErfzA+/rOJvPhPxPjLeor/+YP3vvX+FXdflXt8N8b+Gesp/rsveujOpScfPD/v3Jnc169PToBXp7PSa6yPpeu95pkL1ZQv/PVEpX7NtzT9f1k/N5RR3c7yRYwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAr0z/ddvkHrnn7ezdVkhCSWslMkq0z00F8rrxkw4aJHrY79fTjH19z9g2Hm8tW97YLAAAAQIGYh5caJUNhdbglGQ7ndawfJwfOi2tJa3l28iDGyc4R9Bqn1CFOqYc45T61p9KnOAN9irOkT3EG+xRnqCBO9fk3dhFneI44leoI6LI9I3O2p/s4o32Ks7RPcZZlQvQaZ3mf2rOiT3HG5ozT/Thc2ac4q/oU56w+xTl74XFqb/XX9Kk9v9anOOf0KU52Tnm+43BZWvPcvDi1B+XCOJWk3Hii03z6Oel2zl/gdkYLtrOs6PO4y+0Md7md12deV5rndoa63M7lC9xO0uV2fmOB2ykVbCeO21uz7YvbiWtdjv/9fYpzoE9xPtKnOLf1Kc6f9inOn/Upzu2h9eJ0vnEAuhXz/9l8bywMVn4rjKRnnOwsQMx319R+tn/e5Z2QYrzXZcqXFMXLJuqZeGvm277sBEJrvLZnB1riVRr5yBzxhprbtzbz5Fz7+7YNndvWHO+STPngHPFadgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAToF/uu3yD1zz9vduCkmo/tfRTAfxufKSDRsmWqsPdbPdo5vuWVve/M1jzWWDlZ52AQAAACgQ8/CBRslQGKysD4PJkpZ6Q+k8QEzuy2P15fjysLG6TCZKtfWRZOWcr6ukr1u3d8eudXv2H3jjth1TN03fNL3zLesvX3/l5BVXXrFu67bt05P1nyEMdoxXbi6qTT/s2X/gw1Pbt0/v3lMvzLZ/ddqO1el6kr5u/E1hsrq8I23/qoL2l9q2t384PjjQ5wdFxw4AAAAAAAAAAIB/Zdd+QySt6wCAf5+Z2Zlx9XLDf+PhncN5ipWVXmtoiftAkOGfw0WIWWuTI0+SVu/QOzGb9CA1pQiUg+PCF12YpElv/JMS+YcDwyyhvY5QKV/Ui0LLUPFFKBO7O8/82xlnm+z2tM/nxTzPfH/f3+/7+z0cB99nFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ22+Pjlbm5qeGU8ikgE5jT6ysXwxTasj1P3y49u/X1r/1umdsVJhhIUAAACAobI+fKwVKUepkI98nLj4bUN0DES77wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/zNcnZ2tT0zNHJhHJgJxGH9lYvpim1RHqvvzGg59+Yf36v3bGKiOsAwAAAAyX9eG5VqQclTglxpITFzr/VjR7N7C2Z/5SXlu2zroV5vW+OxiUd8oK805bYd5HhuRtbl5vDAAAAHj/y/r/QisyEaXCmmX9cNb/D+vrs7yTe/LyzWu1M+ldFVeSBAAAAKxA1v+XWpFKlAqVVr++0n5/Qzu0+NN5Nn/Y7/bZ/FN78rL5w37Pv6R59Ts9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALx/zNcnZ2tT0zP5JCIZkNPoIxvLF9O0OkLdTU+M//2i/bdt6IyVCiMsBAAAAAyV9eHt1rscpcJ4jMWRi33/+gvuefiLDz86GRFLbX6xGDdu2bHjuk0Ln7Epyzvruf1j33vm1W8tyztr6XPVDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxn5uuTs7Wp6ZkjkohkQE6jj2wsX0zT6gh1X/rs5/98/8HHXumMVUZYBwAAABgu68PbvX85KlGMYhy/+K2z11+Q65k/6J0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MFx/Tdu+vqWubmt17lZnZtGPuIw2MZ/eZP9c1rFbRSbWzgMnsZ7cVNe7W2s3v9JAADA/8bJkUTjP3TCpau9awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HAwX5+crU1Nz5STiGRATiNTageysXwxTasj1E0ff7605q0nnuqMVUZYBwAAABgu68PbvX85KjEWY3Hc4rd+7wQaC/3/xCHcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBYma9PztampmfWJBHJgJxGH9lYvpim1RHq3rdr72fuPfq7F3bGSoURFgIAAACGyvrwYitSjlLho1GKk5rf57onJPnmtf97gfa87V3Txlc8r941L/9u85JCRGveHT0nKzRPszSvnK03sXRt1au25+Wa86od8yrRKl9tzVt8WLu7qq0Zcr7lTx4AAAAOnaz/L7UiE1EqlDr6/580r0c0r4P63Nyh3TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcNiZr0/O1qamZ5IkIhmQ0+gjG8sX07Q6Qt2bfvPho77y0zt3dsYqI6wDAAAADJf14e3evxyVWBcfinWLfX9MdOdnef+ovX3v3f/8y+kRZx5/YP0Xepf9YXbzq5fOf7L3IyLXnZ2LOLpZLxlQ79e/u/uGjY23748487j8SYWB5+lfr3vJtPFIbeslO545sH3IwwEAAIAPiKz/H2tFJqJUuHZg/5913t39/5B+/Ogbdv382OZnsyPvmZGbaNbLDaj3uY0P/unUc/726kL/v7zex1t3n9x7zb3HdhVcivRI0sbUNTs3Hzh7Xy479VL9fE/97Ll86Zuv/OuqG+96e6l+OcrN+NqerSxV6/y8uc9TSSJtzOX2zFz8zp56d/3CgPPf9tunDv5y7Z1vLtR/4+TxVv3Tol/9pZMXOnbR44i0MX7Z7bvP3bt/c3f9iKj2q//amxfGCX+4+tbe84/Hwa6FO59852fvA0gbz214fd8591TO666f9NTPnv/PDt63+8d3fefRrH72tyKnnxIrrJ/rqf/sHcfsevqWS9d2188NOP+Tl7+wflv127/vPf+VXasWBu5i+fkfOOOhK17ckvb75wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPABMl+fnK1NTc/kkohkQE6jj2wsX0zT6gh1X77o+dcuv/NHP+iMVUZYBwAAABgu68PbvX85KlGMYowv9v2P1LZesuOZA9tjYmk0aV4Lc9uu3/Gxq7btvPbKVdo5AAAAsFIvX5Qs9v+FVmQiSoWNMdbs/6eu2bn5wNn7cln/n1u4JhFx1dVzW8+MVt6zdxyz6+lbLl3bek8QsfhnAeWFvE+18y44//mJ1//4tVP75m1q5z234fV959xTOS/Li868s6L1fuKBMx664sUt6c2t/XXmfeKr2+aaryeydccvu333uXv3b85l7zGa1/HmulneXG7PzMXv7KnnJqK0MJ5v5pWb5wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlpuvT87WpqZnIh+RDMhpdGoGsrF8MU2rI9S9eOMvbj3qrcfWdcZKhREWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s0OHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9usnNI4qjgP4e7uJ2WSTNmkFo2KaVkWphxYFEb2oqEgrUvBUKVJt7UEUBBGlHkylFUtVvAhWL0VUUKMUKthYLK2Siv+KFw8qKFQPQikGNEvxoJLNm81mspPEjT1YPh9Y3r43M9/5zczbt7sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC/0tUxWG9P7Hmsdvclt3/xzIOTT9/50SO7rnrqnV+Gt936+cGeN8+Ob1+94/vbVm478tCGsf2vHf+j74O/Ti0Y/OR0szZ1KyHEMzGEyscTLz87/uVFU2MxhFCO/SMhDMQVxwdiLmH9nyGE7Y06Z288NHndjql2176uWePLcyH56wrVclbPtP7Z9XJ+qaR5trP2xDXhx1s27/561fvvdY6eHpnZJU7tU07zKYRlW5uP7wwhdKfXlGy2DWYHp3ZTCKGn6bgbFqjr8kXWvy6EWq5fd2lqL0htdYGcbPuaXL+U2y/fz3Tm2p75T7NkRXUsuF93e+frzfXzi9FSNepc13p8ILUfpnbtv8wvZ68YSjF0NMp/OM7MkdD03GKI9WdZafRLjWcb0vXn+jHXL+X65c7cddXPm2ZEOcbZ49l+ufFsOe5I46ub1+oW7ikYvzi1lfRBPZv1Q/7NtOqcN43rqsvqmsidp2Oe2s6FUtMa1Gq88eDTw6imsWpcMeeYv1vIto1vfv7K8pZPTvQX1BEPxpQf28rf+dVA733v7n18sCh/aynll9rK/2njyd/u3fv6q4X5L2X55bbyrz3ac2bjp3vWFN6fiZkVZDH5MfWzbfef+uyFVRc+MNrqWdczD2T3v9JW/TePnezqqx09Vlj/+uz+dLeV/8NNd/z89reHTxfmhyy/p638LWOPvtg1VLu6MP/Y9EehWp+hbcyf30ev/25o6Nfhovxvsvvf1yI/zpdf/2nw1sj+G99Yvm9D4fzclN2f/pQ/94ttvvrvuuLI7t7a4cuK1s54YLHfsAC0sjL9xnou9Rf6n3lostTyf+ZSNf1feGW4Y/obqDe9+v7LE+VMnWfZOcwHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiHHTggAQAAABD0/3U7AgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgqQAAAP//e/AHqQ==")
openat$nullb(0xffffffffffffff9c, 0x0, 0x6000, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

942.657681ms ago: executing program 2 (id=312):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000026c0)={@ifindex, 0xffffffffffffffff, 0x2e, 0x2035}, 0x20)

872.513848ms ago: executing program 2 (id=314):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
setxattr$system_posix_acl(&(0x7f00000000c0)='.\x00', &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000080)={{}, {}, [], {0x4, 0x4}, [{0x8, 0x4, 0xee00}]}, 0x2c, 0x0)
creat(&(0x7f00000031c0)='./file0\x00', 0x0)

831.944449ms ago: executing program 0 (id=315):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x5)
ioctl$TCSETA(r0, 0x8925, 0x0)

684.561292ms ago: executing program 0 (id=316):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
mkdir(&(0x7f0000000040)='./bus\x00', 0x10b)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./bus\x00')
chdir(&(0x7f00000003c0)='./bus\x00')
mknod$loop(&(0x7f0000000440)='./file0\x00', 0x2, 0x0)

661.392574ms ago: executing program 1 (id=317):
futex(&(0x7f000000cffc)=0x1, 0x0, 0x1, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
futex(&(0x7f000000cffc)=0x2, 0x5, 0x1, 0x0, &(0x7f0000000000), 0x2000000)

602.216002ms ago: executing program 2 (id=318):
socket$inet6(0xa, 0x3, 0x7)
r0 = landlock_create_ruleset(&(0x7f0000000340)={0x7e64, 0x3, 0x2}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = mq_open(&(0x7f0000000180)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xebs\x93\xa7\xc7!Q\x8f\xf6\xec\xa5fs\xf5l{T\x87r\xd2)r\xa7\xd6\bO\x9a\x98\xf52:\"\xf4\x12\xc0T+\xcd\x9fv|\x8d\xd5\xb2Dvc\x8e\x93\xd8\xd6\xa0\xc56\xd2x\xe3c:\x00\x00\x00\x00\x00\x00\x00\x00\x97\x97\x9c \xdc\xaavt\x18\xcen\xe4\x03\x84;7\xfb\x84r\xf4\xe7\xc9\b\x987\xaa\x85\xfb\x05%\xa8\xe5b\x81\x8e}\xe1r\xf7s2\x82\xe57&b', 0x41, 0xc, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x400000002000000, 0x2)
mmap(&(0x7f000074f000/0x1000)=nil, 0x1000, 0xb635773f04ebbeee, 0x11, r1, 0x15b77000)

524.807866ms ago: executing program 0 (id=319):
timer_create(0xfffffffd, 0x0, &(0x7f00000011c0)=<r0=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_gettime(r0, &(0x7f0000000000))

435.061317ms ago: executing program 0 (id=320):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x82}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x90)

