last executing test programs:

2m8.522521758s ago: executing program 2 (id=343):
r0 = socket$rds(0x15, 0x5, 0x0)
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

2m7.629729479s ago: executing program 2 (id=354):
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x200, 0x0, 0x60, 0xd0e0000, 0x0, 0x100, 0x3c0, 0x1d8, 0x1d8, 0x3c0, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@uncond, 0x9400, 0x70, 0xd8, 0x94}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260)
r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
r2 = add_key$user(&(0x7f0000006400), &(0x7f00000002c0)={'syz', 0x2}, &(0x7f00000029c0)="3e12d23d346ca27b24373068a623cf4d09883fd70bf099c1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b1a03dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6dfb55ae6f1229bcf13ecfd7a597f44c812df9be8e35d8d15086609c033a5d2a42d5dcb0d903098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b8cd6d918cc508000000cdcae4147e84583ec9dd00000000000000000000e4e23987bef7613eefdf40385e575cada0", 0xf9, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha256\x00'}})

2m7.516186911s ago: executing program 2 (id=356):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x16b043, 0x58)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0)

2m7.31016569s ago: executing program 2 (id=357):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file1\x00', 0x800010, &(0x7f0000000480)={[{@umask={'umask', 0x3d, 0xffff}}, {@gid}, {@umask={'umask', 0x3d, 0x7f}}, {@unhide}, {@volume={'volume', 0x3d, 0x4}}, {@noadinicb}, {@gid_forget}, {@nostrict}, {@uid_forget}, {@nostrict}]}, 0x1, 0xc29, &(0x7f0000001940)="$eJzs3U9sHOd5B+D32yEtUm6ateMof5TDAg4QV44NUpQtFnIAKmKIGBBkwRRzMFCAK5FSFyaXFEkVclCkKpCgCNIWKnLIsQKcAL1VpxYIGkA9uUUQgOip6KFQW0dwb5sAaYsezGJ2vyWXtCSylkRS1vMI0m929p3db9Z8uTPrmZ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Eih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7SvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//fHez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fmOgfXs1Ir4YER+ulX8i/mdtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+v2Vu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9ufBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN/9/n2+fApDt713Piy7k8jxej/Hst11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfxYpjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/2+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zl59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/PlI8+3uba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/ZNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/r5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT48+tfynWd3jua73+m/e9G/38/UvzOpzbXvpJrn92oHd7pasFeKvv/HyPF6u1/Xv+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfI//O1gCfN8jvffrs+Nze7ZMKECRPrE3v9mwl41Mrt//+KFF+7XKTufmze/v+tzq2N/f///s7G9v+JLbluj7b/n+2ZdyLvtfT3RQyszC/2fy5iYPmdb7/UmK9fmr002xwZGT3+u8eGjx4f7n+qu3O/MbXj1w4ed2X/vx0pfvLX/7T+Ofbm/f+7f/53cEuu26P+/0zvOm3ar9nxSwFPnLL//ypS/MuND9b/f9P9Pv/rfs73wvObc7BbtEf9/1zPvFr+Z7Rn3gtFxMmdPhcAAAAAAAAAADwmDqYifhYp/qb1D+vXvN98/E98uVvbe/zfveyH6/8DAPdXvv9PRoqfH/xq6n6HzE6O/5/Zkuv26PjfQz3zZnbpvOYdv8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAxpSjiQKR49wetdLsob3cMnG40r1ydGp+4+2KDKVJUomjXl38Hho+OHHvl1eOj3bz/8g/bF+KNyXMna6cW5heXZpeXZ2dqU83GhYWZ2R0/woMuv9WR9gtQm3/7yszFi8u1oy+PbLr7avXOgacPVU+MHh55q1s7NT4xMdlT09f/sZ/9I9LDeyg+QZ6KIn4eKd576YP0b0VEJR68F7b53fGoDUZf2X/tlZgan2ivyFyj3lwp70yVXNUXUe1ZaKzbI7vQiw9kLOJaRFTKAR8pV29ysb5UPz83WztbX1pprDQWmqnSGW25PtWoxGiKWIyIVrHXg2e/6Y8i/jZS3Pl1K/17EVF0++DFM5NvDo1s/wB9uzDIezxttYhYjcegZ2GfOhBFPBcpfjg9FP9RdPqq3TbvR3ylzNciLpd5K8X1fDuVvyBGI37l/QQea31RxNlIsZBa6f0i9357u/L0t2qvNy8udMr+KNrbzvkd9XHfP9hNtk3YxwaiiF+2t/hb6ZfezwEAAAAAAAAAAABgnyvia5Hi5vwLqX1+6Po5pY3mpdq5+vm5zmH93WP/a3mptbW1tWrqZC3nUM6xnGdzTudczHkt5/WcN3LezHkr52rO2zlbOaOSnz9nLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5w3HSAAAAAAAAAAAAAAAAAAA8IpUo4nuR4ke/aaW1onN92eno5G3nucIn2v8FAAD//+X2R4U=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

2m7.094229956s ago: executing program 2 (id=359):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x64, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x28, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}, @NFTA_QUOTA_FLAGS={0x8}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xac}}, 0x0)

2m6.752917576s ago: executing program 2 (id=360):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c00)={0x34, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x3}]}, 0x34}}, 0x0)

2m6.609377102s ago: executing program 32 (id=360):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c00)={0x34, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x3}]}, 0x34}}, 0x0)

1m41.15385645s ago: executing program 0 (id=706):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000), &(0x7f0000000080)=0x4)

1m41.153580267s ago: executing program 0 (id=707):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="28e643e8d13c03922ed35b88b5302d73eaaa42e6e944478f3d010f16e2"], 0x128}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_io_uring_setup(0x10d2, 0x0, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})

1m41.153435354s ago: executing program 0 (id=708):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0xc0, 0x11cfa, 0x0, 0x8000008, 0x2, 0x4, 0x1, 0x0, 0x2})

1m41.092896209s ago: executing program 0 (id=709):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000000), 0xfc, 0x582, &(0x7f0000000b40)="$eJzs3d9rW+UbAPDnpO3W/fh+28EY6oUUduFkLl1bf0zwYl6J6HCg9zO0WRlNl9GkY60Dtwt3440MQcSB6L33Xg7/Af+KgQ6GjKIX3lROctKFNunSLF2z5vOBs73vOSd9z5P3PG/ek5OQAAbWRPpPLuLliPgmiRhr2jYc2caJ+n5rj2/OpksS6+uf/pVEkq1r7J9k/x/JKi9FxG9fRZzObW23srK6UCiViktZfbK6eG2ysrJ65spiYb44X7w6PTNz7q2Z6Xffebtnsb5+8Z/vP7n/4bmvT65998vDY3eTOB9Hs23NcTyDW82ViZjInpOROL9px6keNNZPkr0+ALoylOX5SKRjwFgMZVnf0vrY8zw0YJd9maY1MKAS+Q8DqjEPaFzb9+g6+IXx6P36BdDW+Ifr743EaO3a6PBaUr8yOljfml7vjveg/bSNX/+8dzddot37EAd70BDAJrduR8TZ4eGt41+SjX/dO9vBPpvbGLTXH9hL99P5zxut5j+5jflPNM9/Mkda5G43np7/uYc9aKatdP73Xsv578ZNq/GhrPa/2pxvJLl8pVRMx7b/R8SpGDmY1qci4oPWN0E+z609WG/XfvP8L13S9htzwew4Hg5vmv/NFaqFZ4+87tHtiFdazn+Tjf5PWvR/+nxc7LCNE8V7r7bb9vT4d9f6TxGvtez/J52ZbH9/crJ2Pkw2zoqt/r5z4vd27W8b/2jPw90i7f/D28c/njTfr63svI0fR/8tttvW7fl/IPmsVj6QrbtRqFaXpiIOJB9vXT/95LGNemP/NP5TJ7cf/1qd/4fSxO4w/jvH7zTvOrqz+HdXGv/cjvp/54UHH33xQ7v2O+v/N2ulU9maTsa/Tg/wWZ47AAAAAAAA6De5iDgaSS6/Uc7l8vn65zuOx+FcqVypnr5cXr46F7Xvyo7HSK5xp3us6fMQU9nnYRv16U31mYg4FhHfDh2q1fOz5dLcXgcPAAAAAAAAAAAAAAAAAAAAfeJIxGir7/+n/hhq/Zg2q4EX0TY/+Q3sc+3zP9vSi196AvqS138YXF3kv/cAYJ/w+g+DS/7D4JL/MLjkPwwu+Q+Dayf5//OFXTwQAAAAAAAAAAAAAAAAAAAAAAAAAAAA2B8uXriQLutrj2/OpvW56yvLC+XrZ+aKlYX84vJsfra8dC0/Xy7Pl4r52fLi0/5eqVy+NjUdyzcmq8VKdbKysnppsbx8tXrpymJhvnipOPJcogIAAAAAAAAAAAAAAAAAAIAXS2VldaFQKhWXFBS6Kgz3x2H0YSHXH4fRZWGvRyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOK/AAAA//92vTrs")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

1m40.863191377s ago: executing program 0 (id=713):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e24, 0x0, @mcast2, 0xc}, 0x1c)
getsockopt$sock_buf(r0, 0x1, 0x19, 0x0, &(0x7f0000003080)=0x7a)

1m40.671763723s ago: executing program 0 (id=718):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x24000090}, 0x0)

1m40.595288299s ago: executing program 33 (id=718):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x24000090}, 0x0)

3.947499221s ago: executing program 1 (id=2304):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0)
syz_emit_ethernet(0x52, &(0x7f00000007c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x0, 0xe}], {{0x8000, 0xfffd, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

3.879081581s ago: executing program 1 (id=2305):
syz_mount_image$erofs(&(0x7f00000000c0), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0xfd, 0x1f0, &(0x7f0000000940)="$eJzsmT2v0lAYx/+nLYVLjMbFwUUTb+Id7i1tUcPioF9AE/Btk0glaAEDHYDEROLi4sfwKzgwObi5ueqgJiYOMjofc3pO4UCBAKnRxOeX3HN/7XnOc14oDwmAIIj/lm9ff315fbNSOwZwCofIq/s/zHmMocV/Lij59OZ95/TzyXI+Ecukvtt2DSZMRMo551zvO1T/azCk3ykujL0HBkf5Qxi4qzwAwwPlTzTvHigJA+dRN2w8boWBKxpPNL5oynp+C8B0zNAAUFDrY1p/fzh6Wg/DoLcsOZ7Mk+raVTadnQVY0xsGrmvnJ16D+69ejsV1cjZucn4APBjwlJfBUFVeQR6O44hHQB6Jtv/z1jy/uc3+95FbuWzy2JBy9mRT8HEmc+0pNoC/N/vOMv43lpGNMO3OgRDxhp7dOTedfEiP+v4nF3Yx24QWFksPVM1OBX8sSrHTXVuJrSZaGTOvn6LkXtbqkwVrVj9KUftZqT8cnbTa9WbQDDq+X77mXnHdq34prs2y3VD/CnF9Kmr5c2tibWZjUI+injcAop43u/Zlq1Xc6tvuz3iMEdc/A0eXZA7xqMTbzq+eg6k/+Tko7Mhcu3iCIAiCIAiCIAiCIAiCIIiduAAWfwuqfqjinOMFwM/IXp7g346vfwcAAP//Zp9PGw==")

3.830847456s ago: executing program 1 (id=2307):
syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "fca33f", 0x0, 0x73, 0x0, @dev, @local}}}}, 0x0)

3.830434734s ago: executing program 1 (id=2309):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffa)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r2, 0x2007ffb)
sendfile(0xffffffffffffffff, r2, 0x0, 0x1000000201005)
copy_file_range(r1, 0x0, r0, 0x0, 0xfffffbffa003e458, 0x700000000000000)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x10)
r4 = open(&(0x7f00000001c0)='./bus\x00', 0x101000, 0x0)
copy_file_range(r4, 0x0, r3, &(0x7f00000000c0)=0x8010000, 0x400000, 0x0)

3.441306569s ago: executing program 1 (id=2311):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, 0x0, 0x0)
sendto$inet(r0, 0x0, 0xff2c, 0x404c802, &(0x7f0000000140)={0x2, 0x4e01, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000001100)={<r2=>0x0, 0x9}, &(0x7f00000011c0)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001080)={r2, 0x400005}, &(0x7f0000001200)=0x8)
setsockopt$MRT6_PIM(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000001040)=0x3, 0x4)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0xffffffffffff7fff, 0x2)
ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f0000000540)=@fd={0xca2, 0x3, 0x4, 0x0, 0xccec, {0x77359400}, {0x5, 0x0, 0xd1, 0xf, 0x61, 0x2, "f43d974a"}, 0x7ff, 0x4, {}, 0xb02d})
read$FUSE(r3, &(0x7f00000050c0)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r3, &(0x7f0000007100)={0x78, 0x0, r7, {0xa0, 0x6, 0x0, {0x4, 0x0, 0x9, 0x8, 0x0, 0x4, 0xfffff92f, 0x0, 0x4, 0xc000, 0x3ff, 0xee00, 0x0, 0x7fffffff, 0x4}}}, 0x78)
syz_usb_connect$uac1(0x0, 0xa4, 0x0, 0x0)
r8 = syz_io_uring_setup(0xe42, &(0x7f00000005c0)={0x0, 0x2119, 0x100, 0x0, 0x15b}, &(0x7f0000000140)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x80000, 0x0, 0x32}, &(0x7f0000000500)='./file0\x00', 0x1d})
io_uring_enter(r8, 0x6f58, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
getsockopt$bt_hci(r1, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006)

