last executing test programs:

3m55.960685784s ago: executing program 2 (id=692):
r0 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r0, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

3m55.858813737s ago: executing program 2 (id=693):
r0 = socket(0x2000000015, 0x80005, 0x0)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
recvfrom$packet(r0, 0x0, 0x0, 0x40000022, 0x0, 0x0)

3m55.787327059s ago: executing program 2 (id=696):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x10104a8, 0x0, 0x81, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x20020, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]})

3m55.773585287s ago: executing program 2 (id=697):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000880)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@noauto_da_alloc}]}, 0x7, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setresuid(r0, r0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')

3m55.698245674s ago: executing program 2 (id=698):
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x5, &(0x7f0000000000)=0x9, 0x8, 0x0)
mremap(&(0x7f00003dc000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000042c000/0x3000)=nil)

3m55.373103195s ago: executing program 2 (id=699):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private=0xa010101, @in=@empty, 0x0, 0xbf, 0x0, 0x0, 0x2}, {0xfffffffffffffffb, 0xfffffffffffffffd, 0x1}, {0x0, 0x0, 0x4, 0x2}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x0, 0x32}, 0x0, @in=@broadcast, 0x0, 0x3, 0x1, 0x0, 0xf000000, 0x6}}, 0xe8)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)

3m55.260843303s ago: executing program 32 (id=699):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private=0xa010101, @in=@empty, 0x0, 0xbf, 0x0, 0x0, 0x2}, {0xfffffffffffffffb, 0xfffffffffffffffd, 0x1}, {0x0, 0x0, 0x4, 0x2}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x0, 0x32}, 0x0, @in=@broadcast, 0x0, 0x3, 0x1, 0x0, 0xf000000, 0x6}}, 0xe8)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)

6.911243023s ago: executing program 3 (id=2947):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x8)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x7f)

6.849440387s ago: executing program 3 (id=2948):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x8)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000010600)='./file0\x00', 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c66617374626f6f742c746573745f64756d6d795f656e6372797074696f6e2c6673796e635f6d6f64653d7374726963742c00200da779e57c52e33a83fdbd563a5b7c6b958cb6e49387a5ba5a89b0887c0292eb888cc8efa81040100dc3ba748033542625bc334eaf793332891541000f3c63c0a5f0af254a5bd1f4b81d0c5188ddcadf07eff7b49004e0b243a8a4d93632fbe9ab868d88310829d8e04a3c0572143a3d3d1472cc5da6f72bb097f5f7b95a09e442c0a1463aaa90db7dcbc542dc5bced278eda11583f810469b706968e793db3230"], 0x1, 0x1059a, &(0x7f0000010640)="$eJzs3M1rI2UcB/Bftu6r61pkX/TkgAgNmNC03aIgUnUXXbBL8eXgSdNkGrKbZEqTvrhnPemf4FUQ8ebf4MV/Y/EgeBK8rSiZmcpW96A226zbzwem32eePPPL84RcnkyZAI6t2eTXXypxIc5GxExEnI/I25XyyK0U8WxEPB8RJ+47KmX/nx2nIuJcRFwYFy9qVsqXln+7e++r5268+vk3d6uNn77+cnqrBqbtxYjobxbt3X6RWafIW2V/c6ebZ39pp8zihf7t8jwrcjddzyvsNvfHNfNc7BTjs83t4Tg3es3WODvdjbx/c1C84XCns18nv+BWcys/b6freXaHWZ6dO8W89sq8MxwVddplvU/y8jEa7WfRn+6lxXo2b+fZGozK/qJu1k73xrlTZvl20cp67Xwe6//5Y37kvdMdbO8lO+nWsJsNkqv1xsv1xnKtsZW101G6VGv228tLyVynNx5WG6XN/konyzq9tN7K+tVkrtNq1RqNZO5aut5tDpJGo75Yn69drZatl5K3bn6Q9NrJ3Djf6A62R93eMNnItpLiimqyUF98pZq80EjeW11L1t69fn117f2Prn148/XVG2+Wg/42rWRuYX5hodaYry00qtZ/GJXDXc5x5wsE8K/Z/wPTYP9v/x/2v8d+/bZvHIovEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAsfXjye/ezhuzxfmTZf9TZdczEXElIi5HxKWI+P0BZuLUgZoXI6JSth80/uRf5vB9JfIK42tOl8e5iFgpj3tPP+xPAQAAAB5f3/7w6WcRM+Nm/ue1aU+Io1T+aHNmUvXyn3yemFS1i3mxvQlVu7RfciIuR8TJ2Z8nVO1KRJw4//GEqv0jMwfizH1RKeLEUc4GAAA4Ggd3AhPbvQEAAPDI+WLaE2A68vu15f/il/eCTxdR3hA8e+AMAAAA+B+qTHsCAAAAwEOX7/89/w8AAAAeb8Xz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YuZfcNGI4DsB/oFPoS0UVj6uwqrpkwSF6hC57gPY22XGGSIhzkF2OEEHEjIMyhN2YAZHvkwbbI/jJRmJhmzEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACc00OxnN+t//1vmrPdNZNnNAAAAMApm2I5LyvDqv0l3f+Wbv2IiGlETCJiHBGn5u69+FjLHEVEJ9VPvb846sN9RJmw/0w/XZ8j4le6nr6f+1sAAACA27VezRYRvX21fPl5qPEOpEWbQa68csnnQ660URn2N1Pa+CUyi0lEFMPHTGnTiOh+/Z1arfz+erVi8KroVEW3jV4AAADtqs8Ess3eAAAAuDp/Lt0BLqPcr03/xU97wf2qSBuCn2otAAAA4HodP21/0Gm3HwAAAMAFlPP/N+f/pVUB5/8BAADAbajO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCcNsVyvl7NFk1ztrtm8owGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntmfdxQIgTAIg73r+06D9z+WNGhqalIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALz53V/+T0yNM8nca2PpeSRZOzW2To29c+PoD+Pr1wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzP3QmEQBCEwb7zP6fF/MOSBo1BhCpY+JhhHhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GIHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgr7c2+bMBDGcfi1kyhxm4yQ3uJjBhoqBCPwISFZ8gwMwEI0VLQWi8AKIOCgpTMFz9P8fzpdcQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+n09MZHRGSfj8wjH67+DpeDr8jXTTP4vma2Oe7rn1tOtrtRyt8Y/xcRUUTWwm8AANpX3jfFYlnNO2m7aXtp+2nLaV3NXvloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzuzcsWpTURgA4JOkiVYnRyuI4KCLjU2sRsjiUOguCLqFNpZiqpJmaEuXPoHo5Oor2E1fwRcQHLTg4NBBwUUQJclNeoJBUoR7Q/0++O/9c4dzz8kQ+O9/bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgWA73wtlBngshzM0c5V3vv+6ujDu/ffZhbhBf7ry5GI/ZHaIYQni43mpeT3Et025ze+dRo9VqtiUSiWSYZP3LBADASVNMolvXfyruL3ev5eoh/Ho1Wv9fifLwl/r/88vzFwbxc+tdJ75XXP8vpLbC6VfubDwtb27vXFvfaKw115qPq9XK4s3FG7dvVcq9ZyVlT0wAAAD4N6Uk4vo/X/+z/38mysOE9f+9pQf343sV1P9jHTX9sp4JAADA/+3cpe/fcmOu50qlsNXodNoL/ePwc6V/zGCqx3Yqibj+L9SznhUAAACQhsO93Ej/fzXKw4T9//nXuwfxmIUQwmzS/59fedJaTW85Uy2N14mzXiMAAADZmk0i7v8Xe/v/88MtD/kQwtXL/Tz5G8CJ6v+PL+6OvLQe7/+vprfEqZSv9b+P3rkWwkwt6xkBAABwkp1OolvsHxT3l9s/ni+V7P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf7NgxSgNBFAbgzW5WKzFgpVZeQLSzClgIYuMhREHwBCKIBxBbS+9g6R1SK9hYWKbwBvJmd1TSBCx2lXwfTN4jDJmXSZN/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgrun+d1/Fy6jpy/a954+rk6gvMzW8369vxop+0OXQ/9Bgr+8JAAAAWARVzvdFUbzVj4dRy3HK/3XeE5n/YaXpc56fzf25Pt29buT8f328dfl10Kg5Jz707PzidKezb/j3rc7dMUw3n569VOkHKY9u1qZ1us/B7WRysJTa5S6mBQB+YzvXtsn/h6Lu9jkYAAtj2K7iR/6vxv3OBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCFzwAAAP//OCtiEg==")
link(0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4001c00)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000080)='./file1\x00', 0x2fffffd)
sendfile(r0, r0, 0x0, 0xe3aa6ea)
truncate(&(0x7f0000000000)='./file1\x00', 0xc)

5.727296282s ago: executing program 3 (id=2951):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x200000, &(0x7f0000000000)={[{@errors_remount}]}, 0xfe, 0x5a3, &(0x7f0000000700)="$eJzs3c9rHFUcAPDvbLJp09QmhVJURAI9WCndNInVCh7qUbRY0HsNyTaUbLoluylNLNge7MWLFEHEgvgHePckRbz7V1S0UKQEK9TDyuzOtpsfm1/ddtPm84FJ5s2bmffezLy37+3bZQPYtYbTP7mIVyLi6yRisCWuN7LI4cZ+S/evTqZLErXaJ38nkWTbmvsn2f+BLPByRPz6ZcSx3Op0KwuLMxOlUnEuC49UZy+NVBYWj1+YnZguThcvjo2Pnzo5PvbuO293rKxvnn3w3ce3Pzj11ZGlb3+6e/BmEqdjfxbXWo517Vk39lprYDiGs2uSj9MrdhzdSsafA0m3M8C29GT1PB9pGzAYPVmtB158X0REbesebuMYYMdJtlP/gRdAsx/QHNtvehz8grj3fmMAtLr8SeO9kdhbHxvtW0qWjYzS8e5QB9JP0/j5r1s30yW28j4EwBO6dj0iTvT2tm//Vvivtulzn9jEPivT0P7Bs3M77f/80h/RqPtLvz2KyT3q/8Qa/Z+BNerudmxc/3N3G5NQLfo6kHAm7f+9t6r/O9ia5FBPFnqp3ufLJ+cvlIpp23YgIo5Gfk8aXm8+59TSnbaNZmv/L13S9Jt9wYbc3d4Vc05TE9WJJyz2I/euR7y6Qf83WeP+p9fj7CbTOFy89Xq7uI3L/3TVfox4Y83xz+MZrWT9+cmR+vMw0nwqVvvnxuHf26Xf7fKn93/f+uUfSlrnaytbT+OHvQ+L7eKGk2zSdIvPf1/yab1lajYFVyaq1bnRiL7ko3p42faxx8c2w8390/IfPbJW+XPrPv/9EfHZJst/49CNtrvW7/9gd+//1Jbu//orD042DmqNuvPh59+3S39z7d9b9bWj2ZbNtH9tM9i3fMu2LxwAAAAAAADsQLm+iP2R5ArZnP7+yOUKhcbnOw7FvlypXKkeO1+evzgV9e/KDkU+15zpHmj5PMRodnwzPJZ9PrYZHo+IgxHxTU9/PVyYLJemul14AAAAAAAAAAAAAAAAAAAA2CEGYu3v/6f+7Ol27oCnzk9+w+61rP7vWWOHTvzSE7Ajef2H3Uv9h91L/YfdS/2HXetatzMAdI/Xf9i9tlf/XzvQ8YwAz5zXfwAAAAAAAAAAAAAAAAAAAAAAAAAAAOios2fOpEtt6f7VyYjYG5cX5mfKl49PFfMzhdn5ycJkee5SYbpcni4VC5Pl2Y3OVyqXL42OxfyVkWqxUh2pLCyemy3PX6yeuzA7MV08V8w/m2IBAAAAAAAAAAAAAAAAAADAc6WysDgzUSoV53bmSr7DJ/xjJ5SrL7v23b+8nVjp3RnZsDJX6Y8OnnB5O/FvrVbrRvsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKn/AwAA//+jGDIV")
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)

4.981328263s ago: executing program 1 (id=2956):
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x3f, 0x0, &(0x7f0000000340)="03f0ef670000ec6789b42415449400000000007f070000040033a42c9550f5a10010e0f0544b00b9b0545054ff6e8f62d070e87f2c73d201de5015b9000000", 0x0, 0x9ffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9}, 0x50)
r0 = syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x89882)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85)

4.981059538s ago: executing program 1 (id=2957):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x8, 0x3, 0x398, 0x0, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x2c8, 0xffffffff, 0xffffffff, 0x2c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x0, 0x0, 0x0, 0xff], 'veth0_macvtap\x00', 'team_slave_0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x3b, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @private0={0xfc, 0x0, '\x00', 0x1}, [], [0xff], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x128, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x3f8)

4.980859933s ago: executing program 1 (id=2958):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3000010, &(0x7f0000000000), 0x3e, 0x51b, &(0x7f0000001200)="$eJzs3c9vI1cdAPDvTOLd7G6KU0CoVKJUtGi3grU3DW0jhKBc4FQJKPclJE4UxY6j2CmbqKKp+A8QEkicOHFB4g9AQj3wB6BKleCCOCBAIARbOCABHTTjsZp17CTQrJ3Gn4/04vfm1/e9sfw8M36ZCWBqPRkRL0bETEQ8ExHVcnpapjjspXy5t++/upqnJLLs5b8mkZTT+tvKy7MRcaNcbS4ivvbliG8mx+N29g+2VprNxm5ZrndbO/XO/sHtzdbKRmOjsb20tPj88gvLzy3fyUrvqZ0L/cyPv/T5n3/6W7+7++db386r9bmPRCUG2nGeek2vFPuiL99Huw8j2ATMlO2pTLoiAACcSX6M/8GI+ERx/F+NmeJobsDMJGoGAAAAnJfsC/Px7yQiAwAAAC6tNCLmI0lr5ViA+UjTK+W1gQ/H9bTZ7nQ/td7e217L50UsRCVd32w27pRjhReikuTlxXKMbb/87EB5KSIejYjvVa8V5dpqu7k24WsfAAAAMC1uDJz//6OaFvnTDfk/AQAAAODiWhhZAAAAAC4Lp/wAAABw+Q2e/7vfPwAAAFwqX3nppTxl/edfr72yv7fVfuX2WqOzVWvtrdZW27s7tY12e6O4Z1/rtO012+2dz8T23r16t9Hp1jv7B3db7b3t7t3NBx6BDQAAAIzRox9/49dJRBx+9lqRorwPIMAD/jDpCgDnyVA/mF7u4g3TqzLpCgATl5wy3+AdAAB4/7v50eO///ef/+/aAFxuxvoAwPTx+z9Mr4oRgDC1ZstrAB/oFa+OWm7k7/+/PGukLIt4s3p0iuuLAAAwXvNFStJaeR4wH2laq0U8EpEuRCVZ32w27pTnB7+qVq7m5cVizeTUMcMAAAAAAAAAAAAAAAAAAAAAAAAAQE+WJZEBAAAAl1pE+qekuJt/xM3q0/OD1weuJP+sxh/Lwg9f/v69lW53dzGf/rfiWV5XIqL7g3L6syMfHwYAAACct+Rw5KzeeXr5ujjWWgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBd6+/+pqP40z7l++GBELw+LPxlzxOheViLj+9yRmj6yXRMTMOcQ/fD0iHhsWP4l3suy1KGsxLP61hxx/odg1w+OnEXHjHOLDNHsj739eHPb5S+PJ4nX452+2TO/V6P4vLSM/VvRzw/qfR45trTU0xuNv/bTey1WOx3894vHZ4f1Pv/9NRsR/6tjW/pVl2fH43/j6wcGo9mc/irg59PsneSBWvdvaqXf2D25vtlY2GhuN7aWlxeeXX1h+bvlOfX2z2Sj/Do3x3Y/97J1R8fP2Xx8S/7e/6fW/J7X/6VEbHfCft+7d/1Ave+wNyOPfemro9+9cjIiflt99nyzz+fyb/fxhL3/UEz9584mT2r82Yv+f9v7fOmP7n/nqd35/xkUBgDHo7B9srTSbjd0TMnNnWOb9mPnF3IWoxv+YyV7rvXMXpT7/byY/Wn13Sr9VF6BiRzLZWGJdLY7nz7rWlTG1faLdEgAA8BC8e9A/6ZoAAAAAAAAAAAAAAAAAAADA9BrHrdQGYx5OpqkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACf6bwAAAP//8yDcjQ==")

4.880771428s ago: executing program 3 (id=2959):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r0, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

4.480354899s ago: executing program 1 (id=2960):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
close(0x3)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x80, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}]}, &(0x7f0000000140)=0x10)
getpeername(r0, 0x0, 0x0)

4.270796286s ago: executing program 3 (id=2961):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f0000000340)=ANY=[@ANYBLOB="31091a000000cf6b37195a9527d8f9654b3076aa322fe3dfc32b89"], 0x0, 0x0, 0x0, 0x0, 0x0})

3.414957805s ago: executing program 1 (id=2963):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004"], 0x0, 0x34}, 0x28)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe})
ioctl(r0, 0x8b22, &(0x7f0000000040))

3.315456379s ago: executing program 1 (id=2965):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000008e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
clock_adjtime(0x0, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$int_in(r3, 0x5421, &(0x7f0000000440)=0x6)
connect$bt_rfcomm(r3, &(0x7f00000001c0)={0x1f, @any, 0x6}, 0xa)
close(r3)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0xfd}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0x0)