363.217352ms ago: executing program 0 (id=321):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x61d0, &(0x7f0000016fc0)="$eJzs3c2OHFfZB/Cn+ms+8saxsojyWghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmRhSeaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoZs4Z1zTd7rGd6eqZ8/tJk6qnTtX0qfy7prtdVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjvffcHZ6uIuPzztOB4xP9FP6IXsdLUaxGxsnY8rz+IiOdjuzmei4jhUkSVG5+JeD0iPj4Wce/+7fVm0bl99uM7f/zbb3/41Pf/+vvh6X//6Wb/jWnr3br1q3/9+c7j7y8AAACUqK7rukof80+kz/e9rjsFAMxFfv2vk7xcvXD15oL1R61Wq9WHsG6rJ7vTLiJis71N857B6XgAOGQ245Ouu0CH5F+0QUQ81XUngIVWdd0BDsS9+7fXq5Rv1X49WNtpz9eC7Ml/s9q9v2PadJbxa0zm9fzain48O6U/K3PqwyLJ+ffG87+80z5K6x10/vMyLf/Rzq1Pxcn598fzH3N08u9NzL9UOf/BI+Xflz8AAAAAACyw/O//xzs+/7v05LuyLw87/7s2pz4AAAAAAAAAwGftScf/21UZ/w8AAAAWVfNZvfHrYw+WTfsutmb5pSri6bH1gcKkm2VWu+4HAAAAAAAAAAAAAJRksHMN76UqYhgRT6+u1nXd/LSN14/qSbc/7ErffyhZ13/kAQBgx8fHxu7lryKWI+JS+q6/4erqal0vr6zWq/XKUn4/O1parldan2vztFm2NNrHG+LBqG5+2XJru7ZZn5dntY//vuaxRnV/Hx2bjw4DB4CI2Hk1uucV6Yip62ei63c5HA6O/6PH8c9+dP08BQAAAA5eXdd1lb7O+0Q659/rulMAwFzk1//x8wJqtVqtVquPXt1WT3anXUTEZnub5j2D4fgB4JDZjE+67gIdkn/RBhHxfNedABZa1XUHOBD37t9er1K+Vfv1II3vnq8F2ZP/ZrW9Xd5+0nSW8WtM5vX82op+PDulP8/NqQ+LJOffG8//8k77KK130PnPy7T8m/083kF/upbz74/nP+bo5N+bmH+pcv6DR8q/L38AAAAAAFhg+d//jy/U+d/R4+7OTA87/7t2YI8KAAAAAAAAAAfr3v3b6/m+13z+/3MT1nP/59GU86/kX6Scf7r/f/fCm5fH1uu35u++/SD/f96/vf67m//4/zzdb/5LeaZKz6wqPSOq9EjVIE0fc8em2Br2R80jDatef5Cu+amH78bVuBYbcWbPur10PDxoP7unvenpcLu97u+0n9vTPthtz9uf39M+TFc61Su5/VSsx0/iWryz3d60Lc3Y/+UZ7fWM9px/3/FfpJz/oPXT5L+a2quxaePuR73/Oe7b00mP89bVz//yzMHvzkxb0d/dt7Zm/17soD/b/0+eGsXPbmxcP3Xrys2b189GmuxZei7S5DOW8x+mn5z/yy/ttOe/++3j9e5Ho0fOf1FsxWBq/i+15pv9fWXOfetCzn+UfnL+76T2ycf/Yc5/+vH/agf9AQAAAAAAAAAAAAAAgIep63r7FtG3IuJCuv+nq3szAYD5yq//dZKXz6vuP+72f9i7H131X62ec10tWH/mWn9aL1Z/1AtZ/2fB+rNwdVs92ZvtIiL+0t6mec/wi0m/DABYZJ9GxN+77gSdkX/B8vf9NdOTXXcGmKsbH3z4oyvXrm1cv9F1TwAAAAAAAACAx5XH/1xrjf98sq7rO2Pr7Rn/9e1Ye9LxPwd5ZneA0SkDVfcffZ8eZqs36vdaw42/ENPG/x7uzj1s/O/BjMcbzmgfzWhfmtG+PKN94o0eLTn/F1rjnZ+MiBNjw6+XMP7r+Jj3Jcj5v9h6Pjf5f2lsvXb+9W8Oc/69Pfmfvvn+T0/f+ODD166+f+W9jfc2fnz+7Nkz5y9cuHjx4ul3r17bOLPz3w57fLBy/nnsa9eBliXnnzOXf1ly/l9ItfzLkvP/YqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP+XUy3/suT8X021/MuS8/9KquVflpz/a6mWf1ly/qdSLf+y5PxPp3qf+a8cdL+Yj5x/PsPl+C9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvN/PdXyL0vO/6upln9Zcv4XUi3/suT8v5Zq+Zcl538x1fIvS87/66mWf1ly/t9ItfzLkvN/I9XyL0vO/5upln9Zcv7fSrX8y5Lz/3aq5V+WnP+bqZZ/WR58/78ZM2bM5Jmu/zIBAAAAAAAAAAAAAOPmcTlx1/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9u4tRq67vgP4mb1540BiIKROasLGMcY4m+z6El9oXUy4NtxKQij0gu1612bBN7x2CTSqHQVKJIyKKtqGh7aAUJuXCqvigVaA8oBaVaoE7QN9QVSoPERVQAGpKq0gW82c//+/M7OzM7ve8ebMOZ+PlPyyM2fmnDnzn9n92vnuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3ufMPsp2pZltVqtfyCTVn2ovq8YWJT45LXvrDHBwAAAKzdLxr/fu7mdMHhFdyoaZt/uuPbX11YWFjI3jf8p6OfW1hIV0xk2eiGLGtcF139wftrzdsEj2fjtaGmr4d67H64x/UjPa4f7XH9WI/rN/S4frzH9UtOwBI3ZLV0Z9sa/7kpP6XZLdlo47ptHW71eG3DUP3cpdtmtcZtFkZPZHPZqWw2m27ZPt+21tj+63fW9/XWLO5rqGlfW+or5CePHo/HUAvneFvLvhbvM/rR67OJn/7k0eN/feHZ2zrNnqeh5f7y49yxtX6cnwiX5MdayzakcxKPc6jpOLd0eE6GW46z1rhd/b/bj/O5FR7n8OJhrqv253w8G2r893ca52mklnU4T1vCZT+7K8uyy4uH3b7Nkn1lQ9nGlkuGFp+f8XxF1u+jvpRemo2sap3euYJ1Wp8z21rXaftrIj7/d4bbjSxzDM1P048eG2t63n++cC3rNKo/6uVeK+1rsN+vlaKswbguvtN40E90XIPbwuN/dPvya7Dj2umwBtPjblqDW3utwaGx4cYxpyeh1rjN4hrc1bL9cGNPtcZ8Znv3NTh14fS5qfmPffyeudPHTs6enD2zZ9eu6T379h04cGDqxNyp2en839d4totvYzaUXgNbw7mLr4FXt23bvFQXvji25P33Wl+H411eh5vatu3363Ck/cHV1ucFuXRN56+N99RP+viVoWyZ11jj+dm59tdhetxNr8ORptdhx+8pHV6HIyt4Hda3ObdzZT+zjDT90+kYlv9esLY1uKlpDbb/PNK+Bvv980hR1uB4WBff27n894It4XifmFztzyPDS9Zgerjhvad+Sfp5f/xAY3Ral7fXr7hxLLs4P3v+3keOXbhwflcWxrp4WdNaaV+vG5seU7ZkvQ6ter0enrvjids7XL4pnKvxe+r/Gl/2uapvs/fe7s9V47tb5/PZcunuLIw+W+/z2em7ef18jmXZ57/12IPfePTzb1j2fNbz5iem1v6zeMqlTe+/o8u8/8bc/3y+v3RXjw+PjuSv3+F0dkZb3o9bn6qRxntXrbHv56ZW9n48Gv5Z7/fjW7q8H29u27bf78ej7Q8uvh/Xev1px9q0P5/jYZ2cmu7+flzfZvPu1a7Jka7vx3eFWQvn/zUhKaRc1LR2llu3aV8jI6PhcY3EPbSu0z0t24+GbFbf11O7r22d7rgrv6/h9OgWrdc6nWjbtt/rNP3Z13LrtNbrT9+uTfvzOR7WxS17uq/T+jZP7137e+cN8T+b3jvHeq3B0eGx+jGPpkXYeL/PFm6Ia/De7Hh2NjuVzTSuHWusp1pjX5P3rWwNjoV/1vu9cnOXNbijbdt+r8H0fWy5tVcbWfrg+6D9+RwP6+LJ+7qvwfo2b9zf359dd4RL0jZNP7u2//nacn/mdXvbabpea2UkHOe39nf/s9n6NqcOrDZndj9Pd4dLbuxwntpfv8u9pmay9TlPm8NxPntg+fNUP576Np87uML1dDjLsksfub/x573h71f+7uJ3v9ry9y6d/k7n0kfu//GLT/zjao4fgMH3fD425t/rmv5maiV//w8AAAAMhJj7h8JM5H8AAAAojZj74/8Vnsj/AAAAUBox94+EmVQk/29+47Nzz1/KUjN/IYjXp9PwQL5d7LhOh68nFhbVL7//y7P//Q+XVrbvoSzLfv7AH3TcfvMD8bhyE+E4r76p9fIlvnrPivZ99OFLab/N/fUvhPuPj2ely6BTBXc6y7Kv3/yZxn4m3n+lMZ9+4GhjPnj5icfr2zx3MP863v6Zl+Xb/0Uo/x4+cazl9s+E8/DDMKff1vl8xNt95cprtux/7+L+4u1qW29qPOwnP5Dfb/w9OZ99PN8+nufljv8bn37qK/XtH3lV5+O/NNT5+J8K9/vlMP/3Ffn2zc9B/et4u0+G44/7i7e790vf7Hj8Vz+Vb3/uzfl2R8OM+98Rvt725mfnms/XI7VjLY8re0u+Xdz/9Hf/uHF9vL94/+3HP37kSsv5aF8fT/9bfj9TbdvHy+N+or9v23/9fprXZ9z/U390tOU899r/1QefeUX9ftv3f3fbduc+srOx/8X7a/2NTX/5yc903F88nsN/e67l8Rx+d3gdh/0/+YGwHsP1/3c1v7/2365w9N2t7z9x+y9sutTyeKK3/jTf/9XXnWzMDeM3bLzxRS++6fIr6+cuy76zIb+/Xvs/+VdnW47/i7fm5yNeHzv67ftfTtz/+Y9Onjk7f3FuJp3VR29u/O6ct+fHE4/35vDe2v71kbMXPjh7fmJ6YjrLJsr7K/Su2ZfC/HE+LnffemHJO+jOh8Pzefuff33j9n/9dLz839+TX37lbfn3rVeH7T4bLt8Unr/V7X+pJ++8tfH6rj0djnBh6e8LXost2/7rwIo2DI+//eeCuN7PvfyDjfNQv67xfSO+rtd4/N+fye/na+G8LoTfzLz11sX9NW8ffzfClYfy1/uaz194m4vP69+E5/sdP8zvPx5XfLzfDz/HfHNz6/tdXB9fuzTUfv+N3+JxObyfZJfz6+NW8Xxfee7WjocXfw9Jdvm2xtd/ku7ntlU9zOXMf2x+6tTcmYuPTF2Ynb8wNf+xjx85ffbimQtHGr/L88iHet1+8f1pY+P9aWZ2396s8W51Nh/X2Qt9/OcePj6zf3r7zOyJYxdPXHj43Oz5k8fn54/PzsxvP3bixOxHe91+bubQrt0H9+zfPXlybubQgYMH9xycnDtztn4Y+UH1sG/6w5Nnzh9p3GT+0N6Du+67b+/05OmzM7OH9k9PT17sdfvG96bJ+q1/f/L87KljF+ZOz07Oz3189tCug/v27e752wBPnzsxPzF1/uKZqYvzs+en8scycaFxcf17X6/bU07z/5H/PNuulv8ivuxdd+9Lv5+17suPLXtX+SZtv0D02fC7aP75JecOrOTrmPtHw0wqkv8BAACgCmLuHwszkf8BAACgNGLu3xBmIv8DAABAacTcPx5mUpH8X7r+/+ZLK9q//r/+f/P50v+vWP//oaL1//P3C/3//lhr/17/P9D/1//X/9f/1/+nD4rW/4+5/4Ysq2T+BwAAgCqIuX9jmIn8DwAAAKURc/+NYSbyPwAAAJRGzP0vCjOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/D/r/U1m1+v+X+3n8+v/6/yxVtP5/zP0vDjOpSP4HAACAKoi5/6YwE/kfAAAASiPm/pvDTOR/AAAAKI2Y+zeFmVQk/+v/6//r/+v/6/933r/+/2DS/+9O/78H/X+f/6//r/9PXxWt/x9z/0vCTCqS/wEAAKAKYu5/aZiJ/A8AAADFM3JtN4u5/2VhJkvy/zXuAAAAAHjBxdx/S9ZWBK/I3//r/+v/F7//vyFdp/+v/58Vsv8/nOn/F4f+f3f6/z3o/+v/6//r/9NXRev/N3J/Np69PMykIvkfAAAAqiDm/lvDTOR/AAAAKI2Y+38pzET+BwAAgNKIuX9zmElF8r/+v/5/8fv/Pv9f/7/o/X+f/18k+v/d6f/3oP+v/6//r/9PXxWt/x9z/21hJhXJ/wAAAFAFMfffHmYi/wMAAEBpxNz/y2Em8j8AAACURsz9W8JMKpL/9f8L3v+PzVH9f/1//X/9f/3/FdH/707/vwf9f/1//X/9f/qqaP3/mPtfEWZSkfwPAAAAVRBz/x1hJvI/AAAAlEbM/a8MM5H/AQAAoDRi7p8IM6lI/tf/L3j/P+/Bj/n8f/1//X/9f/3/ldH/707/vwf9f/3/vvT/Fy7p/+v/kyta/z/m/jvDTCqS/wEAAKAKYu7fGmYi/wMAAEBpxNx/V5iJ/A8AAAClEXP/tjCTiuR//f+B6P9n+v/6//r/+v/6/yuj/9+d/n8P+v/6/z7/X/+fvipa/z/m/leFmVQk/wMAAEAVxNy/PcxE/gcAAIDSiLn/1WEm8j8AAACURsz9O8JMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/34P+v/6//r/+P31VtP5/zP2vCTOpSP4HAACAKoi5f2eYifwPAAAApRFz/91hJvI/AAAAlEbM/ZNhJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/1//X/9f/5++Klr/P+b+e8JMKpL/AQAAoApi7r83zET+BwAAgNKIuX8qzET+BwAAgNKIuX86zKQi+V//X/9f/1//f1X9/1cu3q/+f07/v1j0/7vT/+9B/1///wXv/4/q/1MqRev/x9y/K8ykIvkfAAAAqiDm/t1hJvI/AAAAlEbM/XvCTOR/AAAAKI2Y+/eGmVQk/+v/6//r/+v/+/z/zvvX/x9M+v/d9b//Hx+i/r/+v/6/z//X/2epovX/Y+6/L8ykIvkfAAAAqiDm/n1hJvI/AAAAlEbM/fvDTOR/AAAAKI2Y+w+EmVQk/+v/6//r/+v/6/933r/+/2DS/+/O5//3oP+v/6//r//PGj30h81fFa3/H3P/wTCTiuR/AAAAqIKY+18bZiL/AwAAQGnE3P8rYSbyPwAAAJRGzP2/GmZSkfyv/9/SPa8/XP1//X/9f/3/Bv3/waT/353+fw/6//r/+v/6//TVsv3/EL3Xu/8fc/+hMJOK5H8AAACogpj7fy3MRP4HAACA0oi5/3VhJvI/AAAAlEbM/YfDTCqS//X/ff6//r/+v/5/5/2vd/9/LN6v/v+a6P93p//fg/6//r/+v/4/fVW0z/+Puf/1YSYVyf8AAABQBTH33x9mIv8DAABAacTc/4YwE/kfAAAASiPm/jeGmVQk/+v/6//r/+v/6/933r/P/x9M+v/d6f/3oP+v/6//r/9PXxWt/x9z/5vCTCqS/wEAAKAKYu5/c5iJ/A8AAAClEXP/W8JM5H8AAAAojZj73xpmUpH8r/+v/6//r/+v/995//r/g0n/vzv9/x70//X/9f/1/+mrovX/Y+7/9TCTiuR/AAAAqIKY+x8IM5H/AQAAoDRi7n9bmIn8DwAAAKURc//bw0wqkv/1//X/9f/1//X/O+9f/38w6f93N2D9/1/cFC7X/8/p/xf7+Ffb/x9p+/q69P9/sFz/f2FD++31/7keitb/j7n/HWEmFcn/AAAAUAUx978zzET+BwAAgNKIuf9dYSbyPwAAAJRGzP2/EWZSkfyv/18/jsX2sv5/Wfv/Q/r/+v/6/xWh/9/dgPX/ff5/G/3/Yh+/z//X/2epovX/Y+5/d5hJRfI/AAAAVEHM/Q+Gmcj/AAAAUBox9z8UZiL/AwAAQGnE3P+eMJOK5H/9f5//X43+v8//z/T/9f8rQv+/O/3/HvT/9f+L1v//T/1/BlvR+v8x9z8cZlKR/A8AAABVEHP/e8NM5H8AAAAojZj7fzPMRP4HAACA0oi5/31hJhXJ//r/g9L/nxjQ/v9j+v/Xsf9/x035dvr/+v8s0v/vTv+/B/1//f+i9f99/j8Drmj9/5j73x9msvL8P77iLQEAAIAXRMz9vxVmUpG//wcAAIAqiLn/t8NM5H8AAAAojZj7fyfMpCL5X/9/UPr/Pv8/0//3+f9tj0f/X/+/k/Xr/8d3Hv1//X/9/0j/X/9f/592Rev/x9z/u2EmFcn/AAAAUAUx938gzET+BwAAgIHQ6f/Jbhdz/5EwE/kfAAAASiPm/qNhJhXJ//r/+v/6/wXt///Z1n/53rffeXSX/r/+v/7/qqzr5//XX/w+/1//X/8/0f/X/9f/p13R+v8x9x8LM6lI/gcAAIAqiLn/98JM5H8AAAAojZj7j4eZyP8AAABQGjH3z4SZVCT/6//r/+v/F7T/P8Cf/x/Ph/5/q771/+Obrv5/R3n/Pq2i69v/f+9iT1z/f7X9/7GOl+r/6/8P8vHr/+v/s1TR+v8x98+GmVQk/wMAAEAVhNw/dCKfi1fI/wAAAFAaMfefDDOR/wEAAKA0Yu7/YJhJRfK//r/+v/6//r/P/++8/279/9qIz/8vqtS//1njhaL/36Y4/f/O9P/1/wf5+PX/9f9Zqmj9/5j758JMKpL/AQAAoApi7v9QmIn8DwAAAKURc/+Hw0zkfwAAACiNmPtPhZlUJP/r/+v/6//r/+v/d95/YT//X/+/q7X27/X/A/3/avf//0f/X/9f/5/+KFr/P+b+02EmFcn/AAAAUAUx958JM5H/AQD+n707abKzLvs4fvp5wpNO8SzcuXBjlUtfAgtd6wtw4caNVZYLJ1ScCc4jioqzIjgPOIAgooLzAE4ozqDiPA84IUrFonNdV9Ldd9+nOzndfd///+ezyCVtmnOkUgm/dL7eANCM3P2PjVvsfwAAAGhG7v7HxS2d7H/9/9n0/6cqZf3/5vc/if7/Qfr/nV5f/6//b5n+f5z+fwn9v+f/6//1/6zU1Pr/3P2Pj1s62f8AAADQg9z9T4hb7H8AAABoRu7+8+MW+x8AAACakbv/iXFLJ/t/S/+/tuiz/8+M1/P/W+r/Pf9/x9fX/+v/W3aw/f9F9/7Mp//X/+v/g/5/V/3/0Z0+X/9Pi6bW/+fuf1Lc0sn+BwAAgB7k7n9y3GL/AwAAQDNy918Qt9j/AAAA0Izc/U+JWzrZ/6t7/v+xjY/PtP8v+n/9/8YH9P/6f/3/bHn+/7ie+v/zbz33MXdee7/r9vL6+n/9v+f/6/9Zran1/7n7nxq3dLL/AQAAoAe5+58Wt9j/AAAA0Izc/U+PW+x/AAAAaEbu/mfELZ3s/9X1/7N+/n/R/+v/Nz6g/9f/6/9nS/8/rqf+/0xeX/+v/9f/6/9Zran1/7n7nxm3dLL/AQAAoAe5+58Vt9j/AAAA0Izc/RfGLfY/AAAANCN3//G4pZP9r//f//7/Hv2//j+u/l//r//ff/r/cfr/JfT/+n/9v/6flZpa/5+7/6K4pZP9DwAAAD3I3f/suMX+BwAAgGbk7n9O3GL/AwAAQDNy9z83bulk/+v/Pf9f/6//1/8Pv77+f570/+P0/0vo/8+2nz9H/6//1/9zuj32/3eP/LS9kv4/d//z4pZO9j8AAAD0IHf/8+MW+x8AAACakbv/BXGL/Q8AAADNyN3/wrilk/2v/9f/6//1/2fc/2//obdB/z9M/38w9P/jJtP/rx0Z/LD+f/b9v+f/6//1/2wytef/5+5/UdzSyf4HAACAHuTuf3HcMrL/9/yb+QAAAMChyt3/krjF1/8BAABg9rI6y93/0rilk/2v/9f/6//1/57/P/z6Y/3/dae9P/3/tOj/x02m/9+B/l//P+f3r//X/7Pd1Pr/3P0vi1s62f8AAADQg9z9F8ct9j8AAAA0I3f/y+MW+x8AAACakbv/FXFLJ/t/uP8/9d/r/3dH/7/5/ev/h398rKr/z7+j/n+0/3+w5//3Sf8/7uD7/6P6/81/f/3/Pjrs9994/39s2efr/xkytf4/d/8lcUsn+x8AAAB6kLv/lXGL/Q8AAADNyN3/qrjF/gcAAIBm5O5/ddzSyf73/H/9v/5/fv2/5/+fdJjP/18ceP9/RP+/S/r/cZ7/v4T+X/+v//f8f1Zqav1/7v5L45ZO9j8AAAD04NK7Fhu7/zWLhf0PAAAAc3T6nx3Y+gdKQ+7+18Yt9j8AAAA0I3f/6+KWTva//l//r//X/+v/h19/Wv2/5//vlv5/nP5/Cf3/fvTzRxrr/y/b6fOn0P9fqP9nYjb1/zec+vhh9f+5+18ft3Sy/wEAAKAHufvfELfY/wAAANCM3P1vjFvsfwAAAGhG7v43xS2d7P997/+P7fza+n/9v/5f/6//1/+vmv5/nP5/Cf2/5/97/r/+n5U61f9v/vnwsPr/3P1vjls62f8AAADQg9z9b4lb7H8AAABoRu7+y+IW+x8AAACakbv/rXFLJ/vf8//1//p//b/+f/j19f/zpP8fp/9fQv+v/9f/6/9ZqU3P/z/NYfX/ufsvj1s62f8AAADQg9z9V8Qt9j8AAAA0I3f/2+IW+x8AAACakbv/7XFLJ/tf/7+//X9+XP+v/1/o//X/+v8D0W3/vzb0K9F2O/T/Nz/q+EM3f0T/r//X/+v/9f+swCT6/xOn/u0yd/874pZO9j8AAAD0IHf/O+MW+x8AAACakbv/XXGL/Q8AAADNyN3/7rhlj/v/Pit9VwdH/+/5//p//b/+f/j19f/z1G3/v0ue/7+E/l//r//X/7NSk+j/T/vr3P3viVt8/R8AAACakbv/vXGL/Q8AAADNyN3/vrjF/gcAAIBm5O5/f9zSyf7X/+v/9f/6f/3/8Oufaf+/vhim/z8Y+v9x+v8l9P/6f/2//p+Vmlr/n7v/yrilk/0PAAAAPcjd/4G4xf4HAACAZuTu/2DcYv8DAABAM3L3fyhu6WT/6//1//p//b/+f/j1Pf9/nvT/4/T/i8XiqpE3MNT/nziq/9f/6//1/5yhqfX/ufs/HLd0sv8BAACgB7n7r4pb7H8AAABoRu7+q+MW+x8AAACakbv/I3FLJ/tf/6//1//r//X/w6+v/58n/f84/f8Snv+v/9f/6/9Zqan1/7n7r4lbOtn/AAAA0IPc/dfGLfY/AAAANCN3/0fjFvsfAAAAmpG7/7q4pZP9r//X/+v/9f/70v8f1/9vpf8/GPvX/y/0//p//f8S+n/9v/6frQ6q/787fr5f1v/n7v9Y3NLJ/gcAAIAe5O6/Pm6x/wEAAKAZufs/HrfY/wAAANCM3P2fiFs62f/6f/2//l//7/n/w6+v/58nz/8fp/9fQv+v/9f/6/9ZqYPq/3fq/bf+de7+T8Ytnex/AAAA6EHu/hviFvsfAAAAmpG7/8a4xf4HAACAZuTu/1Tc0sn+1//r/zf3/4uF/l//r/8/6QD6//WF/n/l9P/j9P9L6P/b7P//Z9FQ/39sx8/X/zNFU+v/c/d/Om7pZP8DAABAD3L3fyZusf8BAACgGbn7Pxu32P8AAADQjNz9n4tbWtr/9+ycvs2//z+65RP1/4vF4rYLPP9f/z/y+vr/yfT/9U9V/786+v9x+v8l9P9t9v+e/6//59BMrf/P3f/5uKWl/Q8AAACdy93/hbjF/gcAAIBm5O7/Ytxi/wMAAEAzcvd/KW7pZP/Pv//f+on6/8VZPf9f/7/xAf2//l//P1tn299fvh6/pun/9f/6/8F+fm2Hf+9Z6P/1//p/Bkyt/8/d/+W4pZP9DwAAAD3I3X9T3GL/AwAAQDNy998ct9j/AAAA0Izc/V+JWzrZ//p//b/+f579/7r+X/+v/x80lef/n3feQ27R/+v/W+z/x+j/9f/6f7aaWv+fu/+rcUsn+x8AAAB6kLv/a3GL/Q8AAADNyN3/9bjF/gcAAIBm5O7/RtzSyf7f3v+fszhZqJ401P9Ho6b/P43+f/P71/8P//jw/H/9v/5//02l//f8/zN7//p//f+c3/+e+v/7b/98/T8tmlr/n7v/lrilk/0PAAAAPcjd/824xf4HAACAZuTu/1bcYv8DAABAM3L33xq3dLL/Pf9f/6//1//r/4dfX/8/T/r/cfr/JfT/Z9/P58+q+v/5Pv//f/X/rM7U+v/c/d+OWzaG3wP+/wz/ZwIAAAATkrv/O3FLJ1//BwAAgB7k7v9u3GL/AwAAQDNy938vbulk/+v/9f/6f/2//n/49fX/86T/H6f/X6Kf/n996IOH3c+frcN+/830/57/zwpNrf/P3f/9uKWT/Q8AAABtu2vj29z9P4hb7H8AAABoRu7+H8Yt9j8AAAA0I3f/bXFLJ/tf/6//b7//f4T+f8vr6//1/y3T/+ev6MP0/0v00/8POux+fu7vX/+v/2e7qfX/uftvj1s62f8AAADQg9z9P4pb7H8AAABoRu7+H8ct9j8AAAA0I3f/T+KWTva//r+v/n9t0WP/7/n/+n/9f0/m0/9fcWToo57/r//X/8/3/ev/9f9sN7X+P3f/HWtHutz/AAAAMFcPe+Cjb9/t971j49v1xU/jFvsfAAAAmpG7/2dxi/0PAAAAzcjd//O4pZP9r//vq//v8/n/+n/9v/6/J/Pp/4fp//X/+v/5vn/9v/6f7abW/+fu/0XcctrwG/w/6AEAAAAOz//t7bvn7v9l3NLJ1/8BAACgB7n7fxW3bNv/J3b5p9oBAACAqcnd/+u4pZOv/+v/J97/L/ap/4/vp/8/Sf+v/x96ff3/POn/x51l/39iTf+v/x+h/9f/6//Zamr9f+7+669ZdLn/AQAAoFGbfkfhNxvfri9+G7fY/wAAANCM3P2/i1vsfwAAAGhG7v7fxy2d7H/9/8T7/zN6/v+x+k+e/995/3/x+uDr6//1/y3T/4/z/P8l9P/6f/2//p+V2kP/vzFI97v/z93/h7ilk/0PAAAAPcjd/8e4xf4HAACAZuTu/1PcYv8DAABAM3L3/zlu6WT/6/8Pof+/5Ohisa/9/y6e/6//76P/3+H12+n/73vu8Zse/sirr9T/c8pB9v/5Y0H/r//X/5+k/9f/6//ZamrP/8/d/5e4pZP9DwAAAD3I3X9n3GL/AwAAQDNy9/81brl3/994WO8KAAAAWKXc/X+LWzr5+r/+v8Xn/8+z/89/1ofQ/x+fX/+fTXHv/b/n/+v/t/P8/3H6/yX0//p//b/+n5WaWv+fu//vcUsn+x8AAAB6kLv/H3FL7v+1Pf/WPQAAADAxufv/Gbf4+j8AAAA0I3f/XXFLJ/tf/6//n0r/nzz//9Tnef7/Sfp//f9e6P/H6f+X0P/r//X/+n9Wamr9f+7+f8Utnex/AAAA6EHu/rvjFvsfAAAAmpG7/99xi/0PAAAAzcjd/5+4pZP9r//X/+v/9f/6/+HX1//Pk/5/nP5/Cf2//l//r/9npabW/+fu/28AAAD//xDQcaQ=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f)
pwritev2(r0, 0x0, 0x0, 0xe7b, 0x0, 0x2)

0s ago: executing program 0 (id=322):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, &(0x7f0000000140)=0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0xc}, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
openat$sndtimer(0xffffff9c, 0x0, 0x183002)
r3 = creat(0x0, 0xecf86c37d53049cc)
close(r3)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x72deafbf73f877d7, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'vxcan1\x00', 0x2})
ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000000240)=ANY=[], 0x38)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:33448' (ED25519) to the list of known hosts.
syzkaller login: [   49.100450][ T5831] cgroup: Unknown subsys name 'net'
[   49.239676][ T5831] cgroup: Unknown subsys name 'cpuset'
[   49.243989][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.633410][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.254031][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.256720][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.259827][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.264208][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.266898][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.270913][ T5234] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.273528][ T5234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.275937][ T5234] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.280268][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.283085][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.330877][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.333942][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.336917][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.340545][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.343768][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.448419][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   53.476336][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   53.524712][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.527439][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.529776][ T5846] bridge_slave_0: entered allmulticast mode
[   53.532262][ T5846] bridge_slave_0: entered promiscuous mode
[   53.552686][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.555324][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.558368][ T5846] bridge_slave_1: entered allmulticast mode
[   53.561216][ T5846] bridge_slave_1: entered promiscuous mode
[   53.577952][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.580824][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.583388][ T5842] bridge_slave_0: entered allmulticast mode
[   53.585981][ T5842] bridge_slave_0: entered promiscuous mode
[   53.604700][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.607969][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.610549][ T5842] bridge_slave_1: entered allmulticast mode
[   53.612844][ T5842] bridge_slave_1: entered promiscuous mode
[   53.617135][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.633350][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.638900][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.645981][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.656641][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   53.675103][ T5846] team0: Port device team_slave_0 added
[   53.685802][ T5846] team0: Port device team_slave_1 added