2.930192705s ago: executing program 3 (id=2315):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
syz_mount_image$f2fs(&(0x7f0000010600), &(0x7f0000000040)='./file2\x00', 0x4, &(0x7f00000001c0)=ANY=[], 0x1, 0x1061d, &(0x7f0000010640)="$eJzs3L1vG2UcB/CfE/pKWyrUFwYQJyGkRKqjOn0RLKhAK0C0VUVhYALHdi23ti+K3dR0YYEBiYmFf4IJ/gYW2FlhYWMBia2iyHePEaVFUMfULfl8pMv3uefufn4e65Ynl1wA29bB7NdfKnEg9kTEYkTsiyjalbQVzpTxVEQ8m7oW0lZJ/X907IyIvRFxYFy8rFlJh57+7dYPX357/plPvv/suw8///nyfGYMPAyej4jeetm+0Sszb5d5NfXXNztF9k5upiwP9K6l/bzMG621osKN+uS8epEn2uX5+fr1wTivdOuNcbY7V4r+9X75gYPN9qROccHV+kax32ytFdkZ5EW2b5bjGqW8ORiWdZqp3gdF+RgOJ1n2t0atcj7r14ps9Iepv6ybN1ujcW6mTB8XjbzbLMaxNvXX/NA73+lfH2WbrY1BJ+9np1ZqL6zUTldrG3mzNWydrNZ7zdMns6V2d3xaddiq986087zdba008t5yttRuNKq1WrZ0trXWqfezWm3lxMrx6qnl1DqWvXbxnazbzJbG+Uqnf33Y6Q6yK/lGVl6xnK2unHhxOXuull2+cCm79Na5cxcuvf3e2XcvvnzhjVfTSXcNK1taPb66Wq0dr67Wlqed+bHbpe06/9KosrXr2ebcPwD3bZr1/4L1P7BF1v/W/7Gt1//mH9b/bNVd98/u+YwDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH7scdX71eNA6W+4+n/v2p68mIOBoRRyLicETcvofF2HlHzUMRUUnte52/4y9j+LoSRYXxNbvStjcizqTt1hP/9bcAAAAAj4DKdJd98c1HH0csjpvFj5dmOyoebumXNrtnVa+4Cx+797H9913tUFFstOVRlQ5PSs7EkYjYcfCnGVU7GhEL+96fUbV/ZfGO2P2nqJSx8CBHAwAAPBh3rgT+ZvUGAADA/8Cn8x4A81E8r01/i5+eBe8qIz0Q3DPZe3MOowMAAABmYcr/GgAAAAAeIcX6/5/f/7c4t/f/TWp4/x8AAABMr3z/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxNTupQFAfwA7w+eB9GYvjYCiPjkAGLcAkOXYDuxhlrMCGsA2cuwYChvSZWGZj0Akp+v6Tc26b8c0qYnN6mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs01Mxnz4s7+6b5qw3zeS5GgAAAGCXVTGflpN+tf8vHT9Lhy4iYhwRo4gYRsSu3r0Tv2uZg4hopfmu84sPNTxGlAnb73TT9jcirtL2cr7vXwEAAABO13IxmUV0ttPy4/LTGa0jVMWBpJs2vVx55Z/lV660QRl2mylt+BaZxSgiiv5zprRxRLT/X2dK+5JObei9G1rV0D5kNQAAwGHUO4Fs3RsAAADfzs2xC+A4yvXa9Cx+WgvuVkNaEPxT2wMAAAB+IA/3AwAAwOkr+3/v/wMAAIDTVr3/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH1aFfPpcjGZNc1Zb5rJczUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAr+/OSgiEMBGGw/6d6p+D9b6U06FZX7qog8DFDCAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODK6zh5n/FprEm+nTZ+HY8k/64aU1eNuevG0gvj9rnt+R8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO/vzcgIgEINhML61p8X+a/Ki/KBnb4IwA8JHQpAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4m+7+qn9iSOxVNWaamDJuVTVnlViySqw5SGw5aG9/O84PngQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX/ebSIGwiiMXg8gcEIAJZBbPGogIUJQAg8JyZJroAAaIiEitWiEbWFX8o7jzbzBnpPcL5hgfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg4650vjpI0KXOWlIfPy//jJCcpX+N4fzpl8736G862+fzz+1jzIk9XbZI2zRLnAAAsrpt3ivO8f/Rv18m0N3Vv697V7V6G/nW/3wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMPO/bM2EcZxAH+SNtG6uTiIglbBgmj6h9K0dFEUquAb6BbaWIqplraDLYLUpbgILu4uLrp1cvIdOLmIKOgeQUEEQSpJ7vSpbSVdcil+PvAkvx7H3fPccPC93zUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAP9fVwPq1zIYTjvX/qhrdf7s3s9l2/f2w0HY9OPl+Mj9k4RCGEcHO+Vh3s4Fq62dkw3Pz+8PnhQHwN/95veXXtVqVWqy4pFIruKRo3tUynkcFNCwCAA6uQjEau/1jYnGpsy02GsPV0e/4/F9Whzfy/9WTgdXyuOP8PdWyF3S3N/9PXNyb+lf9LKwuLpeXVtQvzC5W56lz19tDY+NjgSHl0eKzUfJ5S8lQFAACAvRWTEef//OTO/v+RqA5t5v9XL69Nx+fqkf93SPP/5f7+Z+31/zOYJAAAwH/i6KlvX3O7bM8Vi+FuZWVlaaj1+fvv4dZnBlPdt0PJiPN/z2TWswIAAAA6ob6e29b/n43q0Gb///33KyfiY/aEEPqS/v/FmTu12c4tp2ul/f+JS5UbWf//fwbLBwAAoEP6khH3/wvN9//zp9N98iGEgTOtOvkZwLby/88H42/ic8Xv/490boldKV9uXY80/2+8ezG/V/5v7lsOobec0WQBAAA48A4no5H/PxU2p5Z+PL5a9P4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAL3bsGKWZIIoD+CSbfF+jGBDE0kIbC1FBsApYCBIPYSEKgieQgHgABc9i4R1EUielB0jhDWRmd0JIo4JkNfx+MPk/QpJ9O9vkDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAp8ZHYSPXRXzplHWzem/43j+POZrJ9N3btYO4Yt2Yb9t/znqVL6PT5+HUHjYO6+sJAACAxVPk+T6E8NZ+OonZ7Kb5fyt/Js78/eWyzvP87NyfM8/+cS09FmeTC3XK67RDCJdX1xe7c7vD320z7KfsvW4/TPbwpjw7mbbyhd9qpeeTTmiK9NiavbvVcTvteuN+MDj+l8r/P38XAMB37eSsivz/KOZenY0BsLBa1QpT83/RrbcnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHn4CAAA//9siZh3")
truncate(&(0x7f0000000080)='./file2\x00', 0x1200)

2.368678354s ago: executing program 3 (id=2319):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

1.559920454s ago: executing program 3 (id=2322):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x84000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = epoll_create(0x8)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0xf6c447fee59251f4})
close_range(r1, r2, 0x0)

1.559796201s ago: executing program 3 (id=2323):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x14b300)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

1.502352804s ago: executing program 3 (id=2324):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0xff, 0x4a6, &(0x7f0000000980)="$eJzs3MtvVFUYAPDvTh+8aUVEQdAqGomPlhZUFi7UaOJCExNd4LK2BZGBGloTIY0WY3BpSNwblyb+Be7cGHVhTNxq4tKQEG1MKK5q7gum02mZlpYpnd8vmc45c1/nu+eemXPv6b0BtK2+9E8SsT0ifo+Injw7f4a+/G12Zmrk+szUSBJzc2/9nWTzXZuZGilnLZfbVmQOVSIqnyXxYrJwuxPnL5werlbHzhX5gckzHwxMnL/wzKkzwyfHTo6dHTp27OiRweefG3p2VeJM47q27+Px/Xtfe+fyGyPHL7/707dpsfYcyKfXxnFL1xsE1EBfutf+mcvUT3t8GWW/G+yoSSedLSwIy9IREWl1dWXtvyc64mbl9cSrn7a0cMCaSn+bNi0+eXoO2MCSaHUJgNYof+jT89/ydYe6HuvC1Zciuov07MzUyOyN+DujUnzetYbb74uI49P/fZW+YrnXIQAAViDr2zzdqP9XiT3Zez7WsbMYQ+mNiHsiYldE3BsRuyPivohs3vujOx7IF57raXL7fXX5hf2fypWGZV4laf/vhZq+32xN/MVbb0eR25HF35WcOFUdO1zsk0PRtSnNDy6xje9f+e2LxabV9v/SV7r9si9YFOBKZ90FutHhyeHV2glXL0bs62wUf3JjJCA9AvZGxL7lrXpnmTj15Df7F5vp1vEvYRXGmea+jngir//pqIu/lCw9PjmwOapjhwfKo2Khn3+99GaR7K6fdlvxr4K0/rfOP/6LKReL955/k3y8tiuq1bFzE8vfxqU/Pl/0nGalx3938nY2Zv3Le/lnHw1PTp4bjOhOXs/y5Y7OPh+6uWyZL+dP4z90sHH731Usk8b/YESkB/GBiHgoIh4uyv5IRDwaEQeXiP/Hlx97f4n4k0iipfU/2vD7L4nYnCV6k9rx+hUkOk7/8N1iI+bN1f/RmM6+a3PZ998tNFvA29+DAAAAsP5VImJ7JJX+PN23PSqV/v78f/h3x9ZKdXxi8qkT4x+eHc3vEeiNrkp5paun5nroYDJdrDHPDxXXisvpR4rrxl92bMny/SPj1dEWxw7tbtv89h9l+0/91dHq0gFrzv1a0L7q23+lReUA7rxmfv+dC8DG1KD9b2lFOYA7z/k/tK9G7f+Turz+P2xMC9v/nw0eWQdsRPr/0L60f2hf2j+0pWbv4i+fp7DihwDMS5Q3C6x8PZubvsN//SX61mTNZQ2tZeG3xM1PorKMxcurSY3nmV4HlbLOE2mLWcnisbP5Z2HMTzR4WA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBd6P8AAAD//9FR4Lw=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x8000, &(0x7f0000000200)={0x7}, 0x20)

831.038343ms ago: executing program 4 (id=2335):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1})
r0 = syz_io_uring_setup(0x24fd, &(0x7f0000000080)={0x0, 0x4f6, 0x10100, 0x1}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000200)=ANY=[@ANYBLOB='7'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x9, 0x0, 0x0, 0x0, 0x1, 0x1})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

760.339643ms ago: executing program 4 (id=2336):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000100)={0x0, @bt={0x9, 0x81, 0x1, 0x1, 0x7, 0xffff, 0x18, 0x1ff, 0x5, 0x1, 0x800, 0x8, 0xffffffff, 0x3, 0xb, 0x30, {0x2, 0x47ee}, 0x3, 0x5a}})

760.0898ms ago: executing program 4 (id=2337):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@fwd={0x2, 0x0, 0x0, 0x7, 0x20}]}, {0x0, [0x5f]}}, 0x0, 0x27, 0x0, 0xa}, 0x28)

759.889145ms ago: executing program 4 (id=2338):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40485404, &(0x7f0000000400)={{0x3}})

644.608844ms ago: executing program 4 (id=2339):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x5, 0x901, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d7c139a0d4fe372efa7e8cdba3417665ffb2b92af56c860b29402f8111302ae84c15b9dd43bda8847acbe40605b5ee1c8f0676814afc7e9f0413567e592c7c15"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0600"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x800)

644.347885ms ago: executing program 4 (id=2340):
socket$nl_crypto(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x60, r5, 0x1, 0x50bd29, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r4}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x10}}, {0x8}}}]}}]}, 0x60}, 0x1, 0xf000, 0x0, 0x4008000}, 0x4800)

639.061333ms ago: executing program 3 (id=2341):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x23c, &(0x7f0000000600)="$eJzs3T9oFFkcB/Df7J/8XY7cXXNwcHdwHMddIOS6g2tyjUJAgogIKkRErCRRYtImVjYWWquksom2RkuxCTYRwSpoitgIGkQMFlqszE5iollR3LgjzucDszuzO29+b3jzfbPNsAEUVl9EDEVEOSL6I6IaEcnWHX7Llr71zdnuhdGIen3fs6SxX7ad2WjXGxEzEfHv1XqmEjE1f2jl5dLuP89NVv+4Mn+wO7raepoNqyvLe9Yuj5y9PvzP1N37T0aSGIraO+e185Imn1WSiB++RLGvRFLJuwd8ilOLI8/T3P8YEb838l+NUmSDd36i43Y1/r70obYXnt77uZ19BXZevV5N74EzdaBwShFRi6Q0EBHZeqk0MJD9hn9Q7imdGJ843X98fHLsWN4zFbBTahHLu2523uh9L/+Py1n+gW9Xmv/9e+ceputr5bx7A7RTmv/+I9N/hfxD4cg/FJf8Q3HJPxRXh/xDYbn/Q3HJPxSX/ENxyT8Ul/xDcW3NPwBQLPXOvJ9ABvKS9/wDAAAAAAAAAAAAAAAAAABsN9u9MLqxtKvmnYsRq/9HRKVZ/XLj/4gjuhqvPS+SdLe3kqxZSw7/2uIBWnQt56evv3uUR9XNUVv8JY/6m6bHImbORMRgpbL9+kvWr7/P9/1Hvq8ebbFAi/47kG/913P51h9eiriVzj+DzeafUvzUeG8+/9TS8Wux/slXLR4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtnkTAAD//zBNc9A=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sysinfo(0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setgroups(0x0, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa07, &(0x7f00000005c0)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})

0s ago: executing program 1 (id=2342):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x9b, &(0x7f0000000740)}, 0x54)

kernel console output (not intermixed with test programs):