2.664760119s ago: executing program 3 (id=2967):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000300)={0x0, 0x0, 0x100f, 0xffffffff, 0x0, 0x1, 0x3544})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000040), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@caif=@rfm={0x25, 0x5, "cdfaaf7254f4ef6249f068fcdd7e1cbd"}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000300)="27050200340f14000600002fb96dbcf706e1050000004305000f1144ee162fd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000102821880b000000000000002143ce554b6df654cb0173677c4e2eaa2eb5035d135958831197684b763f499a2fafc724413afe7af5b53e61532895bae8d3f0f02cc4e729883f078a2552275a1486218834476323059f91a91c500e035c5c70afee9d16b5acd7cd4b94e3600c9c69aeb79e259488e089b1c59bc6fca826d38a7b3229ccd5b1bde01e63f1edd3c0f933e5c02936de55f2a4ee254bbe8aed1d2260c97783b615850d488b7f0c4a80715bed3cf1adb2dafbb7672328e2300fa2623704da7b9889a57e231be318f5eb6d294a302e753e75b741b63e898748f228e6752d15bf99e02c3d366fa091326029d899c493df701ad6c37c55598f3a19e748f58475398fda5f6153cb11a4ffde399dc21f96bed56d31fd6bfa0a75d0df449393aaf7c449", 0x163}, {&(0x7f0000000480)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292034a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee274120e7662328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb013c9d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa2e9b598f0ae06efbc1a5d5bd91aed6b32deccf7755cef50fab72633c802533b9d94f17f9be978f2514c47671575ee528fbdddc6194328e605e4d10e293756d20eb8a545f2bfe48df5d1d98a270458392a0a57647dcb8e35c0245b618452612d0429b9b9957a695c3289b4a59469691115e6ba204181708b9d1ae47418ed594b8128f20c100f5485a84e60d73ab818da73fab78caf42afd1f89cdb29dfdd6676c55ea00d35321bc4878170c62b056b4e03ae556ac804026cabcbc8e79e7a18f2f56442cd650aa2bc88f62ebb65bfafd3e5b4c62ac2e720ff0fdf03c46889df55ff91058319c953f90cd6e7f7b15d56a58ff6128357510c4c61fae925f3147ee3e72c8aa25434881d58c39092969ba1f7c444465f16d1f2561991e357bda928f2a50422f774f318fb41169a0d0324a8efd19b940a17c28cda06b750cd02155dbdbd1dc695e190a997ae8f4bb8766983d8db8678a78ae8f044b868549e9c60f7ce2925a36300ce07f304e75d285e914b3aec703969df969b2736dd99fcab1944c751f8ef4c34cbb86d5f27ef9982be245949d5579b540750d1eac428b0cd2541295b577573b27e9ecac3934987e85b44bc85e6e307cf6f5683bf1c817369d556a368bc5560a1737aa2bec3cac4689e04fbe851ed4b6c1a355950522f8918af3855fe97ec285da15a20e8119483e7419fa2b0639d5add10b396a8033ec2b98d9a9fca3fc4202d0a6bcfa55798eacacc78cb5c8b4f26222883707b61fa4c8efafb73a2ab89bb58b0c20364a6ad9c233dfb1bdbb87b8f91e3ab9790e876f906107183419aa7480e327388c01dc5f2d5bcb8a7565cddc4e1275741116416b66bf3adf9e7e31c3fc518740446ed2a394e7699baf9408c62b4c0e7a11dec8f4a67e78a3f00bedae9f55f36c52a1fd4ee3a8be7285f9ca898ee63d3718a7c4603bcb9a24537b34a41a6c0eee4cc609b014d3f4fb928aa7e3fa7a4f97dcef5c0e526b650284ffeda82f603ed9ea1eb6627d29d8bcd6c7e6fe128b1c4463b2cfe50c0ff9a46090635dde4b4d4a984e5a91f7486856cd2bf85088fa4b97b219628be8cdba7e54d00985a73fb5b0b4b0f96844e73a8ff7884bdee1a0d6e62decfeebfb56351c135e6580fd61ea806ee5592fe4ffba5c73b8a4a04d44aa52645320cb73fe0c5f14a971d3b3f64c85f5ebaab5e1a061f5186050230286331048e43368e45cfc88e8f4d0d3b1b86b64d5394bc68c2b754389b3c18a45c1edb0496dd88cb3113bbdf1a0f127eb8cd52caf8da95b83d0decad3775b2f2e43776d0d32d447cdd0b267b32775e3473f51a233f8c91a4c07ad669da1844f3d9554f399d43ca1eda29c5c761b3936f845f0c4d1c6a56b8b34b5ab3291e06cd86de6116fc3236a11343d6f4ad02199717054ac1f15471c5a2b8efe67bd4bea33c0ca36e2c4209026849de21c1da1057f353dc824947d75119e4501b98cb9e621d0644e3f4a75353093557afcee7da41ad368fe1cbb426922772b9b262a861fbce9ae86d6e8c5a8de6a1e8f03456c0a354277a2f3ff46a62b6d6cdee4febf23e2350f94b47a05a4d0e7da37a2e97b899d92ca1f3bd1cded5588593e8bb99b9dce0731fa1174de14b63be2bf7e424f870551f213fab437aac092c2e9798959fa3616465e2b36fd49cc9af902d47debec02558c036ed991f1a3895b37cd70f3c405cca362c885542fd976e73be4cf7580a0c4d5a9527c77c189573e3be07ed15472f6b012939abb5be9f3e8a5b720307fb2dbca48b35d121702cfb6b3690559b08fbeb77d53d37582d7f44fe269ac51665632bf070cfc7445741b70306cb3f19b7fbecd19a78092dfd086a0da019734d95660ba4e5ce5bcf25f09403c32e3ec902f3717cca0eca05e791c2b8c2b8988645afa2446d5218abce136c0db9afb95e4f4727a29cc567b3f73d5dbc1aeee746653a7f5c445add24a9c1b67d1bfeec85d2a6478e80c3acdb9439aa46c8cf14a98ffa89790ef7a94b3146088566812e28ccbafb466772b7fbb98dcf1e792eb6d0de0829c3c49c5ecdeea3e80017324a0fe724565c4e7a242764e9012442cae44b57c7121889c044be05b5eca70efb649bb528e751f072af93ae2c5053fdce196cce158136f904cf64f2cb8becc2d024f5ec32a38d78b87a4dfe7c53769dadef890efd160eb662cedb18a756aed83edfb9efbbb3648eb399e61f80077e64b95eae9d17083aed05cfc2e148621e36be1f41d373c721a11804fce269c688b0c647d6e1083e336d1f7f90a7a080a83397773cc351531070af5c1a1418f28dce95c01052a314a9ebe39cb9cddb8e7855e58c4a636b7f6250ecad312ede18664c03d92e330935295a35ea3e0306f25ca971300f782ae2f6e79a513732d22ef9b9bc41d17df3352a855cdd19b18f5abd6e6420f4f42f01750a64f6acdb6b46622fafebe3e913c64a1a6a59f980e97deae0dc83c12ccae6b430d7a28f21c3e0e38b32f3d5f1d44927fc34ed5c9ddb5be8eb936dbdcd327b63ea69d86c2da15cb834a18ee51a44f2da7b11d79486942fd04eade92fe5d93342970ca4cc73861b15facf97e9c53c15488c5630b17b9364c58652cfa6de0918327498ba8d6120d3be9139c51a6e9017525772397529ddd4fd1905614fd1cc7f1370a577ad10ec9ea742f9aedc9fee42c3df38f4b35cdfd70fd677bcd396b37c60e439693dcb1cf8590eaf770b3f74af21f5119ac238e82e92c83321b06f106530abbbd321c3e1dc948accdc21a586ff37253ad1d0c5bfb51541f876be1b6e4f490046204b9edfe9a9721b9019a495d1efed10d4570f4c75ac8b46cfe8899f6d92e862611b35be8931a2460dc646ed332b3046baf48613bbb543f4abda22d3d62a484665ba5bbf8fec1bb199b430a6e96cfad417a1644cc5f7f640004836c60f15a174eb7eb1750a71a141549f393c7d88b8729a33f841f7f8f2bd03dccaaa825f2e29105f6b4c11ac8e06bb3be9dfdecce66294a0be9dbc5f40123644fcac59ed0c968eb62fb14d111e900ad1c038f17d5471ab088f704de7db35753f818f55669a76e621b29d975253d177791e1434644a81b2b8bc4c8e147961b4f1b7f3e225571fecb10906957791b27d35a89e3ce84c91a2dc60aee460d8f41eb7b5e171516ef34d8c7dbbc8122cdeffa51b5a393d2cae7f69826d342d4d85b58ca7ddb0e688a15b39a00ef1aed5db337d1ab87e06f835663a496857fb6320e5ee9086f42588d9b8ea04ff3d9eac2b8ffd1155a504230103a68bd8b3c416a10d76cee236442a68393896587bc66c01a5f7f411325578d023d7619a89d0bcbbacae99b925fb72994e1ef4240cddad2294a56bec6d6243b95b04345c215bd48a3aa89786ba39b4d2f5015d8bd038c32a7b0eb02a4eb5a640371d9b4af540eb99a1e26547cc214da21e9538754a802972411a0bf416707b95457d0b77daac9bdf27a82b9aa7992ad1d3815f9a56a746eefa6f7e1913b6e3e859b2cc7797adcae825b7aad17c11e66597042c327a6473489a9664c5ce0ff8b1ecfb691daa0bd50c17f4597826553686bc2ee08eaca8dd6f77c626691699141a698e5b517e02130587ee503c7b5f638cbf32166b0d4ebe9222b6c9d50fb3db9d1ab060c31aabeef52cd51e5cf485eecc741e37a47c4996068f1d4b25f182b9d7bee4bec5cb070d3cea2f9762a41bb8d9ec5896ebcb2b17ca82f29bcce456412d8ed531afda50d259fcb7794216b6a9a873b6c3c4493c0c6d3e6a4f81f3b40dcc745a4e2383c678c472b1d5bf3ff02992bfe893a5bc96824039da1ee3cf8593e7d616d62f6e3c3e2c4e0cc58d5445998cf5b1c91c2468b2571b118709668efbbe72911f1bfa96b97c32f71cd7071f4c729e88631a89b53dd4bae6ef9c4ed082916e267479195599e9871b26b92c6885ded29f990070fddc4d8535088ddc70d6e83f797b6fa2260a92602eb9098e6db801cb7394f0c90fb5913b2f8d8d24c8f1056920e1facbe643dd49d8983b277da7282a986c28d5468aed9a4730579a20346d35f78b6bd2cacb4b9237fbfb0b7a2314105ff3b074a0e340b904e715e99c501e1435c15eaa262893c2883c90f26d2ff91792d46e4d867b62570e0c1e4739b8ac4fff8f778960de1ae40d4c85c51e1c60040bb2caeaf0c71dbb67c30715b8c14d6921831d7678522eeed29444df421ee206ca3be20d1b5fd2d2baf832f097fef590290eea77f8f3ed00b39841421b61f1c0d01def54bec0348be2216a8dad60838f3ad3595a744edeb6202dbcbd9c73a126a79cbefa43c7db0493103c2aa8fecb5cde1773ad0cdd03f5b0cfb0270642a96a9e14d116e9140501df48cdbf725611b398eb2b9e93f8da49e601099e0b2e880a95525b5f3f2edd74ae9d664a1f2e932489b61634ab53a1e2f3bf56add0a7f09c168538", 0xde7}], 0x2}, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_INPUT(r1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0xd0ffbf, 0x0, &(0x7f00000002c0), 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0a0000000b00000042008b39823b2f1f2f91ce", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r3}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r4, &(0x7f0000000540)={0x1f, @none, 0x7}, 0xa)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)

110.744168ms ago: executing program 0 (id=2981):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x2005)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)

110.4305ms ago: executing program 0 (id=2982):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)={0x78, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x7fff, 0x101, 0x3, 0x5d1, 0xff7f, 0x6, 0xdd7]}}]}]}]}, 0x78}}, 0x0)

49.114617ms ago: executing program 0 (id=2983):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x1b, &(0x7f0000000600)=0xdfa, 0x4)

48.792843ms ago: executing program 0 (id=2984):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000040)={'macvtap0\x00'})

303.859µs ago: executing program 0 (id=2985):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2800052, &(0x7f0000000080), 0x1, 0x560, &(0x7f0000000b00)="$eJzs3d9vW1cdAPDvvYnjrOuaFvYAE9ACg4Kq2o27VdNetr6A0DQJMfGAeOhC4kahdl1qZyyhEtnfMCSQeII/gQckHpD2xANvPCLxgJDGA1KBCtQigWR0rx3XS5zFm39t8ecj3d577vE933Oa2Of4OL4ngLl1ISL2ImIpIl6PiJXu+aS7xcudLXvcwwf31h89uLeeRLv92j+SPD87l19QfFzmk90ylyPiW1+P+F5yOG5zZ/fWWq1WvdtNl1v1O+Xmzu7lrfraZnWzertSubZ67coLV5+vjK2t5+u/uv+1rVe+/dvffPbdP+x99UdZtU5383rtGLNO0wu9OJnFiHhlEsFmYKG7X5pxPfhw0oj4RER8IX/+r8RC/tsJAJxk7fZKtFf60wDASZfmc2BJWoqINO0OAkqdObyn41RaazRbl242tm9vdObKzkYhvblVq145V/zTD/IHF5IsvZrn5fl5unIgfTUizkXET4pP5OnSeqO2MZshDwDMvSf7+/+I+HcxTUuloS4d8KkeAPCxsTzrCgAAU6f/B4D5o/8HgPkzRP/f/bB/b+J1AQCm44O9/z8zsXoAANNj/h8A5o/+HwDmyjdffTXb2o+697/eeGNn+1bjjcsb1eatUn17vbTeuHuntNlobOb37KkfV16t0biz+lxsv1luVZutcnNn90a9sX27dSO/r/eNamEqrQIA3s+58+/8MYmIvRefyLfoW8tBXw0nWzrrCgAzszDKxQYI8LFmtS+YX0N14fkg4fcTrwswGwNv5r088PC9ftbZvT1MEH9nBB8pFz89/Py/NZ7hZDH/D/Prw83/vzT2egDTZ/4f5le7nRxc83+plwUAnEgj/Alf+8fjGoQAM3XcYt7Hff4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8+h0RHw/krSUrwWeZv+mpVLEUxFxNgrJza1a9UpEnInzEVEoZunVWVcaABhR+reku/7XxZVnTx/MXUr+U8z3EfHDn7/20zfXWq27q9n5f/bOF/eXD6s8vm6EdQUBgDHL++9Kd9/3Rv7hg3vr+9vgKxcnUp/71+N/3aWI1x89uJdv+/GykxHL+Vji1L+SXg2WI+KZiFgYQ/y9tyLiU4Pan+RzI2e7K5/2x49u7KfGFT+JJI6Nn74nfprndfbZ4OuTY6gLzJt3rkfEy4Oe/2lcyPeDn//LY3pFvH+9U9j+a9+jvviL3UgLA+Jnz/kLw8Z47nffOHSyvdLJeyvimcVB8ZNe/OSI+M8OGf/Pn/nc2y8dkdf+RcTFGBy/P1a5Vb9Tbu7sXt6qr21WN6u3K5Vrq9euvHD1+Uo5n6Mu789UH/b3Fy+dOapuWftPHRF/eWD7l3rXfmnI9v/yv69/9/OPk8WD8b/yxcE//6cHxu/I+sQvDxl/7dSvj1y+O4u/cUT7j/v5Xxoy/rt/3d0Y8qEAwBQ0d3ZvrdVq1bsjHWTvQsdRzqGDrIrDPXh/uDha0L/EJFox7MGByhcm9b868YPF3lhxvCV/JytxQFa6/0uSvVV6/3KW4qisxRh4VTr2Vox08HBasWb3mgRMR1/nAwAAAAAAAAAAAAAAfEQd/32gwuhfawMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAJ+X8AAAD//7xIx1c=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x4)
utime(&(0x7f0000000200)='.\x00', 0x0)
lseek(r0, 0x100, 0x0)
getdents(r0, 0x0, 0x1a)

0s ago: executing program 0 (id=2986):
r0 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0xee01, 0x0)
tkill(r0, 0x12)

kernel console output (not intermixed with test programs):