[   53.700791][ T5842] team0: Port device team_slave_0 added
[   53.710976][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.713828][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.724218][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.737621][ T5842] team0: Port device team_slave_1 added
[   53.740546][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.743348][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.754581][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.773813][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.776142][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.785789][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.795127][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.797942][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.808038][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.836216][ T5846] hsr_slave_0: entered promiscuous mode
[   53.839341][ T5846] hsr_slave_1: entered promiscuous mode
[   53.847493][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.850305][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.852842][ T5851] bridge_slave_0: entered allmulticast mode
[   53.855421][ T5851] bridge_slave_0: entered promiscuous mode
[   53.859599][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.862327][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.865175][ T5851] bridge_slave_1: entered allmulticast mode
[   53.868196][ T5851] bridge_slave_1: entered promiscuous mode
[   53.906286][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.921758][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.933860][ T5842] hsr_slave_0: entered promiscuous mode
[   53.936159][ T5842] hsr_slave_1: entered promiscuous mode
[   53.938466][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   53.940423][ T5842] Cannot create hsr debugfs directory
[   53.952595][ T5851] team0: Port device team_slave_0 added
[   53.955803][ T5851] team0: Port device team_slave_1 added
[   53.993365][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.995969][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.006293][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.013267][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.015872][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.025803][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.078363][ T5851] hsr_slave_0: entered promiscuous mode
[   54.080781][ T5851] hsr_slave_1: entered promiscuous mode
[   54.083138][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[   54.085111][ T5851] Cannot create hsr debugfs directory
[   54.118916][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   54.125835][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   54.131067][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   54.140087][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   54.186989][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.189690][ T5846] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.192395][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.194971][ T5846] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.200827][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.206394][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.215567][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.222407][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.249583][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.254140][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.260330][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.280648][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.286712][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.289978][ T5842] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.293199][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.296278][ T5842] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.337079][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.351453][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.354438][ T5851] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.357615][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.360530][ T5851] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.366229][ T1094] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.371265][ T1094] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.374683][ T1094] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.378215][ T1094] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.385834][ T1094] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.389767][ T1094] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.396158][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   54.406005][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.408953][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.420774][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.423444][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.428385][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.454003][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   54.465309][ T5846] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   54.470875][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.483205][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.485794][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.496622][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.499531][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.533500][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.542843][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.553709][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.580971][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   54.588701][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.591774][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.605597][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.608600][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.629685][ T5846] veth0_vlan: entered promiscuous mode
[   54.651608][ T5846] veth1_vlan: entered promiscuous mode
[   54.663653][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.690083][ T5846] veth0_macvtap: entered promiscuous mode
[   54.697543][ T5846] veth1_macvtap: entered promiscuous mode
[   54.706369][ T5842] veth0_vlan: entered promiscuous mode
[   54.714899][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.721402][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.728861][ T5842] veth1_vlan: entered promiscuous mode
[   54.734149][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.738527][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.741731][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.745058][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.760774][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.782506][ T5842] veth0_macvtap: entered promiscuous mode
[   54.794606][ T5842] veth1_macvtap: entered promiscuous mode
[   54.796768][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.802003][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.816899][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.830696][   T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.831296][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.833840][   T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.839436][ T5851] veth0_vlan: entered promiscuous mode
[   54.841540][ T5851] veth1_vlan: entered promiscuous mode
[   54.853119][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.856681][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.868992][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.875288][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   54.879717][ T5851] veth0_macvtap: entered promiscuous mode
[   54.883079][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.904593][ T5851] veth1_macvtap: entered promiscuous mode
[   54.946474][ T5911] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   54.951794][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.964739][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.965793][ T5911] CIFS mount error: No usable UNC path provided in device string!