: left promiscuous mode
[  105.916881][ T5714] veth0_macvtap: left promiscuous mode
[  105.919302][ T5714] veth1_vlan: left promiscuous mode
[  105.921638][ T5714] veth0_vlan: left promiscuous mode
[  106.054720][ T7897] sock: sock_timestamping_bind_phc: sock not bind to device
[  106.375802][ T5714] team0 (unregistering): Port device team_slave_1 removed
[  106.382852][ T5714] team0 (unregistering): Port device team_slave_0 removed
[  106.429946][ T7860] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.433250][ T7860] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.435789][ T7860] bridge_slave_0: entered allmulticast mode
[  106.438928][ T7860] bridge_slave_0: entered promiscuous mode
[  106.447921][ T7860] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.450531][ T7860] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.454039][ T7860] bridge_slave_1: entered allmulticast mode
[  106.457301][ T7860] bridge_slave_1: entered promiscuous mode
[  106.475110][ T7860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.482127][ T7860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.499173][ T7860] team0: Port device team_slave_0 added
[  106.502293][ T7860] team0: Port device team_slave_1 added
[  106.515481][ T7860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.518378][ T7860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.528948][ T7860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.534758][ T7860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.537670][ T7860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.549269][ T7860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.583146][ T7860] hsr_slave_0: entered promiscuous mode
[  106.585733][ T7860] hsr_slave_1: entered promiscuous mode
[  106.588064][ T7860] debugfs: 'hsr0' already exists in 'hsr'
[  106.589944][ T7860] Cannot create hsr debugfs directory
[  106.653693][ T7860] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  106.657962][ T7860] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  106.662142][ T7860] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  106.665798][ T7860] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  106.715679][ T7860] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.729416][ T7860] 8021q: adding VLAN 0 to HW filter on device team0
[  106.758954][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.761661][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.769695][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.772681][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.813203][ T7860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  106.871566][ T7935] loop3: detected capacity change from 0 to 512
[  106.877319][ T7935] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  106.907488][ T7935] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.915132][ T7935] ext4 filesystem being mounted at /129/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  106.934051][   T33] audit: type=1800 audit(1755869332.090:21): pid=7935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.737" name="file1" dev="loop3" ino=15 res=0 errno=0
[  106.953562][ T7860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.986873][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.108381][ T7860] veth0_vlan: entered promiscuous mode
[  107.117868][ T7860] veth1_vlan: entered promiscuous mode
[  107.133366][ T7860] veth0_macvtap: entered promiscuous mode
[  107.137987][ T7860] veth1_macvtap: entered promiscuous mode
[  107.149402][ T7860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.166832][ T7860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.175521][ T5714] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.179250][ T5714] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.187657][ T5714] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.191712][ T5714] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.223937][ T7957] net_ratelimit: 37 callbacks suppressed
[  107.223947][ T7957] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  107.228100][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.241284][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.263342][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.265932][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.300222][ T7965] netlink: 20 bytes leftover after parsing attributes in process `syz.3.744'.
[  107.309828][ T7965] netlink: 28 bytes leftover after parsing attributes in process `syz.3.744'.
[  107.330652][ T5855] Bluetooth: hci0: command tx timeout
[  107.560378][ T5905] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  107.685028][ T7988] loop3: detected capacity change from 0 to 8192
[  107.940289][ T5905] usb 5-1: Using ep0 maxpacket: 8
[  107.945801][ T5905] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  107.949109][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.951917][ T5905] usb 5-1: Product: syz
[  107.953350][ T5905] usb 5-1: Manufacturer: syz
[  107.955127][ T5905] usb 5-1: SerialNumber: syz
[  107.957450][ T5905] usb 5-1: config 0 descriptor??
[  107.961984][ T5905] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244)
[  108.275347][ T8000] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  108.278291][ T8000] netlink: 4 bytes leftover after parsing attributes in process `syz.1.757'.
[  108.808081][ T5905] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  108.812229][ T5905] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  108.818348][ T5905] usb 5-1: USB disconnect, device number 2
[  109.349936][ T5905] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  109.354313][ T8021] Bluetooth: MGMT ver 1.23
[  109.409617][ T5855] Bluetooth: hci0: command tx timeout
[  109.499451][ T5905] usb 2-1: Using ep0 maxpacket: 16
[  109.502827][ T5905] usb 2-1: config 0 has an invalid interface number: 191 but max is 0
[  109.502846][ T5905] usb 2-1: config 0 has no interface number 0
[  109.502868][ T5905] usb 2-1: config 0 interface 191 has no altsetting 0
[  109.518714][ T5905] usb 2-1: New USB device found, idVendor=046d, idProduct=c281, bcdDevice=c2.08
[  109.518741][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.518754][ T5905] usb 2-1: Product: syz
[  109.518763][ T5905] usb 2-1: Manufacturer: syz
[  109.518772][ T5905] usb 2-1: SerialNumber: syz
[  109.523512][ T5905] usb 2-1: config 0 descriptor??
[  109.653627][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.656969][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.660378][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.663737][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.666970][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.670302][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.673422][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.676675][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.679906][ T8037] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  109.735939][ T5892] usb 2-1: USB disconnect, device number 10
[  110.028824][ T8049] loop4: detected capacity change from 0 to 32768
[  110.465835][ T8069] netlink: 'syz.1.786': attribute type 8 has an invalid length.
[  110.638066][ T8075] loop3: detected capacity change from 0 to 64
[  110.688442][ T8077] loop3: detected capacity change from 0 to 1024
[  110.700354][ T8077] EXT4-fs (loop3): filesystem is read-only
[  110.706863][ T8077] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  110.713065][ T8077] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (11891!=20869)
[  110.717096][ T8077] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  110.721882][ T8077] EXT4-fs error (device loop3): ext4_get_journal_inode:5800: comm syz.3.790: inode #1: comm syz.3.790: iget: illegal inode #
[  110.727710][ T8077] EXT4-fs (loop3): no journal found
[  110.731124][ T8077] EXT4-fs (loop3): can't get journal size
[  110.733654][ T8077] EXT4-fs error (device loop3): __ext4_fill_super:5504: inode #2: comm syz.3.790: iget: bad extra_isize 65535 (inode size 1024)
[  110.738372][ T8077] EXT4-fs (loop3): get root inode failed
[  110.742051][ T8077] EXT4-fs (loop3): mount failed
[  111.060812][ T8090] loop3: detected capacity change from 0 to 32768
[  111.063816][ T8090] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.796 (8090)
[  111.069386][ T8090] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  111.072869][ T8090] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  111.117037][ T8090] BTRFS info (device loop3): enabling ssd optimizations
[  111.121119][ T8090] BTRFS info (device loop3): enabling free space tree
[  111.134333][ T6851] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  111.488604][ T5855] Bluetooth: hci0: command tx timeout
[  111.912729][ T8122] loop4: detected capacity change from 0 to 32768
[  112.068945][ T8130] netlink: 20 bytes leftover after parsing attributes in process `syz.4.804'.
[  112.179453][ T8128] loop3: detected capacity change from 0 to 40427
[  112.183253][ T8128] F2FS-fs: heap/no_heap options were deprecated
[  112.193214][ T8128] F2FS-fs (loop3): invalid crc value
[  112.195584][ T8128] F2FS-fs (loop3): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[  112.235637][ T8128] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  112.239759][ T8128] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  112.474825][ T8155] loop3: detected capacity change from 0 to 128
[  112.610029][ T8155] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  112.614754][ T8155] ext4 filesystem being mounted at /161/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  112.632178][ T6851] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  112.682688][ T8162] loop3: detected capacity change from 0 to 128
[  112.695343][   T33] audit: type=1800 audit(1755869337.852:22): pid=8162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.817" name="bus" dev="loop3" ino=1048624 res=0 errno=0
[  112.720672][ T8162] bio_check_eod: 18 callbacks suppressed
[  112.720690][ T8162] syz.3.817: attempt to access beyond end of device
[  112.720690][ T8162] loop3: rw=0, sector=121, nr_sectors = 920 limit=128
[  113.063238][ T8174] loop3: detected capacity change from 0 to 1024
[  113.066616][ T8174] EXT4-fs: Ignoring removed bh option
[  113.083890][ T8174] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  113.113248][ T8174] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.129154][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.417996][ T8197] netlink: 48 bytes leftover after parsing attributes in process `syz.1.826'.
[  113.455833][ T8197] binder: 8184:8197 ioctl c00c620f 200000000040 returned -22
[  113.595790][ T5855] Bluetooth: hci0: command tx timeout
[  113.642609][ T8195] netlink: 28 bytes leftover after parsing attributes in process `syz.4.827'.
[  113.752249][ T8201] loop3: detected capacity change from 0 to 1024
[  113.887241][ T5905] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  114.137423][ T8205] netlink: 'syz.1.832': attribute type 32 has an invalid length.
[  114.227759][ T8211] loop3: detected capacity change from 0 to 256
[  114.234746][ T5905] usb 5-1: Using ep0 maxpacket: 32
[  114.235000][ T8211] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d)
[  114.241448][ T8211] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  114.245474][ T5905] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  114.249026][ T5905] usb 5-1: config 0 has no interface number 0
[  114.251612][ T5905] usb 5-1: config 0 interface 184 has no altsetting 0
[  114.259637][ T8211] exFAT-fs (loop3): valid_size(150994954) is greater than size(10)
[  114.263193][   T33] audit: type=1800 audit(1755869339.416:23): pid=8211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.835" name="file1" dev="loop3" ino=1048625 res=0 errno=0
[  114.271976][   T33] audit: type=1800 audit(1755869339.426:24): pid=8211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.835" name="file1" dev="loop3" ino=1048625 res=0 errno=0
[  114.284755][ T5905] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  114.294862][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.302117][ T5905] usb 5-1: Product: syz
[  114.303725][ T5905] usb 5-1: Manufacturer: syz
[  114.311831][ T5905] usb 5-1: SerialNumber: syz
[  114.317112][ T5905] usb 5-1: config 0 descriptor??
[  114.324708][ T5905] smsc75xx v1.0.0
[  114.326182][ T5905] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  114.331134][ T5905] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  114.468533][ T8216] loop3: detected capacity change from 0 to 32768
[  114.508903][ T8216] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  114.508922][ T8216]   allowing incompatible features above 0.0: (unknown version)
[  114.508930][ T8216]   features: 
[  114.527085][ T8216] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  114.530617][ T8216] bcachefs (loop3): initializing new filesystem
[  114.539457][ T8216] bcachefs (loop3): going read-write
[  114.543300][ T8216] bcachefs (loop3): marking superblocks
[  114.550126][ T8216] bcachefs (loop3): initializing freespace
[  114.555874][ T8216] bcachefs (loop3): done initializing freespace
[  114.560762][ T8216] bcachefs (loop3): reading snapshots table
[  114.563566][ T8216] bcachefs (loop3): reading snapshots done
[  114.572895][ T8216] bcachefs (loop3): done starting filesystem
[  114.609597][ T5919] bcachefs (loop3): going read-only
[  114.611285][ T8216] bcachefs (loop3): shutdown by ioctl type 1emergency read only at seq 2
[  114.611950][ T5919] bcachefs (loop3): finished waiting for writes to stop
[  114.619287][ T5919] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  114.622985][ T5919] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 2
[  114.626912][ T5919] bcachefs (loop3): unclean shutdown complete, journal seq 2
[  114.630661][ T5919] bcachefs (loop3): done going read-only, filesystem not clean
[  114.634147][ T6851] bcachefs (loop3): shutting down
[  114.647917][ T6851] bcachefs (loop3): shutdown complete
[  116.195193][ T5905] usb 5-1: USB disconnect, device number 3
[  116.242741][ T8294] loop4: detected capacity change from 0 to 2048
[  116.263329][ T8294] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.279207][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.388390][ T5919] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  116.551054][ T5919] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  116.554555][ T5919] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  116.563485][ T5919] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  116.567246][ T5919] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.582568][ T5919] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  116.586241][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  116.590785][ T5919] usb 2-1: Product: syz
[  116.592910][ T5919] usb 2-1: Manufacturer: syz
[  116.599437][ T5919] cdc_wdm 2-1:1.0: invalid descriptor buffer length
[  116.602128][ T5919] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  116.801099][ T5905] usb 2-1: USB disconnect, device number 11
[  116.983846][ T8335] loop3: detected capacity change from 0 to 64
[  117.015452][ T6851] Trying to free block not in datazone
[  117.018970][ T6851] Trying to free block not in datazone
[  117.022333][ T6851] Trying to free block not in datazone
[  117.024922][ T6851] Trying to free block not in datazone
[  117.027495][ T6851] Trying to free block not in datazone
[  117.030158][ T6851] Trying to free block not in datazone
[  117.032419][ T6851] Trying to free block not in datazone
[  117.035397][ T6851] Trying to free block not in datazone
[  117.037772][ T8329] loop4: detected capacity change from 0 to 40427
[  117.037810][ T6851] Trying to free block not in datazone
[  117.041497][ T8329] F2FS-fs (loop4): build fault injection rate: 771
[  117.044133][ T6851] Trying to free block not in datazone
[  117.047075][ T8329] F2FS-fs (loop4): invalid crc value
[  117.047659][ T6851] Trying to free block not in datazone
[  117.068474][ T6851] Trying to free block not in datazone
[  117.070758][ T6851] Trying to free block not in datazone
[  117.074716][ T6851] Trying to free block not in datazone
[  117.077488][ T8329] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  117.081764][ T8329] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  117.128955][ T7860] syz-executor: attempt to access beyond end of device
[  117.128955][ T7860] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  117.141399][ T7860] CPU: 0 UID: 0 PID: 7860 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  117.141419][ T7860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  117.141427][ T7860] Call Trace:
[  117.141431][ T7860]  <TASK>
[  117.141436][ T7860]  dump_stack_lvl+0x189/0x250
[  117.141455][ T7860]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.141469][ T7860]  ? __pfx_queue_work_on+0x10/0x10
[  117.141481][ T7860]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  117.141498][ T7860]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  117.141541][ T7860]  f2fs_handle_critical_error+0x37c/0x540
[  117.141563][ T7860]  f2fs_write_end_io+0x886/0xb60
[  117.141578][ T7860]  __submit_merged_bio+0x27a/0x6a0
[  117.141596][ T7860]  __submit_merged_write_cond+0x255/0x530
[  117.141612][ T7860]  f2fs_write_data_pages+0x261d/0x3000
[  117.141629][ T7860]  ? arch_stack_walk+0xfc/0x150
[  117.141650][ T7860]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  117.141666][ T7860]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  117.141682][ T7860]  ? rcu_is_watching+0x15/0xb0
[  117.141704][ T7860]  ? folios_put_refs+0x559/0x640
[  117.141720][ T7860]  ? __pfx_folios_put_refs+0x10/0x10
[  117.141732][ T7860]  ? rcu_is_watching+0x15/0xb0
[  117.141744][ T7860]  ? lru_add+0xa2f/0xd80
[  117.141755][ T7860]  ? lru_add+0x198/0xd80
[  117.141767][ T7860]  ? do_raw_spin_lock+0x121/0x290
[  117.141785][ T7860]  ? do_raw_spin_unlock+0x4d/0x240
[  117.141799][ T7860]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  117.141817][ T7860]  do_writepages+0x32e/0x550
[  117.141832][ T7860]  ? rcu_is_watching+0x15/0xb0
[  117.141844][ T7860]  ? do_raw_spin_unlock+0x4d/0x240
[  117.141858][ T7860]  filemap_fdatawrite+0x199/0x240
[  117.141874][ T7860]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  117.141898][ T7860]  ? rcu_is_watching+0x15/0xb0
[  117.141910][ T7860]  ? do_raw_spin_unlock+0x4d/0x240
[  117.141931][ T7860]  f2fs_sync_dirty_inodes+0x31f/0x830
[  117.141946][ T7860]  f2fs_write_checkpoint+0x95a/0x1df0
[  117.141963][ T7860]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  117.141984][ T7860]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  117.141997][ T7860]  ? kfree+0x18e/0x440
[  117.142011][ T7860]  ? kill_f2fs_super+0x298/0x6c0
[  117.142024][ T7860]  kill_f2fs_super+0x2c3/0x6c0
[  117.142037][ T7860]  ? __pfx_kill_f2fs_super+0x10/0x10
[  117.142047][ T7860]  ? radix_tree_delete_item+0x2b6/0x400
[  117.142064][ T7860]  ? shrinker_free+0x2ce/0x3e0
[  117.142078][ T7860]  deactivate_locked_super+0xbc/0x130
[  117.142092][ T7860]  cleanup_mnt+0x425/0x4c0
[  117.142106][ T7860]  task_work_run+0x1d4/0x260
[  117.142122][ T7860]  ? __pfx_task_work_run+0x10/0x10
[  117.142137][ T7860]  ? __x64_sys_umount+0x122/0x160
[  117.142173][ T7860]  ? __pfx___x64_sys_umount+0x10/0x10
[  117.142190][ T7860]  ? rcu_is_watching+0x15/0xb0
[  117.142201][ T7860]  exit_to_user_mode_loop+0xec/0x110
[  117.142218][ T7860]  do_syscall_64+0x2bd/0x3b0
[  117.142235][ T7860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.142247][ T7860]  ? exc_page_fault+0x9f/0xf0
[  117.142261][ T7860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.142272][ T7860] RIP: 0033:0x7f559d78ff17
[  117.142283][ T7860] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  117.142295][ T7860] RSP: 002b:00007ffdb1c99f78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  117.142309][ T7860] RAX: 0000000000000000 RBX: 00007f559d811c05 RCX: 00007f559d78ff17
[  117.142318][ T7860] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb1c9a030
[  117.142325][ T7860] RBP: 00007ffdb1c9a030 R08: 0000000000000000 R09: 0000000000000000
[  117.142332][ T7860] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdb1c9b0c0
[  117.142340][ T7860] R13: 00007f559d811c05 R14: 000000000001c913 R15: 00007ffdb1c9b100
[  117.142353][ T7860]  </TASK>
[  117.294106][ T7860] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  117.457098][ T8359] team0: No ports can be present during mode change
[  117.670589][ T5905] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  117.842203][ T5905] usb 2-1: config 16 has an invalid interface number: 19 but max is 0
[  117.845748][ T5905] usb 2-1: config 16 has no interface number 0
[  117.852855][ T5905] usb 2-1: New USB device found, idVendor=0499, idProduct=cdf4, bcdDevice=78.ee
[  117.856233][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.859413][ T5905] usb 2-1: Product: syz
[  117.861162][ T5905] usb 2-1: Manufacturer: syz
[  117.863017][ T5905] usb 2-1: SerialNumber: syz
[  118.078449][ T5905] usb 2-1: USB disconnect, device number 12
[  118.087351][ T5865] udevd[5865]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:16.19/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  118.234399][ T8365] loop3: detected capacity change from 0 to 32768
[  118.253870][ T8365] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  118.273035][ T6851] ocfs2: Unmounting device (7,3) on (node local)
[  118.405012][ T8373] comedi comedi1: 8255: I/O port conflict (0x3,4)
[  118.407665][ T8373] comedi comedi1: 8255: I/O port conflict (0x10002,4)
[  118.930378][ T8384] loop4: detected capacity change from 0 to 32768
[  119.054571][ T8396] netlink: 16 bytes leftover after parsing attributes in process `syz.1.903'.
[  119.058713][ T8396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.903'.
[  119.063387][ T8396] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.125054][ T8401] netlink: 16 bytes leftover after parsing attributes in process `syz.1.904'.
[  119.152986][ T8403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.905'.
[  119.159605][ T8403] geneve2: entered promiscuous mode
[  119.161742][ T8403] geneve2: entered allmulticast mode
[  119.171844][ T5714] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 42549 - 0
[  119.175668][ T5714] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 42549 - 0
[  119.179556][ T5714] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 42549 - 0
[  119.183092][ T5714] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 42549 - 0
[  119.258656][ T8407] loop3: detected capacity change from 0 to 8192
[  119.288643][ T5865]  loop3: AHDI p2 p3 p4
[  119.294238][ T5865] loop3: p3 size 4294967042 extends beyond EOD, truncated
[  119.299115][ T5865] loop3: p4 size 16777216 extends beyond EOD, truncated
[  119.305523][ T8407]  loop3: AHDI p2 p3 p4
[  119.307472][ T8407] loop3: p3 size 4294967042 extends beyond EOD, truncated
[  119.317942][ T8407] loop3: p4 size 16777216 extends beyond EOD, truncated
[  119.363637][ T8415] loop4: detected capacity change from 0 to 8192
[  119.368336][ T8418] netlink: 104 bytes leftover after parsing attributes in process `syz.3.911'.