o 1024
[  215.819126][ T9724] EXT4-fs: Ignoring removed bh option
[  215.837489][ T9728] loop0: detected capacity change from 0 to 128
[  215.846233][ T9728] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  215.856410][ T9728] hpfs: filesystem error: improperly stopped
[  215.857370][ T9724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.859766][ T9728] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  215.869564][ T9728] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  215.879720][ T9728] hpfs: You really don't want any checks? You are crazy...
[  215.883487][ T9728] hpfs: hpfs_map_sector(): read error
[  215.886144][ T9728] hpfs: code page support is disabled
[  215.891534][ T9728] hpfs: hpfs_map_4sectors(): unaligned read
[  215.894522][ T9728] hpfs: hpfs_map_4sectors(): unaligned read
[  215.897549][ T9728] hpfs: filesystem error: unable to find root dir
[  215.947698][ T6137] usb 4-1: config index 0 descriptor too short (expected 39, got 27)
[  215.957541][ T6137] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  215.977389][ T6137] usb 4-1: config 0 interface 0 has no altsetting 0
[  215.991211][ T6137] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  216.002055][ T6137] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  216.005849][ T6137] usb 4-1: Product: syz
[  216.007816][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.010932][ T6137] usb 4-1: Manufacturer: syz
[  216.016007][ T6137] usb 4-1: SerialNumber: syz
[  216.047158][ T6137] usb 4-1: config 0 descriptor??
[  216.062359][ T6137] hub 4-1:0.0: bad descriptor, ignoring hub
[  216.064557][ T6137] hub 4-1:0.0: probe with driver hub failed with error -5
[  216.073322][ T6137] usb 4-1: selecting invalid altsetting 0
[  216.378445][  T187] usb 4-1: USB disconnect, device number 17
[  216.509929][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  216.688330][  T187] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  216.691611][    T9] usb 2-1: Using ep0 maxpacket: 32
[  216.695751][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  216.705404][    T9] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  216.709347][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.712653][    T9] usb 2-1: Product: syz
[  216.714606][    T9] usb 2-1: Manufacturer: syz
[  216.716614][    T9] usb 2-1: SerialNumber: syz
[  216.720837][    T9] usb 2-1: config 0 descriptor??
[  216.728771][    T9] usb 2-1: No union descriptors
[  216.730947][    T9] usb 2-1: unsupported MDLM descriptors
[  216.862230][  T187] usb 1-1: Using ep0 maxpacket: 32
[  216.866732][  T187] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[  216.870254][  T187] usb 1-1: config 0 has no interface number 0
[  216.874616][  T187] usb 1-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  216.881880][  T187] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.888331][  T187] usb 1-1: Product: syz
[  216.891606][  T187] usb 1-1: Manufacturer: syz
[  216.895388][  T187] usb 1-1: SerialNumber: syz
[  216.902876][  T187] usb 1-1: config 0 descriptor??
[  216.906902][  T187] hub 1-1:0.89: bad descriptor, ignoring hub
[  216.909250][  T187] hub 1-1:0.89: probe with driver hub failed with error -5
[  216.912401][  T187] option 1-1:0.89: GSM modem (1-port) converter detected
[  216.940311][ T5788] usb 2-1: USB disconnect, device number 19
[  216.950697][  T187] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB0
[  217.204582][ T9775] loop3: detected capacity change from 0 to 1024
[  217.228509][  T187] usb 1-1: USB disconnect, device number 21
[  217.234375][ T9775] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  217.248713][ T9775] ext4 filesystem being mounted at /259/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.261722][  T187] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  217.274871][  T187] option 1-1:0.89: device disconnected
[  217.286918][   T33] audit: type=1800 audit(1778598467.085:513): pid=9775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1624" name="file1" dev="loop3" ino=15 res=0 errno=0
[  217.311088][ T9775] Direct I/O collision with buffered writes! File: /file1 Comm: syz.3.1624
[  217.345329][   T66] EXT4-fs error (device loop3): ext4_map_blocks:833: inode #15: comm kworker/u9:3: lblock 0 mapped to illegal pblock 0 (length 1)
[  217.354204][   T66] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  217.358436][   T66] EXT4-fs (loop3): This should not happen!! Data will be lost
[  217.358436][   T66] 
[  217.363190][ T7380] EXT4-fs warning (device loop3): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  217.367995][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  217.430049][ T9779] loop3: detected capacity change from 0 to 512
[  217.456927][ T9779] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  217.479365][ T9779] EXT4-fs error (device loop3): ext4_init_orphan_info:583: comm syz.3.1625: inode #0: comm syz.3.1625: iget: illegal inode #
[  217.488854][ T9779] loop3: lost filesystem error report for type 5 error -117
[  217.489978][ T9779] EXT4-fs (loop3): Remounting filesystem read-only
[  217.496305][ T9779] EXT4-fs (loop3): get orphan inode failed
[  217.498803][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  217.498820][    C1] EXT4-fs (loop3): initial error at time 1778598467: ext4_init_orphan_info:583
[  217.498835][    C1] EXT4-fs (loop3): last error at time 1778598467: ext4_init_orphan_info:583
[  217.512512][ T9779] EXT4-fs (loop3): mount failed
[  217.577900][ T9784] loop3: detected capacity change from 0 to 512
[  217.580751][ T9784] EXT4-fs: Ignoring removed nobh option
[  217.583320][ T9784] EXT4-fs (loop3): Test dummy encryption mode enabled
[  217.587703][ T9784] EXT4-fs error (device loop3): __ext4_iget:5481: inode #11: block 1: comm syz.3.1627: invalid block
[  217.594150][ T9784] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  217.594666][ T9784] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.1627: couldn't read orphan inode 11 (err -117)
[  217.601766][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  217.601781][    C1] EXT4-fs (loop3): initial error at time 1778598467: __ext4_iget:5481: inode 11: block 1
[  217.601798][    C1] EXT4-fs (loop3): last error at time 1778598467: __ext4_iget:5481: inode 11: block 1
[  217.610605][ T9784] loop3: lost filesystem error report for type 5 error -117
[  217.611622][ T9784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.623806][ T9784] EXT4-fs error (device loop3): __ext4_add_entry:2412: inode #2: comm syz.3.1627: Directory hole found for htree leaf block 0
[  217.646892][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.866498][ T9782] loop1: detected capacity change from 0 to 32768
[  218.006207][ T9803] QAT: failed to copy from user.
[  218.215904][ T9810] loop1: detected capacity change from 0 to 4096
[  218.222276][ T9810] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  218.229875][ T9810] ntfs3(loop1): ino=3, mi_enum_attr
[  218.235312][ T9810] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  218.262986][ T9810] ntfs3(loop1): volume is dirty and "force" flag is not set!
[  218.274910][ T9816] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1642'.
[  218.338920][ T9819] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1642'.
[  218.344365][ T9816] team1: entered promiscuous mode
[  218.346270][ T9816] team1: entered allmulticast mode
[  218.350785][ T9816] 8021q: adding VLAN 0 to HW filter on device team1
[  218.350903][ T9818] loop1: detected capacity change from 0 to 512
[  218.354693][ T9819] team2 (uninitialized): Failed to send options change via netlink (err -105)
[  218.377463][ T9818] EXT4-fs warning (device loop1): ext4_xattr_inode_get:560: inode #11: comm syz.1.1643: EA inode hash validation failed
[  218.387445][ T9819] team2: entered promiscuous mode
[  218.397672][ T9819] team2: entered allmulticast mode
[  218.398759][ T9818] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  218.402863][ T9819] 8021q: adding VLAN 0 to HW filter on device team2
[  218.418587][ T9818] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #15: comm syz.1.1643: corrupted inode contents
[  218.439367][ T9818] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  218.439938][ T9818] EXT4-fs error (device loop1): ext4_dirty_inode:6587: inode #15: comm syz.1.1643: mark_inode_dirty error
[  218.448247][    C1] EXT4-fs (loop1): error count since last fsck: 1
[  218.451293][    C1] EXT4-fs (loop1): initial error at time 1778598468: ext4_do_update_inode:5690: inode 15
[  218.455302][    C1] EXT4-fs (loop1): last error at time 1778598468: ext4_do_update_inode:5690: inode 15
[  218.468655][ T9818] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  218.468949][ T9818] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #15: comm syz.1.1643: corrupted inode contents
[  218.481021][ T9818] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  218.482615][ T9818] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3001: inode #15: comm syz.1.1643: mark_inode_dirty error
[  218.513121][ T9818] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  218.515593][ T9818] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3004: inode #15: comm syz.1.1643: mark inode dirty (error -117)
[  218.525156][ T9818] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  218.525515][ T9818] EXT4-fs warning (device loop1): ext4_evict_inode:287: xattr delete (err -117)
[  218.538731][ T9818] EXT4-fs (loop1): 1 orphan inode deleted
[  218.543508][ T9818] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.600509][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.874689][ T9829] loop0: detected capacity change from 0 to 32768
[  218.942644][ T9829] ERROR: (device loop0): dbAlloc: the hint is outside the map
[  218.942644][ T9829] 
[  218.950638][ T9829] ERROR: (device loop0): remounting filesystem as read-only
[  218.953849][ T9829] ERROR: (device loop0): dbAlloc: the hint is outside the map
[  218.953849][ T9829] 
[  218.973751][  T122] blkno = 8ed2c, nblocks = 1
[  218.975840][  T122] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  218.975840][  T122] 
[  219.098286][ T5788] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  219.268443][ T5788] usb 2-1: Using ep0 maxpacket: 16
[  219.272785][ T5788] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[  219.275919][ T5788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.280989][ T5788] usb 2-1: config 0 descriptor??
[  219.284626][ T5788] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  219.288115][ T5788] usb 2-1: Detected FT4232H
[  219.486685][ T5788] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  219.489413][ T5788] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  219.492764][ T5788] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  219.497000][ T5788] usb 2-1: USB disconnect, device number 20
[  219.506580][ T5788] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  219.510885][ T5788] ftdi_sio 2-1:0.0: device disconnected
[  220.111127][ T9869] ieee802154 phy0 wpan0: encryption failed: -90
[  220.328362][ T5788] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  220.353415][ T9875] loop0: detected capacity change from 0 to 8192
[  220.498471][ T5788] usb 2-1: Using ep0 maxpacket: 16
[  220.504550][ T5788] usb 2-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 8
[  220.511126][ T5788] usb 2-1: config 1 interface 0 has no altsetting 0
[  220.517954][ T5788] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  220.527344][ T5788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.531824][ T5788] usb 2-1: Product: syz
[  220.534578][ T5788] usb 2-1: Manufacturer: syz
[  220.538666][ T5788] usb 2-1: SerialNumber: syz
[  220.557829][ T9866] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  220.779948][ T5788] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 21 if 0 alt 4 proto 1 vid 0x0525 pid 0xA4A8
[  220.785407][ T5788] usb 2-1: USB disconnect, device number 21
[  220.793737][ T5788] usblp0: removed
[  221.307388][ T9901] virtiofs: Unknown parameter 'always  1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 19	batadv0   :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 20	vxcan0    :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 21	vxcan1    :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 22	veth0     :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 23	veth1     :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 24	wg0       :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 25	wg1       :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 26	    :     1      V3
[  221.307388][ T9901] 				010000E0     1 0:00000000		0
[  221.307388][ T9901] 27	veth0_to_bridge:     1trans'
[  221.632176][ T9913] xt_hashlimit: size too large, truncated to 1048576
[  221.634996][ T9913] xt_hashlimit: invalid interval
[  221.674212][   T68] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  221.762765][ T9917] loop1: detected capacity change from 0 to 4096
[  221.780136][ T9917] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  221.785967][ T9917] ntfs3(loop1): Failed to load $Bitmap (-2).
[  221.905468][ T9921] v: renamed from dummy0 (while UP)
[  223.169540][ T9937] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  223.173341][ T9937] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  223.741569][ T5733] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  223.766740][ T5733] CPU: 0 UID: 0 PID: 5733 Comm: kworker/u11:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  223.766768][ T5733] Tainted: [L]=SOFTLOCKUP
[  223.766773][ T5733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  223.766783][ T5733] Workqueue: hci0 hci_rx_work
[  223.766817][ T5733] Call Trace:
[  223.766826][ T5733]  <TASK>
[  223.766834][ T5733]  dump_stack_lvl+0xe8/0x150
[  223.766856][ T5733]  sysfs_create_dir_ns+0x271/0x2a0
[  223.766881][ T5733]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  223.766903][ T5733]  ? do_raw_spin_unlock+0x4d/0x210
[  223.766928][ T5733]  kobject_add_internal+0x62b/0xd00
[  223.766961][ T5733]  kobject_add+0x163/0x240
[  223.766986][ T5733]  ? __pfx_kobject_add+0x10/0x10
[  223.767034][ T5733]  ? _raw_spin_unlock+0x28/0x50
[  223.767060][ T5733]  ? get_device_parent+0x366/0x3a0
[  223.767086][ T5733]  device_add+0x408/0xbb0
[  223.767109][ T5733]  hci_conn_add_sysfs+0xd5/0x210
[  223.767134][ T5733]  le_conn_complete_evt+0x10e6/0x16b0
[  223.767156][ T5733]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  223.767170][ T5733]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  223.767187][ T5733]  ? __asan_memcpy+0x40/0x70
[  223.767229][ T5733]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  223.767246][ T5733]  ? skb_pull_data+0xfb/0x200
[  223.767273][ T5733]  hci_le_conn_complete_evt+0x187/0x470
[  223.767292][ T5733]  hci_event_packet+0x659/0xef0
[  223.767316][ T5733]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  223.767335][ T5733]  ? __pfx_hci_event_packet+0x10/0x10
[  223.767356][ T5733]  ? kcov_remote_start+0x49a/0x7a0
[  223.767378][ T5733]  ? hci_send_to_monitor+0xe2/0x590
[  223.767395][ T5733]  hci_rx_work+0x3ee/0x1040
[  223.767418][ T5733]  ? process_scheduled_works+0xa70/0x1860
[  223.767436][ T5733]  process_scheduled_works+0xb5d/0x1860
[  223.767471][ T5733]  ? __pfx_process_scheduled_works+0x10/0x10
[  223.767490][ T5733]  ? assign_work+0x3d5/0x5e0
[  223.767508][ T5733]  worker_thread+0xa53/0xfc0
[  223.767537][ T5733]  kthread+0x388/0x470
[  223.767554][ T5733]  ? __pfx_worker_thread+0x10/0x10
[  223.767566][ T5733]  ? __pfx_kthread+0x10/0x10
[  223.767582][ T5733]  ret_from_fork+0x514/0xb70
[  223.767599][ T5733]  ? __pfx_ret_from_fork+0x10/0x10
[  223.767612][ T5733]  ? __switch_to+0xc79/0x1410
[  223.767633][ T5733]  ? __pfx_kthread+0x10/0x10
[  223.767650][ T5733]  ret_from_fork_asm+0x1a/0x30
[  223.767676][ T5733]  </TASK>
[  223.767759][ T5733] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  223.843799][   T33] audit: type=1326 audit(1778598473.645:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.032727][ T9951] loop3: detected capacity change from 0 to 32768
[  224.037504][ T5733] Bluetooth: hci0: failed to register connection device
[  224.038961][ T9951] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1703 (9951)
[  224.051910][ T9951] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  224.055695][ T9951] BTRFS info (device loop3): using crc32c checksum algorithm
[  224.058481][ T9951] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  224.085860][   T33] audit: type=1326 audit(1778598473.685:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.103148][   T33] audit: type=1326 audit(1778598473.685:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.111026][   T33] audit: type=1326 audit(1778598473.685:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.119388][   T33] audit: type=1326 audit(1778598473.685:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.126721][   T33] audit: type=1326 audit(1778598473.695:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.155228][   T33] audit: type=1326 audit(1778598473.695:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.180770][   T33] audit: type=1326 audit(1778598473.695:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9948 comm="syz.3.1702" exe="/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f12a359cdd9 code=0x7ffc0000
[  224.294076][ T9951] BTRFS info (device loop3): rebuilding free space tree
[  224.314294][ T9951] BTRFS info (device loop3): disabling free space tree
[  224.316680][ T9951] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  224.320053][ T9951] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  224.328980][ T9951] BTRFS info (device loop3): enabling ssd optimizations
[  224.331858][ T9951] BTRFS info (device loop3): turning on async discard
[  224.334331][ T9951] BTRFS info (device loop3): enabling disk space caching
[  224.336583][ T9951] BTRFS info (device loop3): force clearing of disk cache
[  224.339306][ T9951] BTRFS info (device loop3): use zstd compression, level 3
[  224.922788][ T7380] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  225.355406][ T9990] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  225.452598][ T9990] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  225.501925][ T9990] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  225.898052][T10011] nbd: must specify an index to disconnect
[  226.222055][T10009] loop0: detected capacity change from 0 to 32768
[  226.381866][T10028] dummy0: entered allmulticast mode
[  226.387420][T10028] dummy0: left allmulticast mode
[  226.589164][T10031] loop3: detected capacity change from 0 to 32768
[  226.603372][T10031] JBD2: Ignoring recovery information on journal
[  226.631744][ T6137] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  226.637142][T10031] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  226.681996][   T33] audit: type=1800 audit(1778598476.485:522): pid=10031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1732" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  226.790648][ T7380] ocfs2: Unmounting device (7,3) on (node local)
[  226.802381][ T6137] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  226.813455][ T6137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.819888][ T6137] usb 2-1: Product: syz
[  226.823882][ T6137] usb 2-1: Manufacturer: syz
[  226.829437][ T6137] usb 2-1: SerialNumber: syz
[  226.846004][ T6137] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  226.881539][ T5781] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  227.337825][T10053] loop3: detected capacity change from 0 to 64
[  227.345940][T10053] MINIX-fs: bad superblock
[  227.510432][ T5788] usb 2-1: USB disconnect, device number 22
[  227.685503][T10064] loop3: detected capacity change from 0 to 128
[  227.696452][T10064] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  227.714872][T10064] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  227.772793][T10066] loop3: detected capacity change from 0 to 1024
[  227.784495][T10066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  227.789863][T10066] ext4 filesystem being mounted at /312/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  227.824688][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  228.118603][ T5781] usb 2-1: Service connection timeout for: 256
[  228.123210][ T5781] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  228.141558][ T5781] ath9k_htc: Failed to initialize the device
[  228.180930][ T5788] usb 2-1: ath9k_htc: USB layer deinitialized
[  228.611422][   T33] audit: type=1400 audit(1778598478.415:523): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA pid=10078 comm="syz.1.1750"
[  228.777756][T10081] loop1: detected capacity change from 0 to 1024
[  228.779725][T10075] loop0: detected capacity change from 0 to 32768
[  228.781696][T10081] EXT4-fs: Ignoring removed orlov option