[   54.965793][ T5911] 
[   54.971832][ T5911] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   54.974906][ T5867] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.977469][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.979285][ T5867] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.984812][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.999542][ T5867] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.005412][ T5867] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.039787][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.042411][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.059676][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.062408][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.078126][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.081615][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.114601][ T5917] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'.
[   55.298185][ T5848] Bluetooth: hci0: command tx timeout
[   55.300398][   T55] Bluetooth: hci1: command tx timeout
[   55.377397][   T55] Bluetooth: hci2: command tx timeout
[   55.925081][ T5950] Bluetooth: MGMT ver 1.23
[   55.959913][ T5955] netlink: 16 bytes leftover after parsing attributes in process `syz.1.20'.
[   56.054971][ T5965] loop2: detected capacity change from 0 to 16
[   56.069933][ T5965] erofs (device loop2): mounted with root inode @ nid 36.
[   56.085257][ T5965] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[   56.090892][ T5965] erofs (device loop2): failed to decompress -38 in[52, 4044] out[1851]
[   56.094603][ T5965] erofs (device loop2): read error -117 @ 43 of nid 36
[   56.153496][ T5973] loop2: detected capacity change from 0 to 1024
[   56.179715][ T5973] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.194672][ T5973] EXT4-fs error (device loop2): __ext4_remount:6740: comm syz.2.28: Abort forced by user
[   56.199322][ T5973] EXT4-fs (loop2): Remounting filesystem read-only
[   56.202055][ T5973] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[   56.295425][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.362222][ T5991] mmap: syz.1.36 (5991) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   56.425490][ T5996] openvswitch: netlink: IP tunnel dst address not specified
[   56.821770][ T6011] loop2: detected capacity change from 0 to 256
[   56.824807][ T6011] =======================================================
[   56.824807][ T6011] WARNING: The mand mount option has been deprecated and
[   56.824807][ T6011]          and is ignored by this kernel. Remove the mand
[   56.824807][ T6011]          option from the mount to silence this warning.
[   56.824807][ T6011] =======================================================
[   56.891154][   T33] audit: type=1326 audit(1755834424.621:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.2.45" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1458ebe9 code=0x7ffc0000
[   56.904874][   T33] audit: type=1326 audit(1755834424.621:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.2.45" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1458ebe9 code=0x7ffc0000
[   56.913625][   T33] audit: type=1326 audit(1755834424.621:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.2.45" exe="/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7feb1458ebe9 code=0x7ffc0000
[   56.921545][   T33] audit: type=1326 audit(1755834424.621:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.2.45" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1458ebe9 code=0x7ffc0000
[   56.938739][   T33] audit: type=1326 audit(1755834424.621:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.2.45" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb1458ebe9 code=0x7ffc0000
[   56.952344][ T6019] loop1: detected capacity change from 0 to 164
[   56.958893][ T6019] Unable to read rock-ridge attributes
[   56.967854][ T6019] Unable to read rock-ridge attributes
[   56.970672][ T6019] iso9660: Corrupted directory entry in block 4 of inode 1792
[   57.003217][ T6021] loop1: detected capacity change from 0 to 256
[   57.038682][ T6023] loop1: detected capacity change from 0 to 256
[   57.041631][ T6023] exfat: Deprecated parameter 'namecase'
[   57.046503][ T6023] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   57.069286][   T33] audit: type=1326 audit(1755834424.801:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6024 comm="syz.1.51" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0064f8ebe9 code=0x7ffc0000
[   57.083872][   T33] audit: type=1326 audit(1755834424.811:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6024 comm="syz.1.51" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0064f8ebe9 code=0x7ffc0000
[   57.096160][   T33] audit: type=1326 audit(1755834424.811:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6024 comm="syz.1.51" exe="/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f0064f8ebe9 code=0x7ffc0000
[   57.105837][   T33] audit: type=1326 audit(1755834424.811:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6024 comm="syz.1.51" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0064f8ebe9 code=0x7ffc0000
[   57.114363][   T33] audit: type=1326 audit(1755834424.811:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6024 comm="syz.1.51" exe="/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f0064f8ebe9 code=0x7ffc0000
[   57.379364][ T5848] Bluetooth: hci0: command tx timeout
[   57.381885][   T55] Bluetooth: hci1: command tx timeout
[   57.382207][ T6045] loop0: detected capacity change from 0 to 512
[   57.391094][ T6045] EXT4-fs: Ignoring removed i_version option
[   57.394762][ T6045] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   57.405181][ T6045] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   57.411340][ T6045] EXT4-fs (loop0): 1 truncate cleaned up
[   57.414285][ T6045] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.423141][ T6045] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.501493][ T6045] Zero length message leads to an empty skb
[   57.747313][ T5871] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   57.898837][ T5871] usb 2-1: unable to get BOS descriptor or descriptor too short
[   57.902316][ T5871] usb 2-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config
[   57.905791][ T5871] usb 2-1: config 66 has 1 interface, different from the descriptor's value: 2
[   57.909263][ T5871] usb 2-1: config 66 interface 0 altsetting 16 endpoint 0x7 has invalid wMaxPacketSize 0
[   57.912940][ T5871] usb 2-1: config 66 interface 0 has no altsetting 0
[   57.916707][ T5871] usb 2-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95
[   57.920296][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   57.923251][ T5871] usb 2-1: Product: syz
[   57.924764][ T5871] usb 2-1: Manufacturer: syz
[   57.926525][ T5871] usb 2-1: SerialNumber: syz
[   58.047648][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.137863][ T5871] ati_remote2 2-1:66.0: ati_remote2_probe(): need 2 interfaces, found 1
[   58.142503][ T5871] usb 2-1: USB disconnect, device number 2
[   58.337843][ T6059] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   58.489543][ T6059] usb 1-1: unable to get BOS descriptor or descriptor too short
[   58.493646][ T6059] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[   58.498480][ T6059] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[   58.504298][ T6059] usb 1-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=b5.39
[   58.508697][ T6059] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.511904][ T6059] usb 1-1: Product: syz
[   58.513594][ T6059] usb 1-1: Manufacturer: syz
[   58.515524][ T6059] usb 1-1: SerialNumber: syz
[   58.519290][ T6059] usb 1-1: config 0 descriptor??
[   58.522608][ T6059] pn533_usb 1-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[   58.730768][    T9] usb 1-1: USB disconnect, device number 2
[   58.997272][ T6059] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   59.167247][ T6059] usb 3-1: Using ep0 maxpacket: 16
[   59.174888][ T6059] usb 3-1: unable to get BOS descriptor or descriptor too short
[   59.180111][ T6059] usb 3-1: config 1 has an invalid interface number: 206 but max is 0
[   59.183642][ T6059] usb 3-1: config 1 has no interface number 0
[   59.189250][ T6059] usb 3-1: string descriptor 0 read error: -22
[   59.191780][ T6059] usb 3-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[   59.195586][ T6059] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.202976][ T6059] uvcvideo 3-1:1.206: probe with driver uvcvideo failed with error -22
[   59.277145][ T6059] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   59.283398][ T6059] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   59.411352][ T5311] usb 3-1: USB disconnect, device number 2
[   59.467502][   T55] Bluetooth: hci1: command tx timeout
[   59.467924][ T5848] Bluetooth: hci0: command tx timeout
[   59.515851][ T6088] loop0: detected capacity change from 0 to 1024
[   59.519516][ T6088] EXT4-fs: Ignoring removed nobh option
[   59.527915][ T6088] EXT4-fs: Ignoring removed bh option
[   59.543915][ T6088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   59.589873][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.464522][ T6115] netlink: 'syz.0.86': attribute type 7 has an invalid length.
[   60.471260][ T6115] netlink: 32 bytes leftover after parsing attributes in process `syz.0.86'.
[   60.737551][ T5848] Bluetooth: hci2: command tx timeout
[   60.970616][ T6132] loop1: detected capacity change from 0 to 4096
[   60.995031][ T6132] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   61.012065][ T6132] ntfs3(loop1): Failed to load $Extend (-22).
[   61.014921][ T6132] ntfs3(loop1): Failed to initialize $Extend.
[   61.537534][ T5848] Bluetooth: hci0: command tx timeout
[   61.547482][ T5848] Bluetooth: hci1: command tx timeout
[   61.927333][ T5871] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   62.130746][ T5871] usb 2-1: config 0 has an invalid interface number: 71 but max is 0
[   62.134184][ T5871] usb 2-1: config 0 has no interface number 0
[   62.136851][ T5871] usb 2-1: config 0 interface 71 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 1024
[   62.151097][ T5871] usb 2-1: config 0 interface 71 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1023
[   62.166792][ T5871] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0012, bcdDevice=cc.c0
[   62.177639][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   62.181146][ T5871] usb 2-1: Product: syz
[   62.183020][ T5871] usb 2-1: Manufacturer: syz
[   62.185085][ T5871] usb 2-1: SerialNumber: syz
[   62.193548][ T5871] usb 2-1: config 0 descriptor??
[   62.196818][ T6139] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   62.206785][ T6139] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   62.229095][ T5871] kvaser_usb 2-1:0.71: error -ENODEV: Cannot get usb endpoint(s)
[   62.327047][ T6154] loop2: detected capacity change from 0 to 2048
[   62.369154][ T5843]  loop2: p1 < > p4
[   62.374876][ T5843] loop2: p4 size 8388608 extends beyond EOD, truncated
[   62.409046][ T6154]  loop2: p1 < > p4
[   62.425256][ T6154] loop2: p4 size 8388608 extends beyond EOD, truncated
[   62.519546][ T6156] loop0: detected capacity change from 0 to 4096
[   62.536208][ T6156] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[   62.649866][ T5843] udevd[5843]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   62.654526][ T6084] udevd[6084]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   62.827364][ T5848] Bluetooth: hci2: command tx timeout
[   62.909357][ T5871] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   62.949363][ T5311] usb 2-1: USB disconnect, device number 3
[   62.974482][ T6164] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   63.053868][ T6174] loop0: detected capacity change from 0 to 1024
[   63.056694][ T6174] EXT4-fs: Ignoring removed orlov option
[   63.062593][ T6174] EXT4-fs: Ignoring removed nomblk_io_submit option
[   63.078692][ T5871] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   63.083249][ T5871] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   63.089453][ T6174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   63.094168][ T5871] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[   63.099548][ T5871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   63.102935][ T5871] usb 3-1: config 0 descriptor??
[   63.199756][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.810926][ T5871] usb 3-1: USB disconnect, device number 3
[   64.219413][ T6189] netlink: 28 bytes leftover after parsing attributes in process `syz.1.117'.
[   64.223267][ T6189] netlink: 28 bytes leftover after parsing attributes in process `syz.1.117'.
[   64.393906][ T6194] netlink: 'syz.1.119': attribute type 1 has an invalid length.