[  119.390472][ T8415] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[  119.399046][ T8415] FAT-fs (loop4): Filesystem has been set read-only
[  119.440772][ T5864] udevd[5864]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  119.441457][ T5865] udevd[5865]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  119.448952][ T5925] udevd[5925]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  119.463478][ T8420] loop3: detected capacity change from 0 to 4096
[  119.507621][ T5925] udevd[5925]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  119.516560][ T5865] udevd[5865]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  119.551331][ T5864] udevd[5864]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  119.606334][ T5865] udevd[5865]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  119.610993][ T5925] udevd[5925]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  119.616955][ T5864] udevd[5864]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  119.873175][   T33] audit: type=1326 audit(1755869345.078:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8435 comm="syz.1.919" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x0
[  120.005012][ T8434] loop3: detected capacity change from 0 to 32768
[  120.053031][ T8434] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,degraded=yes,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,read_only
[  120.053043][ T8434]   allowing incompatible features above 0.0: (unknown version)
[  120.053048][ T8434]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  120.086084][ T8434] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  120.093257][ T8434] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  120.099089][ T8434] bcachefs (loop3): Version upgrade required:
[  120.099089][ T8434] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  120.099089][ T8434] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  120.099089][ T8434]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  120.191020][ T8434] bcachefs (loop3): accounting_read... done
[  120.194352][ T8434] bcachefs (loop3): alloc_read... done
[  120.199382][ T8434] bcachefs (loop3): done starting filesystem
[  120.341481][ T6851] bcachefs (loop3): shutting down
[  120.352398][ T6851] bcachefs (loop3): shutdown complete
[  120.669125][ T8461] netlink: 8 bytes leftover after parsing attributes in process `syz.4.929'.
[  120.846161][ T8465] loop4: detected capacity change from 0 to 32768
[  120.874192][ T8465] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  120.891252][ T8465] XFS (loop4): Ending clean mount
[  120.894196][ T8465] XFS (loop4): Quotacheck needed: Please wait.
[  120.901347][ T8465] XFS (loop4): Quotacheck: Done.
[  120.916821][ T7860] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.140854][ T8482] loop4: detected capacity change from 0 to 256
[  121.143990][ T8482] exfat: Deprecated parameter 'utf8'
[  121.148034][ T8482] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4d7dfc9d, utbl_chksum : 0xe619d30d)
[  121.248525][ T8488] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.937'.
[  122.300348][ T8496] loop3: detected capacity change from 0 to 32768
[  122.310111][ T8496] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  122.322872][ T8496] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  122.359215][ T6851] ocfs2: Unmounting device (7,3) on (node local)
[  122.623728][ T8538] netlink: 16 bytes leftover after parsing attributes in process `syz.4.958'.
[  122.763963][ T8553] loop4: detected capacity change from 0 to 2048
[  122.797583][ T8553] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.816055][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.858103][ T8560] ALSA: mixer_oss: invalid OSS volume 'A141=wVe]'
[  122.861196][ T8560] ALSA: mixer_oss: invalid OSS volume 'ұB;T`@$EcXMYd,'
[  122.866826][ T8560] ALSA: mixer_oss: invalid OSS volume 'b@h#'
[  122.869198][ T8560] ALSA: mixer_oss: invalid OSS volume 'h4XS4v=0_>&'
[  122.874393][ T8560] ALSA: mixer_oss: invalid OSS volume '|/"tj'
[  122.876982][ T8560] ALSA: mixer_oss: invalid OSS volume '-z5c^J6$'
[  122.877716][ T8545] loop3: detected capacity change from 0 to 32768
[  122.879947][ T8560] ALSA: mixer_oss: invalid OSS volume '0Ty󉴪jP&at'
[  122.885892][ T8560] ALSA: mixer_oss: invalid OSS volume '|~\'
[  122.888415][ T8560] ALSA: mixer_oss: invalid OSS volume '@^3bɜ}G$#\("/oL'
[  122.892340][ T8560] ALSA: mixer_oss: invalid OSS volume ''
[  122.915056][ T8545] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  122.957909][ T8545] XFS (loop3): Ending clean mount
[  122.960899][ T8545] XFS (loop3): Quotacheck needed: Please wait.
[  122.967821][ T8573] loop4: detected capacity change from 0 to 4096
[  122.969193][ T8545] XFS (loop3): Quotacheck: Done.
[  122.971899][ T8573] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  122.976274][ T8573] ntfs3(loop4): It is recommened to use chkdsk.
[  123.031309][ T6851] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.224803][ T8589] net_ratelimit: 45 callbacks suppressed
[  123.224813][ T8589] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  123.330841][ T8601] netlink: 224 bytes leftover after parsing attributes in process `syz.3.982'.
[  123.348605][ T5905] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  123.519011][ T5905] usb 5-1: unable to get BOS descriptor or descriptor too short
[  123.522674][ T5905] usb 5-1: not running at top speed; connect to a high speed hub
[  123.527586][ T5905] usb 5-1: config 1 interface 0 altsetting 90 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  123.531958][ T5905] usb 5-1: config 1 interface 0 has no altsetting 0
[  123.536532][ T5905] usb 5-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice= 0.40
[  123.540234][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.543697][ T5905] usb 5-1: Product: syz
[  123.545514][ T5905] usb 5-1: Manufacturer: syz
[  123.547969][ T5905] usb 5-1: SerialNumber: syz
[  123.558511][ T8579] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  123.592116][ T8616] netlink: 'syz.3.989': attribute type 4 has an invalid length.
[  123.600027][ T8616] netlink: 'syz.3.989': attribute type 4 has an invalid length.
[  123.765214][ T5905] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input7
[  123.768841][ T5280] bcm5974 5-1:1.0: could not read from device
[  123.774520][ T5280] bcm5974 5-1:1.0: could not read from device
[  123.780193][ T5905] usb 5-1: USB disconnect, device number 4
[  123.787050][ T5280] bcm5974 5-1:1.0: could not read from device
[  123.897862][ T8628] loop3: detected capacity change from 0 to 2048
[  123.923883][ T8628] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  124.304417][ T8634] netlink: 'syz.4.997': attribute type 1 has an invalid length.
[  124.589792][ T5892] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  124.628133][ T8625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  124.744916][ T5892] usb 5-1: config 1 has an invalid interface number: 146 but max is 0
[  124.747589][ T5892] usb 5-1: config 1 has no interface number 0
[  124.752077][ T5892] usb 5-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=fd.eb
[  124.755042][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.757818][ T5892] usb 5-1: Product: syz
[  124.760409][ T5892] usb 5-1: Manufacturer: syz
[  124.761944][ T5892] usb 5-1: SerialNumber: syz
[  124.767891][ T5892] usbserial_generic 5-1:1.146: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  124.772403][ T5892] usbserial_generic 5-1:1.146: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  124.776585][ T5892] usbserial_generic 5-1:1.146: generic converter detected
[  124.783257][ T5892] usb 5-1: generic converter now attached to ttyUSB0
[  124.851416][ T8662] wg2: entered promiscuous mode
[  124.853373][ T8662] wg2: entered allmulticast mode
[  124.966984][ T5892] usb 5-1: USB disconnect, device number 5
[  124.971561][ T5892] generic ttyUSB0: generic converter now disconnected from ttyUSB0
[  124.974670][ T5892] usbserial_generic 5-1:1.146: device disconnected
[  125.286256][ T8676] vim2m vim2m.0: vidioc_s_fmt queue busy
[  125.497932][ T8680] loop3: detected capacity change from 0 to 40427
[  125.502827][ T8680] F2FS-fs (loop3): invalid crc value
[  125.537202][ T8680] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  125.542318][ T8680] F2FS-fs (loop3): Start checkpoint disabled!
[  125.546372][ T8680] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  126.139907][ T5905] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  126.202141][ T2425] kworker/u10:3: attempt to access beyond end of device
[  126.202141][ T2425] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  126.209564][ T2425] CPU: 0 UID: 0 PID: 2425 Comm: kworker/u10:3 Not tainted syzkaller #0 PREEMPT(full) 
[  126.209588][ T2425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  126.209593][ T2425] Workqueue: writeback wb_workfn (flush-7:3)
[  126.209608][ T2425] Call Trace:
[  126.209611][ T2425]  <TASK>
[  126.209615][ T2425]  dump_stack_lvl+0x189/0x250
[  126.209625][ T2425]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.209634][ T2425]  ? __pfx_queue_work_on+0x10/0x10
[  126.209641][ T2425]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  126.209650][ T2425]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  126.209661][ T2425]  f2fs_handle_critical_error+0x37c/0x540
[  126.209672][ T2425]  f2fs_write_end_io+0x886/0xb60
[  126.209682][ T2425]  __submit_merged_bio+0x27a/0x6a0
[  126.209692][ T2425]  __submit_merged_write_cond+0x255/0x530
[  126.209702][ T2425]  f2fs_write_data_pages+0x261d/0x3000
[  126.209717][ T2425]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  126.209729][ T2425]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  126.209742][ T2425]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  126.209753][ T2425]  ? trace_f2fs_writepages+0x7f/0x200
[  126.209762][ T2425]  ? f2fs_write_node_pages+0x478/0x6e0
[  126.209770][ T2425]  ? xa_load+0x60/0x210
[  126.209781][ T2425]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  126.209789][ T2425]  ? do_raw_spin_lock+0x121/0x290
[  126.209798][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.209805][ T2425]  ? set_shrinker_bit+0x7c/0x350
[  126.209813][ T2425]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  126.209826][ T2425]  do_writepages+0x32e/0x550
[  126.209835][ T2425]  ? do_raw_spin_lock+0x121/0x290
[  126.209845][ T2425]  __writeback_single_inode+0x145/0xff0
[  126.209854][ T2425]  ? do_raw_spin_unlock+0x4d/0x240
[  126.209862][ T2425]  writeback_sb_inodes+0x6c7/0x1010
[  126.209872][ T2425]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  126.209882][ T2425]  ? fprop_reflect_period_percpu+0x205/0x330
[  126.209892][ T2425]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  126.209907][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.209914][ T2425]  wb_writeback+0x43b/0xaf0
[  126.209924][ T2425]  ? queue_io+0x341/0x590
[  126.209932][ T2425]  ? __pfx_wb_writeback+0x10/0x10
[  126.209942][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.209949][ T2425]  wb_workfn+0x409/0xef0
[  126.209958][ T2425]  ? __pfx_wb_workfn+0x10/0x10
[  126.209964][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.209971][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.209978][ T2425]  ? process_scheduled_works+0x9ef/0x17b0
[  126.209985][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.209991][ T2425]  ? lock_acquire+0x5f/0x360
[  126.210001][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.210007][ T2425]  ? process_scheduled_works+0x9ef/0x17b0
[  126.210013][ T2425]  ? process_scheduled_works+0x9ef/0x17b0
[  126.210019][ T2425]  process_scheduled_works+0xae1/0x17b0
[  126.210030][ T2425]  ? __pfx_process_scheduled_works+0x10/0x10
[  126.210039][ T2425]  worker_thread+0x8a0/0xda0
[  126.210047][ T2425]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  126.210056][ T2425]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  126.210064][ T2425]  ? __kthread_parkme+0x7b/0x200
[  126.210073][ T2425]  kthread+0x711/0x8a0
[  126.210082][ T2425]  ? __pfx_worker_thread+0x10/0x10
[  126.210088][ T2425]  ? __pfx_kthread+0x10/0x10
[  126.210096][ T2425]  ? rcu_is_watching+0x15/0xb0
[  126.210103][ T2425]  ? __pfx_kthread+0x10/0x10
[  126.210110][ T2425]  ret_from_fork+0x3fc/0x770
[  126.210118][ T2425]  ? __pfx_ret_from_fork+0x10/0x10
[  126.210126][ T2425]  ? __switch_to_asm+0x39/0x70
[  126.210134][ T2425]  ? __switch_to_asm+0x33/0x70
[  126.210143][ T2425]  ? __pfx_kthread+0x10/0x10
[  126.210151][ T2425]  ret_from_fork_asm+0x1a/0x30
[  126.210162][ T2425]  </TASK>
[  126.210165][ T2425] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  126.310798][ T5905] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  126.399116][ T5905] usb 5-1: config 0 has no interface number 0
[  126.401704][ T5905] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.406022][ T5905] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.412355][ T5905] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  126.415645][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.420882][ T5905] usb 5-1: config 0 descriptor??
[  126.472760][ T8696] tipc: Started in network mode
[  126.479935][ T8696] tipc: Node identity 4, cluster identity 4711
[  126.486221][ T8696] tipc: Node number set to 4
[  126.520659][ T8698] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1026'.
[  126.828667][ T5905] hid_parser_main: 28 callbacks suppressed
[  126.828678][ T5905] uclogic 0003:256C:006D.0006: unknown main item tag 0x0
[  126.833067][ T5905] uclogic 0003:256C:006D.0006: unknown main item tag 0x0
[  126.837027][ T5905] uclogic 0003:256C:006D.0006: unknown main item tag 0x0
[  126.840116][ T5905] uclogic 0003:256C:006D.0006: unknown main item tag 0x0
[  126.843138][ T5905] uclogic 0003:256C:006D.0006: unknown main item tag 0x0
[  126.851494][ T5905] uclogic 0003:256C:006D.0006: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input1
[  127.038075][ T5905] usb 5-1: USB disconnect, device number 6
[  127.875140][ T8736] loop4: detected capacity change from 0 to 256
[  127.887314][ T8736] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d)
[  128.246135][ T5892] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  128.246695][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  128.396526][   T24] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  128.399783][   T24] usb 4-1: config 0 has no interface number 0
[  128.402273][   T24] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.407028][   T24] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.408551][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.411362][   T24] usb 4-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  128.415681][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.420584][   T24] usb 4-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  128.424504][ T5892] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  128.432127][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.435964][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.439043][ T5892] usb 5-1: config 0 descriptor??
[  128.442642][   T24] usb 4-1: config 0 descriptor??
[  128.651528][ T5892] usbhid 5-1:0.0: can't add hid device: -71
[  128.654878][ T5892] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  128.661181][ T5892] usb 5-1: USB disconnect, device number 7
[  128.848138][   T24] hid (null): report_id 35660 is invalid
[  128.935229][ T8752] netlink: 'syz.1.1051': attribute type 2 has an invalid length.
[  129.057679][   T24] input: HID 28bd:0042 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0042.0007/input/input8
[  129.069920][   T24] uclogic 0003:28BD:0042.0007: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.3-1/input1
[  129.105477][   T24] usb 4-1: USB disconnect, device number 7
[  129.210669][ T8758] overlayfs: failed to clone lowerpath
[  129.281929][ T8759] overlayfs: failed to clone upperpath
[  130.082112][ T8815] netlink: 'syz.4.1078': attribute type 14 has an invalid length.
[  130.158623][ T8819] tipc: Started in network mode
[  130.160279][ T8819] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711
[  130.163054][ T8819] tipc: Enabled bearer <eth:batadv0>, priority 10
[  130.220599][ T8823] 9pnet_fd: Insufficient options for proto=fd
[  130.462707][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  130.636308][   T24] usb 5-1: Using ep0 maxpacket: 32
[  130.644597][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.652175][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.659029][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  130.670475][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.677958][   T24] usb 5-1: config 0 descriptor??
[  130.685364][   T24] hub 5-1:0.0: USB hub found
[  130.885438][   T24] hub 5-1:0.0: 1 port detected
[  131.158321][   T51] tipc: Node number set to 8432298
[  131.499075][   T24] hub 5-1:0.0: activate --> -90
[  131.698727][   T24] usb 5-1-port1: config error
[  131.913929][ T5892] usb 5-1: USB disconnect, device number 8
[  132.644301][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  132.646654][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  132.861728][ T8885] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1104'.
[  132.949688][ T8890] loop4: detected capacity change from 0 to 512
[  132.952667][ T8890] EXT4-fs: Ignoring removed nobh option
[  132.969837][ T8890] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117
[  132.978766][ T8890] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.1109: invalid indirect mapped block 256 (level 1)
[  132.984139][ T8890] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.1109: invalid indirect mapped block 2683928664 (level 1)
[  132.992484][ T8890] EXT4-fs (loop4): 1 truncate cleaned up
[  132.995308][ T8890] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  133.028279][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.049049][ T8887] loop3: detected capacity change from 0 to 32768
[  133.082686][ T8887] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  133.086614][   T33] audit: type=1326 audit(1755869358.373:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.098523][   T33] audit: type=1326 audit(1755869358.373:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.110983][ T8887] XFS (loop3): Ending clean mount
[  133.112859][   T33] audit: type=1326 audit(1755869358.373:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.137293][   T33] audit: type=1326 audit(1755869358.373:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.155085][   T33] audit: type=1326 audit(1755869358.373:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.158502][ T6851] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  133.175584][ T8906] loop4: detected capacity change from 0 to 1024
[  133.179585][   T33] audit: type=1326 audit(1755869358.383:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.208035][   T33] audit: type=1326 audit(1755869358.383:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.233922][ T2425] hfsplus: b-tree write err: -5, ino 4
[  133.253015][   T33] audit: type=1326 audit(1755869358.383:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.283348][   T33] audit: type=1326 audit(1755869358.383:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.295286][ T8908] loop4: detected capacity change from 0 to 1024
[  133.310939][ T8908] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  133.325935][   T33] audit: type=1326 audit(1755869358.383:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  133.403270][ T8913] loop6: detected capacity change from 0 to 63
[  133.410346][ T8913] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.425180][ T8913] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.428594][ T8913] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.431937][ T8913] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.446825][ T8913] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.450217][ T8913] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.453626][ T8913] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.520481][ T8919] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  133.524164][ T8919] Buffer I/O error on dev loop6, logical block 1, lost async page write
[  133.540486][ T8913]  loop6: unable to read partition table
[  133.547863][ T8913] loop_reread_partitions: partition scan of loop6 (3) failed (rc=-5)
[  133.558030][ T8919] Buffer I/O error on dev loop6, logical block 2, lost async page write
[  133.570555][ T5295] ldm_validate_partition_table(): Disk read failed.
[  133.578236][ T5295] Dev loop6: unable to read RDB block 0
[  133.580304][ T5295]  loop6: unable to read partition table
[  133.725746][ T8918] loop4: detected capacity change from 0 to 32768
[  133.730874][ T8918] XFS (loop4): invalid log iosize: 1 [not 12-30]
[  133.880158][ T8921] loop3: detected capacity change from 0 to 32768
[  133.959850][ T8921] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  133.959863][ T8921]   allowing incompatible features above 0.0: (unknown version)
[  133.959868][ T8921]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  133.980731][ T8921] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  133.983644][ T8921] bcachefs (loop3): initializing new filesystem
[  134.003959][ T8921] bcachefs (loop3): going read-write
[  134.032158][ T8921] bcachefs (loop3): marking superblocks
[  134.038211][ T8921] bcachefs (loop3): initializing freespace
[  134.044899][ T8921] bcachefs (loop3): done initializing freespace
[  134.049669][ T8921] bcachefs (loop3): reading snapshots table
[  134.053214][ T8921] bcachefs (loop3): reading snapshots done
[  134.058265][ T8921] bcachefs (loop3): done starting filesystem
[  134.153925][ T6851] bcachefs (loop3): shutting down
[  134.156029][ T6851] bcachefs (loop3): going read-only
[  134.158143][ T6851] bcachefs (loop3): finished waiting for writes to stop
[  134.167911][ T6851] bcachefs (loop3): flushing journal and stopping allocators, journal seq 4
[  134.187456][ T6851] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5
[  134.196105][ T6851] bcachefs (loop3): clean shutdown complete, journal seq 6
[  134.199429][ T6851] bcachefs (loop3): marking filesystem clean
[  134.215014][ T6851] bcachefs (loop3): shutdown complete
[  134.254521][ T8959] random: crng reseeded on system resumption
[  134.308420][ T8961] loop4: detected capacity change from 0 to 512
[  135.260537][ T8981] 8021q: adding VLAN 0 to HW filter on device bond1
[  135.485585][ T8981] bond_slave_0: entered promiscuous mode
[  135.487625][ T8981] bond_slave_1: entered promiscuous mode
[  135.491199][ T8981] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  135.501253][ T8981] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  135.565767][ T8991] syzkaller0: entered promiscuous mode
[  135.567907][ T8991] syzkaller0: entered allmulticast mode
[  136.314250][ T9013] loop4: detected capacity change from 0 to 4096
[  136.322507][ T9014] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  136.389550][ T9020] loop4: detected capacity change from 0 to 512
[  136.399249][ T9020] EXT4-fs: Ignoring removed nobh option
