last executing test programs:

1m50.098702375s ago: executing program 1 (id=104):
acct(0x0)

1m50.098359685s ago: executing program 1 (id=105):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r1, 0x80, 0x7e, 0xa}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)

1m50.017649088s ago: executing program 1 (id=107):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000040)=0x2)
write$tun(r0, &(0x7f0000000500)={@val={0x8, 0x800}, @val={0x1, 0x3, 0x3, 0xffff, 0x14, 0x5}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x4, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x5}}}}, 0x36)

1m49.875934407s ago: executing program 1 (id=110):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000000100)={[{@errors_remount}, {@namecase}, {@gid={'gid', 0x3d, 0xee00}}, {@errors_remount}, {@keep_last_dots}, {@errors_continue}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'macceltic'}}, {@umask={'umask', 0x3d, 0x3ff}}, {@dmask={'dmask', 0x3d, 0x7}}]}, 0x1, 0x1533, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWivOfuSvESrFKrBZrxFqxTqwXG8RGsUlsFlvEVrFNbBcfiR3iY7FT7BK7xSdij/hU7BWfiX3ic7FffCGyxJfigPhKHBRfi0PiG3FYfCuOiKPimPhOHBffixPipDglTosz4gdxVvwozgkvQKIUUkolAxkjc8hYmVPGyStkLhlceHavlvHyGplHXivzynwyvywgE2RBWUhqaaSVJENZWBaRUXmdLCqvl8XkDbK4LCGdLCkT5Y2ylLxJlpY3yzLyFllW3irLyfKygqwob5OV5O0SIj/vo6qsJqvLGvIumQx3y1ryHllb3ivryPtkXXm/rCcfkPXlg7KBfEg2lA/LRvIR2Vg2kU1lM9lcPipbyMdkS9lKtpaPyzbyCdlWPimT5FOynfQXXiLPyI7yWdlJPic7yy6yq/xRnpNedpc9JPQE2Uu+KHvLPrKv7Cf7y5fkAPmyHChfkSlykBwsX5VD5GtyqHxdDpNvyOHyTTlCjpSj5Gg5Ro6VqXKcHC/fkhPk23KinCQnyykyTU6VfS+sNFPKf5j/1u/kD/xp7xvkRrlJbpZb5Fa5TW6XH8kdcofcKXfK3XK33CP3yL1yr9wn98n9cr/MklnygDwgD8qD8pA8JA/Lw/KIPCpPy+/kcfm9PCFPypPytDwjz8izF54DUKiEkkqpQMWoHCpW5VRx6gqVS12pcqurVERdreLVNSqPulblVflUflVAJaiCqpDSyiirSIWqsCqiouo6vPCCUcVVCeVUSZWobvxX8lVRdb0qpm74Vf7F+pL/oL7mqrlqoVqolqqlaq1aqzaqjWqr2qoklaTaqXaqvWqvOqgOqqPqqDqpTqqz6qy6qq6qm+qmuqvuKlklq17qRdVb9VF9VT/VX72kBqgBaqAaqFJUihqsBqshaogaqoaqYWqYGq6GqxFqhBqlRqkxaoxKValqvBqvJqgJaqKaqCarySpNpalpapqarqarmWqmmqVmqdlqtpqr5qp0la7mq/kqQ2WohWqhylSL1CK1RC1Ry9QytUKtUKvUKrVGrVHr1DqVqTaqjWqz2qy2qq1qu9qudqgdaqfaqXar3WqP2qP2qr1qn9qn9qv9KktlqQPqgDqoDqpD6pA6rA6rI+qIOqaOqePquDqhTqhT6pQ6o86os+qsOqfOnT/tC0QgAhWoICaICWKD2CAuiAtyBbmC3EHuIBJEgvggPsgTXBvkDfIF+YMCQUJQMCgU6MAENhAXmh4NrguKBtcHxYIbguJBicAFJYPE4MagVHBTUDq4OSgT3BKUDW4NygXlgwpBxeC2oFJwe1A5uCOoEtwZVA2qBdWDGsFdQc3g7qBWcE9QO7g3qBPcF9QN7g/qBQ8E9YMHgwbBQ0HD4OGgUfBI0DhoEjQNmgXN/9T1vT+R7zHXXffQybqn7qVf1L11H91X99P99Ut6gH5ZD9Sv6BQ9SA/Wr+oh+jU9VL+uh+k39HD9ph6hR+pRerQeo8fqVD1Oj9dv6Qn6bT1RT9KT9RSdpqfqafodPV3P0DP1u3qWfk/P1nP0XD1Pp+v39Xy9QGfoD/RC/aHO1Iv0Yr1EL9XL9HK9Qq/Uq/RqvUav1ev0er1Bb9Sb9Ga9RW/V2/R2/ZHeoT/WO/UuvVt/ovfoT/Ve/Znepz/X+/UXOkt/qQ/or/RB/bU+pL/Rh/W3+og+qo/p7/Rx/b0+oU/qU/q0PqN/0Gf1j/qc9udP7s9/vRtllIkxMSbWxJo4E2dymVwmt8ltIiZi4k28yWPymLwmr8lv8psEk2AKmULmPDJkCpvCJmqipqgpaoqZYqa4KW6ccSbRJJpSppQpbUqbMqaMKWvKmnKmnKlgKpjbzG3mdnO7ucPcYe40d5pqppqpYWqYmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpapqa5qa5aWFamJampWltWps2po1pa9qaJJNk2pl2pr1pbzqYDqaj6Wg6mU6ms+lsupquppvpZrqb7ibZJJteppfpbXqbvqav6W/6mwFmgBloBpoUk2IGm8FmiBlihpqhZph5www/f6JqRppRZrQZY8aaVJNqxpvxZoKZYCaaiWaymWzSTJqZZqaZ6Wa6mWlmmllmlpltZpu5Zq5JN+lmvplvMkyGWWgWmkyTaRabxWapWWqWm+VmpVlpVpvVZi2sNevNerPRbDSbzWaz1Ww12812s8PsMDvNTrPb7DZ7zB6z1+w1+8w+s9/sN1kmyxwwB8xBc9AcMofMYXPYHDFHzDFzzBw3x80Jc8KcMqfMGZPvwvelN7E2p42zV9hc9kqb215l/z7ObwvYBFvQFrLa5rX5fhUba20xe4MtbktYZ0vaRHvjb+JytrytYCva22wle7ut/Ju4pr3b1rL32Nr2XlvD3vWruI69z9a1D9t6iAC2iW1gm9mG9mHbyD5iG9smtqltZtvYJ2xb+6RNsk/Zdvbp38Tz7QK70q6yq+0au9PusqfsaXvQfm3P2B9sd9vD9rcv2QH2ZTvQvmJT7KDfxMPtm3aEHWlH2dF2jB37m3iynWLT7FQ7zb5jp9sZv4nT7ft2ls2ws+0cO9fO+yk+X1OG/cAutB/aTBvAYrvELrXL7HK74v/XusSus+vtBrvDfmw32y12q91mt188Eba77G77id1jP7UH7Fd2n/3c7reHbJb98qf4/PEdst/Yw/Zbe8Qetcfsd/a4/V79lDuyN4D9wX5nf7TnrLdASECSFAUUQzkolnJSHF1BuehKyk1XUYSupni6hvLQtZSX8lF+KkAJVJAKkSZDlohCKkxFKErX0cXyilMJclSSEulGKkU3UWm6mcrQLVSWbqVyVJ4qUEW6jSrR7VSZ7qAqdCdVpWpUnWrQXVST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pibUlJpRc3qUWtBj1JJaUWt6nNrQE9SWnqQkeora0dPUnv5GHWgodKRnqRM9R52pC3Wl56kbvUDdqQclU0/qRS9Sb+pDfakf9aeXaAC9TAPpFUqhQTSYXqUh9BoNpddpGL1Bw+lNGkEjaRSNpjE0llJpHI2nt2gCvU0TaRJNpimURlNpGr1D02kGzaR3aRa9R7NpDs2leZRO79N8WkAZ9AEtpA8pkxbRYlpCS2kZLacVtJJW0WpaQ2tpHa2nDbSRNtFm2kJbaRttp49oB31MO2kX7aZPaA99SnvpM9pHn9N++oKy6Es6QF/RQfqaDtE3vgd9S0foKB2j7+g4fU8n6CSdotN0hn6gs/QjnSNPEGIoQhmqMAhjwhxhbJgzjAuvCHOFV4a5w6vCSHh1GB9eE+YJrw3zhvnC/GGBMCEsGBYKdWhCG1IYhoXDImE0vC4sGl4fFgsxLB6WCF1YMkwMbwxLhTeFpcObwzLhLWHZ8NawXFg+fPjeiuFtYaXw9rByeEdYJbwzrBpWC6uHNcK7wprh3WGt8J6wdnhvWDq8L6wb3h/WCx8I64cPhg3Ch8KG4cNho/CRsHHYJGwaNgubh4+GLcLHwpZhq7B1+HjYJnwibBs+GSaFT4Xtwqd/mr9vwR/PJ4c9w17hi+GLoff3yLnRedH06PvR+dEF0YzoB9GF0Q+jmdFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRDVHva+QAh0446ZQLXIzL4WJdThfnrnC53JUut7vKRdzVLt5d4/K4a11el8/ldwVcgivoCjntjLOOXOgKuyIu6q5zRd31rpi7wRV3JZxzJV2ia+aau+auhXvMtXStXGv3uHvcPeGecE+6J91Trp172rV3f3Md3DOuo3vWPeuec51dF9fVPe+6uXG5f35PJrterpfr7Xq7vq6v6+/6uwFugBvoBroUl+IGu8FuiBvihrqhbpgb5oa74W6EG+FGuVFujBvjUl2qG+/GuwlugpvoJrrJbrJLc2lumpvmprvprtKMn/cy2812c91cl+7S3Xx3/pwxwy10C12my3SL3WK31C11y91yt9KtdKvdarfWrXXr3Xq30W10m91mt9VtddvddrfD7XA7/VU/L+r2uL1ur9vn9rn97guX5b50B9xX7qD72h1y37jD7lt3xB11x9x37rj73p1wJ90pd9qdcT+4s+5Hd855lxoZFxkfeSsyIfJ2ZGJkUmRyZEokLTI1Mi3yTmR6ZEZkZuTdyKzIe5HZkTmRuZF5kfTI+5H5kQWRjMgHkYWRDyOZkUWRxZElkaWRZRHvC24OfWFfxEf9db6ov94X8zf44r6Ed76kT/Q3+lL+Jl/a3+zL+Ft8WX+rL+fL+wr+Ed/YN/FNfTPf3D/qW/jHfEvfyrf2j/s2/gnf1j/pk/xTvp1/2rf3f/Md/DO+o3/Wd/LP+c6+i+/qn/fd/Au+u+/hk31P38u/6Hv7Pr6v7+f7+5f8AP+yH+hf8Sl+kB/sX/VD/Gt+qH/dD/Nv+OExb/oRFy+RYaxP9eP8eP+Wn+Df9hP9JD/ZT/Fpfqqf5t/x0/0MP9O/62f59/xsP8fP9fN8un/fz/cLfIb/wC/0H/pMv+jiTWW/3K/wK/0qv9qv8Wv9Or/eb/Ab/Sa/2W/xW/02v91/5Hf4j/1Ov8vv9p/4Pf5Tv9d/5vflBL/ff+Gz/Jf+gP/KH/Rf+0P+G3/Yf+uP+KP+mP/OH/ff+xP+pD/lT/sz/gd/1v/oz/H/WWOMMcYY+6eMuzQUv575+XZ+z9/JEb/YuBcAXLmlQNYv58+fUa7N+/O4j0hoEwGAp3p0evDio2rV5OTkC9tmSgiKzAG4+DdB58XApXgRtIYnIAlaQanfrb+P6HKG/sH60VsA4n6REwuX4kvrfwaAyb+z/qOPD59fNjwV/z+sPwegWJFLOTnhUrwIWv90f6UVlP6D+vO1+GX9sb9dP+fnqQAtf5GTCy7Fl+pPhMfgaUj61ZaMMcYYY4wxxtjP+ogKHS5ef178F5+/d32eoC7l5IBL8T+6PmeMMcYYY4wxxtjl90yXrk8+mpTUqsO/Pqj8v8r6pweN4P9q5b9kcMd/Rhn/wsB7gIs/UQDwby4IcH4g/8qj2PSX7Cvlwlvn76eWnvYB/Ge08s8YXOYPJsYYY4wxxtif7tJJ/69/ri5XQYwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w6sV/ur8flO1TGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPssvl/AQAA//8lsf60")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x99501e, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

1m49.646239946s ago: executing program 1 (id=113):
setitimer(0x0, &(0x7f0000000280)={{0x2, 0x2}, {0x8000000000000001, 0x4}}, 0x0)

1m48.359024454s ago: executing program 1 (id=130):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8fcffffb702000005000000b703000000000000850000007500000095"], &(0x7f0000000fc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)

1m48.278803871s ago: executing program 32 (id=130):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8fcffffb702000005000000b703000000000000850000007500000095"], &(0x7f0000000fc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)

1m17.634840715s ago: executing program 2 (id=458):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18)
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20004890}, 0x4041080)

1m17.463769524s ago: executing program 2 (id=461):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x8a401)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000600)={{0x1, 0x1, 0x7, 0x3}, 0x1, 0x405})

1m16.989698787s ago: executing program 2 (id=463):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x44, &(0x7f0000000000)={0x4d, 0x0}, 0x10)

1m16.989154869s ago: executing program 2 (id=464):
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x204818, &(0x7f0000000480)={[{@mode={'mode', 0x3d, 0x7}}, {@showassoc}, {@session={'session', 0x3d, 0x40}}, {@session={'session', 0x3d, 0x62}}, {@sbsector}, {@gid}, {@session={'session', 0x3d, 0x56}}, {}]}, 0x1, 0x54e, &(0x7f00000008c0)="$eJzs3V1v01gawPHHfYEoK1WrZYVQVeBQdqUileAkEBSxN17nJD2Q2JHtoPYKVTRFFSmsKCtte8Nyw8xIMx+CuZwPMd8IzUeYke2kLzSJgb5O9f9FcE7sY5/npJYfuY2PBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiOXWbLtoSdN4nWU1mlsL/Nbe2/7WhxbInQPFmH5FrPif5HJyLV107e97q6/G/83LXPpuTnJxkZOdv1z966MrUxOD7ccE/FV+/sY9bW3vvFzt9bpvjiuQc+j65dHrGtozoW9aTkMrE/qqWqnY95bqoaqbpg5Xwki3lBtoJ/IDteDeUcVqtax0YcXveI2a09SDhQ/vlmy7oh4X2toJQt+797gQukum2TReI2kTr47bPIwPxCcmUpF2Wkqtb/S65awBxI2KX9KolNWoZJdKxWKpVKw8qD54aNtThxbYn5FDLY7voMWf0zGevYGjmejnf2mKEU86sixq6MuVmgTiS2vE+r5B/v/nPT223/35f5Dlr+2tnpUk/99I390Ylf9HxHJ6ry3Zlh15KavSk5505c0J9jVz5qM9/GqIFk+MhOKLkZY4yRLVX6KkKhWpiC3PZEnqEoqSuhhpipZQViSUSHRyRLkSiBZHIvElECUL4sodUVKUqlSlLEq0FGRFfOmIJw2piZPsZV02ks+9LMoaFeNuo+LIYeQHx11XSmNGS/7H0R3r+Rs4it8H+R8AAAAAAFxYVvLb9/j6f1quJ7W6aWr7rMMCAAAAAADHKPnL/1xcTMe162Jx/Q8AAAAAwEVjJffYWSKSl5tpbV2s5HYpfgkAAAAAAMAFkfz9/0ZcJHOg3BRrd7oUrv8BAAAAALggvs+cYz9sX7Z+/U2CYNp6317+h7WZzM3rbE6m201+vseoPmvN9HeSFJW0mJpy9ZyVSxvtToL5qV+sZ8Vh7QXg7Abw/68J4MqU/Ci30ja31tJybbAm7SVfN01dcP3mo6I4zsxEpJej/77a+J8kw//Ba81YOdnodQvPX/fWkljex3t5v9mfQPHQPIpjYnmbzLeQ3HMxdMTTyY0Y/X7zlqxv9Lr2/vFPpJtPHOzx3cyYPj/IfNpqvj/jbf7g+HNxn8XCqNH3oygeceQf5Hba5vbC7bQYEkUpK4rS/iiGfxZHj6KcFUX5iFEAwFlZz8hClhzKu99wlvu27C5fmd0/yELaZmE2ObFOzQ45o9tZZ3R7fHabzIril0PPQBqVY+N+f/osq36MN/g4MquGzZIVf4STbzf/I1e3tnfubmyuvui+6L4qlcoV+75tPyjJdDKMfkHuAQAMsf8ZO9bQ/J/5FB7rfsZV9d92v1JQkOfyWnqyJovJ3QbJNw6G7jW/72sIixlXrfkkTaZPeFkcc1V3KbnLYbDf0ti2B2Mon8JPAgCA0zOfkYe/JP8vZlx3H8zl46+O8/ue1gYAAE6GDj5Z+eg7KwhM+1mxWi060ZJWge8+UYGpNbQyXqQDd8nxGlq1Az/yXb8ZV56amg5V2Gm3/SBSdT9QbT80y8n0gar/6PdQtxwvMm7Ybmon1Mr1vchxI1UzofuvduffTRMu6SDZOGxr19SN60TG91TodwJXF5QKtVZ7DU1Ne5Gpm7jqqXZgWk6QU0/9ZqelVU2HbmDakZ/ucNCX8ep+0Ep2e+msP2wAAM6Jre2dl6u9XvfNCVaGdpw79aECAIC+jCwNAAAAAAAAAAAAAAAAAAAAAADOgdO4/4/KBa8MpoI+L/FQOYZK5qnj3YmfnACcqD8CAAD//x6LT3Q=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