[   64.495612][ T6200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.123'.
[   64.501545][ T6200] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.550524][ T6210] netlink: 'syz.1.127': attribute type 1 has an invalid length.
[   64.653334][ T6220] loop1: detected capacity change from 0 to 1764
[   64.735507][ T6223] loop1: detected capacity change from 0 to 4096
[   64.739886][ T6223] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[   64.803237][ T6216] loop0: detected capacity change from 0 to 32768
[   64.838433][ T6216] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   64.853477][ T6229] loop1: detected capacity change from 0 to 1024
[   64.874375][ T6229] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   64.880437][ T6229] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.895502][ T5842] ocfs2: Unmounting device (7,0) on (node local)
[   64.906680][ T6229] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.135: bg 0: block 393: padding at end of block bitmap is not set
[   64.913766][ T6229] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[   64.918814][ T6229] EXT4-fs (loop1): This should not happen!! Data will be lost
[   64.918814][ T6229] 
[   64.922646][ T6229] EXT4-fs (loop1): Total free blocks count 0
[   64.925262][ T6229] EXT4-fs (loop1): Free/Dirty block details
[   64.927837][ T6229] EXT4-fs (loop1): free_blocks=0
[   64.929912][ T6229] EXT4-fs (loop1): dirty_blocks=16
[   64.932120][ T6229] EXT4-fs (loop1): Block reservation details
[   64.934678][ T6229] EXT4-fs (loop1): i_reserved_data_blocks=1
[   66.159733][ T6229] syz.1.135 (6229) used greatest stack depth: 19184 bytes left
[   66.175711][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.266374][ T6242] loop0: detected capacity change from 0 to 4096
[   66.870056][ T6261] loop2: detected capacity change from 0 to 1024
[   67.544870][ T6272] netlink: 20 bytes leftover after parsing attributes in process `syz.0.149'.
[   67.613054][ T6278] loop1: detected capacity change from 0 to 1024
[   67.636085][   T29] hfsplus: b-tree write err: -5, ino 8
[   67.660536][   T29] hfsplus: b-tree write err: -5, ino 4
[   67.837299][   T47] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   67.841390][ T6280] loop1: detected capacity change from 0 to 40427
[   67.847845][ T6280] F2FS-fs: heap/no_heap options were deprecated
[   67.852506][ T6280] F2FS-fs (loop1): build fault injection rate: 19
[   67.857983][ T6280] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[   67.862046][ T6280] F2FS-fs (loop1): invalid crc value
[   67.869284][ T6280] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[   67.909465][ T6280] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[   67.919414][ T6280] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   67.929972][ T6280] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   67.942600][ T6280] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[   67.948859][ T6280] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_update_inode_page+0x82/0x190
[   67.958699][ T6280] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[   67.964866][ T6280] CPU: 1 UID: 0 PID: 6280 Comm: syz.1.153 Not tainted syzkaller #0 PREEMPT(full) 
[   67.964883][ T6280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   67.964891][ T6280] Call Trace:
[   67.964896][ T6280]  <TASK>
[   67.964901][ T6280]  dump_stack_lvl+0x189/0x250
[   67.964921][ T6280]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.964969][ T6280]  ? rcu_is_watching+0x15/0xb0
[   67.964983][ T6280]  ? __pfx_queue_work_on+0x10/0x10
[   67.964996][ T6280]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   67.965014][ T6280]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.965031][ T6280]  ? f2fs_hw_is_readonly+0x39b/0x470
[   67.965049][ T6280]  f2fs_handle_critical_error+0x37c/0x540
[   67.965066][ T6280]  f2fs_write_inode+0x3ba/0x5f0
[   67.965085][ T6280]  f2fs_do_sync_file+0xba9/0x1860
[   67.965098][ T6280]  ? __pfx_f2fs_do_sync_file+0x10/0x10
[   67.965117][ T6280]  ? __pfx_generic_perform_write+0x10/0x10
[   67.965133][ T6280]  ? vfs_fsync_range+0x12c/0x1c0
[   67.965144][ T6280]  ? f2fs_sync_file+0xe9/0x160
[   67.965156][ T6280]  f2fs_file_write_iter+0x753/0x2410
[   67.965172][ T6280]  ? vfs_write+0x211/0xb30
[   67.965187][ T6280]  ? __pfx_f2fs_file_write_iter+0x10/0x10
[   67.965200][ T6280]  ? security_file_permission+0x75/0x290
[   67.965218][ T6280]  vfs_write+0x5c9/0xb30
[   67.965233][ T6280]  ? __pfx_f2fs_file_write_iter+0x10/0x10
[   67.965247][ T6280]  ? __pfx_vfs_write+0x10/0x10
[   67.965263][ T6280]  ? __fget_files+0x2a/0x420
[   67.965282][ T6280]  ksys_write+0x145/0x250
[   67.965298][ T6280]  ? __pfx_ksys_write+0x10/0x10
[   67.965310][ T6280]  ? rcu_is_watching+0x15/0xb0
[   67.965323][ T6280]  ? rcu_is_watching+0x15/0xb0
[   67.965335][ T6280]  do_syscall_64+0xfa/0x3b0
[   67.965353][ T6280]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.965375][ T6280]  ? exc_page_fault+0x9f/0xf0
[   67.965391][ T6280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.965405][ T6280] RIP: 0033:0x7f0064f8ebe9
[   67.965417][ T6280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.965428][ T6280] RSP: 002b:00007f0065e9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   67.965444][ T6280] RAX: ffffffffffffffda RBX: 00007f00651b5fa0 RCX: 00007f0064f8ebe9
[   67.965453][ T6280] RDX: 0000000000000018 RSI: 0000200000000400 RDI: 0000000000000004
[   67.965460][ T6280] RBP: 00007f0065011e19 R08: 0000000000000000 R09: 0000000000000000
[   67.965467][ T6280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   67.965474][ T6280] R13: 00007f00651b6038 R14: 00007f00651b5fa0 R15: 00007ffe535d79b8
[   67.965487][ T6280]  </TASK>
[   67.965492][ T6280] F2FS-fs (loop1): Stopped filesystem due to reason: 5
[   68.021569][ T6304] netlink: 36 bytes leftover after parsing attributes in process `syz.2.163'.
[   68.031846][ T6279] F2FS-fs (loop1): f2fs_evict_inode: inconsistent node id, ino:10
[   68.074784][   T47] usb 1-1: Using ep0 maxpacket: 8
[   68.078717][   T47] usb 1-1: config 2 has an invalid interface number: 226 but max is 0
[   68.081581][   T47] usb 1-1: config 2 has no interface number 0
[   68.084020][   T47] usb 1-1: config 2 interface 226 has no altsetting 0
[   68.091678][   T47] usb 1-1: New USB device found, idVendor=05c8, idProduct=0403, bcdDevice=d4.d4
[   68.095140][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.098151][   T47] usb 1-1: Product: syz
[   68.099544][   T47] usb 1-1: Manufacturer: syz
[   68.101338][   T47] usb 1-1: SerialNumber: syz
[   68.311757][   T47] usb 1-1: Found UVC 0.00 device syz (05c8:0403)
[   68.314599][   T47] usb 1-1: No valid video chain found.
[   68.322605][   T47] usb 1-1: USB disconnect, device number 3
[   68.423005][ T6318] loop1: detected capacity change from 0 to 32768
[   68.444735][ T6318] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   68.455725][ T6318] XFS (loop1): Ending clean mount
[   68.467973][ T6237] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   68.477734][ T5851] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   68.627973][ T6237] usb 3-1: Using ep0 maxpacket: 16
[   68.631599][ T6237] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   68.638211][ T6237] usb 3-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[   68.642011][ T6237] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.645309][ T6237] usb 3-1: Product: syz
[   68.647069][ T6237] usb 3-1: Manufacturer: syz
[   68.650603][ T6237] usb 3-1: SerialNumber: syz
[   68.653659][ T6237] usb 3-1: config 0 descriptor??
[   68.716679][  T793] kernel write not supported for file bpf-prog (pid: 793 comm: kworker/0:2)
[   68.765668][ T6336] loop1: detected capacity change from 0 to 512
[   68.782951][ T6336] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.789279][ T6336] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.799732][   T33] kauditd_printk_skb: 4 callbacks suppressed
[   68.799742][   T33] audit: type=1800 audit(1755834436.531:16): pid=6336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.175" name="file2" dev="loop1" ino=16 res=0 errno=0
[   68.815586][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.865672][ T6237] usb 3-1: USB disconnect, device number 4
[   68.925853][ T6350] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[   68.953291][ T6352] netlink: 60 bytes leftover after parsing attributes in process `syz.0.181'.
[   69.146997][ T6368] binder: 6367:6368 ioctl c0306201 2000000003c0 returned -22
[   69.416259][ T6381] loop2: detected capacity change from 0 to 256
[   69.434554][ T6381] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[   69.547117][ T6385] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff)
[   69.558629][ T6385] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff)
[   70.397549][   T47] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[   70.576567][   T47] usb 2-1: unable to get BOS descriptor or descriptor too short
[   70.581644][   T47] usb 2-1: not running at top speed; connect to a high speed hub
[   70.587482][   T47] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[   70.596932][   T47] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   70.602477][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.606084][   T47] usb 2-1: Product: syz
[   70.608751][   T47] usb 2-1: Manufacturer: syz
[   70.612014][   T47] usb 2-1: SerialNumber: syz
[   70.843990][   T47] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   70.890117][   T47] usb 2-1: USB disconnect, device number 4
[   70.920445][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   71.138504][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.141169][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.565686][ T6403] loop1: detected capacity change from 0 to 4096
[   71.731250][ T6406] fuse: root generation should be zero
[   71.805396][ T6416] netlink: 4 bytes leftover after parsing attributes in process `syz.1.209'.
[   71.944831][ T6421] loop1: detected capacity change from 0 to 32768
[   71.953107][ T6421] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   71.971856][ T6421] XFS (loop1): Ending clean mount
[   71.988042][ T5851] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   72.189096][ T6446] program syz.2.219 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   72.362742][ T6452] loop2: detected capacity change from 0 to 512
[   72.371107][ T6452] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.376278][ T6452] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.127500][   T47] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   73.271973][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.312846][   T47] usb 1-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[   73.320172][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.324035][   T47] usb 1-1: Product: syz
[   73.325752][   T47] usb 1-1: Manufacturer: syz
[   73.331528][   T47] usb 1-1: SerialNumber: syz
[   73.337449][   T47] usb 1-1: config 0 descriptor??