[  136.412502][ T9020] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1158: iget: bad i_size value: 38620345925642
[  136.417182][ T9020] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1158: couldn't read orphan inode 15 (err -117)
[  136.422921][ T9020] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  136.430874][ T9020] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1158: bg 0: block 5: invalid block bitmap
[  136.435796][ T9020] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  136.444200][ T9028] netlink: 'syz.1.1161': attribute type 3 has an invalid length.
[  136.446859][ T9028] netlink: 'syz.1.1161': attribute type 3 has an invalid length.
[  136.452489][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.741857][  T972] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  136.909011][  T972] usb 5-1: Using ep0 maxpacket: 32
[  136.912198][  T972] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  136.918562][  T972] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  136.922391][  T972] usb 5-1: New USB device found, idVendor=05ac, idProduct=029c, bcdDevice= 0.00
[  136.929529][  T972] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.937621][  T972] usb 5-1: config 0 descriptor??
[  137.156065][   T24] usb 5-1: USB disconnect, device number 9
[  137.182174][ T9055] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1173'.
[  137.373662][ T9064] loop3: detected capacity change from 0 to 4096
[  137.377886][ T9064] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  137.489236][ T9072] TCP: TCP_TX_DELAY enabled
[  137.609946][ T9074] loop3: detected capacity change from 0 to 32768
[  137.621943][ T9074] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  137.651172][ T6851] ocfs2: Unmounting device (7,3) on (node local)
[  137.902833][ T9089] loop4: detected capacity change from 0 to 32768
[  137.909056][ T9089] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1188 (9089)
[  137.919380][ T9089] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  137.924884][ T9089] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  137.941519][ T9089] BTRFS info (device loop4): rebuilding free space tree
[  137.945728][ T9089] BTRFS info (device loop4): disabling free space tree
[  137.948036][ T9089] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  137.952140][ T9089] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  137.957682][ T9089] BTRFS info (device loop4): setting nodatasum
[  137.961181][ T9089] BTRFS info (device loop4): allowing degraded mounts
[  137.963785][ T9089] BTRFS info (device loop4): enabling ssd optimizations
[  137.966734][ T9089] BTRFS info (device loop4): force clearing of disk cache
[  137.969395][ T9089] BTRFS info (device loop4): force zlib compression, level 3
[  137.992014][ T7860] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  138.206256][ T9124] loop4: detected capacity change from 0 to 32768
[  138.211879][ T9124] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  138.243297][ T7860] (syz-executor,7860,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  138.249372][ T7860] ocfs2: Unmounting device (7,4) on (node local)
[  138.455786][ T9155] nfs: Unknown parameter 'ntext'
[  138.507658][ T9163] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1214'.
[  138.641212][ T9183] loop4: detected capacity change from 0 to 512
[  138.659250][ T9183] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  138.683427][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.861902][ T9202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1227'.
[  139.005021][ T9207] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1230'.
[  139.008423][ T9207] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1230'.
[  139.047004][ T9211] netlink: 'syz.3.1232': attribute type 1 has an invalid length.
[  139.089178][ T9217] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1234'.
[  139.092920][ T9217] netlink: 'syz.3.1234': attribute type 14 has an invalid length.
[  139.102384][ T9217] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1234'.
[  139.102393][ T6883] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  139.106390][ T9217] netlink: 'syz.3.1234': attribute type 14 has an invalid length.
[  139.113200][ T6883] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  139.121224][ T6883] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  139.129441][ T6883] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  139.156674][ T9225] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  139.174715][ T9228] loop3: detected capacity change from 0 to 256
[  139.207308][ T9231] loop3: detected capacity change from 0 to 2048
[  139.210391][ T9231] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  139.218686][ T9233] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  139.219286][ T5865] udevd[5865]: incorrect nilfs2 checksum on /dev/loop3
[  139.305698][ T9242] loop3: detected capacity change from 0 to 1024
[  139.317840][ T9242] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  139.323863][ T9242] ext4 filesystem being mounted at /304/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.331311][ T9242] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm syz.3.1243: lblock 0 mapped to illegal pblock 0 (length 1)
[  139.339963][ T9242] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  139.345587][ T9242] EXT4-fs (loop3): This should not happen!! Data will be lost
[  139.345587][ T9242] 
[  139.350425][ T9242] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1243: lblock 0 mapped to illegal pblock 0 (length 1)
[  139.357778][ T9242] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1243: lblock 0 mapped to illegal pblock 0 (length 1)
[  139.363684][ T9242] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1243: lblock 0 mapped to illegal pblock 0 (length 1)
[  139.369528][ T9242] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1243: lblock 0 mapped to illegal pblock 0 (length 1)
[  139.376031][ T9242] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.1243: lblock 0 mapped to illegal pblock 0 (length 1)
[  139.381782][ T9242] EXT4-fs error (device loop3): ext4_ext_remove_space:2955: inode #15: comm syz.3.1243: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  139.403722][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  139.616237][ T9256] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.620648][ T9256] 8021q: adding VLAN 0 to HW filter on device team0
[  139.692185][ T9256] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  139.771763][ T9259] loop4: detected capacity change from 0 to 1024
[  139.889566][ T5892] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  139.911133][ T2425] hfsplus: b-tree write err: -5, ino 8
[  140.038863][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  140.042579][ T5892] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.046844][ T5892] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  140.052701][ T5892] usb 4-1: New USB device found, idVendor=1d6b, idProduct=1301, bcdDevice= 1.40
[  140.056495][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.060194][ T5892] usb 4-1: Product: syz
[  140.062051][ T5892] usb 4-1: Manufacturer: syz
[  140.064053][ T5892] usb 4-1: SerialNumber: syz
[  140.152017][ T9267] loop4: detected capacity change from 0 to 32768
[  140.158858][ T9267] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  140.158858][ T9267] clean (size 2912):
[  140.158858][ T9267] flags:          0
[  140.158858][ T9267] journal_seq:    10
[  140.158858][ T9267] usage: type=inodes v=8
[  140.158858][ T9267] usage: type=key_version v=0
[  140.158858][ T9267] usage: type=reserved v=0
[  140.158858][ T9267] usage: type=reserved v=0
[  140.158858][ T9267] usage: type=reserved v=0
[  140.158858][ T9267] usage: type=reserved v=0
[  140.158858][ T9267] data_usage: btree: 1/1 [0]=2816
[  140.158858][ T9267] data_usage: journal: 1/1 [0]=0
[  140.158858][ T9267] data_usage: user: 1/1 [0]=16
[  140.158858][ T9267] dev_usage: dev=0  
[  140.158858][ T9267]   free: buckets=83 sectors=0 fragmented=0
[  140.158858][ T9267]   sb: buckets=25 sectors=6152 fragmented=248
[  140.158858][ T9267]   journal: buckets=8 sectors=2048 fragmented=0
[  140.158858][ T9267]   btree: buckets=11 sectors=2816 fragmented=0
[  140.158858][ T9267]   user: buckets=1 sectors=16 fragmented=240
[  140.158858][ T9267]   cached: buckets=0 sectors=0 fragmented=13565952
[  140.158858][ T9267]   parity: buckets=0 sectors=0 fragmented=0
[  140.158858][ T9267]   stripe: buckets=0 sectors=0 fragmented=0
[  140.158858][ T9267]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  140.158858][ T9267]   need_discard: buckets=0 sectors=0 fragmented=0
[  140.158858][ T9267] clock: read=0
[  140.158858][ T9267] blacklist_v2: start=1 end=1280
[  140.158858][ T9267] btree_root: btree=extents level=0 u64s 11 type xattr SPOS_MAX len 0 
[  140.158996][ T9267] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  140.286526][ T5892] usb 4-1: 0:2 : does not exist
[  140.304130][ T5892] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  140.321520][ T5892] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[  140.336397][ T5892] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  140.345739][ T5892] usb 4-1: 5:0: cannot get min/max values for control 8 (id 5)
[  140.359555][ T5892] usb 4-1: USB disconnect, device number 8
[  140.381510][ T5865] udevd[5865]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  141.254077][ T9301] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  141.374916][ T9301] loop3: detected capacity change from 0 to 32768
[  141.713158][ T9301] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  141.752047][ T9301] XFS (loop3): Ending clean mount
[  142.411412][ T6851] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  142.670313][ T9342] netlink: 'syz.4.1278': attribute type 10 has an invalid length.
[  142.673037][ T9342] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.675912][ T9342] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.694914][ T9342] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.697458][ T9342] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.700261][ T9342] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.702817][ T9342] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.764973][ T9342] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  142.961538][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1288'.
[  142.965693][ T9358] netlink: 'syz.1.1288': attribute type 7 has an invalid length.
[  143.482477][ T9364] loop4: detected capacity change from 0 to 32768
[  143.487406][ T9364] JBD2: Ignoring recovery information on journal
[  143.498702][ T9364] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  143.517846][ T7860] ocfs2: Unmounting device (7,4) on (node local)
[  143.582318][ T9378] loop4: detected capacity change from 0 to 16
[  143.593470][ T9378] erofs (device loop4): mounted with root inode @ nid 36.
[  143.647004][ T9382] netlink: 'syz.1.1298': attribute type 1 has an invalid length.
[  143.655031][ T9383] syz.4.1296: attempt to access beyond end of device
[  143.655031][ T9383] loop4: rw=524288, sector=128, nr_sectors = 8 limit=16
[  143.663773][ T9383] syz.4.1296: attempt to access beyond end of device
[  143.663773][ T9383] loop4: rw=524288, sector=0, nr_sectors = 1024 limit=16
[  143.676149][ T9383] erofs (device loop4): read error -95 @ 1 of nid 89
[  143.679540][   T33] kauditd_printk_skb: 11 callbacks suppressed
[  143.679617][   T33] audit: type=1800 audit(1755869369.020:47): pid=9383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1296" name="file2" dev="loop4" ino=89 res=0 errno=0
[  143.907866][  T972] IPVS: starting estimator thread 0...
[  143.910034][ T9395] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  143.992248][ T9403] overlayfs: failed to clone upperpath
[  143.998904][ T9398] IPVS: using max 134 ests per chain, 321600 per kthread
[  145.261770][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1314'.
[  145.266192][ T9426] netlink: 'syz.1.1314': attribute type 20 has an invalid length.
[  145.268768][ T9426] netlink: 'syz.1.1314': attribute type 21 has an invalid length.
[  145.774620][ T9436] loop4: detected capacity change from 0 to 512
[  145.793836][ T9436] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.798071][ T9436] ext4 filesystem being mounted at /165/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  145.808000][ T9436] Quota error (device loop4): do_check_range: Getting dqdh_next_free 2741 out of range 0-6
[  145.813873][ T9436] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  145.818069][ T9436] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.1318: Failed to acquire dquot type 0
[  145.851811][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.919143][ T9447] loop4: detected capacity change from 0 to 2048
[  145.927349][ T9447] UDF-fs: warning (device loop4): udf_fill_super: No fileset found
[  145.996061][ T9454] loop4: detected capacity change from 0 to 1024
[  146.004248][   T33] audit: type=1800 audit(1755869371.361:48): pid=9454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1325" name="file1" dev="loop4" ino=20 res=0 errno=0
[  146.022611][ T1089] hfsplus: b-tree write err: -5, ino 4
[  146.110206][ T9462] loop4: detected capacity change from 0 to 1024
[  146.183293][ T9463] hfsplus: request for non-existent node 62977 in B*Tree
[  146.186151][ T9463] hfsplus: request for non-existent node 62977 in B*Tree
[  146.400572][ T9476] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1329'.
[  146.850555][ T9496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1343'.
[  147.203924][ T1093] hfsplus: b-tree write err: -5, ino 3
[  147.385200][ T9526] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1355'.
[  147.650576][ T9544] loop4: detected capacity change from 0 to 128
[  147.665550][ T9544] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  147.670764][ T9544] ext4 filesystem being mounted at /179/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  147.711654][ T7860] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  148.217428][ T9560] loop3: detected capacity change from 0 to 32768
[  148.221927][ T9560] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1368 (9560)
[  148.234836][ T9560] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  148.240692][ T9560] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  148.256991][ T9560] BTRFS info (device loop3): enabling ssd optimizations
[  148.260149][ T9560] BTRFS info (device loop3): enabling free space tree
[  148.279222][ T9560] evm: overlay not supported
[  148.314608][ T6851] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  148.526160][ T9596] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  148.528751][ T9596] IPv6: NLM_F_CREATE should be set when creating new route
[  148.690023][ T9597] loop3: detected capacity change from 0 to 1024
[  149.124985][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  149.269217][ T1093] hfsplus: b-tree write err: -5, ino 4
[  149.274118][    T9] usb 5-1: Using ep0 maxpacket: 16
[  149.296443][    T9] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  149.301983][    T9] usb 5-1: config 0 has no interface number 0
[  149.307705][    T9] usb 5-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  149.312134][    T9] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  149.323630][    T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  149.329754][    T9] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  149.349749][    T9] usb 5-1: Product: syz
[  149.351509][    T9] usb 5-1: SerialNumber: syz
[  149.356913][    T9] usb 5-1: config 0 descriptor??
[  149.363097][    T9] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input9
[  149.579025][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  149.579082][ T5905] usb 5-1: USB disconnect, device number 10
[  149.581476][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  149.594334][ T5905] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  150.372054][ T9681] loop3: detected capacity change from 0 to 1024
[  150.410291][ T9681] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.416466][ T9679] loop4: detected capacity change from 0 to 32768
[  150.431411][ T9679] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  150.435905][ T9681] EXT4-fs error (device loop3): ext4_read_inline_dir:1476: inode #12: block 7: comm syz.3.1417: path /342/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  150.452970][ T9679] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  150.480772][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.488112][ T7860] ocfs2: Unmounting device (7,4) on (node local)
[  150.570271][ T9689] loop3: detected capacity change from 0 to 4096
[  150.577152][ T9689] ntfs3(loop3): It is recommened to use chkdsk.
[  150.587073][ T9689] ntfs3(loop3): ino=0, mi_enum_attr
[  150.594871][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  150.598890][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  150.602282][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  150.607431][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00
[  150.613724][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc1c00
[  150.617393][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc2c00
[  150.628658][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc4c00
[  150.634304][ T9689] ntfs3(loop3): try to read out of volume at offset 0x3fffffc8c00
[  150.969107][ T9721] loop4: detected capacity change from 0 to 128
[  150.981820][ T9721] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  150.988015][ T9721] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.016483][ T5905] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  151.018647][ T9725] 9pnet_fd: Insufficient options for proto=fd
[  151.044020][ T7860] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  151.109818][ T9734] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1437'.
[  151.151193][ T9737] loop4: detected capacity change from 0 to 8
[  151.176020][ T5905] usb 4-1: Using ep0 maxpacket: 8
[  151.182775][ T5905] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.187452][ T5905] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  151.192165][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  151.197282][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  151.200848][ T5905] usb 4-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=9b.f7
[  151.204407][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.209022][ T5905] usb 4-1: config 0 descriptor??
[  151.215913][ T5905] metro_usb 4-1:0.0: Metrologic USB to Serial converter detected
[  151.227915][ T5905] usb 4-1: Metrologic USB to Serial converter now attached to ttyUSB0
[  151.471309][ T5905] usb 4-1: USB disconnect, device number 9
[  151.527253][ T5905] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0
[  151.536934][ T5905] metro_usb 4-1:0.0: device disconnected
[  152.031547][ T9760] loop3: detected capacity change from 0 to 256
[  152.037552][ T9760] exfat: Deprecated parameter 'namecase'
[  152.068291][ T9760] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  152.413422][ T5892] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  152.838748][ T5892] usb 4-1: Using ep0 maxpacket: 32
[  152.844761][ T5892] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  152.848745][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.851997][ T5892] usb 4-1: Product: syz
[  152.853833][ T5892] usb 4-1: Manufacturer: syz
[  152.855822][ T5892] usb 4-1: SerialNumber: syz
[  152.859362][ T5892] usb 4-1: config 0 descriptor??
[  152.863484][ T5892] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  153.665742][ T5892] gspca_ov534_9: reg_w failed -71
[  153.753585][ T9822] tipc: Trying to set illegal importance in message
[  153.994408][ T5892] gspca_ov534_9: Unknown sensor 0000
[  153.994457][ T5892] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  154.006091][ T5892] usb 4-1: USB disconnect, device number 10
[  154.292753][ T5905] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  154.443513][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  154.447929][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  154.453325][ T5905] usb 5-1: New USB device found, idVendor=056a, idProduct=0020, bcdDevice= 0.00
[  154.456947][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.461362][ T5905] usb 5-1: config 0 descriptor??
[  154.464579][ T9842] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  154.501758][ T5892] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  154.651108][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  154.654431][ T5892] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  154.658160][ T5892] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 96
[  154.662052][ T5892] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  154.666075][ T5892] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  154.674857][ T5892] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  154.678303][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  154.681778][ T5892] usb 4-1: SerialNumber: syz
[  154.682936][ T5905] usbhid 5-1:0.0: can't add hid device: -71
[  154.686075][ T5905] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  154.689170][ T9854] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  154.692727][ T9854] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  154.696072][ T5905] usb 5-1: USB disconnect, device number 11
[  154.697558][ T5892] hub 4-1:1.0: bad descriptor, ignoring hub
[  154.700278][ T5892] hub 4-1:1.0: probe with driver hub failed with error -5
[  154.897353][ T9854] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  154.903883][ T9854] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  155.245250][ T9894] overlayfs: conflicting lowerdir path
[  155.316512][ T5892] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42
[  155.450098][ T9917] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1526'.
[  156.060611][ T9930] loop3: detected capacity change from 0 to 2048
[  156.065009][ T9930] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  156.070299][ T9930] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  156.073608][ T9930] UDF-fs: Scanning with blocksize 512 failed
[  156.079651][ T9930] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  156.203586][ T9938] loop3: detected capacity change from 0 to 4096
[  156.215777][ T9938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.237448][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.563801][ T5592] usb 4-1: reset high-speed USB device number 11 using dummy_hcd
[  156.723859][ T5592] usb 4-1: device firmware changed
[  156.726464][ T5892] usb 4-1: USB disconnect, device number 11
[  156.728906][ T9917] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1526'.
[  156.729628][ T5892] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device
[  156.736856][ T9926] netlink: 'syz.4.1530': attribute type 10 has an invalid length.
[  156.777474][ T9945] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1539'.