1m16.91931738s ago: executing program 2 (id=465):
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_emit_vhci(0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_FUNCS(r1, 0x705, &(0x7f0000000700)=0xc6)

1m16.536651669s ago: executing program 2 (id=468):
mknod(0x0, 0x800141f, 0x4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901)
open_tree(r0, &(0x7f0000000640)='\x00', 0x81101)

1m16.426470088s ago: executing program 33 (id=468):
mknod(0x0, 0x800141f, 0x4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901)
open_tree(r0, &(0x7f0000000640)='\x00', 0x81101)

6.036993835s ago: executing program 3 (id=1416):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a88000000060a0b040000000000000000020000005c000480580001800a0001006d617463680000004800028008000240000000001c0003004cb43801b2486e8f58c2052fade1bc2c62cdeb7521cf85f60e0001007374617469737469630000000e000100636f6e6e62797465730000000900010073797a30000000000900020073797a32"], 0xb0}}, 0x0)

5.947181072s ago: executing program 3 (id=1417):
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
request_key(&(0x7f0000000540)='id_legacy\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f00000005c0)='\x00', 0x0)
clock_adjtime(0x0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x5, 0x100000001, 0x4, 0x8000, 0x15c, 0x155, 0x7, 0xb, 0x80, 0xabbb, 0x3, 0x1, 0xf156, 0x1, 0x0, 0x41a0, 0x7fff, 0xc, 0x3, 0xffffffffffffffc8, 0xffff, 0x987, 0x6, 0x2, 0x3})
add_key(&(0x7f00000000c0)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='j', 0x1, 0xfffffffffffffffd)
request_key(&(0x7f0000000540)='id_legacy\x00', &(0x7f0000000580)={'syz', 0x2}, 0x0, 0xffffffffffffffff)

5.946811045s ago: executing program 3 (id=1418):
syz_usb_connect(0x3, 0x2d, &(0x7f0000000d00)={{0x12, 0x1, 0x200, 0x29, 0x1a, 0xf9, 0x40, 0x4e8, 0xa101, 0xc7ae, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x8, 0x0, 0x70, 0x0, [{{0x9, 0x4, 0x66, 0x7f, 0x1, 0xff, 0xaf, 0xd6, 0xa0, [], [{{0x9, 0x5, 0x7, 0xc, 0x3ff, 0x3, 0x7, 0x4}}]}}]}}]}}, 0x0)

4.666314671s ago: executing program 3 (id=1440):
r0 = socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x244072, 0xffffffffffffffff, 0x952ce000)
setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000000)=0x1, 0x4)

4.556571353s ago: executing program 3 (id=1441):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000010600)='./bus\x00', 0x10, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f666c7573685f6d657267652c66617374626f6f742c746573745f64756d6d795f656e6372797074696f6e2c696e6c696e655f78617474725f73697a653d3078303030303030303030303030303030632c00e863cd59e1f6a329db71886ce3bac8c29075314f1d7afec0cd24ffcf74aa2b1c809f629d1ba3849699bffbda66cb78b431a5ddcd3c1086269413aa903a605e639fefe8d3b54bb838f236b49a869657fb097235d5fc303322a330a2890bcca6ca"], 0x1, 0x105ab, &(0x7f000003f380)="$eJzs3E1rY9UfB/Bfpv95/I9jkXnQlRdEaMCEpu0UBZGqM+iAHYoPC1eaJrchM0luadIHZ60rfQluBRF3vgY3vo3BheBKcCGMKLn3VqY6C7WZZpx+PnD7Pffk3F/OCdmc3HIDOLZmk59/qsSFOBsRMxFxPiJvV8ojt1LE0xHxbEScuO+olP1/dJyKiHMRcWFcvKhZKV9a/vXuvS+eufHyp1/drTZ++PLz6a0amLbnI6K/WbR3+0VmnSJvlf3NnW6e/aWdMosX+rfL86zI3XQ9r7Db3B/XzHOxU4zPNreH49zoNVvj7HQ38v7NQfGGw53Ofp38glvNrfy8na7n2R1meXbuFPPaK/POcFTUaZf1PsrLx2i0n0V/upcW69m8nWdrMCr7i7pZO90b506Z5dtFK+u183ms/+uP+ZH3VnewvZfspFvDbjZIrtYbL9Yby7XGVtZOR+lSrdlvLy8lc53eeFhtlDb7K50s6/TSeivrV5O5TqtVazSSuWvperc5SBqN+mJ9vna1WrZeSN64+V7Saydz43ytO9gedXvDZCPbSoorqslCffGlavJcI3lndS1Ze/v69dW1dz+49v7NV1dvvF4O+su0krmF+YWFWmO+ttCoWv9h/FI53PUcc74/AP+Y/T8wDfb/9v9h/3vs12/7xqH4AgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHFvfn/zmzbwxW5z/v+x/oux6KiKuRMTliLgUEb89wEycOlDzYkRUyvaDxp/80xy+rUReYXzN6fI4FxEr5XHvyYf9KQAAAMDj6+vvPv4kYmbczP+8Mu0JcZTKH23OTKpe/pPP/yZV7WJebG9C1S7tl5yIyxFxcvbHCVW7EhEnzn84oWp/y8yBOHNfVIo4cZSzAQAAjsbBncDEdm8AAAA8cj6b9gSYjvx+bfm/+OW94NNFlDcEzx44AwAAAP6DKtOeAAAAAPDQ5ft/z/8DAACAx1vx/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPidnbvJURsGwwD8AU2hfyqq+LkKq6pLFhyiR+iyB2hv0x1nqIQ4B931CCMYkXjQBNjFCWjmeaSM7Wh49QWJhW0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KZ/xXr5Z/vrd9Oc/aGZPE8DAAAAXLMr1suyM67GH9L9T+nWl4iYR8QsIqYRcW3uPoi3tcxJRPRS/9r/F2c1/I0oE46vGabrfUR8S9fD57bfBQAAAHi5tpvFKmJw7JZ/vp56vAJp0WaUK69c8nmTK21Shv3MlDZ9isxiFhHF+H+mtHlE9D9+T6NOPn+DWjN61vSqpt9FFQAAQLfqM4FsszcAAADuzo9bF8BtlPu16bv4aS94WDVpQ/BdbQQAAADcr/Nf25/0uq0DAAAAuIFy/n9x/l9aFWjt/L/hZSHO/wMAAID2VOf/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KZdsV5uN4tV05z9oZk8TwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/szzsKhEAYhMHe9X2nwfsfSxo0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3vzuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fVrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725+4EQiAIwmDf+Z/TYv5hSYPGIEIVLHzMMA8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB80e9++T8xNc4kc6eNpeORZO2qsXXV2HvQOHow3v4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCxAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWF/bm3TRgI4zj82kmUuE1GSG/xMQMNFYIR+JCQLHkGBmAhGipai0VgBRBw0NKZgudp/j+drrgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID3dHp64yMiss9H5pEPV3+Hy8FX5OumGXxfM9sc9/XPLSfb3Sjlb4z/i4goImvhNwAA7Svvm2KxrOadtN20vbT9tOW0rmavfDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGd27pi1iTcMAPibtMn/X50crSCCgy42NrEaIYtDobsg6BbaWIqpSpqhLV36CUQnV7+C3fQr+AUEBy04OHRQcBFEueTSvsEgKcJdaH8/eO6eXODufTMcPPe8FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOJaD3XB2kBdCCLPTR3ni/ded5VH7t88+zA7iy503F+NzJqcohRAerrVb1zOcy6Tb2Np+1Gy3Wx2JRHL6kuQmMPKrvO9MAACcNKU0krr+U2lvKTlWaITw69Vw/X8lysNf6v/PL89fGMTPzXfd+Fpx/T+f2QwnX6W7/rSysbV9bW29udpabT2u1aoLNxdu3L5VrfSelVQ8MQEAAODflNOI6/9i48/+/5koD2PW//cWH9yPrzWl/h/pqOmX90gAAABOt3OXvn8rjDheKJfDZrPb7cz3t4efq/1tDkM9tv/SiOv/qUbeowIAAACycLBbGOr/r0R5GLP/P/d6Zz8+51QIYSbt/88tP2mvZDediZbFm8Z5zxEAAIB8zaQR9/9LvfX/xcMlD8UQwtXL/Tz9G8Cx6v+PL+4OvbQer/+vZTfFiVSs93+P3r4ewnQ97xEBAABwkv2fRlLs75f2ljo/ni+Wrf8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dc79o/SQBDFAXj/ZLUSA1Zq5QVEO6uAhSA2HkIUBE8ggngAsbX0DpbeIbWCjYVlCm8gbzZjIE263Ui+D5L3CEPm7WyzvwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWmhzP+jq+hm1fTX97/7m7iPoxV8P38/ZufKIvuxz6HyqP+p4AAACAVVDnfF8UxVfzehq1GqX83+Q1kflfNto+5/n53J/r29PnTs7/9+d7t38bDdt94k+vrm8uDzq7wuW3uXDFIJ18evdSpxtSnT1sTZp0nuXjeHyyltr1diUAsHz2c502+Xko6mGfgwGwMgbFLDPm/F+P+p0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAu/AQAA//8mX148")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000800)={{}, {0x1, 0x4}, [], {0x4, 0x3}, [], {0x10, 0x1}, {0x20, 0x6}}, 0x24, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x28042, 0x0)

3.729583145s ago: executing program 3 (id=1445):
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000034709d405f0530c2acb6010203010902120001000000000904000000f2191578"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000bc0)={0x34, &(0x7f0000000b00)={0x0, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)

3.67372726s ago: executing program 0 (id=1448):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x38, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xfffffffe}]}, 0x38}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

3.673239687s ago: executing program 0 (id=1450):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x30a9f29ecc337b1d, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0)

3.61566577s ago: executing program 0 (id=1452):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x4, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000000), &(0x7f00000002c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))

3.606359149s ago: executing program 0 (id=1454):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x2, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @adiantum, 0x4, '\x00', @d})
mount$overlay(0x0, &(0x7f00000003c0)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3.524173007s ago: executing program 0 (id=1455):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0)
open_by_handle_at(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0c00000002"], 0x408100)

3.248257414s ago: executing program 0 (id=1459):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000107010100000000000000000a00000a1c0007"], 0x30}, 0x1, 0x0, 0x0, 0x4008801}, 0x20008004)

3.151765771s ago: executing program 34 (id=1459):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000107010100000000000000000a00000a1c0007"], 0x30}, 0x1, 0x0, 0x0, 0x4008801}, 0x20008004)

2.909193392s ago: executing program 4 (id=1466):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0xfffffffffffffbd7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x3, 0x1, 0x3, "290037e7f30f000080df4832c305000000830000000000e300", 0x37303250})

2.812729248s ago: executing program 4 (id=1467):
add_key(&(0x7f0000000080)='rxrpc_s\x00', &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)

2.812354967s ago: executing program 4 (id=1468):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$vfat(&(0x7f0000003880), &(0x7f00000000c0)='./file1\x00', 0x200000, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES16=0x0, @ANYRES16=0x0], 0x88, 0x2a9, &(0x7f0000000c00)="$eJzs3T9rc1UYAPDnpmmSV4dkcJKCF3RwKm1XlxRpoZhJyaAOWmwL0gShhYJ/MHZydXH0EwiCm1/CxW8guApudihcuTf3mqSmaSNN9S2/39LTc89zznNOz6V0yNMPN4anR2mcXH7xa7RaSdS68SyukuhELSpfxYzuNwEAPM+usiz+yMaWiUsiorW6tACAFVr69/+PK08JAFixd959763dXm/v7TRtxf7w64t+/pd9/nX8fPckPo5BHMdWtOM6IvvbuL2fZdmonuY68dpwdNHPI4cf/FzOv/t7RBG/He3oFF2z8Qe9ve10bCp+lOfxQrl+N4/fiXa8NGf9g97ezpz46Dfi9Ven8t+MdvzyUXwSgzgqkpjEf7mdpm9m3/75+ft5enl8MrroN4txE9naI/9oAAAAAAAAAAAAAAAAAAAAAAB4wjbL2jnNKOr35F1l/Z216/yb9Ugrndn6POP4pJroRn2gURbfVfV1ttI0zcqBk/h6vFyP+n+zawAAAAAAAAAAAAAAAAAAAPh/Of/0s9PDweD47EEaVTWA6mP9/3ae7lTPK7F4cHOyVq1sLpg51qoxScTCNPJNPNCx3NV4dlvO3/+w7IStu8esLzqfh2lUt+v0MJl/hs2oelrVJflpekwj7rlW47ZHG0UC1eW4a57G3EftpffeeLFojBaMiWTRe/HGb+OEy57k5kvUKE51bvh62ZgKv3E3brvP1SnNvin/kKjWAQAAAAAAAAAAAAAAAAAAKzX5GPCch5cLQ2tZc2VpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCjmvz//yUaozL4HoMbcXY+f+X6Y24TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ+6vAAAA//+lillR")
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x18)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r4)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r6=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000440)}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r6}}], 0x20, 0x2400e044}, 0x0)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000000)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r7 = getpgrp(0xffffffffffffffff)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x1b, 0x2, @tid=r7}, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000ac0)='/sys/kernel/softlockup_count', 0x141a82, 0x4)

1.764469295s ago: executing program 4 (id=1469):
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x6, 0x24, &(0x7f0000000740)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x40085503, 0x0)

952.068069ms ago: executing program 4 (id=1470):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001a80)="d8000000180081064e81f782db4cb904021d0800fe007c05e8fe50a10a000600014002020c600e41b0000900ac000a0501000000160012000a00ff120048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x894)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000480)=[@in={0x2, 0x4e24, @rand_addr=0x3}], 0x10)

0s ago: executing program 4 (id=1471):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000000)="05170806", 0x4, 0x50, &(0x7f0000000080)={0x11, 0x8100, r1, 0x1, 0x9}, 0x14)

kernel console output (not intermixed with test programs):