[  228.835294][T10075] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  228.870033][T10081] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.912303][T10075] XFS (loop0): Ending clean mount
[  228.972720][ T5723] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  229.485491][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.164568][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1766'.
[  230.279602][  T949] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  230.429496][  T949] usb 2-1: Using ep0 maxpacket: 32
[  230.435296][  T949] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  230.441705][T10144] loop3: detected capacity change from 0 to 512
[  230.444761][  T949] usb 2-1: config 0 has no interface number 0
[  230.446888][  T949] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  230.451442][  T949] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  230.456044][T10144] EXT4-fs (loop3): 1 truncate cleaned up
[  230.457850][  T949] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  230.462056][T10144] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.465974][  T949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.475882][  T949] usb 2-1: config 0 descriptor??
[  230.488050][   T33] audit: type=1800 audit(1778598480.285:524): pid=10144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1775" name="file1" dev="loop3" ino=13 res=0 errno=0
[  230.557120][T10146] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1775: bg 0: block 465: padding at end of block bitmap is not set
[  230.566998][T10146] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  230.571357][T10146] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.1775: invalid indirect mapped block 234881024 (level 0)
[  231.027652][T10153] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1778'.
[  231.094391][  T949] uclogic 0003:28BD:0094.0007: failed retrieving string descriptor #100: -71
[  231.102946][  T949] uclogic 0003:28BD:0094.0007: failed retrieving pen parameters: -71
[  231.104240][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.109871][  T949] uclogic 0003:28BD:0094.0007: pen probing failed: -71
[  231.116485][  T949] uclogic 0003:28BD:0094.0007: failed probing parameters: -71
[  231.162298][  T949] uclogic 0003:28BD:0094.0007: probe with driver uclogic failed with error -71
[  231.176225][  T949] usb 2-1: USB disconnect, device number 23
[  231.350875][T10175] xt_cluster: node mask cannot exceed total number of nodes
[  231.938298][ T5788] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  232.088236][ T5788] usb 2-1: Using ep0 maxpacket: 32
[  232.091781][ T5788] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  232.097294][ T5788] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  232.100816][ T5788] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  232.103402][ T5788] usb 2-1: Product: syz
[  232.104721][ T5788] usb 2-1: Manufacturer: syz
[  232.106314][ T5788] usb 2-1: SerialNumber: syz
[  232.109801][ T5788] usb 2-1: config 0 descriptor??
[  232.114188][T10200] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  232.153394][T10212] loop3: detected capacity change from 0 to 32768
[  232.168636][T10212] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1806 (10212)
[  232.194159][T10212] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  232.200748][T10212] BTRFS info (device loop3): using sha256 checksum algorithm
[  232.245467][T10212] BTRFS info (device loop3): setting nodatasum
[  232.247556][T10212] BTRFS info (device loop3): enabling ssd optimizations
[  232.250425][T10212] BTRFS info (device loop3): turning on async discard
[  232.252988][T10212] BTRFS info (device loop3): enabling free space tree
[  232.326906][ T7380] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  232.347404][ T6137] usb 2-1: USB disconnect, device number 24
[  232.737368][T10235] loop3: detected capacity change from 0 to 256
[  232.749130][T10235] exfat: Deprecated parameter 'utf8'
[  232.778945][T10235] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  232.881233][T10230] loop0: detected capacity change from 0 to 32768
[  232.920805][T10230] XFS (loop0): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  232.939965][T10245] loop1: detected capacity change from 0 to 512
[  232.943058][T10245] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  232.952412][T10245] EXT4-fs (loop1): SIPHASH is not a valid default hash value
[  232.952558][T10230] XFS (loop0): Ending clean mount
[  233.015304][T10230] XFS (loop0): Quotacheck needed: Please wait.
[  233.213092][T10230] XFS (loop0): Quotacheck: Done.
[  233.286502][T10264] loop1: detected capacity change from 0 to 512
[  233.291233][T10264] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  233.309389][T10264] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.323784][ T5723] XFS (loop0): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  233.331567][T10264] ext4 filesystem being mounted at /589/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  233.651630][T10270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  233.966312][T10275] loop0: detected capacity change from 0 to 128
[  234.771864][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.834446][T10300] loop1: detected capacity change from 0 to 512
[  234.855537][T10300] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  234.866602][T10300] EXT4-fs (loop1): 1 truncate cleaned up
[  234.872840][T10300] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  234.886194][T10300] EXT4-fs warning (device loop1): ext4_group_add:1735: No reserved GDT blocks, can't resize
[  234.929842][ T6137] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  234.944243][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.088764][ T6137] usb 1-1: Using ep0 maxpacket: 32
[  235.112124][ T6137] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  235.127433][ T6137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.397169][ T6137] usb 1-1: config 0 descriptor??
[  235.413595][ T6137] gspca_main: sunplus-2.14.0 probing 041e:400b
[  235.898456][  T949] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  236.053731][  T949] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  236.058492][  T949] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  236.062236][  T949] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  236.065556][  T949] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  236.071336][ T5781] IPVS: starting estimator thread 0...
[  236.077464][  T949] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  236.084364][  T949] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  236.089443][  T949] usb 2-1: Product: syz
[  236.093123][  T949] usb 2-1: Manufacturer: syz
[  236.107689][  T949] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  236.158669][T10330] IPVS: using max 81 ests per chain, 194400 per kthread
[  236.198476][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  236.226714][T10334] loop3: detected capacity change from 0 to 4096
[  236.321661][  T949] usb 2-1: USB disconnect, device number 25
[  237.034526][ T6137] gspca_sunplus: reg_w_riv err -71
[  237.037831][ T6137] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  237.045194][ T6137] usb 1-1: USB disconnect, device number 22
[  237.925830][T10389] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1868'.
[  237.929986][T10389] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1868'.
[  237.968289][    T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  238.003710][T10393] netlink: 'syz.3.1870': attribute type 1 has an invalid length.
[  238.118360][    T9] usb 1-1: Using ep0 maxpacket: 32
[  238.122282][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.125828][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  238.133408][    T9] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  238.140349][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.171287][    T9] usb 1-1: config 0 descriptor??
[  238.193267][  T187] kernel write not supported for file bpf-map (pid: 187 comm: kworker/0:2)
[  238.525694][T10410] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1877'.
[  238.894951][    T9] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  238.996516][    T9] usb 1-1: USB disconnect, device number 23
[  239.584698][T10420] loop0: detected capacity change from 0 to 1024
[  239.606482][T10420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.183316][ T5723] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.347630][T10432] loop1: detected capacity change from 0 to 512
[  241.355052][T10432] EXT4-fs error (device loop1): ext4_get_journal_inode:5896: comm syz.1.1886: inode #1792: comm syz.1.1886: iget: illegal inode #
[  241.365394][T10432] loop1: lost filesystem error report for type 5 error -117
[  241.365649][T10432] EXT4-fs (loop1): Remounting filesystem read-only
[  241.370302][    C1] EXT4-fs (loop1): error count since last fsck: 1
[  241.370316][    C1] EXT4-fs (loop1): initial error at time 1778598491: ext4_get_journal_inode:5896
[  241.370326][    C1] EXT4-fs (loop1): last error at time 1778598491: ext4_get_journal_inode:5896
[  241.389782][T10432] EXT4-fs (loop1): no journal found
[  241.391670][T10432] EXT4-fs (loop1): can't get journal size
[  241.394344][T10432] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  241.397708][T10432] EXT4-fs (loop1): Errors on filesystem, clearing orphan list.
[  241.401909][T10432] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.410388][T10432] EXT4-fs (loop1): shut down requested (1)
[  241.448906][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.560535][  T187] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  241.718283][  T187] usb 1-1: Using ep0 maxpacket: 8
[  241.722337][  T187] usb 1-1: unable to get BOS descriptor or descriptor too short
[  241.728526][  T187] usb 1-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf
[  241.731915][  T187] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.735226][  T187] usb 1-1: Product: syz
[  241.738663][  T187] usb 1-1: Manufacturer: syz
[  241.740601][  T187] usb 1-1: SerialNumber: syz
[  241.916629][T10452] (syz.3.1895,10452,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  241.920179][T10452] (syz.3.1895,10452,0):ocfs2_fill_super:1177 ERROR: status = -22
[  241.952368][  T187] usb 1-1: selecting invalid altsetting 1
[  241.954735][  T187] catc 1-1:8.0: Can't set altsetting 1.
[  241.956614][  T187] catc 1-1:8.0: probe with driver catc failed with error -5
[  241.964540][  T187] usb 1-1: USB disconnect, device number 24
[  242.115661][T10462] loop3: detected capacity change from 0 to 256
[  242.134990][T10462] FAT-fs (loop3): Directory bread(block 64) failed
[  242.138748][T10462] FAT-fs (loop3): Directory bread(block 65) failed
[  242.141973][T10462] FAT-fs (loop3): Directory bread(block 66) failed
[  242.144715][T10462] FAT-fs (loop3): Directory bread(block 67) failed
[  242.147519][T10462] FAT-fs (loop3): Directory bread(block 68) failed
[  242.150391][T10462] FAT-fs (loop3): Directory bread(block 69) failed
[  242.152836][T10462] FAT-fs (loop3): Directory bread(block 70) failed
[  242.155056][T10462] FAT-fs (loop3): Directory bread(block 71) failed
[  242.157442][T10462] FAT-fs (loop3): Directory bread(block 72) failed
[  242.160250][T10462] FAT-fs (loop3): Directory bread(block 73) failed
[  242.922620][T10485] loop1: detected capacity change from 0 to 4096
[  242.959360][T10485] ntfs3(loop1): ino=5, "/" ntfs_readdir
[  242.963115][T10485] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  242.965236][T10487] bridge4: the hash_elasticity option has been deprecated and is always 16
[  244.231944][T10518] loop1: detected capacity change from 0 to 256
[  244.237734][T10518] exfat: Unknown parameter ' Pp!JC(A"f'
[  245.276971][T10526] loop1: detected capacity change from 0 to 256
[  245.280885][T10526] msdos: Unknown parameter 'no'
[  246.169065][T10546] loop1: detected capacity change from 0 to 8192
[  246.181821][T10546] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  246.236700][T10546] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  246.242014][T10546] ntfs3(loop1): Failed to load $Extend (-2).
[  246.245636][T10546] ntfs3(loop1): Failed to initialize $Extend.
[  246.393237][T10550] loop0: detected capacity change from 0 to 256
[  246.671198][T10554] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1939'.
[  247.203453][T10558] loop1: detected capacity change from 0 to 40427
[  247.207389][T10558] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  247.210317][T10558] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  247.214096][T10558] F2FS-fs (loop1): invalid crc value
[  247.316507][T10558] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  247.329940][T10558] F2FS-fs (loop1): Try to recover 1th superblock, ret: -30
[  247.337899][T10558] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  247.905143][T10594] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  247.942531][T10591] input: syz1 as /devices/virtual/input/input14
[  248.002406][T10600] netlink: 'syz.3.1961': attribute type 21 has an invalid length.
[  248.419990][T10604] loop1: detected capacity change from 0 to 32768
[  248.546865][T10621] netlink: 'syz.0.1970': attribute type 1 has an invalid length.
[  248.553846][T10621] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1970'.
[  248.573506][T10604] Bad index:0 in slot in dtroot
[  248.573506][T10604] 
[  248.582920][T10604] ERROR: (device loop1): copy_from_dinode: Corrupt dtroot
[  248.582920][T10604] 
[  248.592939][T10604] ERROR: (device loop1): remounting filesystem as read-only
[  248.597696][T10604] jfs_lookup: iget failed on inum 32
[  248.977310][T10625] loop0: detected capacity change from 0 to 4096
[  249.021015][T10625] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.040089][T10610] loop3: detected capacity change from 0 to 131072
[  249.041329][ T5723] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.046226][T10610] F2FS-fs (loop3): Test dummy encryption mode enabled
[  249.050217][T10610] F2FS-fs (loop3): invalid crc value
[  249.126816][T10610] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  249.136269][T10610] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  249.466077][T10640] loop0: detected capacity change from 0 to 256
[  249.476597][T10640] exfat: Deprecated parameter 'utf8'
[  249.492271][T10640] exfat: Deprecated parameter 'namecase'
[  249.508421][T10640] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  249.535914][T10642] RDS: rds_bind could not find a transport for fe88::102, load rds_tcp or rds_rdma?
[  249.804883][T10655] block nbd3: NBD_DISCONNECT
[  250.541382][T10697] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1996'.
[  251.072326][T10702] loop0: detected capacity change from 0 to 64
[  251.111334][T10704] netlink: 'syz.1.2000': attribute type 3 has an invalid length.
[  251.114787][T10704] netlink: 'syz.1.2000': attribute type 7 has an invalid length.
[  251.117917][T10704] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2000'.
[  251.492695][T10717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2002'.
[  251.936419][T10729] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2010'.
[  251.940150][T10729] bond0: ARP target 170.170.170.170 is already present
[  251.942642][T10729] bond0: option arp_ip_target: invalid value (2863311530)
[  252.137569][T10737] loop1: detected capacity change from 0 to 8
[  252.203456][T10737] unable to read fragment index table
[  252.515308][T10742] faux_driver vgem: [drm] Unknown color mode 2054; guessing buffer size.
[  252.593213][ T3343] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  253.822552][T10762] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2024'.
[  253.932547][T10764] loop1: detected capacity change from 0 to 4096
[  253.941057][T10764] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  253.981345][T10764] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  253.986959][T10764] ntfs3(loop1): Failed to load $Extend (-22).
[  253.992731][T10764] ntfs3(loop1): Failed to initialize $Extend.
[  254.102966][T10766] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2026'.
[  254.167982][T10770] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  254.184433][T10770] CIFS: Unable to determine destination address
[  254.750485][T10797] openvswitch: netlink: Tunnel attr 109 out of range max 16
[  254.789676][T10796] loop1: detected capacity change from 0 to 2048
[  254.815595][T10796] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  254.894455][   T33] audit: type=1326 audit(1778598504.695:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10804 comm="syz.0.2045" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65d419cdd9 code=0x0
[  255.045869][T10811] loop1: detected capacity change from 0 to 256
[  255.149021][T10818] loop1: detected capacity change from 0 to 1024
[  255.157734][T10818] EXT4-fs: inline encryption not supported
[  255.178359][T10818] journal_path: not usable as path
[  255.181020][T10818] EXT4-fs: error: could not find journal device path
[  255.295899][T10832] CIFS: VFS: UNC: missing share name
[  255.298073][T10832] CIFS: VFS: Malformed UNC in devname
[  255.456597][T10836] loop3: detected capacity change from 0 to 32768
[  255.459354][T10836] btrfs: Unknown parameter 'fragment'
[  255.582058][ T6137] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  255.736983][T10843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2061'.
[  255.753624][ T6137] usb 1-1: Using ep0 maxpacket: 16
[  255.769440][ T6137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  255.773330][ T6137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  255.777580][ T6137] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  255.782992][ T6137] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  255.786277][ T6137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.809156][ T6137] usb 1-1: config 0 descriptor??
[  256.186483][T10845] loop3: detected capacity change from 0 to 32768
[  256.220466][   T33] audit: type=1800 audit(1778598506.025:526): pid=10845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2063" name="file1" dev="loop3" ino=4 res=0 errno=0
[  256.238943][ T6137] microsoft 0003:045E:07DA.0009: ignoring exceeding usage max
[  256.254658][ T6137] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0009/input/input15
[  256.277235][ T6137] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  256.455799][ T6137] usb 1-1: USB disconnect, device number 25
[  256.617729][T10847] loop1: detected capacity change from 0 to 40427
[  256.623814][T10847] F2FS-fs (loop1): build fault injection rate: 174
[  256.626446][T10847] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  256.630048][T10847] F2FS-fs (loop1): invalid crc value
[  256.667113][T10847] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  256.675300][T10847] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  256.710551][T10847] F2FS-fs (loop1): inject page get in f2fs_filemap_get_folio of generic_perform_write+0x2e2/0x8f0
[  256.724085][T10847] syz.1.2065: attempt to access beyond end of device
[  256.724085][T10847] loop1: rw=2049, sector=45096, nr_sectors = 280 limit=40427
[  256.802882][ T5724] syz-executor: attempt to access beyond end of device
[  256.802882][ T5724] loop1: rw=2049, sector=45376, nr_sectors = 8 limit=40427
[  256.813446][ T5724] CPU: 1 UID: 0 PID: 5724 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  256.813463][ T5724] Tainted: [L]=SOFTLOCKUP
[  256.813466][ T5724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  256.813471][ T5724] Call Trace:
[  256.813475][ T5724]  <TASK>
[  256.813480][ T5724]  dump_stack_lvl+0xe8/0x150
[  256.813496][ T5724]  f2fs_stop_checkpoint+0x3c7/0x590
[  256.813512][ T5724]  f2fs_write_end_io+0x1274/0x1740
[  256.813531][ T5724]  __submit_merged_bio+0x256/0x6a0
[  256.813543][ T5724]  __submit_merged_write_cond+0x3c9/0x4e0
[  256.813555][ T5724]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  256.813572][ T5724]  f2fs_write_data_pages+0x287e/0x34f0
[  256.813595][ T5724]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  256.813609][ T5724]  ? mod_memcg_lruvec_state+0xd5/0x270
[  256.813631][ T5724]  ? unwind_next_frame+0xa6/0x2550
[  256.813642][ T5724]  ? rcu_is_watching+0x15/0xb0
[  256.813651][ T5724]  ? __kasan_check_byte+0x12/0x40
[  256.813657][ T5724]  ? __pfx_hlock_conflict+0x10/0x10
[  256.813699][ T5724]  ? __bfs+0x153/0x290
[  256.813706][ T5724]  ? __pfx_hlock_conflict+0x10/0x10
[  256.813722][ T5724]  ? lockdep_unlock+0x5d/0xd0
[  256.813729][ T5724]  ? __lock_acquire+0x146e/0x2cf0
[  256.813747][ T5724]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  256.813757][ T5724]  do_writepages+0x32e/0x550
[  256.813770][ T5724]  ? do_raw_spin_unlock+0x4d/0x210
[  256.813782][ T5724]  filemap_fdatawrite+0x1e9/0x2f0
[  256.813792][ T5724]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  256.813817][ T5724]  ? do_raw_spin_unlock+0x4d/0x210