[   73.341079][   T47] go7007 1-1:0.0: probe with driver go7007 failed with error -12
[   73.438214][ T6466] loop1: detected capacity change from 0 to 32768
[   73.529148][ T6473] process 'syz.2.227' launched '/dev/fd/5' with NULL argv: empty string added
[   73.702476][    T9] usb 1-1: USB disconnect, device number 4
[   73.987268][ T5871] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   74.157296][ T5871] usb 2-1: Using ep0 maxpacket: 32
[   74.161587][ T5871] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[   74.164852][ T5871] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[   74.168471][ T5871] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   74.184261][ T5871] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[   74.218021][ T5871] usb 2-1: config 1 has no interface number 0
[   74.221149][ T5871] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   74.225113][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.242293][ T5871] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[   74.292575][ T6481] loop0: detected capacity change from 0 to 512
[   74.312825][ T6481] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   74.316166][ T6484] loop2: detected capacity change from 0 to 1024
[   74.321037][ T6481] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.390577][ T6488] vxcan1: entered allmulticast mode
[   74.464082][ T5871] snd_usb_pod 2-1:1.1: endpoint not available, using fallback values
[   74.473531][ T5871] snd_usb_pod 2-1:1.1: invalid control EP
[   74.476433][ T5871] snd_usb_pod 2-1:1.1: cannot start listening: -22
[   74.479911][ T5871] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[   74.482731][ T5871] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -22
[   74.502674][ T6493] loop2: detected capacity change from 0 to 8
[   74.506574][ T6493] unable to read inode lookup table
[   74.685197][   T47] usb 2-1: USB disconnect, device number 5
[   75.200332][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   75.284141][ T6510] loop1: detected capacity change from 0 to 1024
[   75.311986][ T6510] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.321547][ T6510] EXT4-fs error (device loop1): ext4_find_dest_de:2052: inode #2: block 16: comm syz.1.242: bad entry in directory: inode out of bounds - offset=12, inode=1282, rec_len=12, size=1024 fake=1
[   75.352856][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.376471][ T6515] syz.1.243: attempt to access beyond end of device
[   75.376471][ T6515] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0
[   75.382058][ T6515] syz.1.243: attempt to access beyond end of device
[   75.382058][ T6515] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0
[   75.522727][ T6519] loop0: detected capacity change from 0 to 32768
[   75.529790][ T6519] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   75.561076][ T5842] ocfs2: Unmounting device (7,0) on (node local)
[   75.566985][ T6518] loop1: detected capacity change from 0 to 32768
[   75.572709][ T6518] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   75.619732][ T5851] ocfs2: Unmounting device (7,1) on (node local)
[   75.715326][ T6529] loop0: detected capacity change from 0 to 2048
[   75.724952][ T6529] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   75.731230][ T6527] loop1: detected capacity change from 0 to 8192
[   75.757774][ T6530] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   75.849085][ T6537] netlink: 12 bytes leftover after parsing attributes in process `syz.1.250'.
[   75.861889][ T6533] gtp0: entered promiscuous mode
[   75.888475][ T6537] vlan2: entered allmulticast mode
[   75.912194][ T6537] bridge0: entered allmulticast mode
[   75.914500][ T6537] bridge1: port 1(vlan2) entered blocking state
[   75.918739][ T6537] bridge1: port 1(vlan2) entered disabled state
[   75.926911][ T6537] vlan2: entered promiscuous mode
[   75.937581][ T6537] bridge0: entered promiscuous mode
[   76.126626][ T6237] kernel write not supported for file /input/event2 (pid: 6237 comm: kworker/1:5)
[   76.229709][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   76.337368][ T5871] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   76.388305][    T9] usb 3-1: Using ep0 maxpacket: 16
[   76.394301][    T9] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[   76.398184][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.401526][    T9] usb 3-1: Product: syz
[   76.403311][    T9] usb 3-1: Manufacturer: syz
[   76.405269][    T9] usb 3-1: SerialNumber: syz
[   76.409134][    T9] usb 3-1: config 0 descriptor??
[   76.413155][    T9] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[   76.487367][ T5871] usb 2-1: Using ep0 maxpacket: 32
[   76.497780][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.502509][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.506645][ T5871] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   76.567426][ T5871] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[   76.589448][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.593613][ T5871] usb 2-1: config 0 descriptor??
[   76.615276][    T9] gp8psk: usb in 128 operation failed.
[   76.618300][    T9] gp8psk: usb in 137 operation failed.
[   76.620313][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   76.624671][    T9] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[   76.631403][    T9] usb 3-1: media controller created
[   76.667712][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   76.694294][    T9] gp8psk_fe: Frontend revision 1 attached
[   76.698946][    T9] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[   76.727568][    T9] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[   76.737436][ T5848] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   76.742404][ T5848] Bluetooth: hci1: Injecting HCI hardware error event
[   76.745273][ T5848] Bluetooth: hci1: hardware error 0x00
[   76.959960][    T9] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[   76.964353][    T9] gp8psk: found Genpix USB device pID = 201 (hex)
[   77.022911][ T5871] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0003/input/input4
[   77.090256][ T5871] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0003/input/input5
[   77.103148][ T5871] kye 0003:0458:5011.0003: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0
[   77.181512][   T47] usb 3-1: USB disconnect, device number 5
[   77.202549][   T47] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[   77.216253][ T6237] usb 2-1: USB disconnect, device number 6
[   77.257022][ T6591] loop0: detected capacity change from 0 to 512
[   77.280467][ T6591] EXT4-fs error (device loop0): ext4_quota_enable:7124: comm syz.0.276: Bad quota inum: 1, type: 2
[   77.286037][ T6591] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=1). Please run e2fsck to fix.
[   77.292894][ T6591] EXT4-fs (loop0): mount failed
[   77.371246][ T6598] loop0: detected capacity change from 0 to 512
[   77.401146][ T6598] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.406524][ T6598] ext4 filesystem being mounted at /98/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.417928][ T6598] EXT4-fs error (device loop0): ext4_get_first_dir_block:3537: inode #12: block 32: comm syz.0.278: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0
[   77.426300][ T6598] EXT4-fs error (device loop0): ext4_get_first_dir_block:3540: inode #12: comm syz.0.278: directory missing '.'
[   77.448490][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.053696][ T6643] loop0: detected capacity change from 0 to 32768
[   78.071195][ T6643] 
[   78.071195][ T6643]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   78.071195][ T6643] 
[   78.136468][ T1105] read_mapping_page failed!
[   78.156200][ T1105] ERROR: (device loop0): txCommit: 
[   78.156200][ T1105] 
[   78.166812][ T1105] ERROR: (device loop0): remounting filesystem as read-only
[   78.191558][ T1105] jfs_write_inode: jfs_commit_inode failed!
[   78.197494][ T5842] 
[   78.197494][ T5842]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   78.197494][ T5842] 
[   78.215935][ T5842] 
[   78.215935][ T5842]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   78.215935][ T5842] 
[   78.367572][ T6658] netlink: 'syz.0.303': attribute type 10 has an invalid length.
[   78.553606][ T6662] loop1: detected capacity change from 0 to 32768
[   78.575548][ T6658] team0: Port device wlan1 added
[   78.674480][ T6670] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   78.696829][ T6662] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   78.696876][ T6662]   allowing incompatible features above 0.0: (unknown version)
[   78.696883][ T6662]   features: 
[   78.740800][ T6662] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   78.744054][ T6662] bcachefs (loop1): initializing new filesystem
[   78.751743][ T6662] bcachefs (loop1): going read-write
[   78.768142][ T6662] bcachefs (loop1): marking superblocks
[   78.818731][ T5848] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   78.834769][ T6662] bcachefs (loop1): initializing freespace
[   78.843736][ T6662] bcachefs (loop1): done initializing freespace
[   78.853058][ T6662] bcachefs (loop1): reading snapshots table
[   78.857285][ T6662] bcachefs (loop1): reading snapshots done
[   78.890698][ T6662] bcachefs (loop1): done starting filesystem
[   78.977781][ T6689] mkiss: ax0: crc mode is auto.
[   79.074587][ T6691] loop0: detected capacity change from 0 to 512
[   79.090911][ T6691] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   79.102125][ T6662] syz.1.308 (6662) used greatest stack depth: 17448 bytes left
[   79.106879][ T5851] bcachefs (loop1): shutting down
[   79.116364][ T6687] loop2: detected capacity change from 0 to 32768
[   79.120999][ T5851] bcachefs (loop1): going read-only
[   79.125358][ T6691] EXT4-fs (loop0): 1 truncate cleaned up
[   79.133759][ T6691] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.134116][ T6687] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   79.139326][ T5851] bcachefs (loop1): finished waiting for writes to stop
[   79.154744][ T5851] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[   79.165580][ T5851] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[   79.170047][ T6691] EXT4-fs error (device loop0): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.0.316: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[   79.174446][ T5851] bcachefs (loop1): clean shutdown complete, journal seq 4
[   79.186940][ T5846] ocfs2: Unmounting device (7,2) on (node local)
[   79.187789][ T6691] EXT4-fs (loop0): Remounting filesystem read-only
[   79.191247][ T5851] bcachefs (loop1): marking filesystem clean
[   79.192488][ T6691] EXT4-fs warning (device loop0): ext4_rename_delete:3731: inode #2: comm syz.0.316: Deleting old file: nlink 5, error=-117
[   79.222416][ T5851] bcachefs (loop1): shutdown complete
[   79.248513][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.517731][   T33] audit: type=1800 audit(1755834447.211:17): pid=6706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.318" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=9773 res=0 errno=0
[   79.720971][ T6705] loop0: detected capacity change from 0 to 32768
[   79.726919][ T6705] 
[   79.726919][ T6705]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.726919][ T6705] 
[   79.735677][ T6705] 
[   79.735677][ T6705]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.735677][ T6705] 
[   79.740424][ T6705] 
[   79.740424][ T6705]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.740424][ T6705] 
[   79.744978][ T6705] 
[   79.744978][ T6705]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.744978][ T6705] 
[   79.749795][ T6705] 
[   79.749795][ T6705]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.749795][ T6705] 
[   79.754239][ T6705] 
[   79.754239][ T6705]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.754239][ T6705] 
[   79.759951][  T117] 
[   79.759951][  T117]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.759951][  T117] 
[   79.771709][   T53] 
[   79.771709][   T53]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.771709][   T53] 
[   79.776947][   T53] 
[   79.776947][   T53]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.776947][   T53] 
[   79.781622][ T5842] 
[   79.781622][ T5842]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.781622][ T5842] 
[   79.787161][ T5842] 
[   79.787161][ T5842]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   79.787161][ T5842] 