dquot type 0
[   87.724116][ T6403] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem
[   87.727590][ T6403] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.261: mark_inode_dirty error
[   87.731261][ T6403] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   87.734469][ T6403] EXT4-fs (loop2): 1 orphan inode deleted
[   87.742041][ T6403] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.794404][ T5934] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.807260][ T1093] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u9:5: lblock 1 mapped to illegal pblock 1 (length 1)
[   87.816998][ T1093] Quota error (device loop2): remove_tree: Can't read quota data block 1
[   87.820417][ T1093] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u9:5: Failed to release dquot type 0
[   87.830072][ T5934] EXT4-fs error (device loop2): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[   87.837160][ T5934] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Corrupt filesystem
[   87.841139][ T5934] EXT4-fs error (device loop2): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[   87.914244][   T24] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   87.929099][   T24] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   88.144733][ T6418] loop2: detected capacity change from 0 to 1024
[   88.183757][ T1093] hfsplus: b-tree write err: -5, ino 4
[   88.211485][ T6420] loop2: detected capacity change from 0 to 256
[   88.229429][ T6420] FAT-fs (loop2): Directory bread(block 64) failed
[   88.231534][ T6420] FAT-fs (loop2): Directory bread(block 65) failed
[   88.234119][ T6420] FAT-fs (loop2): Directory bread(block 66) failed
[   88.237669][ T6420] FAT-fs (loop2): Directory bread(block 67) failed
[   88.240482][ T6420] FAT-fs (loop2): Directory bread(block 68) failed
[   88.242515][ T6420] FAT-fs (loop2): Directory bread(block 69) failed
[   88.244632][ T6420] FAT-fs (loop2): Directory bread(block 70) failed
[   88.246978][ T6420] FAT-fs (loop2): Directory bread(block 71) failed
[   88.249360][ T6420] FAT-fs (loop2): Directory bread(block 72) failed
[   88.251555][ T6420] FAT-fs (loop2): Directory bread(block 73) failed
[   88.460504][ T6422] loop2: detected capacity change from 0 to 2048
[   88.478761][ T6423] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   88.748228][ T6443] ref_ctr_offset mismatch. inode: 0x191 offset: 0x0 ref_ctr_offset(old): 0x68 ref_ctr_offset(new): 0x0
[   88.944206][ T6451] loop3: detected capacity change from 0 to 256
[   89.215669][ T5926] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   89.405587][ T5926] usb 3-1: Using ep0 maxpacket: 16
[   89.462963][ T5926] usb 3-1: config 0 has an invalid interface number: 236 but max is 1
[   89.482941][ T5926] usb 3-1: config 0 has an invalid interface number: 129 but max is 1
[   89.499185][ T5926] usb 3-1: config 0 has no interface number 0
[   89.544029][ T5926] usb 3-1: config 0 has no interface number 1
[   89.553516][ T5926] usb 3-1: config 0 interface 236 has no altsetting 0
[   89.560651][ T5926] usb 3-1: config 0 interface 129 has no altsetting 0
[   89.567044][ T5926] usb 3-1: New USB device found, idVendor=1ace, idProduct=e9b2, bcdDevice=5c.3d
[   89.571434][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.577769][ T5926] usb 3-1: Product: syz
[   89.580509][ T5926] usb 3-1: Manufacturer: syz
[   89.583528][ T5926] usb 3-1: SerialNumber: syz
[   89.598405][ T5926] usb 3-1: config 0 descriptor??
[   89.819375][ T5926] ir_usb 3-1:0.236: required endpoints missing
[   89.867347][ T5926] usb 3-1: selecting invalid altsetting 0
[   89.896012][ T5926] uvcvideo 3-1:0.129: Found UVC 2.26 device syz (1ace:e9b2)
[   89.898745][ T5926] uvcvideo 3-1:0.129: No valid video chain found.
[   89.904089][ T5926] usb 3-1: USB disconnect, device number 4
[   90.384061][ T6475] netlink: 72 bytes leftover after parsing attributes in process `syz.2.287'.
[   91.389457][ T6488] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.291'.
[   91.442256][ T6432] Set syz1 is full, maxelem 65536 reached
[   91.480886][ T6492] netlink: 9 bytes leftover after parsing attributes in process `syz.2.293'.
[   91.489312][ T6492] netlink: 9 bytes leftover after parsing attributes in process `syz.2.293'.
[   91.601689][ T6504] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[   91.617450][ T6502] loop2: detected capacity change from 0 to 2048
[   91.623966][ T6504] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   91.792511][ T6514] loop2: detected capacity change from 0 to 1024
[   91.811245][ T6514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.821116][ T6514] EXT4-fs error (device loop2): ext4_lookup:1787: comm syz.2.303: inode #12: comm syz.2.303: iget: illegal inode #
[   91.830845][ T6514] EXT4-fs (loop2): Remounting filesystem read-only
[   91.870808][ T5934] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.192960][ T6535] loop2: detected capacity change from 0 to 4096
[   92.198338][ T6535] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[   92.257220][   T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   92.300165][   T34] audit: type=1326 audit(1763769268.706:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.310500][   T34] audit: type=1326 audit(1763769268.706:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.321765][   T34] audit: type=1326 audit(1763769268.726:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.335664][   T34] audit: type=1326 audit(1763769268.726:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.341720][   T34] audit: type=1326 audit(1763769268.726:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.349468][   T34] audit: type=1326 audit(1763769268.746:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.397533][   T34] audit: type=1326 audit(1763769268.806:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.397592][   T34] audit: type=1326 audit(1763769268.806:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.316" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd034f8f749 code=0x7ffc0000
[   92.437463][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.441401][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.444971][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   92.456597][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   92.460011][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.467259][   T24] usb 4-1: config 0 descriptor??
[   92.507215][ T6553] netlink: 72 bytes leftover after parsing attributes in process `syz.0.322'.
[   92.735651][ T6159] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   92.879131][   T24] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd
[   92.892410][   T24] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[   92.897454][ T6159] usb 3-1: Using ep0 maxpacket: 16
[   92.908160][ T6159] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   92.911506][ T6159] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.914329][ T6159] usb 3-1: Product: syz
[   92.916151][   T33] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   92.920077][ T6159] usb 3-1: Manufacturer: syz
[   92.921877][ T6159] usb 3-1: SerialNumber: syz
[   92.931025][ T6159] r8152-cfgselector 3-1: Unknown version 0x0000
[   92.934802][ T6159] r8152-cfgselector 3-1: config 0 descriptor??
[   93.075643][   T33] usb 1-1: Using ep0 maxpacket: 16
[   93.081705][   T33] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   93.091587][   T33] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[   93.094940][   T33] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.097946][   T33] usb 1-1: Product: syz
[   93.099579][   T33] usb 1-1: Manufacturer: syz
[   93.101412][   T33] usb 1-1: SerialNumber: syz
[   93.107821][   T33] usb 1-1: config 0 descriptor??
[   93.114198][   T33] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[   93.116824][   T33] gspca_stv06xx: st6422 sensor detected
[   93.141733][ T6159] r8152-cfgselector 3-1: Needed 1 retries to read version
[   93.162007][ T5926] usb 4-1: USB disconnect, device number 2
[   93.344696][ T5926] r8152-cfgselector 3-1: USB disconnect, device number 5
[   93.589202][   T33] STV06xx 1-1:0.0: probe with driver STV06xx failed with error -71
[   93.593069][   T33] usb 1-1: USB disconnect, device number 3
[   93.898938][ T6563] loop2: detected capacity change from 0 to 1024
[   93.905288][ T6563] EXT4-fs (loop2): filesystem is read-only
[   93.949013][ T6159] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   94.095650][ T6159] usb 4-1: Using ep0 maxpacket: 16
[   94.099933][ T6159] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[   94.104361][ T6159] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   94.111929][ T6159] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[   94.117634][ T6159] usb 4-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[   94.121144][ T6159] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.125654][ T6159] usb 4-1: config 0 descriptor??
[   94.229789][ T6571] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   94.232800][ T6571] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   94.240408][ T6571] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   94.245175][ T6571] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   94.248062][ T6571] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   94.254107][ T6571] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   94.258535][ T6571] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   94.260960][ T6571] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   94.268163][ T6571] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   94.312858][ T6579] loop0: detected capacity change from 0 to 2048
[   94.319496][ T6579] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   94.542854][ T6159] logitech 0003:046D:C295.0003: hidraw0: USB HID v0.01 Device [HID 046d:c295] on usb-dummy_hcd.3-1/input0
[   94.546242][ T6159] logitech 0003:046D:C295.0003: no inputs found
[   94.675641][ T5926] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   94.749960][   T10] usb 4-1: USB disconnect, device number 3
[   94.838072][ T5926] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   94.841940][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   94.846044][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   94.849026][ T5926] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   94.852837][ T5926] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   94.855606][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.860943][ T5926] usb 1-1: config 0 descriptor??
[   95.288747][ T5926] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   95.325795][ T6598] netlink: 11 bytes leftover after parsing attributes in process `syz.2.343'.
[   95.363170][ T6602] Illegal XDP return value 38 on prog  (id 23) dev N/A, expect packet loss!
[   95.485102][ T6607] device ioctl magic numbers don't match! Did you rebuild pvfs2-client-core/libpvfs2? [cmd 8982, magic 89 != 6b]
[   96.680464][ T5938] Bluetooth: hci0: command 0x0c1a tx timeout
[   96.683740][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout
[   96.687050][ T5938] Bluetooth: hci1: command 0x0c1a tx timeout
[   96.724764][   T24] usb 1-1: USB disconnect, device number 4
[   96.980842][ T6633] loop2: detected capacity change from 0 to 512
[   96.991264][ T6633] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.354: inode has both inline data and extents flags
[   96.998781][ T6633] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.354: couldn't read orphan inode 15 (err -117)
[   97.005941][ T6633] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.071615][ T5934] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.270398][ T6646] loop2: detected capacity change from 0 to 32768
[   97.300108][ T6646] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   97.318491][ T6646] XFS (loop2): Ending clean mount
[   97.341612][ T6659] loop0: detected capacity change from 0 to 256
[   97.350249][ T6659] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[   97.412730][ T5934] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   97.483882][ T6667] lo speed is unknown, defaulting to 1000
[   97.493735][ T6667] lo speed is unknown, defaulting to 1000
[   97.528125][ T6667] lo speed is unknown, defaulting to 1000
[   97.711021][ T6667] infiniband syz1: set active
[   97.718633][ T5926] lo speed is unknown, defaulting to 1000
[   97.723875][ T6667] infiniband syz1: added lo
[   97.787773][ T6667] RDS/IB: syz1: added
[   97.789519][ T6667] smc: adding ib device syz1 with port count 1
[   97.791500][ T6667] smc:    ib device syz1 port 1 has no pnetid
[   97.796526][    T9] lo speed is unknown, defaulting to 1000
[   97.800458][ T6667] lo speed is unknown, defaulting to 1000
[   97.989549][ T6667] lo speed is unknown, defaulting to 1000
[   97.996710][ T6683] loop2: detected capacity change from 0 to 512
[   98.004636][ T6683] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.371: inode has both inline data and extents flags
[   98.010583][ T6683] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.371: couldn't read orphan inode 15 (err -117)
[   98.015699][ T6159] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   98.026189][ T6683] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.174869][ T6667] lo speed is unknown, defaulting to 1000
[   98.265604][ T6159] usb 4-1: Using ep0 maxpacket: 32
[   98.269710][ T6159] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[   98.272969][ T6159] usb 4-1: config 0 has no interface number 0
[   98.275341][ T6159] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   98.306772][ T6159] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[   98.310620][ T6159] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.317549][ T6159] usb 4-1: Product: syz
[   98.319298][ T6159] usb 4-1: Manufacturer: syz
[   98.321171][ T6159] usb 4-1: SerialNumber: syz
[   98.630821][ T6159] usb 4-1: config 0 descriptor??
[   98.640214][ T6159] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[   98.643897][ T6159] em28xx 4-1:0.132: Video interface 132 found:
[   98.715728][ T5937] Bluetooth: hci1: command 0x0c1a tx timeout
[   98.716592][ T5938] Bluetooth: hci2: command 0x0c1a tx timeout
[   98.718430][ T5937] Bluetooth: hci0: command 0x0c1a tx timeout
[   98.943970][ T5934] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.068421][ T6159] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[   99.322819][ T6704] loop0: detected capacity change from 0 to 32768
[   99.358853][ T6704] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   99.676067][ T6159] em28xx 4-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5)
[   99.679589][ T6159] em28xx 4-1:0.132: failed to read eeprom (err=-5)
[   99.681615][ T6159] em28xx 4-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[   99.727399][ T6704] (syz.0.377,6704,0):ocfs2_dio_end_io:2401 ERROR: Direct IO failed, bytes = -28
[   99.735729][ T6159] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[   99.741842][ T6159] em28xx 4-1:0.132: analog set to bulk mode.
[   99.746859][ T6159] usb 4-1: USB disconnect, device number 4
[   99.749715][ T6159] em28xx 4-1:0.132: Disconnecting em28xx
[   99.751809][   T33] em28xx 4-1:0.132: Registering V4L2 extension
[   99.770600][ T6704] syz.0.377 (6704) used greatest stack depth: 18104 bytes left
[   99.824030][ T5939] ocfs2: Unmounting device (7,0) on (node local)
[   99.872615][   T33] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[   99.877805][   T33] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[   99.880670][   T33] em28xx 4-1:0.132: No AC97 audio processor
[   99.901345][   T33] usb 4-1: Decoder not found
[   99.903189][   T33] em28xx 4-1:0.132: failed to create media graph
[   99.910518][   T33] em28xx 4-1:0.132: V4L2 device video103 deregistered
[   99.921827][   T33] em28xx 4-1:0.132: Remote control support is not available for this card.
[   99.931026][ T6159] em28xx 4-1:0.132: Closing input extension
[   99.953713][ T6159] em28xx 4-1:0.132: Freeing device
[  100.424780][ T6740] xt_CONNSECMARK: invalid mode: 66
[  100.471429][ T6742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.391'.
[  100.735598][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  100.785674][ T5937] Bluetooth: hci2: command 0x0c1a tx timeout
[  100.786150][ T5938] Bluetooth: hci1: command 0x0c1a tx timeout
[  100.795762][ T5938] Bluetooth: hci0: command 0x0c1a tx timeout
[  100.885549][    T9] usb 3-1: Using ep0 maxpacket: 32
[  100.890688][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.894982][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.898891][    T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  100.902473][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.908134][    T9] usb 3-1: config 0 descriptor??
[  101.240951][ T6752] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  101.240951][ T6752] The task syz.0.395 (6752) triggered the difference, watch for misbehavior.
[  101.327987][    T9] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  101.495126][ T6756] netlink: 'syz.3.397': attribute type 1 has an invalid length.
[  101.587680][   T24] usb 3-1: USB disconnect, device number 6
[  101.787256][ T6760] loop3: detected capacity change from 0 to 32768
[  101.802928][ T6760] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  101.858823][ T6082] (syz-executor,6082,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  101.868227][ T6082] ocfs2: Unmounting device (7,3) on (node local)
[  102.533277][ T6776] pimreg3: entered allmulticast mode
[  102.708618][ T6779] loop2: detected capacity change from 0 to 512
[  102.711899][ T6779] EXT4-fs: Ignoring removed orlov option
[  102.714088][ T6779] EXT4-fs: Ignoring removed nobh option
[  102.720448][ T6779] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.406: corrupted in-inode xattr: e_value size too large
[  102.726246][ T6779] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.406: couldn't read orphan inode 15 (err -117)
[  102.733394][ T6779] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.845085][ T5934] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.852019][ T6783] loop3: detected capacity change from 0 to 128
[  102.853137][ T6783] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  102.853856][ T6783] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  103.145185][ T6789] loop3: detected capacity change from 0 to 4096
[  103.150006][ T6789] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  103.171400][ T6789] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  103.477728][ T6792] loop0: detected capacity change from 0 to 8192
[  103.779677][ T6804] loop3: detected capacity change from 0 to 128
[  103.786055][ T6804] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  103.791801][ T6804] ext4 filesystem being mounted at /99/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  104.006426][ T6806] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  104.010136][ T6806] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  104.157096][ T6809] netlink: zone id is out of range
[  104.159591][ T6809] netlink: zone id is out of range
[  104.162160][ T6809] netlink: set zone limit has 8 unknown bytes
[  104.717145][ T6817] affs: No valid root block on device nullb0
[  104.872742][ T6819] netlink: 'syz.0.421': attribute type 3 has an invalid length.
[  104.971724][ T6821] netlink: 32 bytes leftover after parsing attributes in process `syz.0.422'.
[  104.977864][ T6821] netlink: 32 bytes leftover after parsing attributes in process `syz.0.422'.
[  105.429813][ T6082] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  105.508308][ T6838] loop3: detected capacity change from 0 to 2048
[  105.531328][ T6838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.535006][ T6838] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.677509][ T6833] loop0: detected capacity change from 0 to 32768
[  105.733120][ T2281] IPVS: starting estimator thread 0...