[  256.813828][ T5724]  f2fs_sync_dirty_inodes+0x30e/0x830
[  256.813844][ T5724]  f2fs_write_checkpoint+0x9df/0x26a0
[  256.813854][ T5724]  ? __lock_acquire+0x6b5/0x2cf0
[  256.813873][ T5724]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  256.813902][ T5724]  kill_f2fs_super+0x314/0x730
[  256.813914][ T5724]  ? __pfx_kill_f2fs_super+0x10/0x10
[  256.813928][ T5724]  ? lockdep_hardirqs_on+0x7a/0x110
[  256.813946][ T5724]  deactivate_locked_super+0xbc/0x130
[  256.813959][ T5724]  cleanup_mnt+0x437/0x4d0
[  256.813971][ T5724]  ? _raw_spin_unlock_irq+0x23/0x50
[  256.813982][ T5724]  task_work_run+0x1d9/0x270
[  256.813995][ T5724]  ? __pfx_task_work_run+0x10/0x10
[  256.814008][ T5724]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.814017][ T5724]  exit_to_user_mode_loop+0xed/0x480
[  256.814025][ T5724]  ? rcu_is_watching+0x15/0xb0
[  256.814035][ T5724]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.814043][ T5724]  do_syscall_64+0x33e/0xf80
[  256.814052][ T5724]  ? trace_irq_disable+0x3b/0x140
[  256.814066][ T5724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.814073][ T5724] RIP: 0033:0x7f2069f9e017
[  256.814082][ T5724] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  256.814106][ T5724] RSP: 002b:00007ffcd27439e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  256.814117][ T5724] RAX: 0000000000000000 RBX: 00007f206a032120 RCX: 00007f2069f9e017
[  256.814122][ T5724] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcd2743aa0
[  256.814126][ T5724] RBP: 00007ffcd2743aa0 R08: 00007ffcd2744aa0 R09: 00000000ffffffff
[  256.814131][ T5724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd2744b30
[  256.814136][ T5724] R13: 00007f206a032120 R14: 000000000003ea36 R15: 00007ffcd2744b70
[  256.814149][ T5724]  </TASK>
[  256.814189][ T5724] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  256.862876][T10849] loop3: detected capacity change from 0 to 40427
[  256.940289][T10849] F2FS-fs (loop3): invalid crc value
[  257.028258][T10849] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  257.038275][T10849] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  257.150374][T10858] loop1: detected capacity change from 0 to 256
[  257.150737][ T7380] syz-executor: attempt to access beyond end of device
[  257.150737][ T7380] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  257.153059][T10858] exfat: Deprecated parameter 'utf8'
[  257.153100][T10858] exfat: Deprecated parameter 'namecase'
[  257.156009][T10858] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe6e0c303, utbl_chksum : 0xe619d30d)
[  257.188839][ T7380] CPU: 0 UID: 0 PID: 7380 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  257.188856][ T7380] Tainted: [L]=SOFTLOCKUP
[  257.188859][ T7380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  257.188864][ T7380] Call Trace:
[  257.188867][ T7380]  <TASK>
[  257.188872][ T7380]  dump_stack_lvl+0xe8/0x150
[  257.188886][ T7380]  f2fs_stop_checkpoint+0x3c7/0x590
[  257.188899][ T7380]  f2fs_write_end_io+0x1274/0x1740
[  257.188918][ T7380]  __submit_merged_bio+0x256/0x6a0
[  257.188930][ T7380]  __submit_merged_write_cond+0x3c9/0x4e0
[  257.188942][ T7380]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  257.188960][ T7380]  f2fs_write_data_pages+0x287e/0x34f0
[  257.188983][ T7380]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  257.189007][ T7380]  ? unwind_next_frame+0xa6/0x2550
[  257.189017][ T7380]  ? rcu_is_watching+0x15/0xb0
[  257.189025][ T7380]  ? __kasan_check_byte+0x12/0x40
[  257.189033][ T7380]  ? __pfx_hlock_conflict+0x10/0x10
[  257.189043][ T7380]  ? __bfs+0x153/0x290
[  257.189050][ T7380]  ? __pfx_hlock_conflict+0x10/0x10
[  257.189066][ T7380]  ? lockdep_unlock+0x5d/0xd0
[  257.189090][ T7380]  ? __lock_acquire+0x146e/0x2cf0
[  257.189109][ T7380]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  257.189119][ T7380]  do_writepages+0x32e/0x550
[  257.189133][ T7380]  ? do_raw_spin_unlock+0x4d/0x210
[  257.189145][ T7380]  filemap_fdatawrite+0x1e9/0x2f0
[  257.189155][ T7380]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  257.189180][ T7380]  ? do_raw_spin_unlock+0x4d/0x210
[  257.189192][ T7380]  f2fs_sync_dirty_inodes+0x30e/0x830
[  257.189208][ T7380]  f2fs_write_checkpoint+0x9df/0x26a0
[  257.189218][ T7380]  ? __lock_acquire+0x6b5/0x2cf0
[  257.189238][ T7380]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  257.189268][ T7380]  kill_f2fs_super+0x314/0x730
[  257.189281][ T7380]  ? __pfx_kill_f2fs_super+0x10/0x10
[  257.189295][ T7380]  ? lockdep_hardirqs_on+0x7a/0x110
[  257.189311][ T7380]  deactivate_locked_super+0xbc/0x130
[  257.189323][ T7380]  cleanup_mnt+0x437/0x4d0
[  257.189335][ T7380]  ? _raw_spin_unlock_irq+0x23/0x50
[  257.189346][ T7380]  task_work_run+0x1d9/0x270
[  257.189358][ T7380]  ? __pfx_task_work_run+0x10/0x10
[  257.189371][ T7380]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.189380][ T7380]  exit_to_user_mode_loop+0xed/0x480
[  257.189389][ T7380]  ? rcu_is_watching+0x15/0xb0
[  257.189399][ T7380]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.189406][ T7380]  do_syscall_64+0x33e/0xf80
[  257.189416][ T7380]  ? trace_irq_disable+0x3b/0x140
[  257.189429][ T7380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.189437][ T7380] RIP: 0033:0x7f12a359e017
[  257.189446][ T7380] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  257.189453][ T7380] RSP: 002b:00007ffe6943bbc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  257.189463][ T7380] RAX: 0000000000000000 RBX: 00007f12a3632120 RCX: 00007f12a359e017
[  257.189468][ T7380] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6943bc80
[  257.189473][ T7380] RBP: 00007ffe6943bc80 R08: 00007ffe6943cc80 R09: 00000000ffffffff
[  257.189478][ T7380] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe6943cd10
[  257.189482][ T7380] R13: 00007f12a3632120 R14: 000000000003ebec R15: 00007ffe6943cd50
[  257.189495][ T7380]  </TASK>
[  257.189534][ T7380] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  257.194314][T10860] xt_hashlimit: size too large, truncated to 1048576
[  257.995846][T10886] loop3: detected capacity change from 0 to 32768
[  258.004581][T10886] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2079 (10886)
[  258.010802][T10886] BTRFS error: invalid seeding and uuid-changed device detected
[  258.984132][T10904] dvmrp1: entered allmulticast mode
[  259.342851][T10926] loop1: detected capacity change from 0 to 1024
[  259.728357][   T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  259.880445][   T24] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  259.883672][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.886954][   T24] usb 2-1: config 0 has no interface number 0
[  259.889354][   T24] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.893572][   T24] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  259.897138][   T24] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  259.901852][   T24] usb 2-1: New USB device found, idVendor=04d9, idProduct=a04a, bcdDevice= 0.00
[  259.905143][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.911066][   T24] usb 2-1: config 0 descriptor??
[  259.952919][T10932] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.2101'.
[  260.000825][T10934] netlink: 'syz.3.2102': attribute type 4 has an invalid length.
[  260.126948][T10938] loop3: detected capacity change from 0 to 128
[  260.317090][T10946] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2108'.
[  260.338081][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.345749][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.355022][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.358806][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.361965][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.365044][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.368255][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.371041][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.373874][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.377402][   T24] holtek_mouse 0003:04D9:A04A.000A: unknown main item tag 0x0
[  260.387667][   T24] holtek_mouse 0003:04D9:A04A.000A: hidraw0: USB HID v7f.fd Device [HID 04d9:a04a] on usb-dummy_hcd.1-1/input1
[  260.543794][ T5834] usb 2-1: USB disconnect, device number 26
[  260.770041][T10954] x_tables: duplicate underflow at hook 2
[  261.168264][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  261.635744][T10980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2123'.
[  261.643594][T10980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2123'.
[  261.767200][T10976] loop3: detected capacity change from 0 to 32768
[  261.771861][T10976] btrfs: Deprecated parameter 'usebackuproot'
[  261.783837][T10976] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  261.794792][T10976] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2121 (10976)
[  261.812935][T10976] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  261.817376][T10976] BTRFS info (device loop3): using crc32c checksum algorithm
[  261.866556][ T7762] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  261.883348][T10976] BTRFS error (device loop3): failed to load root extent
[  261.886451][T10976] BTRFS warning (device loop3): try to load backup roots slot 1
[  261.890275][ T2951] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  261.897264][T10976] BTRFS warning (device loop3): couldn't read tree root
[  261.901567][T10976] BTRFS warning (device loop3): try to load backup roots slot 2
[  261.907544][ T2951] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  261.912601][T10976] BTRFS warning (device loop3): couldn't read tree root
[  261.915687][T10976] BTRFS warning (device loop3): try to load backup roots slot 3
[  261.930608][T10976] BTRFS info (device loop3): rebuilding free space tree
[  261.957990][T10976] BTRFS info (device loop3): checking UUID tree
[  261.961357][T10976] BTRFS info (device loop3): enabling ssd optimizations
[  261.971170][T10976] BTRFS info (device loop3): turning on async discard
[  261.980428][T10976] BTRFS info (device loop3): enabling free space tree
[  262.002463][T10976] BTRFS info (device loop3): force clearing of disk cache
[  262.014968][T10976] BTRFS info (device loop3): enabling auto defrag
[  262.024550][T10976] BTRFS info (device loop3): trying to use backup root at mount time
[  262.040539][T10976] BTRFS info (device loop3): use zstd compression, level 3
[  262.155772][T11002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2125'.
[  262.336913][ T7380] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  263.603665][T11031] bond1: entered promiscuous mode
[  263.611290][T11027] loop3: detected capacity change from 0 to 4096
[  263.617378][T11031] bond1: entered allmulticast mode
[  263.619709][T11027] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  263.630284][T11031] 8021q: adding VLAN 0 to HW filter on device bond1
[  263.776332][T11038] input: syz0 as /devices/virtual/input/input16
[  263.933353][T11045] loop1: detected capacity change from 0 to 2048
[  263.964782][T11045] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  263.980350][T11045] ext4 filesystem being mounted at /709/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  264.004100][T11045] EXT4-fs (loop1): Online resizing not supported with bigalloc
[  264.043927][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.236008][T11058] loop3: detected capacity change from 0 to 128
[  264.244195][T11058] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  264.253639][T11058] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  264.746716][T11071] netlink: 'syz.0.2154': attribute type 3 has an invalid length.
[  265.051494][T11085] loop3: detected capacity change from 0 to 2048
[  265.073028][T11089] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2163'.
[  265.075084][T11085] NILFS (loop3): invalid segment: Checksum error in segment payload
[  265.084659][T11089] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2163'.
[  265.089057][T11085] NILFS (loop3): trying rollback from an earlier position
[  265.101234][T11085] NILFS (loop3): too large filesystem blocksize: 2 ^ 347668480 KiB
[  265.106114][T11085] NILFS (loop3): error -22 while searching super root
[  265.198946][T11093] loop0: detected capacity change from 0 to 4096
[  265.525142][T11102] 8021q: adding VLAN 0 to HW filter on device bond2
[  265.587233][T11114] CIFS: VFS: UNC: path must begin with // or \\
[  265.589883][T11114] Malformed UNC in devname
[  265.589883][T11114] 
[  265.592117][T11114] CIFS: VFS: Malformed UNC in devname
[  265.770256][T11115] vcan0: tx drop: invalid da for name 0x0000000000000033
[  265.795898][T11106] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  265.876985][T11121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2176'.
[  265.883198][   T13] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  265.950243][T11123] loop1: detected capacity change from 0 to 512
[  265.975296][T11123] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.026513][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.049186][   T12] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  266.061039][T11131] loop0: detected capacity change from 0 to 8
[  266.079465][T11131] SQUASHFS error: xz decompression failed, data probably corrupt
[  266.090331][T11131] SQUASHFS error: Failed to read block 0x108: -5
[  266.095335][T11131] SQUASHFS error: Unable to read metadata cache entry [106]
[  266.099253][T11131] SQUASHFS error: Unable to read inode 0x11f
[  266.426737][T11143] loop0: detected capacity change from 0 to 32768
[  266.436987][T11143] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2186 (11143)
[  266.509706][T11143] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  266.513420][T11143] BTRFS info (device loop0): using sha256 checksum algorithm
[  266.594197][T11143] BTRFS info (device loop0): enabling ssd optimizations
[  266.597045][T11143] BTRFS info (device loop0): turning on async discard
[  266.602496][T11143] BTRFS info (device loop0): enabling free space tree
[  266.610241][T11171] loop3: detected capacity change from 0 to 512
[  266.614137][T11171] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  266.668112][T11171] EXT4-fs (loop3): 1 orphan inode deleted
[  266.675093][T11171] EXT4-fs (loop3): 1 truncate cleaned up
[  266.679082][ T5723] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  266.684716][T11171] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.703270][   T33] audit: type=1800 audit(1778598516.505:527): pid=11171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2192" name="file1" dev="loop3" ino=17 res=0 errno=0
[  266.779337][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  266.809981][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.964994][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  266.968636][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  266.975401][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  266.990833][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  267.001016][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.013651][    T9] usb 2-1: config 0 descriptor??
[  267.021558][    T9] hub 2-1:0.0: USB hub found
[  267.060707][T11181] loop0: detected capacity change from 0 to 512
[  267.116088][T11181] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.2196: inode has both inline data and extents flags
[  267.122283][T11181] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  267.122894][T11181] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.2196: couldn't read orphan inode 15 (err -117)
[  267.131608][    C1] EXT4-fs (loop0): error count since last fsck: 1
[  267.131631][    C1] EXT4-fs (loop0): initial error at time 1778598516: ext4_orphan_get:1397: inode 15
[  267.131653][    C1] EXT4-fs (loop0): last error at time 1778598516: ext4_orphan_get:1397: inode 15
[  267.164852][T11181] loop0: lost filesystem error report for type 5 error -117
[  267.166941][T11181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  267.206789][T11181] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  267.226238][    T9] hub 2-1:0.0: 9 ports detected
[  267.233099][    T9] hub 2-1:0.0: insufficient power available to use all downstream ports
[  267.271901][ T5723] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.421521][T11188] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  267.433592][    T9] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  267.441208][    T9] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  267.463540][T11188] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  267.479336][    T9] usb 2-1: USB disconnect, device number 27
[  268.151302][T11208] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  268.155016][T11208] EXT4-fs (loop1): orphan cleanup on readonly fs
[  268.165077][T11208] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #16: comm syz.1.2207: corrupted inode contents
[  268.169242][T11208] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  268.169493][T11208] EXT4-fs (loop1): Remounting filesystem read-only
[  268.175032][T11208] EXT4-fs (loop1): 1 truncate cleaned up
[  268.181210][    C0] EXT4-fs (loop1): error count since last fsck: 1
[  268.183544][    C0] EXT4-fs (loop1): initial error at time 1778598517: ext4_do_update_inode:5690: inode 16
[  268.186892][    C0] EXT4-fs (loop1): last error at time 1778598517: ext4_do_update_inode:5690: inode 16
[  268.190640][   T32] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  268.200260][   T32] Quota error (device loop1): write_blk: dquota write failed
[  268.203720][   T32] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  268.206728][   T32] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  268.210865][   T32] Quota error (device loop1): write_blk: dquota write failed
[  268.213265][   T32] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[  268.216330][   T32] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  268.219765][   T32] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  268.225759][   T32] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  268.230368][T11208] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  268.250107][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.274871][    T9] usb 4-1: new low-speed USB device number 18 using dummy_hcd
[  268.471291][    T9] usb 4-1: config 1 interface 0 has no altsetting 0
[  268.480408][    T9] usb 4-1: string descriptor 0 read error: -22
[  268.486109][    T9] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0a18, bcdDevice= 0.40
[  268.495539][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.615537][T11218] netlink: 'syz.0.2211': attribute type 16 has an invalid length.
[  268.619671][T11218] netlink: 'syz.0.2211': attribute type 17 has an invalid length.
[  268.620840][T11212] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  268.622245][T11218] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2211'.
[  268.633357][T11212] JBD2: Ignoring recovery information on journal
[  268.737165][    T9] usbhid 4-1:1.0: can't add hid device: -71
[  268.741463][T11212] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  268.745469][    T9] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  268.801795][    T9] usb 4-1: USB disconnect, device number 18
[  268.801849][T11212] (syz.1.2208,11212,1):ocfs2_read_blocks:239 ERROR: status = -12
[  268.811840][T11212] (syz.1.2208,11212,1):ocfs2_trim_mainbm:7640 ERROR: status = -12
[  268.904430][ T5724] ocfs2: Unmounting device (7,1) on (node local)
[  268.915356][T11228] set_capacity_and_notify: 3 callbacks suppressed
[  268.915373][T11228] loop0: detected capacity change from 0 to 4096
[  268.924705][T11228] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  268.931206][T11228] ntfs3(loop0): try to read out of volume at offset 0x103000
[  268.935147][T11228] ntfs3(loop0): Failed to load $Volume (-5).
[  269.091399][T11234] loop0: detected capacity change from 0 to 164
[  269.120147][T11232] sg_read: process 1621 (syz.1.2215) changed security contexts after opening file descriptor, this is not allowed.
[  270.142082][T11269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2233'.
[  271.840001][T11310] gfs2: path_lookup on c::: returned error -2
[  271.846146][T11309] loop3: detected capacity change from 0 to 164
[  271.923882][T11312] loop0: detected capacity change from 0 to 4096
[  271.947330][T11312] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  271.967438][T11312] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  272.178720][T11319] netlink: 176 bytes leftover after parsing attributes in process `syz.3.2254'.
[  272.182000][T11319] sch_tbf: peakrate 3 is lower than or equals to rate 183 !
[  272.257025][T11322] kernel profiling enabled (shift: 9)
[  272.307372][T11325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2258'.
[  272.449353][T11332] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2259'.