[   79.794691][  T116] ==================================================================
[   79.798102][  T116] BUG: KASAN: slab-use-after-free in __mutex_lock+0x801/0x1350
[   79.801211][  T116] Read of size 8 at addr ffff88803846b908 by task jfsCommit/116
[   79.805215][  T116] 
[   79.806239][  T116] CPU: 1 UID: 0 PID: 116 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[   79.806254][  T116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.806262][  T116] Call Trace:
[   79.806267][  T116]  <TASK>
[   79.806273][  T116]  dump_stack_lvl+0x189/0x250
[   79.806291][  T116]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.806305][  T116]  ? lock_release+0x4b/0x3e0
[   79.806323][  T116]  ? __virt_addr_valid+0x4a5/0x5c0
[   79.806339][  T116]  print_report+0xca/0x240
[   79.806352][  T116]  ? __mutex_lock+0x801/0x1350
[   79.806367][  T116]  kasan_report+0x118/0x150
[   79.806385][  T116]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.806399][  T116]  ? __mutex_lock+0x801/0x1350
[   79.806417][  T116]  __mutex_lock+0x801/0x1350
[   79.806434][  T116]  ? __mutex_lock+0x5bb/0x1350
[   79.806451][  T116]  ? jfs_syncpt+0x25/0x90
[   79.806463][  T116]  ? __pfx___mutex_lock+0x10/0x10
[   79.806478][  T116]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.806492][  T116]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.806507][  T116]  ? rcu_is_watching+0x15/0xb0
[   79.806521][  T116]  jfs_syncpt+0x25/0x90
[   79.806538][  T116]  txEnd+0x2e5/0x530
[   79.806551][  T116]  jfs_lazycommit+0x5ba/0xa90
[   79.806565][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   79.806578][  T116]  ? __pfx_default_wake_function+0x10/0x10
[   79.806595][  T116]  ? __kthread_parkme+0x7b/0x200
[   79.806608][  T116]  ? __kthread_parkme+0x1a1/0x200
[   79.806621][  T116]  kthread+0x711/0x8a0
[   79.806636][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   79.806648][  T116]  ? __pfx_kthread+0x10/0x10
[   79.806662][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.806676][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.806690][  T116]  ? __pfx_kthread+0x10/0x10
[   79.806704][  T116]  ret_from_fork+0x3fc/0x770
[   79.806717][  T116]  ? __pfx_ret_from_fork+0x10/0x10
[   79.806730][  T116]  ? __switch_to_asm+0x39/0x70
[   79.806744][  T116]  ? __switch_to_asm+0x33/0x70
[   79.806758][  T116]  ? __pfx_kthread+0x10/0x10
[   79.806772][  T116]  ret_from_fork_asm+0x1a/0x30
[   79.806791][  T116]  </TASK>
[   79.806795][  T116] 
[   79.886349][  T116] Allocated by task 6705:
[   79.888171][  T116]  kasan_save_track+0x3e/0x80
[   79.890126][  T116]  __kasan_kmalloc+0x93/0xb0
[   79.892021][  T116]  __kmalloc_cache_noprof+0x230/0x3d0
[   79.894147][  T116]  lmLogOpen+0x2d1/0xfb0
[   79.895901][  T116]  jfs_mount_rw+0xe9/0x670
[   79.897709][  T116]  jfs_fill_super+0x754/0xd80
[   79.899614][  T116]  get_tree_bdev_flags+0x40e/0x4d0
[   79.901709][  T116]  vfs_get_tree+0x92/0x2b0
[   79.903406][  T116]  do_new_mount+0x2a2/0x9e0
[   79.905193][  T116]  __se_sys_mount+0x317/0x410
[   79.906978][  T116]  do_syscall_64+0xfa/0x3b0
[   79.908715][  T116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.910972][  T116] 
[   79.911777][  T116] Freed by task 5842:
[   79.913119][  T116]  kasan_save_track+0x3e/0x80
[   79.914812][  T116]  kasan_save_free_info+0x46/0x50
[   79.916655][  T116]  __kasan_slab_free+0x5b/0x80
[   79.918296][  T116]  kfree+0x18e/0x440
[   79.919580][  T116]  lmLogClose+0x297/0x520
[   79.921161][  T116]  jfs_umount+0x2ef/0x3c0
[   79.922581][  T116]  jfs_put_super+0x8c/0x190
[   79.924020][  T116]  generic_shutdown_super+0x135/0x2c0
[   79.925899][  T116]  kill_block_super+0x44/0x90
[   79.927467][  T116]  deactivate_locked_super+0xbc/0x130
[   79.929246][  T116]  cleanup_mnt+0x425/0x4c0
[   79.930726][  T116]  task_work_run+0x1d4/0x260
[   79.932260][  T116]  exit_to_user_mode_loop+0xec/0x110
[   79.934008][  T116]  do_syscall_64+0x2bd/0x3b0
[   79.935971][  T116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.938341][  T116] 
[   79.939349][  T116] The buggy address belongs to the object at ffff88803846b800
[   79.939349][  T116]  which belongs to the cache kmalloc-1k of size 1024
[   79.944943][  T116] The buggy address is located 264 bytes inside of
[   79.944943][  T116]  freed 1024-byte region [ffff88803846b800, ffff88803846bc00)
[   79.950724][  T116] 
[   79.951752][  T116] The buggy address belongs to the physical page:
[   79.954486][  T116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x38468
[   79.957792][  T116] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   79.961375][  T116] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   79.964455][  T116] page_type: f5(slab)
[   79.966054][  T116] raw: 00fff00000000040 ffff88801a441dc0 dead000000000100 dead000000000122
[   79.969581][  T116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   79.973015][  T116] head: 00fff00000000040 ffff88801a441dc0 dead000000000100 dead000000000122
[   79.976078][  T116] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   79.979459][  T116] head: 00fff00000000003 ffffea0000e11a01 00000000ffffffff 00000000ffffffff
[   79.982912][  T116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   79.986506][  T116] page dumped because: kasan: bad access detected
[   79.989158][  T116] page_owner tracks the page as allocated
[   79.991400][  T116] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6403, tgid 6402 (syz.1.203), ts 71610707038, free_ts 69195564483
[   79.999145][  T116]  post_alloc_hook+0x240/0x2a0
[   80.000777][  T116]  get_page_from_freelist+0x21e4/0x22c0
[   80.002844][  T116]  __alloc_frozen_pages_noprof+0x181/0x370
[   80.005073][  T116]  alloc_pages_mpol+0x232/0x4a0
[   80.006724][  T116]  allocate_slab+0x8a/0x370
[   80.008456][  T116]  ___slab_alloc+0xbeb/0x1410
[   80.009921][  T116]  __kmalloc_noprof+0x305/0x4f0
[   80.011799][  T116]  mi_init+0x76/0xe0
[   80.013371][  T116]  ntfs_iget5+0x356/0x37c0
[   80.014907][  T116]  dir_search_u+0x1df/0x2c0
[   80.016531][  T116]  ntfs_extend_init+0x2d9/0x520
[   80.018431][  T116]  ntfs_fill_super+0x3cd5/0x40b0
[   80.020401][  T116]  get_tree_bdev_flags+0x40e/0x4d0
[   80.022325][  T116]  vfs_get_tree+0x92/0x2b0
[   80.023970][  T116]  do_new_mount+0x2a2/0x9e0
[   80.025655][  T116]  __se_sys_mount+0x317/0x410
[   80.027513][  T116] page last free pid 6372 tgid 6371 stack trace:
[   80.029579][  T116]  __free_frozen_pages+0xbc4/0xd30
[   80.031237][  T116]  __put_partials+0x156/0x1a0
[   80.033047][  T116]  put_cpu_partial+0x17c/0x250
[   80.034980][  T116]  __slab_free+0x2d5/0x3c0
[   80.036622][  T116]  qlist_free_all+0x97/0x140
[   80.038331][  T116]  kasan_quarantine_reduce+0x148/0x160
[   80.040353][  T116]  __kasan_slab_alloc+0x22/0x80
[   80.042001][  T116]  kmem_cache_alloc_bulk_noprof+0x4e0/0x790
[   80.043975][  T116]  __io_alloc_req_refill+0x9d/0x280
[   80.045790][  T116]  io_submit_sqes+0xbdc/0x1d10
[   80.047518][  T116]  __se_sys_io_uring_enter+0x2df/0x2b20
[   80.049475][  T116]  do_syscall_64+0xfa/0x3b0
[   80.051180][  T116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.053251][  T116] 
[   80.054212][  T116] Memory state around the buggy address:
[   80.056197][  T116]  ffff88803846b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.059103][  T116]  ffff88803846b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.062033][  T116] >ffff88803846b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.064931][  T116]                       ^
[   80.066518][  T116]  ffff88803846b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.069336][  T116]  ffff88803846ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.072076][  T116] ==================================================================
[   80.077073][  T116] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   80.079693][  T116] CPU: 1 UID: 0 PID: 116 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[   80.082573][  T116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   80.086382][  T116] Call Trace:
[   80.087487][  T116]  <TASK>
[   80.088625][  T116]  dump_stack_lvl+0x99/0x250
[   80.090400][  T116]  ? __asan_memcpy+0x40/0x70
[   80.092102][  T116]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.093800][  T116]  ? __pfx__printk+0x10/0x10
[   80.095440][  T116]  vpanic+0x281/0x750
[   80.096914][  T116]  ? __pfx_vpanic+0x10/0x10
[   80.098474][  T116]  ? rcu_is_watching+0x15/0xb0
[   80.100388][  T116]  panic+0xb9/0xc0
[   80.101846][  T116]  ? __pfx_panic+0x10/0x10
[   80.103628][  T116]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   80.105872][  T116]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   80.108105][  T116]  ? __mutex_lock+0x801/0x1350
[   80.109959][  T116]  check_panic_on_warn+0x89/0xb0
[   80.111767][  T116]  ? __mutex_lock+0x801/0x1350
[   80.113624][  T116]  end_report+0x78/0x160
[   80.115190][  T116]  kasan_report+0x129/0x150
[   80.116679][  T116]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   80.118648][  T116]  ? __mutex_lock+0x801/0x1350
[   80.120194][  T116]  __mutex_lock+0x801/0x1350
[   80.121675][  T116]  ? __mutex_lock+0x5bb/0x1350
[   80.123240][  T116]  ? jfs_syncpt+0x25/0x90
[   80.124851][  T116]  ? __pfx___mutex_lock+0x10/0x10
[   80.126748][  T116]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   80.128996][  T116]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   80.131208][  T116]  ? rcu_is_watching+0x15/0xb0
[   80.133171][  T116]  jfs_syncpt+0x25/0x90
[   80.134595][  T116]  txEnd+0x2e5/0x530
[   80.135887][  T116]  jfs_lazycommit+0x5ba/0xa90
[   80.137690][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   80.139731][  T116]  ? __pfx_default_wake_function+0x10/0x10
[   80.141787][  T116]  ? __kthread_parkme+0x7b/0x200
[   80.143422][  T116]  ? __kthread_parkme+0x1a1/0x200
[   80.144986][  T116]  kthread+0x711/0x8a0
[   80.146321][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   80.148304][  T116]  ? __pfx_kthread+0x10/0x10
[   80.150042][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[   80.151774][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[   80.153623][  T116]  ? __pfx_kthread+0x10/0x10
[   80.155118][  T116]  ret_from_fork+0x3fc/0x770
[   80.156513][  T116]  ? __pfx_ret_from_fork+0x10/0x10
[   80.158254][  T116]  ? __switch_to_asm+0x39/0x70
[   80.159972][  T116]  ? __switch_to_asm+0x33/0x70
[   80.161543][  T116]  ? __pfx_kthread+0x10/0x10
[   80.163312][  T116]  ret_from_fork_asm+0x1a/0x30
[   80.165199][  T116]  </TASK>
[   80.167182][  T116] Kernel Offset: disabled
[   80.168808][  T116] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:47:27  Registers:
info registers vcpu 0

CPU#0
RAX=00000000ffffffff RBX=ffff888020ce7938 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000004 RDI=ffff888020ce7938 RBP=ffffc90003aef5b0 RSP=ffffc90003aef500
R8 =0000000000000001 R9 =0000000000000000 R10=dffffc0000000000 R11=fffffbfff1f47067
R12=ffff888020ce7948 R13=ffff888020ce7940 R14=1ffff1100419cf29 R15=1ffff1100419cf28
RIP=ffffffff819dffcd RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557c109500 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055557c12c608 CR3=000000010e87e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8167991b ffffffff8167991b
XMM02=ffffffff8168898d ffffffff8167991b XMM03=ffffffff81b88a44 ffffffff816889f6
XMM04=ffffffff81b8b641 ffffffff81b8b5f3 XMM05=ffffffff81b88c0a ffffffff81b88ba2
XMM06=ffffffff81b88b16 ffffffff81b88ac0 XMM07=ffffffff81b88a44 ffffffff816889f6
XMM08=0000000000000000 00007feb14612ee7 XMM09=0000000000000000 00007feb14612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90001d8f370
R8 =ffff888021168237 R9 =1ffff1100422d046 R10=dffffc0000000000 R11=ffffffff854f1d00
R12=dffffc0000000000 R13=ffffffff99afa907 R14=ffffffff99def3e0 R15=0000000000000000
RIP=ffffffff854f1d7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555589ad6000 CR3=00000000251c2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 0000000000000000
XMM02=0000555589ad7e76 0000555589ab8600 XMM03=0000555589a5a16c 0000555589a5a160
XMM04=0000000000000000 0000555589a54490 XMM05=0000000000000000 0000555589a54678
XMM06=0000000000000000 0000555589a56178 XMM07=c49e54bdc5724dcc f3d5877b59f1893e
XMM08=2383bf4daf04e9cd 0a6c3810475a4b7c XMM09=2030363864303061 3966666666666666
XMM10=6f6e5f6769726f5f 7664617461622062 XMM11=0a33312e79656b5f 5f2e77656e5f6564
XMM12=660a6c61636f6c5f 74726f70736e6172 XMM13=2030386130313061 3966666666666666
XMM14=0a6732685f74726f 70736e6172742062 XMM15=3061613031306139 6666666666666666