[  105.839802][ T6848] IPVS: using max 42 ests per chain, 100800 per kthread
[  106.427756][ T6863] netlink: 60 bytes leftover after parsing attributes in process `syz.2.436'.
[  106.430522][ T6863] netlink: 28 bytes leftover after parsing attributes in process `syz.2.436'.
[  106.954511][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.173814][ T6871] netlink: 20 bytes leftover after parsing attributes in process `syz.0.440'.
[  108.609440][ T6922] loop0: detected capacity change from 0 to 2048
[  108.891744][ T6927] loop2: detected capacity change from 0 to 164
[  108.919974][ T6922]  loop0: p1 p3 < > p4 < p5 >
[  108.924130][ T6922] loop0: partition table partially beyond EOD, truncated
[  108.934713][ T6922] loop0: p3 start 4284289 is beyond EOD, truncated
[  108.962534][ T5934] iso9660: Corrupted directory entry in block 2 of inode 1920
[  108.973221][ T5934] iso9660: Corrupted directory entry in block 2 of inode 1920
[  108.977487][ T5934] iso9660: Corrupted directory entry in block 2 of inode 1920
[  108.982117][ T5934] iso9660: Corrupted directory entry in block 2 of inode 1920
[  109.357652][ T5662] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.445272][ T5662] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.523859][ T5662] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.551908][ T6935] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  109.557203][ T6935] block device autoloading is deprecated and will be removed.
[  109.564235][ T5937] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  109.570018][ T5937] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  109.576006][ T5937] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  109.595894][ T5937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  109.597028][ T5662] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.602972][ T5937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  109.639980][ T6936] lo speed is unknown, defaulting to 1000
[  109.719595][ T5662] bridge_slave_1: left allmulticast mode
[  109.724767][ T5662] bridge_slave_1: left promiscuous mode
[  109.735760][ T5662] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.739987][ T5662] bridge_slave_0: left allmulticast mode
[  109.741921][ T5662] bridge_slave_0: left promiscuous mode
[  109.745706][ T5662] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.165569][   T33] usb 4-1: new low-speed USB device number 5 using dummy_hcd
[  110.285824][ T5662] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  110.291631][ T5662] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  110.296741][ T5662] bond0 (unregistering): Released all slaves
[  110.320679][ T6946] bridge0: port 3(erspan0) entered blocking state
[  110.323578][ T6946] bridge0: port 3(erspan0) entered disabled state
[  110.331650][   T33] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  110.334929][   T33] usb 4-1: config 0 has no interface number 0
[  110.338551][   T33] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  110.344283][   T33] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  110.346819][ T6946] erspan0: entered allmulticast mode
[  110.348669][   T33] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  110.353102][ T6946] erspan0: entered promiscuous mode
[  110.355605][   T33] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  110.370796][   T33] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  110.371894][ T6946] bridge0: port 3(erspan0) entered blocking state
[  110.375069][   T33] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  110.377925][ T6946] bridge0: port 3(erspan0) entered forwarding state
[  110.387580][   T33] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  110.391272][ T6947] erspan0: left allmulticast mode
[  110.407372][ T6947] erspan0: left promiscuous mode
[  110.409524][ T6947] bridge0: port 3(erspan0) entered disabled state
[  110.412211][   T33] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.418270][   T33] usb 4-1: config 0 descriptor??
[  110.443705][ T6944] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  110.449593][ T6944] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  110.463163][   T33] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  110.633239][ T6956] loop0: detected capacity change from 0 to 512
[  110.646573][ T6956] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  110.651500][ T6956] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  110.663799][ T6956] EXT4-fs (loop0): 1 truncate cleaned up
[  110.668372][ T6956] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.694085][ T5926] usb 4-1: USB disconnect, device number 5
[  110.711376][ T5926] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  110.759218][ T6936] chnl_net:caif_netlink_parms(): no params data found
[  110.773686][ T6962] EXT4-fs error (device loop0): ext4_append:79: inode #2: comm syz.0.478: Logical block already allocated
[  110.974152][ T5662] hsr_slave_0: left promiscuous mode
[  110.977538][ T5662] hsr_slave_1: left promiscuous mode
[  110.982205][ T5662] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.985028][ T5662] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.991483][ T5662] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.994302][ T5662] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.011879][ T5662] veth1_macvtap: left promiscuous mode
[  111.014047][ T5662] veth0_macvtap: left promiscuous mode
[  111.016508][ T5662] veth1_vlan: left promiscuous mode
[  111.018577][ T5662] veth0_vlan: left promiscuous mode
[  111.129633][ T5662] pimreg3 (unregistering): left allmulticast mode
[  111.534661][ T5939] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.634778][ T5662] team0 (unregistering): Port device team_slave_1 removed
[  111.689289][ T5938] Bluetooth: hci0: command tx timeout
[  111.709426][ T5662] team0 (unregistering): Port device team_slave_0 removed
[  112.234492][ T6936] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.238470][ T6936] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.241454][ T6936] bridge_slave_0: entered allmulticast mode
[  112.245285][ T6936] bridge_slave_0: entered promiscuous mode
[  112.257312][ T6936] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.260319][ T6936] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.263358][ T6936] bridge_slave_1: entered allmulticast mode
[  112.268521][ T6936] bridge_slave_1: entered promiscuous mode
[  112.366245][ T6936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.371603][ T6936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.395310][ T6975] loop0: detected capacity change from 0 to 1024
[  112.412977][ T6936] team0: Port device team_slave_0 added
[  112.424776][ T6936] team0: Port device team_slave_1 added
[  112.484721][ T6936] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.499113][ T6936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  112.510671][ T6936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.525991][ T6936] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.528822][ T6936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  112.538839][ T6936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.646599][ T6936] hsr_slave_0: entered promiscuous mode
[  112.650622][ T6936] hsr_slave_1: entered promiscuous mode
[  112.653841][ T6936] debugfs: 'hsr0' already exists in 'hsr'
[  112.656578][ T6936] Cannot create hsr debugfs directory
[  113.024946][ T6936] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  113.038906][ T6936] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  113.051835][ T6936] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  113.063675][ T6936] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  113.272593][ T6936] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.302291][ T6936] 8021q: adding VLAN 0 to HW filter on device team0
[  113.311773][  T162] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.314077][  T162] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.326610][  T162] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.328772][  T162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.476743][ T6936] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.657326][ T6159] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  113.712197][ T6936] veth0_vlan: entered promiscuous mode
[  113.720508][ T6936] veth1_vlan: entered promiscuous mode
[  113.754954][ T6936] veth0_macvtap: entered promiscuous mode
[  113.757769][ T5938] Bluetooth: hci0: command tx timeout
[  113.763775][ T6936] veth1_macvtap: entered promiscuous mode
[  113.780033][ T6936] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.789114][ T6936] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.808617][ T6159] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  113.813458][ T5662] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.817940][ T5662] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.825791][ T6159] usb 4-1: New USB device found, idVendor=056a, idProduct=00c6, bcdDevice= 0.00
[  113.837762][ T5662] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.839689][ T6159] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.840414][ T5662] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.861094][ T6159] usb 4-1: config 0 descriptor??
[  113.892787][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.906676][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.931662][  T162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.934457][  T162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.013990][ T7021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.469'.
[  114.017967][ T7021] netlink: set zone limit has 8 unknown bytes
[  114.282737][ T6159] wacom 0003:056A:00C6.0006: unbalanced collection at end of report description
[  114.295944][ T6159] wacom 0003:056A:00C6.0006: parse failed
[  114.297838][ T6159] wacom 0003:056A:00C6.0006: probe with driver wacom failed with error -22
[  114.503704][ T5926] usb 4-1: USB disconnect, device number 6
[  114.898300][ T7046] loop0: detected capacity change from 0 to 128
[  115.486152][ T7058] loop0: detected capacity change from 0 to 32768
[  115.491473][ T7058] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  115.494489][ T7058] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.517687][ T7058] XFS (loop0): Ending clean mount
[  115.526810][ T7058] XFS (loop0): Quotacheck needed: Please wait.
[  115.569121][ T7058] XFS (loop0): Quotacheck: Done.
[  115.608151][ T5939] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.652073][ T6159] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[  115.835594][ T6159] usb 5-1: unable to get BOS descriptor or descriptor too short
[  115.835847][ T5938] Bluetooth: hci0: command tx timeout
[  115.845079][ T6159] usb 5-1: config 7 has an invalid interface number: 29 but max is 0
[  115.849870][ T6159] usb 5-1: config 7 has no interface number 0
[  115.851949][ T6159] usb 5-1: config 7 interface 29 altsetting 1 endpoint 0x1 has invalid maxpacket 112, setting to 8
[  115.855189][ T6159] usb 5-1: config 7 interface 29 has no altsetting 0
[  115.863219][ T6159] usb 5-1: string descriptor 0 read error: -22
[  115.865342][ T6159] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=a2.36
[  115.875491][ T6159] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.885347][ T6159] i2c-tiny-usb 5-1:7.29: version a2.36 found at bus 005 address 002
[  116.052668][ T7086] loop0: detected capacity change from 0 to 40427
[  116.059657][ T7086] F2FS-fs (loop0): build fault injection rate: 771
[  116.064867][ T7086] F2FS-fs (loop0): invalid crc value
[  116.112598][ T7086] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  116.120150][ T7086] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  116.160391][ T5939] syz-executor: attempt to access beyond end of device
[  116.160391][ T5939] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  116.167975][ T5939] CPU: 1 UID: 0 PID: 5939 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  116.167992][ T5939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  116.167999][ T5939] Call Trace:
[  116.168004][ T5939]  <TASK>
[  116.168009][ T5939]  dump_stack_lvl+0x189/0x250
[  116.168044][ T5939]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.168077][ T5939]  ? __pfx_queue_work_on+0x10/0x10
[  116.168086][ T5939]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  116.168098][ T5939]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  116.168114][ T5939]  f2fs_handle_critical_error+0x37c/0x540
[  116.168131][ T5939]  f2fs_write_end_io+0x886/0xb60
[  116.168148][ T5939]  __submit_merged_bio+0x27a/0x6a0
[  116.168163][ T5939]  __submit_merged_write_cond+0x255/0x530
[  116.168177][ T5939]  f2fs_write_data_pages+0x261d/0x3000
[  116.168201][ T5939]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.168229][ T5939]  ? check_path+0x21/0x40
[  116.168238][ T5939]  ? check_noncircular+0xe0/0x160
[  116.168268][ T5939]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.168276][ T5939]  do_writepages+0x32e/0x550
[  116.168292][ T5939]  ? do_raw_spin_unlock+0x4d/0x240
[  116.168304][ T5939]  filemap_fdatawrite+0x199/0x240
[  116.168315][ T5939]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  116.168349][ T5939]  ? do_raw_spin_unlock+0x4d/0x240
[  116.168364][ T5939]  f2fs_sync_dirty_inodes+0x31f/0x830
[  116.168386][ T5939]  f2fs_write_checkpoint+0x93e/0x2440
[  116.168398][ T5939]  ? stack_depot_save_flags+0x41b/0x860
[  116.168423][ T5939]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  116.168454][ T5939]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  116.168469][ T5939]  ? kfree+0x19a/0x6d0
[  116.168489][ T5939]  kill_f2fs_super+0x2cc/0x6d0
[  116.168504][ T5939]  ? __pfx_kill_f2fs_super+0x10/0x10
[  116.168525][ T5939]  ? shrinker_free+0x2ce/0x3e0
[  116.168539][ T5939]  deactivate_locked_super+0xbc/0x130
[  116.168555][ T5939]  cleanup_mnt+0x425/0x4c0
[  116.168570][ T5939]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.168590][ T5939]  task_work_run+0x1d4/0x260
[  116.168606][ T5939]  ? __pfx_task_work_run+0x10/0x10
[  116.168615][ T5939]  ? __x64_sys_umount+0x122/0x160
[  116.168628][ T5939]  ? exit_to_user_mode_loop+0x40/0x130
[  116.168637][ T5939]  exit_to_user_mode_loop+0xe9/0x130
[  116.168648][ T5939]  do_syscall_64+0x2bd/0xfa0
[  116.168666][ T5939]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.168682][ T5939]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.168693][ T5939]  ? exc_page_fault+0xab/0x100
[  116.168713][ T5939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.168725][ T5939] RIP: 0033:0x7f2b09390a77
[  116.168738][ T5939] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  116.168747][ T5939] RSP: 002b:00007ffed15f91f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  116.168760][ T5939] RAX: 0000000000000000 RBX: 00007f2b09413d7d RCX: 00007f2b09390a77
[  116.168767][ T5939] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed15f92b0
[  116.168774][ T5939] RBP: 00007ffed15f92b0 R08: 0000000000000000 R09: 0000000000000000
[  116.168781][ T5939] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffed15fa340
[  116.168788][ T5939] R13: 00007f2b09413d7d R14: 000000000001c543 R15: 00007ffed15fa380
[  116.168808][ T5939]  </TASK>
[  116.168873][ T5939] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  116.298828][ T6159]  (null): failure reading functionality
[  116.303080][ T6159] i2c i2c-2: failure reading functionality
[  116.311149][ T6159] i2c i2c-2: connected i2c-tiny-usb device
[  116.315669][ T6159] usb 5-1: USB disconnect, device number 2
[  116.624130][ T7099] loop0: detected capacity change from 0 to 64
[  116.646061][   T33] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  116.806387][   T33] usb 4-1: Using ep0 maxpacket: 8
[  116.817569][   T33] usb 4-1: config 218 has too many interfaces: 244, using maximum allowed: 32
[  116.820686][   T33] usb 4-1: config 218 has 1 interface, different from the descriptor's value: 244
[  116.824035][   T33] usb 4-1: config 218 has no interface number 0
[  116.826987][   T33] usb 4-1: config 218 interface 95 altsetting 64 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  116.831420][   T33] usb 4-1: config 218 interface 95 altsetting 64 has an endpoint descriptor with address 0x25, changing to 0x5
[  116.836398][   T33] usb 4-1: config 218 interface 95 altsetting 64 endpoint 0x82 has invalid maxpacket 14385, setting to 64
[  116.841316][   T33] usb 4-1: config 218 interface 95 has no altsetting 0
[  116.848017][   T33] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  116.851701][   T33] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.855069][   T33] usb 4-1: Product: syz
[  116.856926][   T33] usb 4-1: Manufacturer: syz
[  116.859114][   T33] usb 4-1: SerialNumber: syz
[  116.935556][ T2281] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  117.074267][   T33] usbtouchscreen 4-1:218.95: probe with driver usbtouchscreen failed with error -71
[  117.081585][   T33] usb 4-1: USB disconnect, device number 7
[  117.095750][ T2281] usb 1-1: Using ep0 maxpacket: 16
[  117.095756][  T796] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  117.104449][ T2281] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  117.109598][ T2281] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  117.113637][ T2281] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  117.119984][ T2281] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  117.123551][ T2281] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.131199][ T2281] usb 1-1: config 0 descriptor??
[  117.247757][  T796] usb 5-1: config 4 has an invalid interface number: 1 but max is 0
[  117.251300][  T796] usb 5-1: config 4 has no interface number 0
[  117.253939][  T796] usb 5-1: config 4 interface 1 has no altsetting 0
[  117.259462][  T796] usb 5-1: New USB device found, idVendor=2639, idProduct=0013, bcdDevice=21.c0
[  117.263297][  T796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.266691][  T796] usb 5-1: Product: syz
[  117.268336][  T796] usb 5-1: Manufacturer: syz
[  117.270166][  T796] usb 5-1: SerialNumber: syz
[  117.486137][  T796] xsens_mt 5-1:4.1: xsens_mt converter detected
[  117.491667][  T796] usb 5-1: xsens_mt converter now attached to ttyUSB0
[  117.497068][  T796] usb 5-1: USB disconnect, device number 3
[  117.502460][  T796] xsens_mt ttyUSB0: xsens_mt converter now disconnected from ttyUSB0
[  117.506124][  T796] xsens_mt 5-1:4.1: device disconnected
[  117.551175][ T2281] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0007/input/input8
[  117.569553][ T2281] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  117.666919][ T7107] loop3: detected capacity change from 0 to 2048
[  117.673138][ T7107] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  117.683544][ T7107] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  117.747974][ T2281] usb 1-1: USB disconnect, device number 5
[  117.875379][ T7111] Bluetooth: MGMT ver 1.23
[  117.905874][ T5938] Bluetooth: hci0: command tx timeout
[  117.933359][ T7113] loop3: detected capacity change from 0 to 2048
[  117.940503][ T7113] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  117.959130][ T7114] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  118.329576][ T7122] No control pipe specified
[  118.860908][ T2281] libceph: connect (1)[c::]:6789 error -101
[  118.863406][ T2281] libceph: mon0 (1)[c::]:6789 connect error
[  119.017866][ T7135] ceph: No mds server is up or the cluster is laggy
[  119.169323][ T7143] $H: renamed from bond0 (while UP)
[  119.220862][ T7143] $H: entered promiscuous mode
[  119.225714][ T7143] bond_slave_0: entered promiscuous mode
[  119.233847][ T7143] bond_slave_1: entered promiscuous mode
[  119.435280][ T7146] loop3: detected capacity change from 0 to 128
[  119.522423][ T7146] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  119.533525][ T7146] ext4 filesystem being mounted at /133/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  119.686045][ T6082] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  119.777832][ T7151] wireguard0: entered promiscuous mode