[  272.452379][T11332] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  272.563139][    T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  272.720954][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.725645][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.730803][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  272.736217][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  272.739863][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.747906][    T9] usb 2-1: config 0 descriptor??
[  272.778580][  T187] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  272.930175][  T187] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  272.936611][  T187] usb 4-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  272.939818][  T187] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.942858][  T187] usb 4-1: Product: syz
[  272.944623][  T187] usb 4-1: Manufacturer: syz
[  272.946381][  T187] usb 4-1: SerialNumber: syz
[  273.189195][  T187] usbhid 4-1:1.0: can't add hid device: -71
[  273.196842][  T187] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  273.208982][  T187] usb 4-1: USB disconnect, device number 19
[  273.260624][    T9] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  273.392844][    T9] usb 2-1: USB disconnect, device number 28
[  274.135650][T11344] loop3: detected capacity change from 0 to 16
[  274.146738][T11344] erofs (device loop3): EXPERIMENTAL 48-bit layout support in use. Use at your own risk!
[  274.153451][T11344] erofs (device loop3): EXPERIMENTAL metadata compression support in use. Use at your own risk!
[  274.164982][T11344] erofs (device loop3): bogus i_mode (0) @ nid 916717819658240
[  274.678093][T11352] netlink: 27 bytes leftover after parsing attributes in process `syz.3.2271'.
[  274.979264][T11358] loop3: detected capacity change from 0 to 2048
[  275.009061][T11358] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  275.011627][T11358] UDF-fs: Scanning with blocksize 512 failed
[  275.016876][T11358] UDF-fs: error (device loop3): udf_read_inode: (ino 784) failed !bh
[  275.020723][T11358] UDF-fs: Scanning with blocksize 1024 failed
[  275.025616][T11358] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  275.029181][T11358] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  275.031661][T11358] UDF-fs: Scanning with blocksize 2048 failed
[  275.037356][T11358] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  275.041361][T11358] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  275.044457][T11358] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  275.047100][T11358] UDF-fs: Scanning with blocksize 4096 failed
[  275.049724][T11358] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  275.422023][T11368] loop3: detected capacity change from 0 to 32768
[  275.455245][T11368] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  275.494268][T11368] XFS (loop3): Ending clean mount
[  275.551423][ T7380] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  275.605754][T11373] loop1: detected capacity change from 0 to 4096
[  275.767220][T11385] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  276.015727][T11373] NILFS (loop1): bad btree node (ino=2, blocknr=57206): level = 0, flags = 0x0, nchildren = 0
[  276.021058][T11373] NILFS (loop1): error -5 preparing GC: cannot read source blocks
[  276.127969][T11391] loop0: detected capacity change from 0 to 512
[  276.166412][T11391] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  276.180757][T11391] EXT4-fs (loop0): 1 truncate cleaned up
[  276.186727][T11391] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.226856][T11395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2287'.
[  276.239952][T11391] EXT4-fs error (device loop0): ext4_append:79: inode #2: comm syz.0.2286: Logical block already allocated
[  276.250738][T11395] netlink: 'syz.1.2287': attribute type 1 has an invalid length.
[  276.263556][T11395] netlink: 568 bytes leftover after parsing attributes in process `syz.1.2287'.
[  276.292832][ T5723] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.124168][T11423] loop1: detected capacity change from 0 to 2048
[  277.142316][T11423] EXT4-fs: Ignoring removed mblk_io_submit option
[  277.188629][T11423] EXT4-fs (loop1): Number of reserved GDT blocks insanely large: 64935
[  278.233954][T11434] TCP: tcp_parse_options: Illegal window scaling value 19 > 14 received
[  278.800218][T11459] netlink: 'syz.3.2317': attribute type 10 has an invalid length.
[  278.970696][T11461] netlink: 'syz.3.2317': attribute type 10 has an invalid length.
[  279.008648][T11459] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  279.093528][T11459] team0: Port device netdevsim1 added
[  279.136017][T11461] team0: Port device netdevsim1 removed
[  279.140528][T11461] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  279.149871][T11461] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[  281.364858][T11493] loop3: detected capacity change from 0 to 256
[  281.858860][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  281.948698][T11505] loop1: detected capacity change from 0 to 32768
[  281.966044][T11505] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2336 (11505)
[  282.013820][T11505] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  282.024000][T11505] BTRFS info (device loop1): using sha256 checksum algorithm
[  282.026570][T11505] BTRFS error (device loop1): cannot disable free-space-tree
[  282.034225][T11505] BTRFS error (device loop1): open_ctree failed: -22
[  282.079122][   T24] usb 4-1: Using ep0 maxpacket: 16
[  282.105744][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  282.129130][   T24] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  282.138791][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.148660][   T24] usb 4-1: Product: syz
[  282.150204][   T24] usb 4-1: Manufacturer: syz
[  282.158750][   T24] usb 4-1: SerialNumber: syz
[  282.182745][   T24] usb 4-1: config 0 descriptor??
[  282.365002][T11512] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  282.445173][    T9] usb 4-1: USB disconnect, device number 20
[  283.169050][T11519] xt_limit: Overflow, try lower: 268435456/134217728
[  283.622090][ T3343] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  283.764554][T11539] loop0: detected capacity change from 0 to 128
[  283.881061][T11543] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.2351'.
[  283.884300][T11543] netlink: Conntrack attr has 4 unknown bytes
[  284.211792][T11553] loop1: detected capacity change from 0 to 8192
[  284.457995][T11559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2359'.
[  284.609966][T11553]  loop1: AHDI p1 p3
[  284.910056][T11570] loop3: detected capacity change from 0 to 32768
[  284.913651][T11570] btrfs: Deprecated parameter 'usebackuproot'
[  284.916194][T11570] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  284.926840][T11570] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2364 (11570)
[  285.122241][ T5737] udevd[5737]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  285.247692][T11582] overlayfs: empty lowerdir
[  285.321920][T11586] sg_write: data in/out 294879/124 bytes for SCSI command 0x7-- guessing data in;
[  285.321920][T11586]    program syz.1.2371 not setting count and/or reply_len properly
[  285.346807][T11588] overlayfs: failed to clone upperpath
[  285.781316][T11570] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  285.784911][T11570] BTRFS info (device loop3): using crc32c checksum algorithm
[  286.760212][   T32] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  286.828801][T11570] BTRFS error (device loop3): failed to load root extent
[  286.831842][T11570] BTRFS warning (device loop3): try to load backup roots slot 1
[  286.835359][ T1119] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  286.860281][T11570] BTRFS warning (device loop3): couldn't read tree root
[  286.863179][T11570] BTRFS warning (device loop3): try to load backup roots slot 2
[  286.868072][ T1119] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  286.877170][T11570] BTRFS warning (device loop3): couldn't read tree root
[  286.881997][T11570] BTRFS warning (device loop3): try to load backup roots slot 3
[  286.908080][T11570] BTRFS info (device loop3): rebuilding free space tree
[  286.927178][T11570] BTRFS info (device loop3): checking UUID tree
[  286.930542][T11570] BTRFS info (device loop3): enabling ssd optimizations
[  286.933823][T11570] BTRFS info (device loop3): turning on async discard
[  286.936616][T11570] BTRFS info (device loop3): enabling free space tree
[  286.939923][T11570] BTRFS info (device loop3): force clearing of disk cache
[  286.942709][T11570] BTRFS info (device loop3): enabling auto defrag
[  286.945100][T11570] BTRFS info (device loop3): trying to use backup root at mount time
[  286.948615][T11570] BTRFS info (device loop3): use zstd compression, level 3
[  287.041897][T11623] loop1: detected capacity change from 0 to 512
[  287.050178][T11623] EXT4-fs: Ignoring removed bh option
[  287.056709][T11623] EXT4-fs (loop1): Test dummy encryption mode enabled
[  287.182627][T11623] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  287.216296][T11623] EXT4-fs (loop1): Errors on filesystem, clearing orphan list.
[  287.234531][T11623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.310988][T11623] EXT4-fs error (device loop1): htree_dirblock_to_tree:1051: inode #2: comm syz.1.2380: Directory hole found for htree leaf block 0
[  287.388868][T11631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2382'.
[  287.544531][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.893375][T11654] 8021q: adding VLAN 0 to HW filter on device bond1
[  288.897175][ T5760] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  288.950225][ T5760] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  288.964924][ T5760] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  288.982040][ T5760] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  289.442018][T11669] loop1: detected capacity change from 0 to 1024
[  289.454035][T11669] EXT4-fs: Ignoring removed orlov option
[  289.472331][T11669] EXT4-fs (loop1): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  289.494566][ T7380] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  289.500386][T11669] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.521588][T11669] EXT4-fs error (device loop1): ext4_iget_extra_inode:5128: inode #15: comm syz.1.2399: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  289.617000][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.370557][T11685] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.2403'.
[  290.793146][ T5788] kernel read not supported for file /adsp1 (pid: 5788 comm: kworker/0:3)
[  291.587694][T11721] netlink: 'syz.1.2419': attribute type 10 has an invalid length.
[  291.610008][T11721] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  292.197596][T11733] Falling back ldisc for ttyS3.
[  292.992977][T11760] ptrace attach of "/syz-executor exec"[5724] was attempted by "                                                                                                        /dev/sequencer2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
[  293.952041][T11767] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2434'.
[  294.044611][T11767] 8021q: adding VLAN 0 to HW filter on device bond2
[  294.063123][T11770] ipvlan2: entered allmulticast mode
[  294.069801][T11770] bond2: entered allmulticast mode
[  294.293691][T11775] A link change request failed with some changes committed already. Interface ipvlan0 may have been left with an inconsistent configuration, please check.
[  294.331529][T11778] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2437'.
[  294.524353][T11790] loop3: detected capacity change from 0 to 1024
[  294.536997][T11790] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  295.053408][T11816] netlink: 'syz.3.2453': attribute type 1 has an invalid length.
[  295.277905][T11820] loop3: detected capacity change from 0 to 32768
[  295.281469][T11820] btrfs: Deprecated parameter 'usebackuproot'
[  295.283860][T11820] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  295.296500][T11820] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2457 (11820)
[  296.624557][T11820] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  296.657426][T11820] BTRFS info (device loop3): using crc32c checksum algorithm
[  297.052625][ T3343] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  297.103111][T11820] BTRFS error (device loop3): failed to load root extent
[  297.105774][T11820] BTRFS warning (device loop3): try to load backup roots slot 1
[  297.110853][ T7762] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  297.118497][T11820] BTRFS warning (device loop3): couldn't read tree root
[  297.121338][T11820] BTRFS warning (device loop3): try to load backup roots slot 2
[  297.125338][ T7762] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  297.145589][T11820] BTRFS warning (device loop3): couldn't read tree root
[  297.149942][T11820] BTRFS warning (device loop3): try to load backup roots slot 3
[  297.207061][T11820] BTRFS info (device loop3): rebuilding free space tree
[  297.300785][T11820] BTRFS info (device loop3): checking UUID tree
[  297.306941][T11820] BTRFS info (device loop3): enabling ssd optimizations
[  297.312770][T11820] BTRFS info (device loop3): turning on async discard
[  297.315438][T11820] BTRFS info (device loop3): enabling free space tree
[  297.317922][T11820] BTRFS info (device loop3): force clearing of disk cache
[  297.321043][T11820] BTRFS info (device loop3): enabling auto defrag
[  297.323619][T11820] BTRFS info (device loop3): trying to use backup root at mount time
[  297.326404][T11820] BTRFS info (device loop3): use zstd compression, level 3
[  297.864038][T11874] loop1: detected capacity change from 0 to 128
[  297.917723][T11874] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  297.938047][T11874] ext4 filesystem being mounted at /813/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  298.029918][ T5724] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  299.266308][ T7380] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  300.198601][ T5726] Bluetooth: hci1: command 0x206a tx timeout
[  300.339183][ T5788] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  300.350379][T11902] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2484'.
[  300.509640][ T5788] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  300.514960][ T5788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.519408][ T5788] usb 4-1: Product: syz
[  300.521266][ T5788] usb 4-1: Manufacturer: syz
[  300.523404][ T5788] usb 4-1: SerialNumber: syz
[  300.527971][ T5788] usb 4-1: config 0 descriptor??
[  300.535955][ T5788] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  300.542899][T11906] loop1: detected capacity change from 0 to 1024
[  300.551593][T11906] hfsplus: Filesystem is marked locked, mounting read-only.
[  300.563651][T11906] hfsplus: failed to load catalog file
[  300.731076][T11910] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.15044
[  300.734196][T11910] PKCS7: Only support pkcs7_signedData type
[  300.867886][T11914] netlink: 'syz.1.2490': attribute type 13 has an invalid length.
[  300.990294][T11914] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.086275][T11914] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  301.146119][ T5788] gspca_sunplus: reg_w_riv err -71
[  301.152016][ T5788] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  301.165735][ T5788] usb 4-1: USB disconnect, device number 21
[  301.331444][ T5760] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  301.343990][ T5760] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  301.355123][ T5760] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  301.365551][ T5760] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  302.010720][T11950] fuse: Bad value for 'fd'
[  302.014713][T11943] loop1: detected capacity change from 0 to 32768
[  302.020464][T11943] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2497 (11943)
[  302.037674][T11948] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000
[  302.064191][T11943] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  302.074339][T11943] BTRFS info (device loop1): using sha256 checksum algorithm
[  302.130816][T11943] BTRFS info (device loop1): enabling ssd optimizations
[  302.136245][T11943] BTRFS info (device loop1): turning on async discard
[  302.142301][T11943] BTRFS info (device loop1): enabling free space tree
[  302.147853][T11943] BTRFS info (device loop1): enabling auto defrag
[  302.153031][T11943] BTRFS info (device loop1): max_inline set to 4096
[  302.465797][T11974] loop3: detected capacity change from 0 to 2048
[  302.488430][T11974] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  302.506960][T11974] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  302.629686][ T5724] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  303.280563][ T5781] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  303.714658][ T5781] usb 4-1: Using ep0 maxpacket: 16
[  303.732062][ T5781] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  303.736158][ T5781] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  303.767351][ T5781] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  303.773273][ T5781] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.783250][ T5781] usb 4-1: Product: syz
[  303.786396][ T5781] usb 4-1: Manufacturer: syz
[  303.795498][ T5781] usb 4-1: SerialNumber: syz
[  303.900004][ T5781] usb 4-1: config 0 descriptor??
[  303.926767][ T5781] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  303.942830][ T5781] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  304.094387][T11999] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.2514'.
[  305.068054][T12013] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2518'.
[  305.295039][ T5781] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  305.302058][ T5781] em28xx 4-1:0.0: Config register raw data: 0x41
[  306.185375][   T53] Bluetooth: hci0: unexpected event for opcode 0x2027
[  306.742563][T12052] loop1: detected capacity change from 0 to 1024
[  306.750766][T12052] hfsplus: failed to load extents file
[  306.911344][ T6137] usb 4-1: USB disconnect, device number 22
[  306.923754][T12056] loop1: detected capacity change from 0 to 8
[  306.926522][ T6137] em28xx 4-1:0.0: Disconnecting em28xx
[  306.972014][T12058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2539'.
[  306.976628][T12058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2539'.
[  306.995336][ T6137] em28xx 4-1:0.0: Freeing device
[  307.020961][T12060] loop1: detected capacity change from 0 to 256
[  307.030724][T12060] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66dc59, utbl_chksum : 0xe619d30d)
[  307.051778][T12060] exFAT-fs (loop1): error, data valid size is invalid(-281474976706560)
[  307.163641][T12067] tmpfs: Bad value for 'usrquota_inode_hardlimit'
[  307.238458][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  307.304347][T12071] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16)
[  308.475077][T12089] overlayfs: failed to clone lowerpath
[  308.676966][T12093] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2556'.
[  309.119610][T12106] loop3: detected capacity change from 0 to 8192
[  309.841724][T12125] ip6gretap2: entered promiscuous mode
[  310.217937][T12140] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2576'.
[  311.198541][ T5781] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  311.356583][ T5781] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  311.366177][ T5781] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  311.372618][ T5781] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  311.380866][ T5781] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  311.384344][ T5781] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.409802][ T5781] usb 2-1: config 0 descriptor??
[  312.075609][ T5781] kovaplus 0003:1E7D:2D50.000C: global environment stack underflow
[  312.082819][ T5781] kovaplus 0003:1E7D:2D50.000C: item 0 0 1 11 parsing failed
[  312.109587][ T5781] kovaplus 0003:1E7D:2D50.000C: parse failed
[  312.113746][ T5781] kovaplus 0003:1E7D:2D50.000C: probe with driver kovaplus failed with error -22
[  312.215681][ T5834] usb 2-1: USB disconnect, device number 29
[  312.985216][T12190] bond1: (slave ip6gretap3): making interface the new active one
[  312.989361][T12190] bond1: (slave ip6gretap3): Enslaving as an active interface with an up link
[  313.055001][T12195] loop3: detected capacity change from 0 to 2048
[  313.065226][T12196] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  313.756548][T12221] loop1: detected capacity change from 0 to 512
[  313.771067][T12224] x_tables: duplicate entry at hook 3