[  156.940989][ T5892] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  157.469681][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  157.473665][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  157.478619][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  157.486202][ T5892] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  157.490072][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.493384][ T5892] usb 4-1: Product: syz
[  157.495197][ T5892] usb 4-1: Manufacturer: syz
[  157.497188][ T5892] usb 4-1: SerialNumber: syz
[  157.502667][ T5892] usb 4-1: config 0 descriptor??
[  157.507467][ T5892] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  157.512223][ T5892] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  158.037701][ T5905] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  158.107648][ T5892] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  158.110758][ T5892] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  158.189223][ T5905] usb 5-1: unable to get BOS descriptor or descriptor too short
[  158.193806][ T5905] usb 5-1: config 63 has an invalid interface number: 66 but max is 0
[  158.197530][ T5905] usb 5-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config
[  158.201855][ T5905] usb 5-1: config 63 has no interface number 0
[  158.204857][ T5905] usb 5-1: config 63 interface 66 has no altsetting 0
[  158.210398][ T5905] usb 5-1: New USB device found, idVendor=174f, idProduct=8a31, bcdDevice=39.f4
[  158.214309][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.217803][ T5905] usb 5-1: Product: syz
[  158.219332][ T5905] usb 5-1: Manufacturer: syz
[  158.220995][ T5905] usb 5-1: SerialNumber: syz
[  158.431845][ T5905] usb 5-1: Found UVC 0.07 device syz (174f:8a31)
[  158.434452][ T5905] usb 5-1: No valid video chain found.
[  158.440803][ T5905] usb 5-1: USB disconnect, device number 12
[  158.913071][ T5892] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[  158.916783][ T5892] em28xx 4-1:0.0: couldn't setup AC97 register 2
[  158.920316][ T5892] em28xx 4-1:0.0: couldn't setup AC97 register 4
[  158.923273][ T5892] em28xx 4-1:0.0: couldn't setup AC97 register 6
[  158.926631][ T5892] em28xx 4-1:0.0: couldn't setup AC97 register 54
[  158.929712][ T5892] em28xx 4-1:0.0: couldn't setup AC97 register 56
[  158.935635][ T5892] usb 4-1: USB disconnect, device number 12
[  159.169100][T10015] loop4: detected capacity change from 0 to 2048
[  159.172622][T10015] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  159.184936][ T5865] udevd[5865]: incorrect nilfs2 checksum on /dev/loop4
[  159.186293][T10016] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.215780][T10020] loop4: detected capacity change from 0 to 512
[  159.242038][T10020] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1570: bad orphan inode 13
[  159.247675][T10020] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  159.252641][T10020] ext4 filesystem being mounted at /228/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.258526][T10020] EXT4-fs error (device loop4): ext4_lookup:1779: inode #2: comm syz.4.1570: bad inode number: 15
[  159.270708][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  160.125523][   T33] audit: type=1326 audit(1755869385.541:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.134988][   T33] audit: type=1326 audit(1755869385.541:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.145250][   T33] audit: type=1326 audit(1755869385.541:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.155427][   T33] audit: type=1326 audit(1755869385.541:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.179114][   T33] audit: type=1326 audit(1755869385.541:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.191983][T10088] netlink: 13 bytes leftover after parsing attributes in process `syz.4.1601'.
[  160.195685][T10088] netlink: 'syz.4.1601': attribute type 3 has an invalid length.
[  160.198833][T10088] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1601'.
[  160.209030][   T33] audit: type=1326 audit(1755869385.541:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.218066][   T33] audit: type=1326 audit(1755869385.541:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.228622][   T33] audit: type=1326 audit(1755869385.541:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.250785][   T33] audit: type=1326 audit(1755869385.541:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.260665][   T33] audit: type=1326 audit(1755869385.541:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10085 comm="syz.1.1600" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  160.328284][T10092] loop3: detected capacity change from 0 to 32768
[  160.341775][T10092] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1604 (10092)
[  160.358754][T10092] BTRFS info (device loop3 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  160.362376][T10092] BTRFS info (device loop3 state S): using crc32c (crc32c-lib) checksum algorithm
[  160.381391][   T36] BTRFS warning (device loop3 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x5a2abccf level 0, ignored
[  160.386397][   T36] BTRFS warning (device loop3 state S): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x6607e867 level 0, ignored
[  160.391688][ T2425] BTRFS warning (device loop3 state S): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x28b693f7 level 0, ignored
[  160.396569][T10092] BTRFS error (device loop3 state CS): failed to load root free space
[  160.443986][   T36] BTRFS warning (device loop3 state CS): checksum verify failed on logical 5255168 mirror 1 wanted 0x9df47653 found 0x9d251998 level 1, ignored
[  160.511331][T10092] BTRFS critical (device loop3 state CS): unable to find chunk map for logical 26884158816018432 length 4096
[  160.522439][T10092] BTRFS critical (device loop3 state CS): unable to find chunk map for logical 26884158816018432 length 4096
[  160.530801][T10092] BTRFS warning (device loop3 state CS): failed to read fs tree: -5
[  160.561554][T10092] BTRFS error (device loop3 state CS): open_ctree failed: -5
[  160.895889][T10125] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  160.898535][T10125] VFS: Can't find a romfs filesystem on dev nullb0.
[  160.898535][T10125] 
[  160.943693][T10129] loop3: detected capacity change from 0 to 512
[  162.085366][T10163] ptrace attach of "/syz-executor exec"[7860] was attempted by "ߖ鷴)Qo  \x0dvҢ9T{-92\x0ap_3j nޭOa)bkߟ.\x0aK~򜛱تKOkF^3B3){\x5crHBd,X\x09\x0b3c\x22&W\x22\x1bTL'\x09!_Nhٹ=n>a (G6茷A+&ϋЈUߍa{@{\x0b[ɸYacAzÂGl:d<]u~v!9,?Ŵ>\x22ar\x1blKڬY*VS8ȁ6]kK.=`#\x07x!gMDR*OLK\x0c}oKbA>{@aMdnQj̖5)];r,L\x0c=\x0dWAE n`>Ɵs-3`yfeH^/$L1&NP\x0d1D<\x07cPd(EdtaE!ҭ \x09@ݞHG~H<D$\x0crX`-ͪ/IFEtI;{*W\x0c\x0a:ÈV'\x0c8sejke~ɫRLB*\x0b-r@\x07VMšv%OymWGܕ|ʤ=tU?hK0uӣٜ0G 'b,\x22ߊ;2Ո'G/޳7Wd\x5c!w%xg\x22x[4!NlQ(\x0a@[+ ؐǬ[[zN sB&X>%3{- ^Qǚ4e3\x0b>sF̗H]+\x0
[  162.567155][T10177] netlink: 'syz.3.1631': attribute type 6 has an invalid length.
[  162.926850][T10191] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1638'.
[  163.145064][T10203] fuse: Unknown parameter 'subj_role'
[  163.503773][T10210] loop3: detected capacity change from 0 to 256
[  163.527608][T10210] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  163.642074][T10212] loop3: detected capacity change from 0 to 32768
[  163.644824][T10212] XFS: ikeep mount option is deprecated.
[  163.654375][T10212] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.680378][T10212] XFS (loop3): Ending clean mount
[  163.682883][T10212] XFS (loop3): Quotacheck needed: Please wait.
[  163.689594][T10212] XFS (loop3): Quotacheck: Done.
[  163.712258][ T6851] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.830577][T10224] ALSA: mixer_oss: invalid OSS volume ''
[  163.892089][T10231] loop3: detected capacity change from 0 to 1024
[  163.900387][T10231] EXT4-fs: Ignoring removed nobh option
[  163.921956][T10231] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.980080][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.023598][T10249] Illegal XDP return value 4294967262 on prog  (id 131) dev N/A, expect packet loss!
[  164.138485][T10257] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1662'.
[  165.620145][T10307] loop3: detected capacity change from 0 to 32768
[  165.626388][T10307] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1683 (10307)
[  165.638397][T10307] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  165.642918][T10307] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  165.653476][T10321] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1687'.
[  165.674188][T10307] BTRFS info (device loop3): enabling ssd optimizations
[  165.676741][T10307] BTRFS info (device loop3): enabling free space tree
[  165.679908][T10307] BTRFS info (device loop3): use lzo compression, level 0
[  165.723340][ T6851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  165.745958][   T33] audit: type=1326 audit(1755869391.181:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10336 comm="syz.1.1691" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x0
[  166.415033][T10375] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  166.442113][T10379] loop4: detected capacity change from 0 to 512
[  166.461242][T10379] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  166.465411][T10379] EXT4-fs (loop4): orphan cleanup on readonly fs
[  166.470144][T10379] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[  166.474470][T10379] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  166.482726][T10379] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  166.486038][T10379] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1706: bg 0: block 40: padding at end of block bitmap is not set
[  166.492728][T10379] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  166.497956][T10379] EXT4-fs (loop4): 1 truncate cleaned up
[  166.500884][T10379] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  166.510369][T10379] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  166.523773][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.605398][T10395] could not open pipe file descriptor
[  167.073882][T10444] loop3: detected capacity change from 0 to 16
[  167.079050][T10444] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  167.462662][T10465] loop4: detected capacity change from 0 to 1024
[  167.485387][T10465] EXT4-fs: Ignoring removed nobh option
[  167.487841][T10465] EXT4-fs: Ignoring removed bh option
[  167.507589][T10465] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.591371][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.371280][T10493] netlink: 'syz.1.1735': attribute type 210 has an invalid length.
[  168.577588][T10515] 9pnet_fd: Insufficient options for proto=fd
[  168.649096][ T5918] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  168.805943][ T5918] usb 4-1: config 0 has an invalid interface number: 247 but max is 0
[  168.811262][ T5918] usb 4-1: config 0 has no interface number 0
[  168.814097][ T5918] usb 4-1: too many endpoints for config 0 interface 247 altsetting 138: 111, using maximum allowed: 30
[  168.818386][ T5918] usb 4-1: config 0 interface 247 altsetting 138 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  168.828214][ T5918] usb 4-1: config 0 interface 247 has no altsetting 0
[  168.832559][ T5918] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  168.836388][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.847577][ T5918] usb 4-1: config 0 descriptor??
[  169.598922][ T5918] usb 4-1: Cannot read MAC address
[  169.609167][T10529] loop4: detected capacity change from 0 to 256
[  169.612114][ T5918] MOSCHIP usb-ethernet driver 4-1:0.247: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  169.612722][T10529] FAT-fs (loop4): bogus sectors per cluster 0
[  169.619952][T10529] FAT-fs (loop4): Can't find a valid FAT filesystem
[  169.634414][ T5918] usb 4-1: USB disconnect, device number 13
[  169.634999][T10531] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1751'.
[  169.685181][T10534] loop4: detected capacity change from 0 to 2048
[  169.835617][ T5865]  loop4: p2 p3 < > p4 < p5 >
[  169.842446][ T5865] loop4: partition table partially beyond EOD, truncated
[  169.848751][ T5865] loop4: p3 start 4284289 is beyond EOD, truncated
[  169.868498][T10534]  loop4: p2 p3 < > p4 < p5 >
[  169.870637][T10534] loop4: partition table partially beyond EOD, truncated
[  169.874717][T10534] loop4: p3 start 4284289 is beyond EOD, truncated
[  169.919626][ T5865] udevd[5865]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  169.920930][ T5864] udevd[5864]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  169.929553][ T5925] udevd[5925]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory
[  170.061849][T10538] loop4: detected capacity change from 0 to 32768
[  170.066258][T10538] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1754 (10538)
[  170.075307][T10538] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  170.079600][T10538] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  170.096504][T10538] BTRFS info (device loop4): enabling ssd optimizations
[  170.099806][T10538] BTRFS info (device loop4): enabling free space tree
[  170.126016][   T13] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  170.159647][ T7860] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  170.416261][ T5855] Bluetooth: hci2: command 0x0406 tx timeout
[  170.666233][T10568] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1760'.
[  170.669799][T10568] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1760'.
[  170.676473][T10568] erspan0: entered promiscuous mode
[  170.678707][T10568] gretap0: entered promiscuous mode
[  170.762408][ T5892] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  170.911798][ T5892] usb 4-1: Using ep0 maxpacket: 8
[  170.915771][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  170.925493][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  170.929893][ T5892] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  170.935171][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  170.941651][ T5892] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  170.945626][ T5892] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  170.949210][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.954020][ T5892] usb 4-1: config 0 descriptor??
[  170.965127][ T5862] Bluetooth: hci3: urb ffff88810f671a00 submission failed (90)
[  171.164835][ T5918] usb 4-1: USB disconnect, device number 14
[  171.396326][T10587] cgroup: Unknown subsys name 'cpuset'
[  171.604481][ T5862] Bluetooth: hci2: unexpected event for opcode 0x200f
[  171.778158][T10595] loop3: detected capacity change from 0 to 32768
[  171.781339][T10595] (syz.3.1771,10595,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  171.785997][T10595] (syz.3.1771,10595,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  171.793437][T10595] JBD2: Ignoring recovery information on journal
[  171.806454][T10595] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  171.822179][ T6851] ocfs2: Unmounting device (7,3) on (node local)
[  171.864972][T10599] netlink: 512 bytes leftover after parsing attributes in process `syz.3.1772'.
[  172.264893][T10614] loop4: detected capacity change from 0 to 512
[  172.290740][T10614] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.295159][T10614] ext4 filesystem being mounted at /284/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.319939][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.599284][T10603] loop3: detected capacity change from 0 to 262144
[  172.633111][T10603] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  172.636848][T10603] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  172.807805][T10637] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  172.811208][T10637] syzkaller0: entered promiscuous mode
[  172.813078][T10637] syzkaller0: entered allmulticast mode
[  172.816638][T10637] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  172.820679][T10637] tipc: Resetting bearer <eth:syzkaller0>
[  172.823778][T10636] tipc: Resetting bearer <eth:syzkaller0>
[  172.832988][T10636] tipc: Disabling bearer <eth:syzkaller0>
[  172.961778][T10645] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  173.099612][T10652] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1793'.
[  173.103510][T10652] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1793'.
[  173.376393][T10664] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1798'.
[  173.380245][T10664] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1798'.
[  173.560114][T10669] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1799'.
[  173.563990][T10669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1799'.
[  173.790049][T10683] loop4: detected capacity change from 0 to 32768
[  173.816218][T10683] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  173.816234][T10683]   allowing incompatible features above 0.0: (unknown version)
[  173.816239][T10683]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  173.832267][T10683] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  173.835101][T10683] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  173.837917][T10683] bcachefs (loop4): Version upgrade required:
[  173.837917][T10683] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  173.837917][T10683] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  173.837917][T10683]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  173.865799][T10683] bcachefs (loop4): dropping and reconstructing all alloc info
[  173.875636][T10683] bcachefs (loop4): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4099:U32_MAX len 0 ver 0: (unpack error)
[  173.875651][T10683]   invalid variable length fields, deleting
[  173.887073][T10683] bcachefs (loop4): accounting_read... done
[  173.890527][T10683] bcachefs (loop4): alloc_read... done
[  173.893707][T10683] bcachefs (loop4): snapshots_read... done
[  173.896775][T10683] bcachefs (loop4): check_allocations... done
[  173.908881][T10683] bcachefs (loop4): going read-write
[  173.917303][T10683] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean
[  173.921795][T10683] bcachefs (loop4): done starting filesystem
[  173.923518][   T68] bcachefs (loop4): bucket incorrectly unset in freespace btree
[  173.929906][   T68]   u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing
[  173.938496][   T68] bcachefs (loop4): bucket incorrectly unset in freespace btree
[  173.938508][   T68]   u64s 5 type deleted 0:26:0 len 0 ver 0, , continuing
[  173.946950][   T68] bcachefs (loop4): bucket incorrectly unset in freespace btree
[  173.946962][   T68]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[  173.966288][ T1091] bcachefs (loop4): bucket incorrectly unset in freespace btree
[  173.966297][ T1091]   u64s 5 type deleted 0:43:0 len 0 ver 0, , continuing
[  173.974521][ T1091] bcachefs (loop4): bucket incorrectly unset in freespace btree
[  173.974530][ T1091]   u64s 5 type deleted 0:47:0 len 0 ver 0, , continuing
[  173.999264][ T7860] bcachefs (loop4): shutting down
[  174.001867][ T7860] bcachefs (loop4): going read-only
[  174.004671][ T7860] bcachefs (loop4): finished waiting for writes to stop
[  174.008629][ T7860] bcachefs (loop4): flushing journal and stopping allocators, journal seq 12
[  174.015918][ T1091] bcachefs (loop4): bucket incorrectly unset in freespace btree
[  174.015927][ T1091]   u64s 5 type deleted 0:52:0 len 0 ver 0, , continuing
[  174.025539][ T7860] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 12
[  174.030058][ T7860] bcachefs (loop4): unclean shutdown complete, journal seq 13
[  174.033143][ T7860] bcachefs (loop4): done going read-only, filesystem not clean
[  174.040901][ T7860] bcachefs (loop4): shutdown complete
[  174.186791][   T33] audit: type=1326 audit(1755869399.649:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1810" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  174.226457][   T33] audit: type=1326 audit(1755869399.649:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1810" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  174.240861][   T33] audit: type=1326 audit(1755869399.649:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1810" exe="/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  174.250532][   T33] audit: type=1326 audit(1755869399.649:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1810" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  174.279548][   T33] audit: type=1326 audit(1755869399.649:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10698 comm="syz.3.1810" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  174.302489][T10712] netlink: 'syz.3.1815': attribute type 1 has an invalid length.
[  174.539717][T10717] loop3: detected capacity change from 0 to 40427
[  174.544970][T10717] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  174.547603][T10717] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  174.558246][T10717] F2FS-fs (loop3): invalid crc value
[  174.573733][T10717] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  174.577407][T10717] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  174.579939][T10717] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  174.593377][ T6851] syz-executor: attempt to access beyond end of device
[  174.593377][ T6851] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  174.598034][ T6851] CPU: 1 UID: 0 PID: 6851 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  174.598050][ T6851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  174.598055][ T6851] Call Trace:
[  174.598059][ T6851]  <TASK>
[  174.598062][ T6851]  dump_stack_lvl+0x189/0x250
[  174.598075][ T6851]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.598083][ T6851]  ? __pfx_queue_work_on+0x10/0x10
[  174.598091][ T6851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  174.598100][ T6851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  174.598110][ T6851]  f2fs_handle_critical_error+0x37c/0x540
[  174.598122][ T6851]  f2fs_write_end_io+0x886/0xb60
[  174.598132][ T6851]  __submit_merged_bio+0x27a/0x6a0
[  174.598142][ T6851]  __submit_merged_write_cond+0x255/0x530
[  174.598157][ T6851]  f2fs_write_data_pages+0x261d/0x3000
[  174.598167][ T6851]  ? arch_stack_walk+0xfc/0x150
[  174.598180][ T6851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  174.598190][ T6851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  174.598200][ T6851]  ? rcu_is_watching+0x15/0xb0
[  174.598214][ T6851]  ? folios_put_refs+0x559/0x640
[  174.598223][ T6851]  ? __pfx_folios_put_refs+0x10/0x10
[  174.598230][ T6851]  ? rcu_is_watching+0x15/0xb0
[  174.598236][ T6851]  ? lru_add+0xa2f/0xd80
[  174.598243][ T6851]  ? lru_add+0x198/0xd80
[  174.598250][ T6851]  ? do_raw_spin_lock+0x121/0x290
[  174.598260][ T6851]  ? do_raw_spin_unlock+0x4d/0x240
[  174.598268][ T6851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  174.598278][ T6851]  do_writepages+0x32e/0x550
[  174.598288][ T6851]  ? rcu_is_watching+0x15/0xb0
[  174.598295][ T6851]  ? do_raw_spin_unlock+0x4d/0x240
[  174.598304][ T6851]  filemap_fdatawrite+0x199/0x240
[  174.598314][ T6851]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  174.598329][ T6851]  ? rcu_is_watching+0x15/0xb0
[  174.598336][ T6851]  ? do_raw_spin_unlock+0x4d/0x240