[  119.780365][ T7151] wireguard0: entered allmulticast mode
[  120.361324][ T7170] netlink: 'syz.3.553': attribute type 3 has an invalid length.
[  120.636987][  T796] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  120.641391][ T7189] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  120.787756][  T796] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.791856][  T796] usb 4-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c
[  120.795377][  T796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.800982][  T796] usb 4-1: config 0 descriptor??
[  120.806148][  T796] usb 4-1: bad CDC descriptors
[  121.011975][  T796] usb 4-1: USB disconnect, device number 8
[  121.122171][ T7193] macsec0: entered promiscuous mode
[  121.124556][ T7193] macsec0: entered allmulticast mode
[  121.127184][ T7193] veth1_macvtap: entered allmulticast mode
[  121.129816][ T7193] bridge0: port 3(macsec0) entered blocking state
[  121.132639][ T7193] bridge0: port 3(macsec0) entered disabled state
[  121.138182][ T7193] bridge0: port 3(macsec0) entered blocking state
[  121.141256][ T7193] bridge0: port 3(macsec0) entered forwarding state
[  121.855280][ T7203] loop3: detected capacity change from 0 to 32768
[  121.861934][ T7203] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.567 (7203)
[  121.876855][ T7203] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  121.880220][ T7203] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  121.949325][ T7203] BTRFS info (device loop3): enabling ssd optimizations
[  121.951629][ T7203] BTRFS info (device loop3): turning on async discard
[  121.953787][ T7203] BTRFS info (device loop3): enabling free space tree
[  121.956047][ T7203] BTRFS info (device loop3): use zstd compression, level 3
[  121.999985][ T7203] BTRFS info (device loop3): scrub: started on devid 1
[  122.005919][ T7203] BTRFS info (device loop3): scrub: finished on devid 1 with status: 0
[  122.087086][ T6082] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  122.397563][ T7232] loop4: detected capacity change from 0 to 512
[  122.402572][ T7232] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  122.408466][ T7232] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  122.425232][ T7232] EXT4-fs (loop4): 1 truncate cleaned up
[  122.428327][ T7232] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.574421][ T6936] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.575772][ T5926] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  122.641508][ T7237] loop4: detected capacity change from 0 to 4096
[  122.657492][ T7238] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  122.705780][ T5938] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  122.747110][ T5926] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  122.750889][ T5926] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  122.752756][ T7240] lo speed is unknown, defaulting to 1000
[  122.758387][ T7240] lo speed is unknown, defaulting to 1000
[  122.762769][ T7240] lo speed is unknown, defaulting to 1000
[  122.767363][ T5926] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  122.770671][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  122.771851][ T7240] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  122.773352][ T5926] usb 4-1: SerialNumber: syz
[  122.783561][ T5926] usb 4-1: 0:2 : does not exist
[  122.793917][ T7240] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  122.811341][ T7240] lo speed is unknown, defaulting to 1000
[  122.818259][ T7240] lo speed is unknown, defaulting to 1000
[  122.821128][ T7240] lo speed is unknown, defaulting to 1000
[  122.824899][ T7241] smc: removing ib device syz1
[  122.899578][ T7245] netlink: 12 bytes leftover after parsing attributes in process `syz.0.578'.
[  122.902649][ T7245] netlink: 'syz.0.578': attribute type 12 has an invalid length.
[  122.963107][ T5662] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  122.967509][ T7245] netlink: 12 bytes leftover after parsing attributes in process `syz.0.578'.
[  122.970272][ T5662] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  122.973128][ T5662] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  122.977420][ T5662] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  123.201796][ T2281] usb 4-1: USB disconnect, device number 9
[  123.275843][ T6159] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  123.425639][ T6159] usb 1-1: Using ep0 maxpacket: 8
[  123.430045][ T6159] usb 1-1: unable to get BOS descriptor or descriptor too short
[  123.434648][ T6159] usb 1-1: config index 0 descriptor too short (expected 51, got 18)
[  123.437961][ T6159] usb 1-1: config 4 has an invalid interface number: 30 but max is 0
[  123.441287][ T6159] usb 1-1: config 4 has no interface number 0
[  123.443960][ T6159] usb 1-1: config 4 interface 30 has no altsetting 0
[  123.451656][ T6159] usb 1-1: string descriptor 0 read error: -22
[  123.464441][ T6159] usb 1-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[  123.468805][ T6159] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.480276][ T6159] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[  123.482692][ T6159] dw2102: su3000_power_ctrl: 1, initialized 0
[  123.485818][ T6159] dvb-usb: bulk message failed: -22 (2/0)
[  123.492367][ T6159] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  123.497669][ T6159] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[  123.501729][ T6159] usb 1-1: media controller created
[  123.503863][ T7254] netlink: 8 bytes leftover after parsing attributes in process `syz.4.582'.
[  123.507534][ T6159] dvb-usb: bulk message failed: -22 (6/0)
[  123.509887][ T6159] dw2102: i2c transfer failed.
[  123.513313][ T6159] dvb-usb: bulk message failed: -22 (6/0)
[  123.515748][ T6159] dw2102: i2c transfer failed.
[  123.517568][ T6159] dvb-usb: bulk message failed: -22 (6/0)
[  123.519742][ T6159] dw2102: i2c transfer failed.
[  123.521579][ T6159] dvb-usb: bulk message failed: -22 (6/0)
[  123.524744][ T6159] dw2102: i2c transfer failed.
[  123.527589][ T6159] dvb-usb: bulk message failed: -22 (6/0)
[  123.529683][ T6159] dw2102: i2c transfer failed.
[  123.531610][ T6159] dvb-usb: bulk message failed: -22 (6/0)
[  123.533762][ T6159] dw2102: i2c transfer failed.
[  123.535795][ T6159] dvb-usb: MAC address: 02:02:02:02:02:02
[  123.549173][ T6159] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  123.562539][ T6159] dvb-usb: bulk message failed: -22 (3/0)
[  123.564329][ T6159] dw2102: command 0x0e transfer failed.
[  123.568176][ T6159] dvb-usb: bulk message failed: -22 (3/0)
[  123.570003][ T6159] dw2102: command 0x0e transfer failed.
[  123.757441][ T7258] loop3: detected capacity change from 0 to 256
[  123.760490][ T7258] exfat: Deprecated parameter 'namecase'
[  123.768097][ T7258] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  123.796294][  T796] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  123.875601][ T6159] dvb-usb: bulk message failed: -22 (3/0)
[  123.881510][ T6159] dw2102: command 0x0e transfer failed.
[  123.885582][ T6159] dvb-usb: bulk message failed: -22 (3/0)
[  123.887791][ T6159] dw2102: command 0x0e transfer failed.
[  123.890099][ T6159] dvb-usb: bulk message failed: -22 (1/0)
[  123.892325][ T6159] dw2102: command 0x51 transfer failed.
[  123.894692][ T6159] dvb-usb: bulk message failed: -22 (5/0)
[  123.897064][ T6159] dw2102: i2c probe for address 0x68 failed.
[  123.899301][ T6159] dvb-usb: bulk message failed: -22 (5/0)
[  123.901648][ T6159] dw2102: i2c probe for address 0x69 failed.
[  123.904012][ T6159] dvb-usb: bulk message failed: -22 (5/0)
[  123.907002][ T6159] dw2102: i2c probe for address 0x6a failed.
[  123.909324][ T6159] dw2102: probing for demodulator failed. Is the external power switched on?
[  123.912778][ T6159] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[  123.949433][  T796] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[  123.952951][  T796] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  123.956354][  T796] usb 5-1: Product: syz
[  123.957914][  T796] usb 5-1: SerialNumber: syz
[  123.963784][  T796] usb 5-1: config 0 descriptor??
[  123.965535][ T6159] rc_core: IR keymap rc-tt-1500 not found
[  123.967519][ T6159] Registered IR keymap rc-empty
[  123.970724][ T6159] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  123.986291][ T6159] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input10
[  124.005770][ T6159] dvb-usb: schedule remote query interval to 250 msecs.
[  124.007917][ T6159] dw2102: su3000_power_ctrl: 0, initialized 1
[  124.009871][ T6159] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[  124.014540][ T6159] usb 1-1: USB disconnect, device number 6
[  124.039168][ T6159] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[  124.079183][ T7260] loop3: detected capacity change from 0 to 32768
[  124.099475][ T7260] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  124.111717][ T7260] XFS (loop3): Ending clean mount
[  124.138639][ T6082] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  124.195301][  T796] hso 5-1:0.0: Failed to find BULK IN ep
[  124.394822][ T5926] usb 5-1: USB disconnect, device number 4
[  124.509643][  T796] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  124.665555][  T796] usb 1-1: Using ep0 maxpacket: 16
[  124.674215][  T796] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  124.681282][  T796] usb 1-1: config 0 has no interface number 0
[  124.694060][  T796] usb 1-1: New USB device found, idVendor=06e1, idProduct=0709, bcdDevice= 2.04
[  124.697511][  T796] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.700171][  T796] usb 1-1: Product: syz
[  124.702077][  T796] usb 1-1: Manufacturer: syz
[  124.703891][  T796] usb 1-1: SerialNumber: syz
[  124.711037][  T796] usb 1-1: config 0 descriptor??
[  124.939346][  T796] go7007 1-1:0.41: probe with driver go7007 failed with error -12
[  124.956493][  T796] usb 1-1: USB disconnect, device number 7
[  125.251641][  T796] IPVS: starting estimator thread 0...
[  125.343201][ T7287] loop4: detected capacity change from 0 to 128
[  125.345759][ T7285] IPVS: using max 56 ests per chain, 134400 per kthread
[  125.353919][ T7287] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  125.360933][ T7287] ext4 filesystem being mounted at /31/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  125.388439][   T34] audit: type=1800 audit(1763769301.796:17): pid=7287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.593" name="bus" dev="loop4" ino=12 res=0 errno=0
[  125.450327][ T6936] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  125.745194][ T7303] trusted_key: syz.4.600 sent an empty control message without MSG_MORE.
[  125.759674][ T7305] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  126.299145][ T7330] syzkaller1: entered promiscuous mode
[  126.301561][ T7330] syzkaller1: entered allmulticast mode
[  126.732761][ T7336] loop4: detected capacity change from 0 to 32768
[  126.738424][ T7336] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.616 (7336)
[  126.761781][ T7336] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  126.777422][ T7336] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  126.878067][ T7336] BTRFS info (device loop4): rebuilding free space tree
[  126.956780][ T7336] BTRFS info (device loop4): enabling ssd optimizations
[  126.959449][ T7336] BTRFS info (device loop4): using spread ssd allocation scheme
[  126.962336][ T7336] BTRFS info (device loop4): turning off barriers
[  126.964810][ T7336] BTRFS info (device loop4): turning on async discard
[  126.978958][ T7336] BTRFS info (device loop4): enabling free space tree
[  126.982635][ T7336] BTRFS info (device loop4): force clearing of disk cache
[  126.986119][ T7336] BTRFS info (device loop4): enabling auto defrag
[  126.988865][ T7336] BTRFS info (device loop4): use zstd compression, level 3
[  127.315011][ T6936] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  127.382806][ T7375] loop3: detected capacity change from 0 to 4096
[  127.411791][ T7376] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  127.620051][ T7380] dvmrp1: tun_chr_ioctl cmd 1074025677
[  127.622207][ T7380] dvmrp1: linktype set to 768
[  127.843639][ T7390] syz.3.634 uses obsolete (PF_INET,SOCK_PACKET)
[  127.855249][ T7392] netlink: 'syz.4.635': attribute type 4 has an invalid length.
[  127.861939][ T7392] netlink: 14345 bytes leftover after parsing attributes in process `syz.4.635'.
[  127.969729][ T7396] lo speed is unknown, defaulting to 1000
[  128.171949][ T7406] bond0: entered promiscuous mode
[  128.173613][ T7406] bond_slave_0: entered promiscuous mode
[  128.175854][ T7406] bond_slave_1: entered promiscuous mode
[  128.179024][ T7406] batadv0: entered promiscuous mode
[  128.185054][ T7406] 8021q: adding VLAN 0 to HW filter on device hsr1
[  128.192522][ T7406] bond0: left promiscuous mode
[  128.194251][ T7406] bond_slave_0: left promiscuous mode
[  128.196189][ T7406] bond_slave_1: left promiscuous mode
[  128.205778][ T7406] batadv0: left promiscuous mode
[  128.225611][ T5999] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  128.397029][ T5999] usb 5-1: config 0 has no interfaces?
[  128.398824][ T5999] usb 5-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  128.401734][ T5999] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.405717][ T5999] usb 5-1: config 0 descriptor??
[  128.528612][ T7412] loop0: detected capacity change from 0 to 32768
[  128.576499][ T2281] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  128.642744][ T5999] usb 5-1: USB disconnect, device number 5
[  128.725616][ T2281] usb 4-1: Using ep0 maxpacket: 32
[  128.736419][ T2281] usb 4-1: too many endpoints for config 0 interface 0 altsetting 11: 129, using maximum allowed: 30
[  128.740574][ T2281] usb 4-1: config 0 interface 0 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  128.744019][ T7418] netlink: 'syz.0.647': attribute type 3 has an invalid length.
[  128.747729][ T2281] usb 4-1: config 0 interface 0 has no altsetting 0
[  128.748812][ T7418] netlink: 156 bytes leftover after parsing attributes in process `syz.0.647'.
[  128.751273][ T2281] usb 4-1: New USB device found, idVendor=056a, idProduct=00d8, bcdDevice= 0.00
[  128.754614][ T7418] netlink: 'syz.0.647': attribute type 3 has an invalid length.
[  128.758987][ T2281] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.762318][ T7418] netlink: 156 bytes leftover after parsing attributes in process `syz.0.647'.
[  128.769860][ T2281] usb 4-1: config 0 descriptor??
[  128.912782][ T7422] loop0: detected capacity change from 0 to 2048
[  128.918958][ T7422] NILFS (loop0): invalid segment: Inconsistency found
[  128.922339][ T7422] NILFS (loop0): trying rollback from an earlier position
[  128.936144][ T7422] NILFS (loop0): recovery complete
[  128.940060][ T7423] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  129.026565][ T7425] loop0: detected capacity change from 0 to 256
[  129.035834][ T7425] exFAT-fs (loop0): failed to load alloc-bitmap
[  129.038455][ T7425] exFAT-fs (loop0): failed to recognize exfat type
[  129.201147][ T2281] wacom 0003:056A:00D8.0008: Unknown device_type for 'HID 056a:00d8'. Assuming pen.
[  129.210633][ T2281] wacom 0003:056A:00D8.0008: hidraw0: USB HID v0.24 Device [HID 056a:00d8] on usb-dummy_hcd.3-1/input0
[  129.230685][ T2281] input: Wacom Bamboo Comic 2FG Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:00D8.0008/input/input11
[  129.237613][ T7431] loop4: detected capacity change from 0 to 16
[  129.282414][ T7433] program syz.0.654 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  129.442937][   T33] usb 4-1: USB disconnect, device number 10
[  129.873104][ T7450] netlink: 116 bytes leftover after parsing attributes in process `syz.0.661'.
[  129.951468][ T7452] loop0: detected capacity change from 0 to 1024
[  129.956842][ T7452] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  129.962908][ T7452] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  129.967515][ T7452] EXT4-fs (loop0): orphan cleanup on readonly fs
[  129.972573][ T7452] EXT4-fs error (device loop0): ext4_free_blocks:6706: comm syz.0.662: Freeing blocks not in datazone - block = 0, count = 4096
[  129.983995][ T7452] EXT4-fs (loop0): 1 orphan inode deleted
[  129.989433][ T7452] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  130.053521][ T5939] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.408071][ T7469] netlink: 20 bytes leftover after parsing attributes in process `syz.4.670'.
[  130.458367][ T7476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.669'.
[  130.463696][ T7475] loop0: detected capacity change from 0 to 2048
[  130.473910][ T7475] UDF-fs: warning (device loop0): udf_fill_super: No fileset found
[  130.629494][ T7484] bond1: Unable to set down delay as MII monitoring is disabled
[  130.636270][ T7484] bond1 (unregistering): Released all slaves
[  131.262745][ T7502] loop4: detected capacity change from 0 to 512
[  131.268111][ T7502] EXT4-fs: Ignoring removed nomblk_io_submit option
[  131.271875][ T7502] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  131.289353][ T7502] EXT4-fs (loop4): 1 truncate cleaned up
[  131.293474][ T7502] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.345249][ T6936] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.673150][ T7509] loop4: detected capacity change from 0 to 64
[  132.738212][ T7537] loop3: detected capacity change from 0 to 4096
[  132.999740][ T7549] loop3: detected capacity change from 0 to 512
[  133.003140][ T7549] FAT-fs (loop3): Invalid FSINFO signature: 0x41008052, 0x61417272 (sector = 1)
[  133.027450][ T7549] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00010000)
[  133.097721][ T7554] netlink: 24 bytes leftover after parsing attributes in process `syz.3.699'.
[  133.198615][ T7560] loop4: detected capacity change from 0 to 2048
[  133.204078][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  133.206816][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  133.223181][ T7561] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  134.005826][ T5926] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  134.157475][ T5926] usb 4-1: config 0 has an invalid interface number: 23 but max is 0
[  134.161149][ T5926] usb 4-1: config 0 has no interface number 0
[  134.163568][ T5926] usb 4-1: config 0 interface 23 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  134.167190][ T5926] usb 4-1: config 0 interface 23 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023
[  134.176219][ T5926] usb 4-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01
[  134.179929][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.187171][ T5926] usb 4-1: Product: syz
[  134.188551][ T5926] usb 4-1: Manufacturer: syz
[  134.190048][ T5926] usb 4-1: SerialNumber: syz
[  134.197393][ T5926] usb 4-1: config 0 descriptor??
[  134.201509][ T7590] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  134.203961][ T7590] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  134.207748][ T5926] ums-usbat 4-1:0.23: USB Mass Storage device detected
[  134.736634][ T5926] ums-usbat 4-1:0.23: probe with driver ums-usbat failed with error -5
[  134.745277][ T5926] usb 4-1: USB disconnect, device number 11
[  134.983773][ T7605] netlink: 20 bytes leftover after parsing attributes in process `syz.0.721'.
[  135.018086][ T7607] netlink: 'syz.0.722': attribute type 12 has an invalid length.
[  135.143256][ T7614] loop3: detected capacity change from 0 to 8
[  135.197113][ T7614] SQUASHFS error: Failed to read block 0x636: -5
[  135.199748][ T7614] SQUASHFS error: Unable to read metadata cache entry [634]
[  135.992954][ T7649] loop3: detected capacity change from 0 to 2048
[  136.000206][ T7649] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  136.008125][ T7649] capability: warning: `syz.3.741' uses 32-bit capabilities (legacy support in use)