[  313.780049][T12221] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.2606: bg 0: block 5: invalid block bitmap
[  313.810698][T12228] loop3: detected capacity change from 0 to 512
[  313.813684][T12228] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  313.817600][T12221] loop1: lost filesystem error report for type 5 error -117
[  313.819459][    C0] EXT4-fs (loop1): initial error at time 1778598563: ext4_validate_block_bitmap:432
[  313.826039][    C0] EXT4-fs (loop1): last error at time 1778598563: ext4_validate_block_bitmap:432
[  313.833722][T12221] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  313.845827][T12221] loop1: lost filesystem error report for type 5 error -117
[  313.851194][T12221] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2606: invalid indirect mapped block 3 (level 2)
[  313.858434][T12228] EXT4-fs (loop3): 1 truncate cleaned up
[  313.861261][T12228] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  313.887618][T12221] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  313.892398][T12221] EXT4-fs (loop1): 1 orphan inode deleted
[  313.910072][T12221] EXT4-fs (loop1): 1 truncate cleaned up
[  313.921789][T12221] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.095258][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.909970][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.930363][ T5788] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  315.084166][ T5788] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  315.087825][ T5788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.093746][ T5788] usb 2-1: Product: syz
[  315.095409][ T5788] usb 2-1: Manufacturer: syz
[  315.097286][ T5788] usb 2-1: SerialNumber: syz
[  315.359410][ T5788] rtl8150 2-1:1.0: couldn't reset the device
[  315.362387][ T5788] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5
[  315.372066][ T5788] usb 2-1: USB disconnect, device number 30
[  315.807861][T12270] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2624'.
[  315.815758][T12272] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.065405][T12283] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2628'.
[  317.199875][T12290] loop1: detected capacity change from 0 to 131072
[  317.206573][T12290] F2FS-fs (loop1): Test dummy encryption mode enabled
[  317.210918][T12290] F2FS-fs (loop1): invalid crc value
[  317.268673][T12290] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  317.281641][T12290] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  317.492088][T12304] batadv_slave_0: entered promiscuous mode
[  317.494961][T12304] macvlan2: entered promiscuous mode
[  317.500346][T12304] batadv_slave_0: left promiscuous mode
[  318.650630][T12300] loop3: detected capacity change from 0 to 40427
[  318.668891][T12300] F2FS-fs (loop3): build fault injection rate: 174
[  318.672264][T12300] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  318.682620][T12300] F2FS-fs (loop3): invalid crc value
[  318.855218][T12346] netlink: 'syz.0.2658': attribute type 30 has an invalid length.
[  318.921580][T12350] IPv6: NLM_F_CREATE should be specified when creating new route
[  318.931085][T12350] netlink: 'syz.0.2660': attribute type 1 has an invalid length.
[  318.958466][T12300] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  318.967186][T12300] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  319.462275][T12371] sctp: [Deprecated]: syz.1.2669 (pid 12371) Use of struct sctp_assoc_value in delayed_ack socket option.
[  319.462275][T12371] Use struct sctp_sack_info instead
[  319.575067][T12373] loop1: detected capacity change from 0 to 2048
[  319.627165][T12373] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  319.700184][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.157748][T12382] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2672'.
[  320.372847][T12391] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2676'.
[  320.935354][T12421] xt_cgroup: invalid path, errno=-2
[  321.151017][ T7380] syz-executor: attempt to access beyond end of device
[  321.151017][ T7380] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  321.162976][ T7380] CPU: 1 UID: 0 PID: 7380 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  321.163009][ T7380] Tainted: [L]=SOFTLOCKUP
[  321.163013][ T7380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  321.163017][ T7380] Call Trace:
[  321.163046][ T7380]  <TASK>
[  321.163052][ T7380]  dump_stack_lvl+0xe8/0x150
[  321.163069][ T7380]  f2fs_stop_checkpoint+0x3c7/0x590
[  321.163084][ T7380]  f2fs_write_end_io+0x1274/0x1740
[  321.163103][ T7380]  __submit_merged_bio+0x256/0x6a0
[  321.163115][ T7380]  __submit_merged_write_cond+0x3c9/0x4e0
[  321.163128][ T7380]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  321.163146][ T7380]  f2fs_write_data_pages+0x287e/0x34f0
[  321.163156][ T7380]  ? unwind_next_frame+0xa6/0x2550
[  321.163180][ T7380]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.163189][ T7380]  ? is_bpf_text_address+0x26/0x2b0
[  321.163202][ T7380]  ? arch_stack_walk+0xfb/0x150
[  321.163223][ T7380]  ? add_lock_to_list+0xc7/0x100
[  321.163234][ T7380]  ? lockdep_unlock+0x5d/0xd0
[  321.163241][ T7380]  ? __lock_acquire+0x146e/0x2cf0
[  321.163256][ T7380]  ? lockdep_hardirqs_on+0x7a/0x110
[  321.163266][ T7380]  ? irqentry_exit+0x218/0x730
[  321.163275][ T7380]  ? trace_irq_disable+0x3b/0x140
[  321.163289][ T7380]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.163301][ T7380]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.163311][ T7380]  do_writepages+0x32e/0x550
[  321.163323][ T7380]  ? do_raw_spin_unlock+0x4d/0x210
[  321.163335][ T7380]  filemap_fdatawrite+0x1e9/0x2f0
[  321.163345][ T7380]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  321.163370][ T7380]  ? do_raw_spin_unlock+0x4d/0x210
[  321.163382][ T7380]  f2fs_sync_dirty_inodes+0x30e/0x830
[  321.163398][ T7380]  f2fs_write_checkpoint+0x9df/0x26a0
[  321.163408][ T7380]  ? __lock_acquire+0x6b5/0x2cf0
[  321.163427][ T7380]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  321.163457][ T7380]  kill_f2fs_super+0x314/0x730
[  321.163469][ T7380]  ? __pfx_kill_f2fs_super+0x10/0x10
[  321.163483][ T7380]  ? lockdep_hardirqs_on+0x7a/0x110
[  321.163497][ T7380]  deactivate_locked_super+0xbc/0x130
[  321.163509][ T7380]  cleanup_mnt+0x437/0x4d0
[  321.163521][ T7380]  ? _raw_spin_unlock_irq+0x23/0x50
[  321.163531][ T7380]  task_work_run+0x1d9/0x270
[  321.163543][ T7380]  ? __pfx_task_work_run+0x10/0x10
[  321.163556][ T7380]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.163564][ T7380]  exit_to_user_mode_loop+0xed/0x480
[  321.163571][ T7380]  ? rcu_is_watching+0x15/0xb0
[  321.163581][ T7380]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.163588][ T7380]  do_syscall_64+0x33e/0xf80
[  321.163601][ T7380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.163608][ T7380] RIP: 0033:0x7f12a359e017
[  321.163617][ T7380] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  321.163624][ T7380] RSP: 002b:00007ffe6943bbc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  321.163634][ T7380] RAX: 0000000000000000 RBX: 00007f12a3632120 RCX: 00007f12a359e017
[  321.163639][ T7380] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6943bc80
[  321.163643][ T7380] RBP: 00007ffe6943bc80 R08: 00007ffe6943cc80 R09: 00000000ffffffff
[  321.163648][ T7380] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe6943cd10
[  321.163653][ T7380] R13: 00007f12a3632120 R14: 000000000004e204 R15: 00007ffe6943cd50
[  321.163665][ T7380]  </TASK>
[  321.163730][ T7380] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  322.083157][T12433] loop1: detected capacity change from 0 to 2048
[  322.104266][T12433] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  322.190216][T12437] loop3: detected capacity change from 0 to 512
[  322.616476][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  323.034234][T12470] netlink: 'syz.0.2714': attribute type 2 has an invalid length.
[  323.822553][T12489] loop1: detected capacity change from 0 to 32768
[  323.826101][T12489] btrfs: Deprecated parameter 'usebackuproot'
[  323.828766][T12489] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  323.833472][T12489] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2722 (12489)
[  324.007806][T12489] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  324.014741][T12489] BTRFS info (device loop1): using crc32c checksum algorithm
[  324.086983][T12499] netlink: 'syz.3.2723': attribute type 3 has an invalid length.
[  324.147872][ T1119] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  324.221522][T12489] BTRFS error (device loop1): failed to load root extent
[  324.223957][T12489] BTRFS warning (device loop1): try to load backup roots slot 1
[  324.226914][   T26] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  324.243377][T12489] BTRFS warning (device loop1): couldn't read tree root
[  324.245834][T12489] BTRFS warning (device loop1): try to load backup roots slot 2
[  324.249291][   T32] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  324.265406][T12489] BTRFS warning (device loop1): couldn't read tree root
[  324.267818][T12489] BTRFS warning (device loop1): try to load backup roots slot 3
[  324.286038][T12489] BTRFS info (device loop1): rebuilding free space tree
[  324.312378][T12489] BTRFS info (device loop1): checking UUID tree
[  324.317426][T12489] BTRFS info (device loop1): enabling ssd optimizations
[  324.320621][T12489] BTRFS info (device loop1): turning on async discard
[  324.323382][T12489] BTRFS info (device loop1): enabling free space tree
[  324.326097][T12489] BTRFS info (device loop1): force clearing of disk cache
[  324.329153][T12489] BTRFS info (device loop1): enabling auto defrag
[  324.331509][T12489] BTRFS info (device loop1): trying to use backup root at mount time
[  324.334577][T12489] BTRFS info (device loop1): use zstd compression, level 3
[  325.323158][   T53] Bluetooth: Frame is too long (len 12, expected len 4)
[  327.156019][ T5724] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  327.363403][T12555] ext2: block size(16384) > page size(4096) not supported by filesystem
[  328.070424][T12585] loop1: detected capacity change from 0 to 1024
[  328.090009][T12585] EXT4-fs: Ignoring removed mblk_io_submit option
[  328.200075][T12585] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.205501][T12585] ext4 filesystem being mounted at /903/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  328.264921][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  329.578439][ T5788] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  329.760708][ T5788] usb 2-1: Using ep0 maxpacket: 32
[  329.768076][ T5788] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  329.780272][ T5788] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  329.786423][ T5788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.794604][ T5788] usb 2-1: Product: syz
[  329.796553][ T5788] usb 2-1: Manufacturer: syz
[  329.800848][ T5788] usb 2-1: SerialNumber: syz
[  329.808055][ T5788] usb 2-1: config 0 descriptor??
[  330.261906][ T5781] usb 2-1: USB disconnect, device number 31
[  330.870069][T12621] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2769'.
[  330.873401][T12621] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2769'.
[  330.876498][T12621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2769'.
[  331.464528][T12633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2775'.
[  331.625146][T12642] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2779'.
[  331.673363][T12645] tipc: Failed to remove unknown binding: 66,1,1/0:3866520908/3866520910
[  331.696130][T12645] tipc: Failed to remove unknown binding: 66,1,1/0:3866520908/3866520910
[  332.426397][T12670] loop1: detected capacity change from 0 to 8
[  332.461376][T12670] SQUASHFS error: lzo decompression failed, data probably corrupt
[  332.483310][T12670] SQUASHFS error: Failed to read block 0x91: -5
[  332.489129][T12670] SQUASHFS error: Unable to read metadata cache entry [8f]
[  332.500335][T12670] SQUASHFS error: Unable to read inode 0x11f
[  332.700340][T12676] fuse: Bad value for 'fd'
[  333.480327][T12704] program syz.3.2804 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  333.744952][T12711] fuse: Unexpected value for 'default_permissions'
[  334.029209][T12717] loop3: detected capacity change from 0 to 2048
[  334.062297][T12717] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  334.108288][   T33] audit: type=1800 audit(1778598583.865:528): pid=12717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2810" name="file2" dev="loop3" ino=16 res=0 errno=0
[  334.129795][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.421036][T12735] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2816'.
[  335.687381][T12775] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2831'.
[  335.831542][T12779] loop1: detected capacity change from 0 to 736
[  336.273492][T12785] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2836'.
[  336.783576][T12793] Invalid ELF header magic: != ELF
[  336.813230][T12797] loop3: detected capacity change from 0 to 512
[  336.826480][T12797] EXT4-fs (loop3): Test dummy encryption mode enabled
[  336.838911][T12797] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  336.856459][T12797] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz.3.2842: bad orphan inode 131083
[  336.876090][T12797] loop3: lost filesystem error report for type 5 error -117
[  336.880316][T12797] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  337.043489][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.457322][T12815] ref_ctr going negative. vaddr: 0x200000000002, curr val: -7112, delta: 1
[  337.479023][T12815] ref_ctr increment failed for inode: 0xd93 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8881131b8c40
[  349.385973][T12837] 9p: Bad value for 'rfdno'
[  349.492534][T12843] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  349.495730][T12843] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  349.578905][T12849] trusted_key: encrypted_key: keylen parameter is missing
[  350.083971][T12860] fuse: fd is not a fuse device
[  350.130155][T12864] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2873'.
[  350.190277][T12868] loop9: detected capacity change from 0 to 7
[  350.204784][T12868] Dev loop9: unable to read RDB block 7
[  350.206907][T12868]  loop9: unable to read partition table
[  350.212483][T12868] loop9: partition table beyond EOD, truncated
[  350.217353][T12868] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5)
[  350.237870][T12869] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  350.564369][T12872] loop1: detected capacity change from 0 to 40427
[  350.570243][T12872] F2FS-fs (loop1): invalid crc value
[  350.617782][T12872] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  350.627352][T12872] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  350.731531][T12872] F2FS-fs (loop1): Inconsistent segment (8) type [1, 0] in SSA and SIT
[  350.740381][T12872] CPU: 0 UID: 0 PID: 12872 Comm: syz.1.2876 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  350.740409][T12872] Tainted: [L]=SOFTLOCKUP
[  350.740425][T12872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  350.740434][T12872] Call Trace:
[  350.740441][T12872]  <TASK>
[  350.740448][T12872]  dump_stack_lvl+0xe8/0x150
[  350.740475][T12872]  f2fs_stop_checkpoint+0x3c7/0x590
[  350.740499][T12872]  do_garbage_collect+0x15a2/0x6d90
[  350.740544][T12872]  ? f2fs_get_victim+0x16e/0x6460
[  350.740575][T12872]  ? stack_trace_save+0xa9/0x100
[  350.740605][T12872]  ? __pfx_do_garbage_collect+0x10/0x10
[  350.740625][T12872]  ? f2fs_get_victim+0x5c60/0x6460
[  350.740696][T12872]  f2fs_gc+0xc8f/0x2480
[  350.740763][T12872]  ? __pfx_f2fs_gc+0x10/0x10
[  350.740813][T12872]  f2fs_expand_inode_data+0x64f/0xb20
[  350.740850][T12872]  ? __pfx_f2fs_expand_inode_data+0x10/0x10
[  350.740877][T12872]  ? __pfx_inode_dio_wait+0x10/0x10
[  350.740901][T12872]  ? file_update_time_flags+0x3b3/0x4a0
[  350.740923][T12872]  f2fs_fallocate+0x4e5/0x980
[  350.740947][T12872]  vfs_fallocate+0x669/0x7e0
[  350.740966][T12872]  ? __pfx_vfs_fallocate+0x10/0x10
[  350.740988][T12872]  file_ioctl+0x5bf/0x860
[  350.741005][T12872]  ? __pfx_file_ioctl+0x10/0x10
[  350.741028][T12872]  ? kasan_quarantine_put+0xbb/0x1f0
[  350.741052][T12872]  ? tomoyo_path_number_perm+0x219/0x630
[  350.741070][T12872]  ? tomoyo_path_number_perm+0x219/0x630
[  350.741088][T12872]  do_vfs_ioctl+0xc26/0x1530
[  350.741104][T12872]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  350.741128][T12872]  ? do_futex+0x333/0x420
[  350.741160][T12872]  ? __fget_files+0x2a/0x420
[  350.741180][T12872]  ? __fget_files+0x2a/0x420
[  350.741197][T12872]  ? __fget_files+0x3a0/0x420
[  350.741214][T12872]  ? __fget_files+0x2a/0x420
[  350.741234][T12872]  ? bpf_lsm_file_ioctl+0x9/0x20
[  350.741258][T12872]  __se_sys_ioctl+0x82/0x170
[  350.741271][T12872]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.741288][T12872]  do_syscall_64+0x15f/0xf80
[  350.741306][T12872]  ? trace_irq_disable+0x3b/0x140
[  350.741330][T12872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.741344][T12872] RIP: 0033:0x7f2069f9cdd9
[  350.741358][T12872] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  350.741370][T12872] RSP: 002b:00007f206ae3b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  350.741408][T12872] RAX: ffffffffffffffda RBX: 00007f206a215fa0 RCX: 00007f2069f9cdd9
[  350.741426][T12872] RDX: 0000200000000040 RSI: 0000000040305828 RDI: 0000000000000005
[  350.741435][T12872] RBP: 00007f206a032d69 R08: 0000000000000000 R09: 0000000000000000
[  350.741444][T12872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  350.741452][T12872] R13: 00007f206a216038 R14: 00007f206a215fa0 R15: 00007ffcd2744778
[  350.741476][T12872]  </TASK>
[  350.741560][T12872] F2FS-fs (loop1): Stopped filesystem due to reason: 4
[  350.859649][T12872] F2FS-fs (loop1): f2fs_get_node_info of read_node_folio+0x221/0x410: inconsistent nat entry, ino:6, nid:6, blkaddr:4609, ver:0, flag:0
[  351.453702][T12893] loop4: detected capacity change from 0 to 7
[  351.512929][T12894] loop1: detected capacity change from 0 to 4096
[  351.518816][T12894] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  351.527469][T12827] Buffer I/O error on dev loop4, logical block 0, async page read
[  351.543419][T12827] Buffer I/O error on dev loop4, logical block 0, async page read
[  351.560961][T12827] Buffer I/O error on dev loop4, logical block 0, async page read
[  351.567381][T12894] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  351.570429][T12827] Buffer I/O error on dev loop4, logical block 0, async page read
[  351.575923][T12827] Buffer I/O error on dev loop4, logical block 0, async page read
[  351.591068][T12894] ntfs3(loop1): Failed to load $Extend (-2).
[  351.594071][T12894] ntfs3(loop1): Failed to initialize $Extend.
[  351.924202][T12908] netlink: 'syz.1.2890': attribute type 1 has an invalid length.
[  352.261256][T12919] hugetlbfs: syz.0.2889 (12919): Using mlock ulimits for SHM_HUGETLB is obsolete
[  352.845296][T12921] nfs4: Unknown parameter 'dev/cpu/#/msr'
[  353.387206][T12931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2897'.
[  353.777403][T12939] loop3: detected capacity change from 0 to 32768
[  353.789319][T12939] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2902 (12939)
[  353.830310][T12939] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  353.867802][T12939] BTRFS info (device loop3): using crc32c checksum algorithm
[  354.060796][T12963] netlink: 'syz.0.2909': attribute type 11 has an invalid length.
[  354.122582][T12939] BTRFS info (device loop3): enabling ssd optimizations
[  354.126847][T12939] BTRFS info (device loop3): turning on flush-on-commit
[  354.132547][T12939] BTRFS info (device loop3): enabling free space tree
[  354.136614][T12939] BTRFS info (device loop3): force zlib compression, level 3
[  354.141640][T12939] BTRFS info (device loop3): max_inline set to 4096
[  354.190977][ T7380] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  354.481130][ T5834] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  354.663285][ T5834] usb 2-1: config 1 has an invalid interface number: 188 but max is 0
[  354.666230][ T5834] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  354.669927][ T5834] usb 2-1: config 1 has no interface number 0
[  354.673447][ T5834] usb 2-1: config 1 interface 188 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  354.686233][ T5834] usb 2-1: config 1 interface 188 has no altsetting 0
[  354.695217][ T5834] usb 2-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b
[  354.700781][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.708414][ T5834] usb 2-1: Product: syz
[  354.712579][ T5834] usb 2-1: Manufacturer: syz
[  354.719197][ T5834] usb 2-1: SerialNumber: syz
[  354.963224][ T5834] usb 2-1: unknown interface protocol 0xc1, assuming v1