[  174.598344][ T6851]  f2fs_sync_dirty_inodes+0x31f/0x830
[  174.598354][ T6851]  f2fs_write_checkpoint+0x95a/0x1df0
[  174.598364][ T6851]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  174.598378][ T6851]  ? kill_f2fs_super+0x298/0x6c0
[  174.598385][ T6851]  kill_f2fs_super+0x2c3/0x6c0
[  174.598393][ T6851]  ? __pfx_kill_f2fs_super+0x10/0x10
[  174.598399][ T6851]  ? radix_tree_delete_item+0x2b6/0x400
[  174.598412][ T6851]  ? shrinker_free+0x2ce/0x3e0
[  174.598419][ T6851]  deactivate_locked_super+0xbc/0x130
[  174.598428][ T6851]  cleanup_mnt+0x425/0x4c0
[  174.598436][ T6851]  task_work_run+0x1d4/0x260
[  174.598446][ T6851]  ? __pfx_task_work_run+0x10/0x10
[  174.598454][ T6851]  ? __x64_sys_umount+0x122/0x160
[  174.598463][ T6851]  ? __pfx___x64_sys_umount+0x10/0x10
[  174.598472][ T6851]  ? rcu_is_watching+0x15/0xb0
[  174.598479][ T6851]  exit_to_user_mode_loop+0xec/0x110
[  174.598488][ T6851]  do_syscall_64+0x2bd/0x3b0
[  174.598498][ T6851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.598506][ T6851]  ? exc_page_fault+0x9f/0xf0
[  174.598514][ T6851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.598521][ T6851] RIP: 0033:0x7f8ba418ff17
[  174.598528][ T6851] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  174.598535][ T6851] RSP: 002b:00007ffc24a71218 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  174.598544][ T6851] RAX: 0000000000000000 RBX: 00007f8ba4211c05 RCX: 00007f8ba418ff17
[  174.598549][ T6851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc24a712d0
[  174.598553][ T6851] RBP: 00007ffc24a712d0 R08: 0000000000000000 R09: 0000000000000000
[  174.598557][ T6851] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc24a72360
[  174.598562][ T6851] R13: 00007f8ba4211c05 R14: 000000000002aaae R15: 00007ffc24a723a0
[  174.598570][ T6851]  </TASK>
[  174.598573][ T6851] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  175.289788][T10742] loop3: detected capacity change from 0 to 32768
[  175.301392][T10742] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1827 (10742)
[  175.393432][T10755] overlayfs: failed to clone upperpath
[  175.396591][T10742] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  175.406679][T10742] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  175.583518][T10742] BTRFS info (device loop3): enabling ssd optimizations
[  175.586455][T10742] BTRFS info (device loop3): enabling free space tree
[  175.598763][T10742] BTRFS info (device loop3): setting incompat feature flag for DEFAULT_SUBVOL (0x2)
[  175.805760][ T6851] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  175.955145][T10780] loop3: detected capacity change from 0 to 1024
[  175.959124][T10780] EXT4-fs: Ignoring removed oldalloc option
[  175.961092][T10780] EXT4-fs: Ignoring removed bh option
[  175.979300][T10780] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.006675][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.408661][T10821] loop4: detected capacity change from 0 to 512
[  176.423366][T10821] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.430353][T10821] ext4 filesystem being mounted at /304/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.437819][T10825] __nla_validate_parse: 1 callbacks suppressed
[  176.437833][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1852'.
[  176.440889][T10821] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #2: block 18: comm syz.4.1851: lblock 23 mapped to illegal pblock 18 (length 1)
[  176.454663][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 12: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  176.465460][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 13: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  176.478639][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 14: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  176.490319][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 15: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  176.510233][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 16: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  176.519551][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 17: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  176.529761][T10821] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #2: block 18: comm syz.4.1851: lblock 23 mapped to illegal pblock 18 (length 1)
[  176.536891][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 19: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  176.547201][T10821] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 20: comm syz.4.1851: path /304/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  176.880644][T10846] netlink: 'syz.1.1860': attribute type 1 has an invalid length.
[  177.322681][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.522516][T10872] overlayfs: failed to clone lowerpath
[  177.714580][   T33] audit: type=1326 audit(1755869403.189:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10890 comm="syz.1.1882" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  177.725057][   T33] audit: type=1326 audit(1755869403.189:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10890 comm="syz.1.1882" exe="/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  177.735943][   T33] audit: type=1326 audit(1755869403.189:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10890 comm="syz.1.1882" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  177.747954][   T33] audit: type=1326 audit(1755869403.189:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10890 comm="syz.1.1882" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a438ebe9 code=0x7ffc0000
[  177.757386][ T5859] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  177.913510][ T5859] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  177.916802][ T5859] usb 5-1: config 0 has no interface number 0
[  177.921736][ T5859] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  177.925587][ T5859] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.929056][ T5859] usb 5-1: Product: syz
[  177.932202][ T5859] usb 5-1: Manufacturer: syz
[  177.934224][ T5859] usb 5-1: SerialNumber: syz
[  177.939902][ T5859] usb 5-1: config 0 descriptor??
[  178.112391][T10900] syz_tun: entered allmulticast mode
[  178.116132][T10899] syz_tun: left allmulticast mode
[  178.149369][ T5859] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  178.154572][ T5859] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  178.159041][ T5859] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  178.163573][ T5859] usb 5-1: media controller created
[  178.172823][ T5859] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  178.360294][ T5859] i2c i2c-2: ec100: i2c rd failed=-71 reg=33
[  178.383658][ T5859] usb 5-1: USB disconnect, device number 13
[  178.543895][T10947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1908'.
[  179.245097][T10977] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1917'.
[  180.932222][T11012] loop4: detected capacity change from 0 to 32768
[  180.941294][T11012] ea_get: invalid extended attribute
[  180.943110][T11012] ffff88802bfdb148: 04 00 00 00                                      ....
[  181.341944][T11031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1940'.
[  181.940718][    C0] vcan0: j1939_tp_rxtimer: 0xffff888030204c00: rx timeout, send abort
[  181.999971][T11057] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  182.319010][T11066] loop4: detected capacity change from 0 to 4096
[  182.376448][T11066] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  182.444141][    C0] vcan0: j1939_tp_rxtimer: 0xffff888030204c00: abort rx timeout. Force session deactivation
[  182.539550][T11066] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  182.542125][T11066] ntfs3(loop4): Failed to load $Bitmap (-22).
[  182.598487][T11071] bond0: entered allmulticast mode
[  182.600634][T11071] bond_slave_0: entered allmulticast mode
[  182.602740][T11071] bond_slave_1: entered allmulticast mode
[  182.605100][T11071] bridge0: entered allmulticast mode
[  182.736406][T11075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1960'.
[  182.740182][T11075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1960'.
[  182.839311][T11081] loop4: detected capacity change from 0 to 4096
[  182.853007][T11081] ntfs3(loop4): ino=1a, mi_enum_attr
[  182.855561][T11081] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  182.901070][T11083] loop4: detected capacity change from 0 to 512
[  182.917581][T11083] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  182.923027][T11083] ext4 filesystem being mounted at /332/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  182.943387][ T7860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.616291][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  183.804135][   T24] usb 5-1: Using ep0 maxpacket: 16
[  183.807998][   T24] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  183.811592][   T24] usb 5-1: config 0 has no interface number 0
[  183.814491][   T24] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  183.818999][   T24] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  183.824265][   T24] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  183.827821][   T24] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  183.831059][   T24] usb 5-1: Product: syz
[  183.833003][   T24] usb 5-1: SerialNumber: syz
[  183.839790][   T24] usb 5-1: config 0 descriptor??
[  183.846667][   T24] cm109 5-1:0.8: invalid payload size 0, expected 4
[  183.850072][   T24] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input10
[  184.106177][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  184.358359][T11149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1992'.
[  184.363061][T11149] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.370173][T11149] bridge_slave_1 (unregistering): left allmulticast mode
[  184.372503][T11149] bridge_slave_1 (unregistering): left promiscuous mode
[  184.375366][T11149] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.512607][  T972] usb 5-1: USB disconnect, device number 14
[  184.516791][  T972] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  185.044392][T11166] loop4: detected capacity change from 0 to 64
[  185.051132][T11166] Trying to free block not in datazone
[  185.278786][T11188] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  185.393472][ T5859] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  185.546449][ T5859] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  185.550389][ T5859] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.557389][ T5859] usb 5-1: Product: syz
[  185.559511][ T5859] usb 5-1: Manufacturer: syz
[  185.561669][ T5859] usb 5-1: SerialNumber: syz
[  185.566287][ T5859] usb 5-1: config 0 descriptor??
[  185.776407][ T5859] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  186.161126][T11220] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  186.165138][T11220] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  186.170356][T11220] overlayfs: missing 'lowerdir'
[  186.187491][T11220] fuse: Unknown parameter './bus'
[  187.208972][T11250] Option 'TXƮ' to dns_resolver key: bad/missing value
[  187.289171][ T5859] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  187.295629][ T5859] usb 5-1: USB disconnect, device number 15
[  187.495308][T11262] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  187.854771][T11272] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  187.858779][T11272] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  187.882172][ T5855] Bluetooth: hci0: command 0x0406 tx timeout
[  188.073212][T11297] openvswitch: netlink: nsh attribute has 2 unknown bytes.
[  188.730926][T11314] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  188.736250][T11314] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  188.743167][T11316] fuse: Bad value for 'fd'
[  188.785575][T11322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2068'.
[  189.727914][T11338] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2075'.
[  189.740388][T11338] netlink: 'syz.4.2075': attribute type 2 has an invalid length.
[  191.013799][T11370] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2089'.
[  191.102176][T11380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2094'.
[  191.283770][T11398] overlayfs: failed to clone upperpath
[  191.307834][   T33] audit: type=1326 audit(1755869672.785:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.319605][T11384] loop4: detected capacity change from 0 to 32768
[  191.325078][   T33] audit: type=1326 audit(1755869672.795:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.347457][   T33] audit: type=1326 audit(1755869672.795:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.377779][   T33] audit: type=1326 audit(1755869672.795:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.390518][   T33] audit: type=1326 audit(1755869672.795:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.399100][   T33] audit: type=1326 audit(1755869672.795:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.407849][   T33] audit: type=1326 audit(1755869672.795:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.416648][   T33] audit: type=1326 audit(1755869672.795:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.425351][   T33] audit: type=1326 audit(1755869672.795:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.434155][   T33] audit: type=1326 audit(1755869672.795:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11401 comm="syz.3.2105" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  191.898533][T11424] netlink: 'syz.1.2115': attribute type 29 has an invalid length.
[  191.902389][T11424] netlink: 'syz.1.2115': attribute type 29 has an invalid length.
[  191.947924][T11418] loop4: detected capacity change from 0 to 32768
[  191.950896][T11418] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2112 (11418)
[  191.961540][T11418] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  191.964933][T11418] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  192.011354][   T27] BTRFS warning (device loop4): checksum verify failed on logical 5292032 mirror 1 wanted 0xd5bc16bf7502c3940107ef92895f3d2e7f4c766f4585e38c0ad39b0a5d2e0772 found 0xe411c7a0efa54fabafc8c0ad0545277d3e683b146ef1a47775d9ca9aa10535d4 level 0
[  192.025352][T11418] BTRFS warning (device loop4): failed to read root (objectid=9): -5
[  192.031474][T11418] BTRFS error (device loop4): open_ctree failed: -5
[  192.042073][T11446] netlink: 'syz.1.2119': attribute type 12 has an invalid length.
[  192.051110][T11446] netlink: 211856 bytes leftover after parsing attributes in process `syz.1.2119'.
[  192.501800][T11475] loop4: detected capacity change from 0 to 512
[  192.529114][T11479] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2132'.
[  192.534940][T11479] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2132'.
[  192.538620][T11479] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2132'.
[  192.542185][T11479] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2132'.
[  192.869716][  T972] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  193.021962][  T972] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.026563][  T972] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.030794][  T972] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  193.036239][  T972] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  193.041109][  T972] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.045629][  T972] usb 5-1: config 0 descriptor??
[  193.282187][T11499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2140'.
[  193.333629][T11505] trusted_key: syz.1.2142 sent an empty control message without MSG_MORE.
[  193.460679][  T972] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  193.565199][T11528] openvswitch: netlink: nsh attr 0 has unexpected len 4 expected 0
[  193.568639][T11528] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  193.798123][T11536] overlayfs: failed to clone upperpath
[  193.881781][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  194.384122][T11551] __nla_validate_parse: 2 callbacks suppressed
[  194.384139][T11551] netlink: 212296 bytes leftover after parsing attributes in process `syz.1.2161'.
[  194.414900][T11553] netlink: 'syz.1.2162': attribute type 1 has an invalid length.
[  194.526565][T11563] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2167'.
[  194.729820][T11571] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  195.595723][ T5892] usb 5-1: USB disconnect, device number 16
[  195.711430][T11594] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2179'.
[  196.399143][T11627] loop4: detected capacity change from 0 to 2048
[  196.404072][T11627] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  196.417552][   T33] kauditd_printk_skb: 23 callbacks suppressed
[  196.417563][   T33] audit: type=1800 audit(1755869677.898:102): pid=11627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2195" name="file2" dev="loop4" ino=1347 res=0 errno=0
[  196.616076][ T5862] Bluetooth: hci2: unexpected event for opcode 0x203e
[  196.858932][T11661] tipc: Started in network mode
[  196.861208][T11661] tipc: Node identity c, cluster identity 4711
[  196.863737][T11661] tipc: Node number set to 12
[  196.867130][T11663] af_packet: tpacket_rcv: packet too big, clamped from 65232 to 3944. macoff=96
[  197.916958][T11748] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2251'.
[  199.389169][T11796] gtp0: entered promiscuous mode
[  199.423644][T11800] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.2270' resets device
[  199.499367][T11810] binder: 11809:11810 ioctl c0306201 200000000080 returned -14
[  199.522893][T11812] loop4: detected capacity change from 0 to 256
[  199.527964][T11812] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  200.919776][T11850] loop4: detected capacity change from 0 to 131072
[  200.945695][T11850] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  200.949089][T11850] F2FS-fs (loop4): Mounted with checkpoint version = 1b41e955
[  201.435349][ T5892] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  201.585325][ T5892] usb 5-1: Using ep0 maxpacket: 8
[  201.589202][ T5892] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  201.592678][ T5892] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  201.596433][ T5892] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  201.600599][ T5892] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  201.605225][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  201.609542][ T5892] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  201.617071][ T5892] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  201.620705][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.623972][ T5892] usb 5-1: Product: syz
[  201.626031][ T5892] usb 5-1: Manufacturer: syz
[  201.627958][ T5892] usb 5-1: SerialNumber: syz
[  201.630928][ T5892] usb 5-1: config 0 descriptor??
[  201.637699][ T5892] hub 5-1:0.0: bad descriptor, ignoring hub
[  201.640204][ T5892] hub 5-1:0.0: probe with driver hub failed with error -5
[  201.644584][ T5892] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input11
[  201.771722][T11875] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2302'.
[  201.847384][ T5859] usb 5-1: USB disconnect, device number 17
[  202.375888][T11897] loop4: detected capacity change from 0 to 256
[  202.383165][T11897] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  203.292033][T11908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2316'.
[  203.372063][   T24] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  203.385975][   T24] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  204.192123][T11922] 9pnet_fd: Insufficient options for proto=fd
[  204.639818][T11932] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  204.867940][    T9] IPVS: starting estimator thread 0...
[  204.953863][T11944] IPVS: using max 133 ests per chain, 319200 per kthread
[  205.598368][   T33] audit: type=1326 audit(1755869687.052:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  205.619281][   T33] audit: type=1326 audit(1755869687.052:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  205.706865][   T33] audit: type=1326 audit(1755869687.072:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  205.743620][   T33] audit: type=1326 audit(1755869687.072:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  207.692407][ T5855] Bluetooth: hci0: command 0x0406 tx timeout
[  207.722237][ T5862] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  207.725063][   T33] audit: type=1326 audit(1755869687.072:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  209.771189][   T33] audit: type=1326 audit(1755869687.072:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  209.780099][   T33] audit: type=1326 audit(1755869687.072:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  211.790341][   T33] audit: type=1326 audit(1755869687.072:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  211.799104][   T33] audit: type=1326 audit(1755869687.072:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  213.777959][   T33] audit: type=1326 audit(1755869687.072:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  215.785492][   T33] audit: type=1326 audit(1755869687.072:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  216.808430][   T33] audit: type=1326 audit(1755869687.072:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  216.817449][   T33] audit: type=1326 audit(1755869687.072:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  219.876401][   T33] audit: type=1326 audit(1755869687.072:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  219.885238][   T33] audit: type=1326 audit(1755869687.072:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  220.895656][   T33] audit: type=1326 audit(1755869687.072:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  220.904115][   T33] audit: type=1326 audit(1755869687.072:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  221.905074][   T33] audit: type=1326 audit(1755869687.072:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  221.914202][   T33] audit: type=1326 audit(1755869687.072:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  222.868054][   T33] audit: type=1326 audit(1755869687.072:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  222.876762][   T33] audit: type=1326 audit(1755869687.072:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  222.885426][   T33] audit: type=1326 audit(1755869687.072:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  222.894547][   T33] audit: type=1326 audit(1755869687.072:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11961 comm="syz.3.2341" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ba418ebe9 code=0x7ffc0000
[  255.948708][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  317.267837][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  378.507340][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  439.764323][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  500.986000][ T1362] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
13:31:17  Registers:
info registers vcpu 0