[  136.384333][ T7659] loop3: detected capacity change from 0 to 40427
[  136.464705][ T7659] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  136.471368][ T7659] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  136.482131][   T34] audit: type=1800 audit(1763769312.886:18): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.746" name="file1" dev="loop3" ino=10 res=0 errno=0
[  136.492555][ T7659] syz.3.746: attempt to access beyond end of device
[  136.492555][ T7659] loop3: rw=34817, sector=53248, nr_sectors = 128 limit=40427
[  136.513253][ T6082] syz-executor: attempt to access beyond end of device
[  136.513253][ T6082] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  136.517857][ T6082] CPU: 0 UID: 0 PID: 6082 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  136.517878][ T6082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  136.517886][ T6082] Call Trace:
[  136.517893][ T6082]  <TASK>
[  136.517900][ T6082]  dump_stack_lvl+0x189/0x250
[  136.517929][ T6082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.517946][ T6082]  ? __pfx_queue_work_on+0x10/0x10
[  136.517956][ T6082]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.517968][ T6082]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.517984][ T6082]  f2fs_handle_critical_error+0x37c/0x540
[  136.518002][ T6082]  f2fs_write_end_io+0x886/0xb60
[  136.518019][ T6082]  __submit_merged_bio+0x27a/0x6a0
[  136.518034][ T6082]  __submit_merged_write_cond+0x255/0x530
[  136.518048][ T6082]  f2fs_write_data_pages+0x261d/0x3000
[  136.518071][ T6082]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  136.518090][ T6082]  ? arch_scale_cpu_capacity+0x18/0xb0
[  136.518127][ T6082]  ? __lock_acquire+0xab9/0xd20
[  136.518143][ T6082]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  136.518151][ T6082]  do_writepages+0x32e/0x550
[  136.518167][ T6082]  ? do_raw_spin_unlock+0x4d/0x240
[  136.518180][ T6082]  filemap_fdatawrite+0x199/0x240
[  136.518191][ T6082]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  136.518221][ T6082]  ? do_raw_spin_unlock+0x4d/0x240
[  136.518232][ T6082]  f2fs_sync_dirty_inodes+0x31f/0x830
[  136.518247][ T6082]  f2fs_write_checkpoint+0x93e/0x2440
[  136.518255][ T6082]  ? __lock_acquire+0xab9/0xd20
[  136.518274][ T6082]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  136.518307][ T6082]  kill_f2fs_super+0x2cc/0x6d0
[  136.518319][ T6082]  ? __pfx_kill_f2fs_super+0x10/0x10
[  136.518335][ T6082]  ? shrinker_free+0x2ce/0x3e0
[  136.518351][ T6082]  deactivate_locked_super+0xbc/0x130
[  136.518364][ T6082]  cleanup_mnt+0x425/0x4c0
[  136.518375][ T6082]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.518388][ T6082]  task_work_run+0x1d4/0x260
[  136.518400][ T6082]  ? __pfx_task_work_run+0x10/0x10
[  136.518409][ T6082]  ? __x64_sys_umount+0x122/0x160
[  136.518422][ T6082]  ? exit_to_user_mode_loop+0x40/0x130
[  136.518431][ T6082]  exit_to_user_mode_loop+0xe9/0x130
[  136.518438][ T6082]  do_syscall_64+0x2bd/0xfa0
[  136.518450][ T6082]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.518460][ T6082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.518468][ T6082]  ? exc_page_fault+0xab/0x100
[  136.518480][ T6082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.518487][ T6082] RIP: 0033:0x7f7da7790a77
[  136.518496][ T6082] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  136.518503][ T6082] RSP: 002b:00007ffd30811628 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  136.518512][ T6082] RAX: 0000000000000000 RBX: 00007f7da7813d7d RCX: 00007f7da7790a77
[  136.518517][ T6082] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd308116e0
[  136.518547][ T6082] RBP: 00007ffd308116e0 R08: 0000000000000000 R09: 0000000000000000
[  136.518555][ T6082] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd30812770
[  136.518560][ T6082] R13: 00007f7da7813d7d R14: 00000000000214ca R15: 00007ffd308127b0
[  136.518574][ T6082]  </TASK>
[  136.518578][ T6082] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  136.950183][ T7686] loop0: detected capacity change from 0 to 128
[  136.953331][ T7686] EXT4-fs: Ignoring removed nobh option
[  136.980662][ T7686] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  136.989169][ T7686] ext4 filesystem being mounted at /206/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  137.007110][ T7686] fscrypt (loop0, inode 12): Sub-block data units not yet supported with IV_INO_LBLK_32
[  137.046364][ T5939] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  137.097150][ T7696] netlink: 'syz.3.760': attribute type 1 has an invalid length.
[  137.099889][ T7696] netlink: 24 bytes leftover after parsing attributes in process `syz.3.760'.
[  137.126009][ T7696] bond0: option mode: invalid value (40)
[  137.136182][ T7696] bond0 (unregistering): Released all slaves
[  137.173777][ T7699] loop0: detected capacity change from 0 to 4096
[  137.222092][ T7702] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  137.222576][ T7699] NILFS (loop0): corrupt root inode
[  137.621998][ T7732] loop3: detected capacity change from 0 to 1024
[  137.655725][   T33] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  137.757622][ T7736] loop3: detected capacity change from 0 to 8
[  137.766852][ T7736] SQUASHFS error: xz decompression failed, data probably corrupt
[  137.770119][ T7736] SQUASHFS error: Failed to read block 0x108: -5
[  137.772359][ T7736] SQUASHFS error: Unable to read metadata cache entry [106]
[  137.775269][ T7736] SQUASHFS error: Unable to read inode 0x11f
[  137.826506][   T33] usb 1-1: Using ep0 maxpacket: 8
[  137.830993][   T33] usb 1-1: config 3 has an invalid interface number: 45 but max is 0
[  137.834538][   T33] usb 1-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[  137.837980][   T33] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  137.841983][   T33] usb 1-1: config 3 has no interface number 0
[  137.844811][   T33] usb 1-1: config 3 interface 45 altsetting 2 endpoint 0xA has an invalid bInterval 0, changing to 7
[  137.850483][   T33] usb 1-1: config 3 interface 45 altsetting 2 endpoint 0xA has invalid wMaxPacketSize 0
[  137.855669][   T33] usb 1-1: config 3 interface 45 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  137.860826][   T33] usb 1-1: config 3 interface 45 has no altsetting 0
[  137.872917][   T33] usb 1-1: New USB device found, idVendor=0582, idProduct=e6ca, bcdDevice=d3.0b
[  137.880284][   T33] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.883088][   T33] usb 1-1: Product: syz
[  137.884575][   T33] usb 1-1: Manufacturer: syz
[  137.887275][   T33] usb 1-1: SerialNumber: syz
[  138.132526][   T33] usb 1-1: USB disconnect, device number 8
[  138.223586][ T7762] syz.4.789 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  138.256472][ T7767] 9pnet_fd: Insufficient options for proto=fd
[  138.456726][ T7771] loop3: detected capacity change from 0 to 32768
[  138.465281][ T7771] JBD2: Ignoring recovery information on journal
[  138.497980][ T7771] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  138.523332][ T7783] tmpfs: Bad value for 'nr_blocks'
[  138.553907][ T6082] ocfs2: Unmounting device (7,3) on (node local)
[  139.039027][ T7828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  139.052614][ T7829] loop3: detected capacity change from 0 to 2048
[  139.065931][   T33] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  139.068953][ T7829] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  139.325661][   T33] usb 1-1: Using ep0 maxpacket: 32
[  139.331366][   T33] usb 1-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=ea.fe
[  139.334217][   T33] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.336918][   T33] usb 1-1: Product: syz
[  139.338500][   T33] usb 1-1: Manufacturer: syz
[  139.340241][   T33] usb 1-1: SerialNumber: syz
[  139.343662][   T33] usb 1-1: config 0 descriptor??
[  140.299035][ T7842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.824'.
[  140.362093][ T7846] loop3: detected capacity change from 0 to 512
[  140.374989][ T7846] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.826: invalid block
[  140.392498][ T7846] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.826: invalid indirect mapped block 4294967295 (level 1)
[  140.406872][ T7846] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.826: invalid indirect mapped block 4294967295 (level 1)
[  140.414855][ T7846] EXT4-fs (loop3): 2 truncates cleaned up
[  140.418762][ T7846] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.422309][   T33] usb 1-1: USB disconnect, device number 9
[  140.460456][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.102994][ T7866] loop3: detected capacity change from 0 to 40427
[  141.116054][ T7866] F2FS-fs (loop3): build fault injection rate: 14
[  141.118620][ T7866] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  141.127974][ T7866] F2FS-fs (loop3): invalid crc value
[  141.141390][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  141.151713][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  141.239048][ T7866] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  141.242380][ T7866] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  141.254869][ T7866] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  141.270102][ T7894] netlink: 20 bytes leftover after parsing attributes in process `syz.4.846'.
[  141.281037][ T7866] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  141.295746][ T7866] F2FS-fs (loop3): inject dquot initialize in f2fs_dquot_initialize of f2fs_setattr+0x438/0x1660
[  141.309723][ T6082] syz-executor: attempt to access beyond end of device
[  141.309723][ T6082] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  141.313961][ T6082] CPU: 0 UID: 0 PID: 6082 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  141.313975][ T6082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  141.313980][ T6082] Call Trace:
[  141.313984][ T6082]  <TASK>
[  141.313988][ T6082]  dump_stack_lvl+0x189/0x250
[  141.314008][ T6082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.314019][ T6082]  ? __pfx_queue_work_on+0x10/0x10
[  141.314029][ T6082]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  141.314043][ T6082]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  141.314060][ T6082]  f2fs_handle_critical_error+0x37c/0x540
[  141.314079][ T6082]  f2fs_write_end_io+0x886/0xb60
[  141.314097][ T6082]  __submit_merged_bio+0x27a/0x6a0
[  141.314113][ T6082]  __submit_merged_write_cond+0x255/0x530
[  141.314128][ T6082]  f2fs_write_data_pages+0x261d/0x3000
[  141.314154][ T6082]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.314185][ T6082]  ? __page_cache_release+0x8a6/0xbb0
[  141.314219][ T6082]  ? folios_put_refs+0x584/0x670
[  141.314240][ T6082]  ? __pfx_folios_put_refs+0x10/0x10
[  141.314250][ T6082]  ? rcu_is_watching+0x15/0xb0
[  141.314270][ T6082]  ? __lock_acquire+0xab9/0xd20
[  141.314289][ T6082]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.314297][ T6082]  do_writepages+0x32e/0x550
[  141.314316][ T6082]  ? do_raw_spin_unlock+0x4d/0x240
[  141.314330][ T6082]  filemap_fdatawrite+0x199/0x240
[  141.314342][ T6082]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  141.314382][ T6082]  ? do_raw_spin_unlock+0x4d/0x240
[  141.314395][ T6082]  f2fs_sync_dirty_inodes+0x31f/0x830
[  141.314412][ T6082]  f2fs_write_checkpoint+0x93e/0x2440
[  141.314420][ T6082]  ? __lock_acquire+0xab9/0xd20
[  141.314442][ T6082]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  141.314481][ T6082]  kill_f2fs_super+0x2cc/0x6d0
[  141.314494][ T6082]  ? __pfx_kill_f2fs_super+0x10/0x10
[  141.314512][ T6082]  ? shrinker_free+0x2ce/0x3e0
[  141.314523][ T6082]  deactivate_locked_super+0xbc/0x130
[  141.314537][ T6082]  cleanup_mnt+0x425/0x4c0
[  141.314549][ T6082]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.314563][ T6082]  task_work_run+0x1d4/0x260
[  141.314578][ T6082]  ? __pfx_task_work_run+0x10/0x10
[  141.314587][ T6082]  ? __x64_sys_umount+0x122/0x160
[  141.314603][ T6082]  ? exit_to_user_mode_loop+0x40/0x130
[  141.314612][ T6082]  exit_to_user_mode_loop+0xe9/0x130
[  141.314620][ T6082]  do_syscall_64+0x2bd/0xfa0
[  141.314633][ T6082]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.314644][ T6082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.314652][ T6082]  ? exc_page_fault+0xab/0x100
[  141.314663][ T6082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.314671][ T6082] RIP: 0033:0x7f7da7790a77
[  141.314682][ T6082] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  141.314689][ T6082] RSP: 002b:00007ffd30811628 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  141.314699][ T6082] RAX: 0000000000000000 RBX: 00007f7da7813d7d RCX: 00007f7da7790a77
[  141.314704][ T6082] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd308116e0
[  141.314709][ T6082] RBP: 00007ffd308116e0 R08: 0000000000000000 R09: 0000000000000000
[  141.314713][ T6082] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd30812770
[  141.314718][ T6082] R13: 00007f7da7813d7d R14: 0000000000022790 R15: 00007ffd308127b0
[  141.314734][ T6082]  </TASK>
[  141.314738][ T6082] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  141.485615][ T7904] tipc: Started in network mode
[  141.487771][ T7904] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  141.490862][ T7904] tipc: Enabled bearer <eth:ipvlan1>, priority 2
[  141.717418][ T7913] bridge0: entered promiscuous mode
[  141.719546][ T7913] macvlan2: entered promiscuous mode
[  141.726739][ T7913] bridge0: port 3(macvlan2) entered blocking state
[  141.729022][ T7913] bridge0: port 3(macvlan2) entered disabled state
[  141.731462][ T7913] macvlan2: entered allmulticast mode
[  141.733067][ T7913] bridge0: entered allmulticast mode
[  141.736440][ T7913] macvlan2: left allmulticast mode
[  141.738418][ T7913] bridge0: left allmulticast mode
[  141.741374][ T7913] bridge0: left promiscuous mode
[  141.915846][ T7922] loop3: detected capacity change from 0 to 128
[  142.025309][ T7930] loop3: detected capacity change from 0 to 1024
[  142.028967][ T7930] EXT4-fs: Ignoring removed mblk_io_submit option
[  142.032221][ T7930] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  142.038984][ T7930] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.864: bad orphan inode 11
[  142.042481][ T7930] ext4_test_bit(bit=10, block=4) = 1
[  142.044220][ T7930] is_bad_inode(inode)=0
[  142.045924][ T7930] NEXT_ORPHAN(inode)=3254779904
[  142.047620][ T7930] max_ino=32
[  142.048620][ T7930] i_nlink=0
[  142.051132][ T7930] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.864: lblock 2 mapped to illegal pblock 2 (length 1)
[  142.055742][ T7930] Quota error (device loop3): qtree_write_dquot: dquota write failed
[  142.062976][ T7930] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.864: lblock 0 mapped to illegal pblock 48 (length 1)
[  142.070533][ T7930] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  142.074099][ T7930] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.864: Failed to acquire dquot type 0
[  142.078631][ T7930] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  142.085667][ T7930] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.864: mark_inode_dirty error
[  142.092753][ T7930] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  142.106934][ T7930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.142974][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.149994][ T6082] EXT4-fs error (device loop3): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[  142.154679][ T6082] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  142.162358][ T6082] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[  142.279007][ T7952] bpf: Bad value for 'uid'
[  142.281974][ T7951] loop3: detected capacity change from 0 to 1024
[  142.324549][   T27] hfsplus: b-tree write err: -5, ino 4
[  142.394646][ T7964] veth0: entered promiscuous mode
[  142.397715][ T7964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.880'.
[  142.498474][   T33] tipc: Node number set to 10136234
[  143.257292][ T8001] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048)
[  143.313949][ T8005] loop3: detected capacity change from 0 to 256
[  143.319883][ T8005] FAT-fs (loop3): bogus sectors per cluster 255
[  143.321996][ T8005] FAT-fs (loop3): Can't find a valid FAT filesystem
[  143.617526][ T8016] loop3: detected capacity change from 0 to 128
[  144.023055][   T34] audit: type=1326 audit(1763769320.426:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8017 comm="syz.0.904" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  144.041169][   T34] audit: type=1326 audit(1763769320.446:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8017 comm="syz.0.904" exe="/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  144.058388][   T34] audit: type=1326 audit(1763769320.446:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8017 comm="syz.0.904" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  144.076609][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.905'.
[  144.077226][   T34] audit: type=1326 audit(1763769320.446:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8017 comm="syz.0.904" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  144.079898][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.905'.
[  144.320517][ T8034] pim6reg: entered allmulticast mode
[  144.328920][ T8033] pim6reg: left allmulticast mode
[  144.541077][ T8043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.916'.
[  145.599783][ T8080] loop0: detected capacity change from 0 to 4096
[  145.628308][ T8080] ntfs3(loop0): ino=b, mi_enum_attr
[  145.630696][ T8080] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  145.660865][ T8080] ntfs3(loop0): Failed to load $Extend (-22).
[  145.662837][ T8080] ntfs3(loop0): Failed to initialize $Extend.
[  145.744898][ T8080] ntfs3(loop0): ino=1b, mi_enum_attr
[  145.851206][ T5938] Bluetooth: hci1: unexpected event for opcode 0x0c56
[  145.860698][ T8086] loop0: detected capacity change from 0 to 256
[  147.732423][ T8126] overlayfs: conflicting options: userxattr,redirect_dir=on
[  147.884691][ T8128] pimreg: entered allmulticast mode
[  147.906482][ T8128] pimreg: left allmulticast mode
[  148.331720][ T8141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.962'.
[  148.814279][ T8161] netlink: 24 bytes leftover after parsing attributes in process `syz.3.970'.
[  149.845717][ T8185] loop3: detected capacity change from 0 to 2048
[  149.852415][ T8185] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  150.067327][ T5926] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  150.231395][ T5926] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  150.234168][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.236569][ T5926] usb 1-1: Product: syz
[  150.237996][ T5926] usb 1-1: Manufacturer: syz
[  150.239543][ T5926] usb 1-1: SerialNumber: syz
[  150.245591][ T5926] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  150.269115][ T5926] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  150.722806][ T2281] usb 1-1: USB disconnect, device number 10
[  151.414659][ T5926] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  151.418749][ T5926] ath9k_htc: Failed to initialize the device
[  151.472726][ T2281] usb 1-1: ath9k_htc: USB layer deinitialized
[  151.672793][ T8246] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1004'.
[  151.675710][ T8246] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1004'.
[  151.729948][ T8252] fuse: Bad value for 'fd'
[  151.737052][ T8250] loop3: detected capacity change from 0 to 4096
[  151.934043][ T8260] loop0: detected capacity change from 0 to 4096
[  151.943779][ T8260] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  151.954431][ T8260] ntfs3(loop0): Failed to load $Extend (-22).
[  151.956238][ T8260] ntfs3(loop0): Failed to initialize $Extend.