[  354.977379][ T5834] usb 2-1: 188:0 : does not exist
[  354.990299][T13008] loop3: detected capacity change from 0 to 24
[  354.994547][T13008] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  355.018118][T13008] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  355.138816][ T5834] usb 2-1: USB disconnect, device number 32
[  355.366068][T13010] loop3: detected capacity change from 0 to 32768
[  355.372300][T13014] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2928'.
[  355.436050][T13010] JBD2: Ignoring recovery information on journal
[  355.491163][T13010] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  355.612180][ T7380] ocfs2: Unmounting device (7,3) on (node local)
[  355.700586][T13026] syzkaller0: entered promiscuous mode
[  355.702990][T13026] syzkaller0: entered allmulticast mode
[  355.709834][T13026] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  355.716789][T13026] tipc: Resetting bearer <eth:syzkaller0>
[  355.770551][T13026] tipc: Disabling bearer <eth:syzkaller0>
[  356.079953][T13047] loop1: detected capacity change from 0 to 128
[  356.092796][T13047] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  356.107252][T13047] hpfs: filesystem error: improperly stopped
[  356.118210][T13047] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  356.227105][T13049] nbd: socks must be embedded in a SOCK_ITEM attr
[  356.344663][T13053] input: syz1 as /devices/virtual/input/input18
[  356.640969][ T6137] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  356.798880][ T6137] usb 2-1: Using ep0 maxpacket: 8
[  356.815928][ T6137] usb 2-1: unable to get BOS descriptor or descriptor too short
[  356.833332][ T6137] usb 2-1: config 8 has an invalid interface number: 42 but max is 0
[  356.837315][ T6137] usb 2-1: config 8 has no interface number 0
[  356.840564][ T6137] usb 2-1: config 8 interface 42 has no altsetting 0
[  356.852692][ T6137] usb 2-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=f6.fb
[  356.856627][ T6137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.860987][ T6137] usb 2-1: Product: syz
[  356.863373][ T6137] usb 2-1: Manufacturer: syz
[  356.865797][ T6137] usb 2-1: SerialNumber: syz
[  357.283279][T13059] loop3: detected capacity change from 0 to 131072
[  357.287050][T13059] F2FS-fs (loop3): Test dummy encryption mode enabled
[  357.290124][T13059] F2FS-fs (loop3): invalid crc value
[  357.363785][T13059] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  357.372875][T13059] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  357.550178][ T6137] empeg 2-1:8.42: empeg converter detected
[  357.553157][ T6137] usb 2-1: active config #8 != 1 ??
[  357.575274][ T6137] usb 2-1: USB disconnect, device number 33
[  358.314983][T13078] program syz.1.2956 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  358.329161][T13080] loop3: detected capacity change from 0 to 1024
[  358.355115][T13082] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  358.376603][T13080] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  358.432783][T13080] EXT4-fs error (device loop3): ext4_empty_dir:3125: inode #11: block 39: comm syz.3.2951: bad entry in directory: directory entry overrun - offset=7296, inode=0, rec_len=1024, size=1024 fake=0
[  358.453270][T13080] EXT4-fs (loop3): Remounting filesystem read-only
[  358.564990][ T7380] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.570767][T13089] loop1: detected capacity change from 0 to 512
[  358.774239][T13089] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #16: comm syz.1.2958: corrupted inode contents
[  358.779100][T13089] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  358.779418][T13089] EXT4-fs error (device loop1): ext4_dirty_inode:6587: inode #16: comm syz.1.2958: mark_inode_dirty error
[  358.787422][T13089] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  358.787794][T13089] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #16: comm syz.1.2958: corrupted inode contents
[  358.791566][    C0] EXT4-fs (loop1): error count since last fsck: 2
[  358.791579][    C0] EXT4-fs (loop1): initial error at time 1778598864: ext4_do_update_inode:5690: inode 16
[  358.791599][    C0] EXT4-fs (loop1): last error at time 1778598864: ext4_dirty_inode:6587: inode 16
[  358.808793][T13089] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  358.809230][T13089] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #16: comm syz.1.2958: mark_inode_dirty error
[  358.817835][T13089] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  358.818577][T13089] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #16: comm syz.1.2958: corrupted inode contents
[  358.832369][T13089] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  358.832989][T13089] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem
[  358.840133][T13089] loop1: lost filesystem error report for type 5 error -117
[  358.840521][T13089] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #16: comm syz.1.2958: corrupted inode contents
[  358.850929][T13089] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  358.851264][T13089] EXT4-fs error (device loop1): ext4_truncate:4690: inode #16: comm syz.1.2958: mark_inode_dirty error
[  358.859262][T13089] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  358.859562][T13089] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem
[  358.865937][T13089] loop1: lost filesystem error report for type 5 error -117
[  358.869383][T13089] EXT4-fs (loop1): 1 truncate cleaned up
[  358.875762][T13089] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  358.882261][T13089] ext4 filesystem being mounted at /967/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  358.894746][   T26] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  358.902932][   T26] EXT4-fs error (device loop1): ext4_release_dquot:7070: comm kworker/u9:0: Failed to release dquot type 1
[  359.042637][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.488297][ T5834] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  359.641636][ T5834] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  359.645941][ T5834] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  359.651453][ T5834] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  359.659267][ T5834] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  359.663268][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.666753][ T5834] usb 4-1: Product: syz
[  359.669270][ T5834] usb 4-1: Manufacturer: syz
[  359.671361][ T5834] usb 4-1: SerialNumber: syz
[  359.676227][ T5834] usb 4-1: config 0 descriptor??
[  359.683305][T13104] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  359.686764][T13104] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  359.692757][ T5834] usb 4-1: ucan: probing device on interface #0
[  360.296895][ T5834] ucan 4-1:0.0: probe with driver ucan failed with error -71
[  360.312507][ T5834] usb 4-1: USB disconnect, device number 23
[  363.238299][ T5733] Bluetooth: hci1: command 0x206a tx timeout
[  363.312495][T13169] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2980'.
[  363.315338][T13169] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2980'.
[  363.320926][T13169] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2980'.
[  363.323970][T13169] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2980'.
[  451.012031][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  468.993430][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  468.996341][    C0] rcu: 	1-...!: (0 ticks this GP) idle=0f3c/1/0x4000000000000000 softirq=56456/56456 fqs=0
[  469.001925][    C0] rcu: 	(detected by 0, t=10506 jiffies, g=59805, q=152 ncpus=2)
[  469.005022][    C0] Sending NMI from CPU 0 to CPUs 1:
[  469.005099][    C1] NMI backtrace for cpu 1
[  469.005124][    C1] CPU: 1 UID: 0 PID: 13111 Comm: syz.1.2965 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  469.005141][    C1] Tainted: [L]=SOFTLOCKUP
[  469.005146][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  469.005154][    C1] RIP: 0010:lock_is_held_type+0x4b/0x150
[  469.005183][    C1] Code: 8b 05 39 1e 91 07 85 c0 0f 85 d5 00 00 00 65 4c 8b 2d 81 d8 90 07 41 83 bd 8c 0b 00 00 00 0f 85 bf 00 00 00 89 f5 49 89 fe 9c <41> 5c fa 48 c7 c7 41 1f fc 8d e8 b6 19 00 00 65 ff 05 ff 1d 91 07
[  469.005194][    C1] RSP: 0018:ffffc90000a08a88 EFLAGS: 00000046
[  469.005208][    C1] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 0000000000010100
[  469.005215][    C1] RDX: ffff88811e5e5880 RSI: 00000000ffffffff RDI: ffff88823c628298
[  469.005224][    C1] RBP: 00000000ffffffff R08: 0000000000000003 R09: 0000000000000004
[  469.005231][    C1] R10: dffffc0000000000 R11: fffff52000141150 R12: 0000000000000001
[  469.005239][    C1] R13: ffff88811e5e5880 R14: ffff88823c628298 R15: 0000000000000000
[  469.005253][    C1] FS:  0000555579f87500(0000) GS:ffff8882a9290000(0000) knlGS:0000000000000000
[  469.005263][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  469.005271][    C1] CR2: 0000001b32a1eff8 CR3: 000000000e74a000 CR4: 00000000000006f0
[  469.005310][    C1] Call Trace:
[  469.005319][    C1]  <IRQ>
[  469.005329][    C1]  enqueue_hrtimer+0x79/0x2c0
[  469.005353][    C1]  __hrtimer_run_queues+0x4d2/0xa20
[  469.005374][    C1]  hrtimer_interrupt+0x44b/0x950
[  469.005399][    C1]  __sysvec_apic_timer_interrupt+0x102/0x430
[  469.005417][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  469.005431][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  469.005446][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x10/0x70
[  469.005463][    C1] Code: de 5b e9 b3 00 60 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0d b8 5b 73 11 <65> 8b 15 d9 5b 73 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75
[  469.005473][    C1] RSP: 0018:ffffc90000a08de0 EFLAGS: 00000246
[  469.005483][    C1] RAX: ffffffff899fe3ee RBX: ffff8881bb47c080 RCX: ffff88811e5e5880
[  469.005491][    C1] RDX: 1ffff1103768f81c RSI: 1ffff1103768f801 RDI: 1ffff1103768f808
[  469.005498][    C1] RBP: dffffc0000000000 R08: ffff8881bb47c19f R09: 1ffff1103768f833
[  469.005506][    C1] R10: dffffc0000000000 R11: ffffed103768f834 R12: ffff8881bb47c080
[  469.005514][    C1] R13: 1ffff1103768f802 R14: ffff8881bb47c1b0 R15: ffff8881bb47c000
[  469.005525][    C1]  ? __qdisc_run+0x14e/0x1560
[  469.005547][    C1]  __qdisc_run+0x14e/0x1560
[  469.005603][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[  469.005627][    C1]  net_tx_action+0x806/0xc30
[  469.005644][    C1]  ? net_tx_action+0x5b6/0xc30
[  469.005657][    C1]  handle_softirqs+0x22a/0x840
[  469.005672][    C1]  ? __irq_exit_rcu+0xca/0x220
[  469.005687][    C1]  __irq_exit_rcu+0xca/0x220
[  469.005699][    C1]  irq_exit_rcu+0x9/0x30
[  469.005710][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  469.005724][    C1]  </IRQ>
[  469.005728][    C1]  <TASK>
[  469.005733][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  469.005745][    C1] RIP: 0010:kernel_text_address+0x31/0xe0
[  469.005763][    C1] Code: 53 48 81 ff 00 00 00 81 0f 93 c0 48 81 ff 38 fe ab 8b 0f 92 c1 bd 01 00 00 00 84 c8 75 0c 48 89 fb e8 c3 de a3 ff 85 c0 74 0c <89> e8 5b 41 5e 5d e9 d4 5f 1b 0a cc 48 c7 c0 80 69 30 90 48 c1 e8
[  469.005772][    C1] RSP: 0018:ffffc90003556df8 EFLAGS: 00000202
[  469.005783][    C1] RAX: 0000000000000001 RBX: ffffffff81b0d8a9 RCX: 0000000000000001
[  469.005790][    C1] RDX: ffffc90003556ed8 RSI: dffffc0000000000 RDI: ffffffff81b0d8a9
[  469.005798][    C1] RBP: 0000000000000001 R08: ffffc90003556ed0 R09: 0000000000000000
[  469.005805][    C1] R10: ffffc90003556e98 R11: fffff520006aadd5 R12: ffff88811e5e5880
[  469.005813][    C1] R13: 1ffff11023cbcbce R14: dffffc0000000000 R15: 1ffff920006aadd2
[  469.005823][    C1]  ? stack_trace_save+0xa9/0x100
[  469.005843][    C1]  ? stack_trace_save+0xa9/0x100
[  469.005860][    C1]  ? stack_trace_save+0xa9/0x100
[  469.005876][    C1]  __kernel_text_address+0xd/0x30
[  469.005892][    C1]  unwind_get_return_address+0x4d/0x90
[  469.005906][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  469.005923][    C1]  arch_stack_walk+0xfb/0x150
[  469.005940][    C1]  ? stack_trace_save+0xa9/0x100
[  469.005958][    C1]  stack_trace_save+0xa9/0x100
[  469.005974][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  469.005990][    C1]  ? stack_depot_save_flags+0x33/0x810
[  469.006012][    C1]  save_stack+0x122/0x230
[  469.006033][    C1]  ? __pfx_save_stack+0x10/0x10
[  469.006053][    C1]  ? page_ext_put+0x97/0xc0
[  469.006071][    C1]  __reset_page_owner+0x71/0x1f0
[  469.006088][    C1]  free_unref_folios+0xcde/0x1420
[  469.006112][    C1]  folios_put_refs+0xa3d/0xb80
[  469.006134][    C1]  ? __pfx_folios_put_refs+0x10/0x10
[  469.006151][    C1]  ? filemap_remove_folio+0x312/0x3a0
[  469.006164][    C1]  ? folio_batch_remove_exceptionals+0x18c/0x1f0
[  469.006184][    C1]  shmem_undo_range+0x52c/0x1660
[  469.006201][    C1]  ? __lock_acquire+0x6b5/0x2cf0
[  469.006214][    C1]  ? __pfx_shmem_undo_range+0x10/0x10
[  469.006253][    C1]  ? __lock_acquire+0x6b5/0x2cf0
[  469.006267][    C1]  ? percpu_counter_add_batch+0xea/0x1d0
[  469.006286][    C1]  shmem_evict_inode+0x289/0xae0
[  469.006305][    C1]  ? inode_wait_for_writeback+0x16d/0x3b0
[  469.006320][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  469.006337][    C1]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  469.006349][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[  469.006367][    C1]  ? do_raw_spin_unlock+0x4d/0x210
[  469.006384][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  469.006401][    C1]  evict+0x61e/0xb10
[  469.006418][    C1]  ? __pfx_evict+0x10/0x10
[  469.006428][    C1]  ? do_raw_spin_unlock+0x4d/0x210
[  469.006445][    C1]  ? _raw_spin_unlock+0x28/0x50
[  469.006458][    C1]  ? iput+0xb25/0xe80
[  469.006476][    C1]  __dentry_kill+0x1a2/0x690
[  469.006490][    C1]  ? finish_dput+0xad/0x480
[  469.006504][    C1]  finish_dput+0xc9/0x480
[  469.006521][    C1]  __fput+0x691/0xa60
[  469.006542][    C1]  task_work_run+0x1d9/0x270
[  469.006583][    C1]  ? __pfx_task_work_run+0x10/0x10
[  469.006600][    C1]  ? do_raw_spin_unlock+0x4d/0x210
[  469.006619][    C1]  do_exit+0x70f/0x22c0
[  469.006636][    C1]  ? try_to_wake_up+0x828/0x1380
[  469.006654][    C1]  ? __pfx_do_exit+0x10/0x10
[  469.006671][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[  469.006689][    C1]  do_group_exit+0x21b/0x2d0
[  469.006705][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  469.006719][    C1]  get_signal+0x1284/0x1330
[  469.006737][    C1]  arch_do_signal_or_restart+0xbc/0x830
[  469.006755][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  469.006776][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.006788][    C1]  exit_to_user_mode_loop+0x86/0x480
[  469.006800][    C1]  ? rcu_is_watching+0x15/0xb0
[  469.006814][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.006825][    C1]  do_syscall_64+0x33e/0xf80
[  469.006838][    C1]  ? trace_irq_disable+0x3b/0x140
[  469.006857][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.006868][    C1] RIP: 0033:0x7f2069f9cdd9
[  469.006878][    C1] Code: Unable to access opcode bytes at 0x7f2069f9cdaf.
[  469.006884][    C1] RSP: 002b:00007ffcd27448d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  469.006895][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007f2069f9cdd9
[  469.006901][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f206a215fa8
[  469.006908][    C1] RBP: 0000000000001654 R08: 000000000000000f R09: 0000000000000000
[  469.006914][    C1] R10: 00007f206a215fa0 R11: 0000000000000246 R12: 0000000000000000
[  469.006921][    C1] R13: 00007f206a215fac R14: 00007f206a215fa8 R15: 00007f206a215fa0
[  469.006934][    C1]  </TASK>
[  469.007071][    C0] rcu: rcu_preempt kthread starved for 10506 jiffies! g59805 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  469.296525][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  469.299921][    C0] rcu: RCU grace-period kthread stack dump:
[  469.302033][    C0] task:rcu_preempt     state:R  running task     stack:27968 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  469.306895][    C0] Call Trace:
[  469.308081][    C0]  <TASK>
[  469.308998][    C0]  __schedule+0x17b4/0x5680
[  469.310408][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  469.312059][    C0]  ? __pfx___schedule+0x10/0x10
[  469.313747][    C0]  ? schedule+0x90/0x360
[  469.315177][    C0]  schedule+0x164/0x360
[  469.316760][    C0]  schedule_timeout+0x158/0x2c0
[  469.318449][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  469.320256][    C0]  ? __pfx_process_timeout+0x10/0x10
[  469.322059][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  469.323962][    C0]  ? prepare_to_swait_event+0x340/0x370
[  469.325717][    C0]  rcu_gp_fqs_loop+0x312/0x11d0
[  469.327249][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[  469.328939][    C0]  ? rcu_gp_init+0x1315/0x15b0
[  469.330491][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  469.332243][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  469.333982][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  469.335954][    C0]  rcu_gp_kthread+0x9e/0x2b0
[  469.337594][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  469.339375][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  469.341318][    C0]  ? __kthread_parkme+0x7a/0x1f0
[  469.342931][    C0]  ? __kthread_parkme+0x19c/0x1f0
[  469.344575][    C0]  kthread+0x388/0x470
[  469.345957][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  469.347727][    C0]  ? __pfx_kthread+0x10/0x10
[  469.349674][    C0]  ret_from_fork+0x514/0xb70
[  469.351618][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  469.353763][    C0]  ? __switch_to+0xc79/0x1410
[  469.355761][    C0]  ? __pfx_kthread+0x10/0x10
[  469.357728][    C0]  ret_from_fork_asm+0x1a/0x30
[  469.359672][    C0]  </TASK>
[  469.360946][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  469.363527][    C0] CPU: 0 UID: 0 PID: 13184 Comm: syz.0.2987 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  469.367839][    C0] Tainted: [L]=SOFTLOCKUP
[  469.369673][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  469.373831][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x45/0x70
[  469.376428][    C0] Code: ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 cc 16 00 00 00 74 2c 8b 91 a8 16 00 00 83 fa 02 75 21 48 8b 91 b0 16 00 00 48 8b 32 <48> 8d 7e 01 8b 89 ac 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2
[  469.383544][    C0] RSP: 0018:ffffc90003477978 EFLAGS: 00000246
[  469.385619][    C0] RAX: ffffffff81b9abb6 RBX: ffff88812103c2c8 RCX: ffff88810e150000
[  469.388184][    C0] RDX: ffffc90023073000 RSI: 000000000007ffff RDI: 0000000000080000
[  469.390922][    C0] RBP: ffffc90003477ab0 R08: ffffffff9030b1f7 R09: 1ffffffff206163e
[  469.393571][    C0] R10: dffffc0000000000 R11: ffffffff81745300 R12: 1ffff110478c8199
[  469.396243][    C0] R13: dffffc0000000000 R14: ffff88823c640cc8 R15: 0000000000000001
[  469.399244][    C0] FS:  00007f65d501c6c0(0000) GS:ffff88818dc90000(0000) knlGS:0000000000000000
[  469.402746][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  469.405486][    C0] CR2: 00007f65d424f0d1 CR3: 0000000114c12000 CR4: 00000000000006f0
[  469.408856][    C0] Call Trace:
[  469.410301][    C0]  <TASK>
[  469.411575][    C0]  smp_call_function_many_cond+0xfe6/0x13d0
[  469.414054][    C0]  ? __pfx_retrigger_next_event+0x10/0x10
[  469.416372][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  469.418960][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  469.421368][    C0]  clock_was_set+0x70a/0x7d0
[  469.422943][    C0]  ? __pfx_clock_was_set+0x10/0x10
[  469.424726][    C0]  do_adjtimex+0x25d/0x370
[  469.426302][    C0]  ? __might_fault+0xaf/0x130
[  469.427922][    C0]  ? __pfx_do_adjtimex+0x10/0x10
[  469.429579][    C0]  ? __might_fault+0xaf/0x130
[  469.431146][    C0]  __x64_sys_clock_adjtime+0x252/0x340
[  469.432995][    C0]  ? __pfx___x64_sys_clock_adjtime+0x10/0x10
[  469.435175][    C0]  ? __pfx_kcov_ioctl+0x10/0x10
[  469.436838][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.438973][    C0]  do_syscall_64+0x15f/0xf80
[  469.440524][    C0]  ? trace_irq_disable+0x3b/0x140
[  469.442254][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.444258][    C0] RIP: 0033:0x7f65d419cdd9
[  469.445783][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  469.452326][    C0] RSP: 002b:00007f65d501c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000131
[  469.455304][    C0] RAX: ffffffffffffffda RBX: 00007f65d4415fa0 RCX: 00007f65d419cdd9
[  469.458002][    C0] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000000
[  469.460682][    C0] RBP: 00007f65d4232d69 R08: 0000000000000000 R09: 0000000000000000
[  469.463504][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  469.466463][    C0] R13: 00007f65d4416038 R14: 00007f65d4415fa0 R15: 00007ffff566fd68
[  469.469058][    C0]  </TASK>