CPU#0
RAX=00000000000000f6 RBX=0000000000000200 RCX=000000000000083f RDX=0000000000000000
RSI=00000000000000f6 RDI=000000000000083f RBP=ffffc900033dfbe0 RSP=ffffc900033dfad8
R8 =ffffc900033dfb67 R9 =1ffff9200067bf6c R10=dffffc0000000000 R11=fffff5200067bf6d
R12=ffff88804b031401 R13=0000000000000000 R14=0000000000000000 R15=ffff88804b0314b0
RIP=ffffffff810015d0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f559e5736c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055fd63560580 CR3=00000001103b6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff8b792154 RBX=ffffffff902769a8 RCX=ffffffff902769ac RDX=ffffffff902769a0
RSI=ffffffff90db66a6 RDI=ffffffff8be33620 RBP=ffffffff902769a8 RSP=ffffc9000467f6f8
R8 =0000000000000003 R9 =0000000000000000 R10=ffffc9000467f818 R11=ffffffff81ac3810
R12=ffffffff8b7921dc R13=ffffffff902769a4 R14=ffffc9000467f7c8 R15=ffffffff902769a8
RIP=ffffffff8172d40c RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8ba4f116c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055fd635647a8 CR3=000000012a828000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=00007f8ba4f105a0 00007f8ba4f10580
XMM02=00007f8ba4f106e0 00007f8ba4f10560 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00007f8ba4f105a0 XMM05=0000000000000000 00007f8ba4f106e0
XMM06=00007f8ba4f106e0 00007f8ba4f10560 XMM07=00007f8ba4f105a0 00007f8ba4f10580
XMM08=d4ff3e6f78d4fc52 9fe6cd833fce95b8 XMM09=0000000000000000 00007f8ba4212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