[  153.532431][ T8313] loop0: detected capacity change from 0 to 512
[  153.538386][ T8313] EXT4-fs (loop0): 1 truncate cleaned up
[  153.542141][ T8313] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.561520][ T8311] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1033: bg 0: block 465: padding at end of block bitmap is not set
[  153.598443][ T5939] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.690698][ T8318] program syz.0.1035 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  153.718351][ T8320] loop0: detected capacity change from 0 to 512
[  153.731630][ T8320] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  153.734750][ T8320] UDF-fs: Scanning with blocksize 512 failed
[  153.744665][ T8320] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  153.750886][ T8320] UDF-fs: Scanning with blocksize 1024 failed
[  153.764727][ T8320] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  153.768208][ T8320] UDF-fs: Scanning with blocksize 2048 failed
[  153.962252][ T8320] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  153.967228][ T8320] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  154.418226][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1041'.
[  154.618854][ T8344] loop0: detected capacity change from 0 to 16
[  154.625619][ T8342] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1046'.
[  154.630689][ T8344] erofs (device loop0): mounted with root inode @ nid 36.
[  154.636229][ T8342] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1046'.
[  154.741189][   T34] audit: type=1326 audit(1763769330.712:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8354 comm="syz.0.1053" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  154.760858][   T34] audit: type=1326 audit(1763769330.712:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8354 comm="syz.0.1053" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  154.786595][   T34] audit: type=1326 audit(1763769330.712:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8354 comm="syz.0.1053" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  154.799801][   T34] audit: type=1326 audit(1763769330.712:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8354 comm="syz.0.1053" exe="/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  154.808700][   T34] audit: type=1326 audit(1763769330.712:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8354 comm="syz.0.1053" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  154.825123][   T34] audit: type=1326 audit(1763769330.712:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8354 comm="syz.0.1053" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0938f749 code=0x7ffc0000
[  155.020953][ T8364] loop3: detected capacity change from 0 to 32768
[  155.025369][ T8364] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1057 (8364)
[  155.034060][ T8364] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.037086][ T8364] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  155.063717][ T8387] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1065'.
[  155.135234][ T8364] BTRFS info (device loop3): enabling ssd optimizations
[  155.140360][ T8364] BTRFS info (device loop3): turning on async discard
[  155.142789][ T8364] BTRFS info (device loop3): enabling free space tree
[  155.182965][ T8364] BTRFS info (device loop3): balance: start -s
[  155.185687][ T8364] BTRFS info (device loop3): left=0, need=98304, flags=2
[  155.188515][ T8364] BTRFS info (device loop3): space_info SYSTEM (sub-group id 0) has 0 free, is not full
[  155.192997][ T8364] BTRFS info (device loop3): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0
[  155.197765][ T8364] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1441792
[  155.200920][ T8364] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0
[  155.203112][ T8364] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0
[  155.205306][ T8364] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0
[  155.207558][ T8364] BTRFS info (device loop3): delayed_refs_rsv: size 0 reserved 0
[  155.225659][ T8364] BTRFS info (device loop3): relocating block group 1048576 flags system
[  155.278740][ T8364] BTRFS info (device loop3): balance: ended with status: 0
[  155.347030][ T6082] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.541874][ T5926] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  155.714132][ T5926] usb 1-1: Using ep0 maxpacket: 16
[  155.721163][ T5926] usb 1-1: config 0 has an invalid interface number: 237 but max is 0
[  155.727724][ T5926] usb 1-1: config 0 has no interface number 0
[  155.729976][ T5926] usb 1-1: config 0 interface 237 has no altsetting 0
[  155.737113][ T5926] usb 1-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad
[  155.740489][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.743442][ T5926] usb 1-1: Product: syz
[  155.751921][ T5926] usb 1-1: Manufacturer: syz
[  155.753779][ T5926] usb 1-1: SerialNumber: syz
[  155.765929][ T5926] usb 1-1: config 0 descriptor??
[  155.780623][ T5926] snd_usb_podhd 1-1:0.237: Line 6 POD HD300 found
[  156.000465][ T5926] snd_usb_podhd 1-1:0.237: cannot get proper max packet size
[  156.019748][ T8441] loop3: detected capacity change from 0 to 128
[  156.021284][ T5926] snd_usb_podhd 1-1:0.237: Line 6 POD HD300 now disconnected
[  156.024749][ T8441] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  156.024940][ T8441] ext4 filesystem being mounted at /315/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  156.035437][ T8441] EXT4-fs error (device loop3): make_indexed_dir:2269: inode #2: block 18: comm syz.3.1087: bad entry in directory: rec_len is smaller than minimal - offset=988, inode=128, rec_len=9, size=1000 fake=0
[  156.047966][ T5926] snd_usb_podhd 1-1:0.237: probe with driver snd_usb_podhd failed with error -22
[  156.057601][ T8441] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.1087: dx entry: limit 0 != root limit 125
[  156.061298][ T8441] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1087: Corrupt directory, running e2fsck is recommended
[  156.090717][ T6082] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  156.220646][ T2281] usb 1-1: USB disconnect, device number 11
[  156.288300][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  156.557739][ T5999] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  156.730995][ T5999] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  156.735958][ T5999] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  156.739518][ T5999] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.744298][ T5999] usb 4-1: config 0 descriptor??
[  156.855528][ T8474] loop0: detected capacity change from 0 to 1024
[  156.858816][ T8474] EXT4-fs: Ignoring removed orlov option
[  156.860904][ T8474] EXT4-fs: inline encryption not supported
[  156.873082][ T8474] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.924851][ T5939] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.130487][ T8484] overlayfs: failed to clone upperpath
[  157.161776][ T8482] loop0: detected capacity change from 0 to 32768
[  157.167449][ T8482] (syz.0.1105,8482,1):ocfs2_verify_heartbeat:839 ERROR: Heartbeat has to be started to mount a read-write clustered device.
[  157.179575][ T5999] dragonrise 0003:0079:0006.0009: unknown main item tag 0x0
[  157.181751][ T5999] dragonrise 0003:0079:0006.0009: unknown main item tag 0x0
[  157.183956][ T5999] dragonrise 0003:0079:0006.0009: unknown main item tag 0x0
[  157.187814][ T8482] (syz.0.1105,8482,1):ocfs2_fill_super:1177 ERROR: status = -22
[  157.194732][ T5999] dragonrise 0003:0079:0006.0009: unknown main item tag 0x0
[  157.198764][ T5999] dragonrise 0003:0079:0006.0009: unknown main item tag 0x0
[  157.205015][ T5999] dragonrise 0003:0079:0006.0009: hidraw0: USB HID v1.02 Device [HID 0079:0006] on usb-dummy_hcd.3-1/input0
[  157.209426][ T5999] dragonrise 0003:0079:0006.0009: no inputs found
[  157.215588][ T5999] dragonrise 0003:0079:0006.0009: force feedback init failed
[  157.338535][ T8493] sch_tbf: burst 20480 is lower than device lo mtu (65550) !
[  157.394658][ T5999] usb 4-1: USB disconnect, device number 12
[  157.701717][ T2281] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  157.859683][ T8498] ip6erspan0: entered allmulticast mode
[  157.875845][ T2281] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  157.883409][ T2281] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  157.886928][ T2281] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  157.892658][ T2281] usb 1-1: config 1 has no interface number 0
[  157.894924][ T2281] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  157.899319][ T2281] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  157.903582][ T2281] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  157.906312][ T2281] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.912745][ T2281] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  158.484599][ T8522] loop3: detected capacity change from 0 to 32768
[  158.493571][ T8522] jbd2_journal_init_inode: Cannot locate journal superblock
[  158.496148][ T8522] (syz.3.1124,8522,0):ocfs2_journal_init:973 ERROR: Linux journal layer error
[  158.499425][ T8522] (syz.3.1124,8522,0):ocfs2_check_volume:2347 ERROR: Could not initialize journal!
[  158.502951][ T8522] (syz.3.1124,8522,0):ocfs2_check_volume:2432 ERROR: status = -22
[  158.506132][ T8522] (syz.3.1124,8522,0):ocfs2_mount_volume:1764 ERROR: status = -22
[  158.510184][ T2281] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[  158.511250][ T8522] (syz.3.1124,8522,0):ocfs2_fill_super:1177 ERROR: status = -22
[  158.753547][ T8524] loop0: detected capacity change from 0 to 1024
[  158.757116][ T8524] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  159.628978][   T33] snd_usb_pod 1-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  159.955653][ T8576] netlink: 'syz.4.1147': attribute type 2 has an invalid length.
[  160.609768][    T9] usb 1-1: USB disconnect, device number 12
[  160.625374][    T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  160.770594][ T8599] loop0: detected capacity change from 0 to 32768
[  160.773834][ T8599] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1157 (8599)
[  160.779426][ T8599] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  160.782795][ T8599] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  160.798381][ T8599] BTRFS info (device loop0): enabling ssd optimizations
[  160.800738][ T8599] BTRFS info (device loop0): turning on async discard
[  160.803478][ T8599] BTRFS info (device loop0): enabling free space tree
[  160.835762][ T5939] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  161.039034][ T8618] loop0: detected capacity change from 0 to 64
[  161.063976][   T34] audit: type=1800 audit(1763769336.622:29): pid=8618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1158" name="file1" dev="loop0" ino=5 res=0 errno=0
[  161.110519][ T8622] loop3: detected capacity change from 0 to 1024
[  161.114227][ T8622] EXT4-fs: Ignoring removed orlov option
[  161.116652][ T8622] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  161.139912][ T8622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.171789][ T8631] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1164'.
[  161.185695][ T8631] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1164'.
[  161.199003][ T6082] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.987903][ T5938] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1
[  162.991216][ T8661] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1177'.
[  162.992083][ T5938] Bluetooth: hci1: unexpected event for opcode 0x203e
[  163.193416][ T8675] loop3: detected capacity change from 0 to 256
[  163.196752][ T8675] exfat: Deprecated parameter 'namecase'
[  163.205509][ T8675] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x8d1bf2bd, utbl_chksum : 0xe619d30d)
[  165.036415][ T8702] binfmt_misc: register: failed to install interpreter file ./file0
[  165.549958][ T5999] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  165.712656][ T5999] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.716250][ T5999] usb 1-1: config 0 interface 0 has no altsetting 0
[  165.718867][ T5999] usb 1-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00
[  165.722262][ T5999] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.727495][ T5999] usb 1-1: config 0 descriptor??
[  166.351333][ T5999] zeroplus 0003:0C12:0005.000A: unknown global tag 0xe
[  166.354089][ T5999] zeroplus 0003:0C12:0005.000A: item 0 0 1 14 parsing failed
[  166.357439][ T5999] zeroplus 0003:0C12:0005.000A: parse failed
[  166.359759][ T5999] zeroplus 0003:0C12:0005.000A: probe with driver zeroplus failed with error -22
[  166.475069][ T8719] loop3: detected capacity change from 0 to 128
[  166.483219][ T8719] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  166.487645][ T8719] ext4 filesystem being mounted at /361/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  166.491755][ T8719] EXT4-fs warning (device loop3): verify_group_input:137: Cannot add at group 127 (only 1 groups)
[  167.043072][ T6159] usb 1-1: USB disconnect, device number 13
[  167.307470][ T6082] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  167.311826][ T8729] loop0: detected capacity change from 0 to 16384
[  167.339358][ T5938] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  167.345061][ T5938] Bluetooth: hci1: Injecting HCI hardware error event
[  167.352379][ T5938] Bluetooth: hci1: hardware error 0x00
[  167.370265][ T8732] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  167.848836][ T6159] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  168.013589][ T6159] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  168.017069][ T6159] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.179001][ T6159] usb 4-1: config 0 descriptor??
[  168.671367][ T6159] ath6kl: Failed to submit usb control message: -71
[  168.674307][ T6159] ath6kl: unable to send the bmi data to the device: -71
[  168.677162][ T6159] ath6kl: Unable to send get target info: -71
[  168.689973][ T6159] ath6kl: Failed to init ath6kl core: -71
[  168.694749][ T6159] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  168.713116][ T6159] usb 4-1: USB disconnect, device number 13
[  169.559561][ T5938] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  169.614800][ T8774] netlink: 'syz.0.1223': attribute type 2 has an invalid length.
[  169.620033][ T8774] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1223'.
[  169.899894][ T8772] loop3: detected capacity change from 0 to 32768
[  169.917511][ T8772] add_index: next_index = 0.  Resetting!
[  169.919991][ T8772] non-latin1 character 0x3ff found in JFS file name
[  169.927789][ T8772] mount with iocharset=utf8 to access
[  170.069577][ T8791] loop0: detected capacity change from 0 to 136
[  170.217337][ T8795] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  170.219931][ T8795] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  170.222496][ T8795] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  170.225007][ T8795] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  170.227356][ T8795] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  170.229973][ T8795] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  170.234061][ T8795] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  170.236607][ T8795] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  170.239369][ T8795] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  170.241332][ T8795] comedi comedi3: 8255: I/O port conflict (0x13352f60,4)
[  170.396222][ T8804] loop0: detected capacity change from 0 to 4096
[  170.742648][ T8822] loop3: detected capacity change from 0 to 256
[  170.755828][ T8822] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f3f, chksum : 0x23ae2a4b, utbl_chksum : 0xe619d30d)
[  170.778846][   T34] audit: type=1800 audit(1763769345.694:30): pid=8822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1246" name="file1" dev="loop3" ino=1048650 res=0 errno=0
[  171.775755][ T8854] loop3: detected capacity change from 0 to 32768
[  171.782754][ T8854] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1261 (8854)
[  171.791920][ T8854] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  171.796576][ T8854] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  171.800147][ T8854] BTRFS error (device loop3): cannot disable free-space-tree
[  171.803090][ T8854] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  171.812244][ T8854] BTRFS error (device loop3): open_ctree failed: -22
[  171.978245][ T8866] loop0: detected capacity change from 0 to 1024
[  172.027118][  T162] hfsplus: b-tree write err: -5, ino 4
[  172.300320][ T8885] netlink: 'syz.4.1276': attribute type 1 has an invalid length.
[  173.162440][ T8905] loop3: detected capacity change from 0 to 32768
[  173.169984][ T8905] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1285 (8905)
[  173.177698][ T8905] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  173.181649][ T8905] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  173.211529][ T8905] BTRFS info (device loop3): enabling ssd optimizations
[  173.214161][ T8905] BTRFS info (device loop3): turning on async discard
[  173.217677][ T8905] BTRFS info (device loop3): enabling free space tree
[  173.233211][ T8905] BTRFS info (device loop3): Snapshot src from another FS
[  173.260012][ T6082] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  173.581380][ T8946] netlink: 'syz.0.1295': attribute type 1 has an invalid length.
[  173.583831][ T8946] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1295'.
[  173.595740][ T8946] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1295'.
[  173.934358][ T8977] netlink: 'syz.3.1310': attribute type 1 has an invalid length.
[  173.948806][ T8979] nfs: Unknown parameter 'ntext'
[  174.052994][ T8987] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1315'.
[  174.077643][ T8990] loop0: detected capacity change from 0 to 512
[  174.080907][ T8990] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  174.095818][ T8990] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.1316: bad orphan inode 15
[  174.100432][ T8990] ext4_test_bit(bit=14, block=18) = 1
[  174.102152][ T8990] is_bad_inode(inode)=0
[  174.103658][ T8990] NEXT_ORPHAN(inode)=1023
[  174.107008][ T8990] max_ino=32
[  174.108324][ T8990] i_nlink=0
[  174.115389][ T8990] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  174.119916][ T8990] ext2 filesystem being mounted at /339/qY3aK supports timestamps until 2038-01-19 (0x7fffffff)
[  174.162582][ T5939] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  174.211974][ T8998] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  174.216514][ T9000] trusted_key: encrypted_key: master key parameter is missing
[  174.297853][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1323'.
[  174.300557][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1323'.
[  174.346444][ T9008] loop0: detected capacity change from 0 to 128
[  174.354778][ T9008] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  174.358992][ T9008] ext4 filesystem being mounted at /343/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  174.385359][ T5939] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  174.509783][ T9015] loop0: detected capacity change from 0 to 1024
[  174.525573][ T9015] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.560430][ T5939] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.722084][ T9022] loop0: detected capacity change from 0 to 1024
[  174.725904][ T9022] EXT4-fs: Ignoring removed nomblk_io_submit option
[  174.728689][ T9022] ext4: Unknown parameter 'appraise'
[  175.002516][ T5926] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  175.113042][ T5938] Bluetooth: hci2: unexpected event for opcode 0x200c
[  175.164413][ T5926] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  175.172412][ T5926] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  175.183285][ T5926] usb 1-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8
[  175.189433][ T5926] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  175.194752][ T5926] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  175.218573][ T5926] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  175.222407][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.225680][ T5926] usb 1-1: Product: syz
[  175.231396][ T5926] usb 1-1: Manufacturer: syz
[  175.247902][ T5926] usb 1-1: SerialNumber: syz
[  175.267610][ T9022] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  175.382598][ T9053] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1344'.
[  175.394875][ T9055] loop3: detected capacity change from 0 to 256
[  175.399911][ T9055] exfat: Deprecated parameter 'namecase'
[  175.412382][ T9055] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  175.426389][   T34] audit: type=1800 audit(1763769350.053:31): pid=9055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1345" name="file1" dev="loop3" ino=1048651 res=0 errno=0
[  175.499341][ T9022] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  175.502349][ T9022] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  175.509548][ T9063] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  175.512289][ T9063] IPv6: NLM_F_CREATE should be set when creating new route
[  175.562319][ T9061] loop3: detected capacity change from 0 to 4096
[  175.569237][ T9061] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  175.584401][ T9061] ntfs3(loop3): volume is dirty and "force" flag is not set!
[  175.684093][ T9071] netlink: 'syz.4.1353': attribute type 4 has an invalid length.
[  175.715626][   T24] lo speed is unknown, defaulting to 1000
[  175.717898][   T24] syz2: Port: 1 Link DOWN
[  175.729853][ T9071] netlink: 'syz.4.1353': attribute type 4 has an invalid length.
[  175.743742][ T5999] lo speed is unknown, defaulting to 1000
[  175.746172][ T5999] syz2: Port: 1 Link ACTIVE
[  175.999607][ T9091] netlink: 'syz.3.1363': attribute type 49 has an invalid length.
[  176.165372][ T9022] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  176.168816][ T9022] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  176.317310][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  176.389682][ T5926] cdc_ncm 1-1:1.0: bind() failure
[  176.396203][ T5926] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  176.399410][ T5926] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  176.404456][ T5926] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  176.410750][ T5926] usb 1-1: USB disconnect, device number 14
[  176.499258][    T9] usb 4-1: Using ep0 maxpacket: 16
[  176.503150][    T9] usb 4-1: config 0 has an invalid interface number: 231 but max is 0
[  176.505550][    T9] usb 4-1: config 0 has no interface number 0
[  176.507608][    T9] usb 4-1: New USB device found, idVendor=0411, idProduct=006e, bcdDevice=c1.05
[  176.510834][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.514943][    T9] usb 4-1: config 0 descriptor??
[  176.518672][    T9] asix 4-1:0.231: probe with driver asix failed with error -22
[  176.746761][ T9095] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.760007][ T9095] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  177.178076][ T9115] loop0: detected capacity change from 0 to 128
[  177.191522][ T9115] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  177.197139][ T9115] hpfs: filesystem error: improperly stopped
[  177.199569][ T9115] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  177.202580][ T9115] hpfs: You really don't want any checks? You are crazy...
[  177.205959][ T9115] hpfs: hpfs_map_sector(): read error
[  177.208158][ T9115] hpfs: code page support is disabled
[  177.211958][ T9115] hpfs: hpfs_map_4sectors(): unaligned read
[  177.214439][ T9115] hpfs: hpfs_map_4sectors(): unaligned read
[  177.217108][ T9115] hpfs: filesystem error: unable to find root dir
[  177.442975][ T9123] netlink: 'syz.0.1377': attribute type 1 has an invalid length.
[  177.497728][ T9126] loop0: detected capacity change from 0 to 2048
[  177.570112][ T9127] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.111203][ T9166] netlink: 'syz.0.1395': attribute type 1 has an invalid length.
[  178.124424][ T9166] netlink: 'syz.0.1395': attribute type 4 has an invalid length.
[  178.128342][ T9166] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.1395'.
[  178.199352][ T9170] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1398'.
[  179.275514][    T9] usb 4-1: USB disconnect, device number 14
[  179.719744][ T9198] process 'syz.4.1410' launched './file2' with NULL argv: empty string added
[  180.091079][ T9221] loop0: detected capacity change from 0 to 2048
[  180.094210][ T9221] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[  180.099081][ T9221] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  180.177481][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1423'.
[  180.209343][ T6159] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  180.372008][ T6159] usb 4-1: config 8 has an invalid interface number: 102 but max is 0
[  180.374681][ T6159] usb 4-1: config 8 has no interface number 0
[  180.376940][ T6159] usb 4-1: config 8 interface 102 altsetting 127 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  180.383262][ T6159] usb 4-1: config 8 interface 102 has no altsetting 0
[  180.385450][ T6159] usb 4-1: New USB device found, idVendor=04e8, idProduct=a101, bcdDevice=c7.ae
[  180.388168][ T6159] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.393930][ T6159] r8152-cfgselector 4-1: Unknown version 0x0000
[  180.396081][ T9237] loop0: detected capacity change from 0 to 256
[  180.400817][ T9237] exfat: Deprecated parameter 'utf8'
[  180.411288][ T9237] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  180.624112][ T6159] r8152-cfgselector 4-1: string descriptor 0 read error: -71
[  180.627074][ T6159] r8152 4-1:8.102: Expected endpoints are not found
[  180.631676][ T6159] r8152-cfgselector 4-1: USB disconnect, device number 15
[  180.828691][ T9247] warning: `syz.4.1434' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  181.176093][ T9260] loop0: detected capacity change from 0 to 512
[  181.178761][ T9260] EXT4-fs: Ignoring removed i_version option
[  181.180996][ T9260] EXT4-fs: Ignoring removed bh option
[  181.211831][ T9260] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.215966][ T9260] ext4 filesystem being mounted at /380/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  181.871868][ T9267] loop3: detected capacity change from 0 to 131072
[  181.878104][ T9267] F2FS-fs (loop3): Test dummy encryption mode enabled
[  181.882975][ T9267] F2FS-fs (loop3): invalid crc value
[  181.925163][ T9267] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  181.928631][ T9267] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  182.042656][ T5939] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.048410][ T9267] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  182.282907][ T9300] loop0: detected capacity change from 0 to 512
[  182.288187][ T9300] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  182.293640][ T9300] EXT4-fs (loop0): 1 truncate cleaned up
[  182.297298][ T9300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.306007][ T9300] EXT4-fs error (device loop0): ext4_empty_dir:3120: inode #2: block 13: comm syz.0.1454: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  182.314432][ T9300] EXT4-fs (loop0): Remounting filesystem read-only
[  182.319811][ T9300] overlayfs: failed to create directory ./bus/work (errno: 30); mounting read-only
[  182.322963][ T9300] overlayfs: failed to set uuid (/file0, err=-30); falling back to uuid=null.
[  182.545085][ T6976] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.613438][ T5662] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  182.621618][ T5662] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.696432][ T5662] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  182.699459][ T5662] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.775792][ T5662] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  182.788881][ T5662] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.791365][ T5937] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  182.800278][ T5937] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  182.804118][ T5937] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  182.807003][ T5937] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  182.815596][ T5937] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  182.861473][ T5662] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  182.865118][ T5662] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.877460][ T9331] lo speed is unknown, defaulting to 1000
[  182.883314][ T5926] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  183.042287][ T5662] bridge_slave_1: left allmulticast mode
[  183.045297][ T5662] bridge_slave_1: left promiscuous mode
[  183.047594][ T5662] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.057691][ T5662] bridge_slave_0: left allmulticast mode
[  183.058943][ T5926] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  183.059836][ T5662] bridge_slave_0: left promiscuous mode
[  183.062671][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.065323][ T5662] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.075813][ T5926] usb 4-1: Product: syz
[  183.077206][ T5926] usb 4-1: Manufacturer: syz
[  183.078622][ T5926] usb 4-1: SerialNumber: syz
[  183.085338][ T5926] usb 4-1: config 0 descriptor??
[  183.596710][ T5926] gspca_main: sunplus-2.14.0 probing 055f:c230
[  183.873138][ T5662] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  183.877374][ T5662] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  183.881152][ T5662] bond0 (unregistering): Released all slaves
[  183.887756][ T9331] chnl_net:caif_netlink_parms(): no params data found
[  184.030909][ T9331] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.033810][ T9331] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.036757][ T9331] bridge_slave_0: entered allmulticast mode
[  184.041289][ T9331] bridge_slave_0: entered promiscuous mode
[  184.045646][ T9331] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.057705][ T9331] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.062816][ T9331] bridge_slave_1: entered allmulticast mode
[  184.070792][ T9331] bridge_slave_1: entered promiscuous mode
[  184.125789][ T9331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.145948][ T9331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.204233][ T9331] team0: Port device team_slave_0 added
[  184.215465][ T9331] team0: Port device team_slave_1 added
[  184.255091][ T9331] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.257282][ T9331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  184.270254][ T9331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.277999][ T9331] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.280851][ T9331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  184.290505][ T9331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.299429][ T5662] hsr_slave_0: left promiscuous mode
[  184.301674][ T5662] hsr_slave_1: left promiscuous mode
[  184.304012][ T5662] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  184.308609][ T5662] batman_adv: batadv0: Removing interface: batadv_slave_0
[  184.312496][ T5662] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  184.315241][ T5662] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.329494][ T5662] veth1_macvtap: left promiscuous mode
[  184.333114][ T5662] veth0_macvtap: left promiscuous mode
[  184.335053][ T5662] veth1_vlan: left promiscuous mode
[  184.336671][ T5662] veth0_vlan: left promiscuous mode
[  184.785429][ T5662] team0 (unregistering): Port device team_slave_1 removed
[  184.824544][ T5662] team0 (unregistering): Port device team_slave_0 removed
[  184.899274][ T9357] netlink: 'syz.4.1470': attribute type 6 has an invalid length.
[  185.038593][ T5938] Bluetooth: hci1: command tx timeout
[  185.254251][ T9331] hsr_slave_0: entered promiscuous mode
[  185.256756][ T9331] hsr_slave_1: entered promiscuous mode
[  185.455953][ T9331] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  185.465693][ T9331] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  185.470485][ T9331] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  185.477651][ T9331] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  185.551022][ T9331] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.572795][ T9331] 8021q: adding VLAN 0 to HW filter on device team0
[  185.580515][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.583133][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.602749][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.605516][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.839423][ T9331] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.870422][ T9371] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303
[  185.880366][    T9] usb 4-1: USB disconnect, device number 16
[  185.922311][ T5662] ------------[ cut here ]------------
[  185.924862][ T5662] WARNING: CPU: 0 PID: 5662 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x26d/0x2f0
[  185.928424][ T5662] Modules linked in:
[  185.930569][ T5662] CPU: 0 UID: 0 PID: 5662 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  185.934334][ T5662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  185.938584][ T5662] Workqueue: netns cleanup_net
[  185.940387][ T5662] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[  185.942989][ T5662] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3b df 39 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d9 8c 19 f8 e8 84 e6 d3 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 76 e6 d3 f7 90 0f 0b 90 e9 60 fe ff ff
[  185.950021][ T5662] RSP: 0018:ffffc90003b37878 EFLAGS: 00010293
[  185.952786][ T5662] RAX: ffffffff89ec32cc RBX: ffff88811042a480 RCX: ffff888169ec3a00
[  185.956253][ T5662] RDX: 0000000000000000 RSI: ffffffff8d8f58de RDI: ffff888169ec3a00
[  185.959229][ T5662] RBP: ffffc90003b37990 R08: ffffffff8f7cf777 R09: 1ffffffff1ef9eee
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  185.962173][ T5662] R10: dffffc0000000000 R11: fffffbfff1ef9eef R12: ffffffff8f3c7940
[  185.968973][ T5662] R13: 1ffff92000766f3c R14: ffff88811042b940 R15: dffffc0000000000
[  185.972429][ T5662] FS:  0000000000000000(0000) GS:ffff88818eb36000(0000) knlGS:0000000000000000
[  185.976379][ T5662] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  185.978917][ T5662] CR2: 00007f8f62d67068 CR3: 000000000dd38000 CR4: 00000000000006f0
[  185.981687][ T5662] Call Trace:
[  185.982964][ T5662]  <TASK>
[  185.984124][ T5662]  xfrm_net_exit+0x2d/0x70
[  185.985933][ T5662]  ops_undo_list+0x49a/0x990
[  185.987601][ T5662]  ? __pfx_ops_undo_list+0x10/0x10
[  185.989332][ T5662]  ? do_raw_spin_unlock+0x4d/0x240
[  185.991136][ T5662]  cleanup_net+0x4d8/0x820
[  185.992739][ T5662]  ? __pfx_cleanup_net+0x10/0x10
[  185.994470][ T5662]  ? _raw_spin_unlock_irq+0x23/0x50
[  185.996838][ T5662]  ? process_scheduled_works+0x9ef/0x17b0
[  185.998831][ T5662]  ? process_scheduled_works+0x9ef/0x17b0
[  186.000909][ T5662]  process_scheduled_works+0xae1/0x17b0
[  186.002873][ T5662]  ? __pfx_process_scheduled_works+0x10/0x10
[  186.005020][ T5662]  worker_thread+0x8a0/0xda0
[  186.007265][ T5662]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  186.009742][ T5662]  ? __kthread_parkme+0x7b/0x200
[  186.011504][ T5662]  kthread+0x711/0x8a0
[  186.012923][ T5662]  ? __pfx_worker_thread+0x10/0x10
[  186.014592][ T5662]  ? __pfx_kthread+0x10/0x10
[  186.016129][ T5662]  ? _raw_spin_unlock_irq+0x23/0x50
[  186.018049][ T5662]  ? lockdep_hardirqs_on+0x9c/0x150
[  186.019947][ T5662]  ? __pfx_kthread+0x10/0x10
[  186.021512][ T5662]  ret_from_fork+0x4bc/0x870
[  186.023176][ T5662]  ? __pfx_ret_from_fork+0x10/0x10
[  186.025018][ T5662]  ? __switch_to_asm+0x39/0x70
[  186.026682][ T5662]  ? __switch_to_asm+0x33/0x70
[  186.028756][ T5662]  ? __pfx_kthread+0x10/0x10
[  186.030480][ T5662]  ret_from_fork_asm+0x1a/0x30
[  186.033762][ T5662]  </TASK>
[  186.034913][ T5662] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  186.037584][ T5662] CPU: 0 UID: 0 PID: 5662 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  186.040983][ T5662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  186.044695][ T5662] Workqueue: netns cleanup_net
[  186.046485][ T5662] Call Trace:
[  186.047732][ T5662]  <TASK>
[  186.048827][ T5662]  dump_stack_lvl+0x99/0x250
[  186.050496][ T5662]  ? __asan_memcpy+0x40/0x70
[  186.052212][ T5662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.054156][ T5662]  ? __pfx__printk+0x10/0x10
[  186.055898][ T5662]  vpanic+0x237/0x6d0
[  186.057364][ T5662]  ? __pfx_vpanic+0x10/0x10
[  186.059011][ T5662]  panic+0xb9/0xc0
[  186.060450][ T5662]  ? __pfx_panic+0x10/0x10
[  186.062120][ T5662]  __warn+0x31b/0x4b0
[  186.063646][ T5662]  ? xfrm_state_fini+0x26d/0x2f0
[  186.065507][ T5662]  ? xfrm_state_fini+0x26d/0x2f0
[  186.067345][ T5662]  report_bug+0x2be/0x4f0
[  186.068984][ T5662]  ? xfrm_state_fini+0x26d/0x2f0
[  186.070844][ T5662]  ? xfrm_state_fini+0x26d/0x2f0
[  186.072750][ T5662]  ? xfrm_state_fini+0x26f/0x2f0
[  186.074628][ T5662]  handle_bug+0x84/0x160
[  186.076248][ T5662]  exc_invalid_op+0x1a/0x50
[  186.078002][ T5662]  asm_exc_invalid_op+0x1a/0x20
[  186.079887][ T5662] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[  186.082028][ T5662] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3b df 39 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d9 8c 19 f8 e8 84 e6 d3 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 76 e6 d3 f7 90 0f 0b 90 e9 60 fe ff ff
[  186.089079][ T5662] RSP: 0018:ffffc90003b37878 EFLAGS: 00010293
[  186.091256][ T5662] RAX: ffffffff89ec32cc RBX: ffff88811042a480 RCX: ffff888169ec3a00
[  186.094101][ T5662] RDX: 0000000000000000 RSI: ffffffff8d8f58de RDI: ffff888169ec3a00
[  186.096919][ T5662] RBP: ffffc90003b37990 R08: ffffffff8f7cf777 R09: 1ffffffff1ef9eee
[  186.099913][ T5662] R10: dffffc0000000000 R11: fffffbfff1ef9eef R12: ffffffff8f3c7940
[  186.102839][ T5662] R13: 1ffff92000766f3c R14: ffff88811042b940 R15: dffffc0000000000
[  186.105782][ T5662]  ? xfrm_state_fini+0x26c/0x2f0
[  186.107585][ T5662]  ? xfrm_state_fini+0x26c/0x2f0
[  186.109464][ T5662]  xfrm_net_exit+0x2d/0x70
[  186.111130][ T5662]  ops_undo_list+0x49a/0x990
[  186.112877][ T5662]  ? __pfx_ops_undo_list+0x10/0x10
[  186.114775][ T5662]  ? do_raw_spin_unlock+0x4d/0x240
[  186.116777][ T5662]  cleanup_net+0x4d8/0x820
[  186.118482][ T5662]  ? __pfx_cleanup_net+0x10/0x10
[  186.120354][ T5662]  ? _raw_spin_unlock_irq+0x23/0x50
[  186.122338][ T5662]  ? process_scheduled_works+0x9ef/0x17b0
[  186.124488][ T5662]  ? process_scheduled_works+0x9ef/0x17b0
[  186.126697][ T5662]  process_scheduled_works+0xae1/0x17b0
[  186.128782][ T5662]  ? __pfx_process_scheduled_works+0x10/0x10
[  186.131002][ T5662]  worker_thread+0x8a0/0xda0
[  186.133354][ T5662]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  186.135735][ T5662]  ? __kthread_parkme+0x7b/0x200
[  186.137592][ T5662]  kthread+0x711/0x8a0
[  186.139157][ T5662]  ? __pfx_worker_thread+0x10/0x10
[  186.141068][ T5662]  ? __pfx_kthread+0x10/0x10
[  186.142758][ T5662]  ? _raw_spin_unlock_irq+0x23/0x50
[  186.144744][ T5662]  ? lockdep_hardirqs_on+0x9c/0x150
[  186.146673][ T5662]  ? __pfx_kthread+0x10/0x10
[  186.148332][ T5662]  ret_from_fork+0x4bc/0x870
[  186.150062][ T5662]  ? __pfx_ret_from_fork+0x10/0x10
[  186.151992][ T5662]  ? __switch_to_asm+0x39/0x70
[  186.153862][ T5662]  ? __switch_to_asm+0x33/0x70
[  186.155672][ T5662]  ? __pfx_kthread+0x10/0x10
[  186.157395][ T5662]  ret_from_fork_asm+0x1a/0x30
[  186.159164][ T5662]  </TASK>
[  186.160955][ T5662] Kernel Offset: disabled
[  186.162496][ T5662] Rebooting in 86400 seconds..
