last executing test programs:

3.844379629s ago: executing program 2 (id=1944):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$f2fs(&(0x7f00000105c0), &(0x7f0000010600)='./file0\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0063edcea4", @ANYRESHEX=0x0], 0x1, 0x105c7, &(0x7f0000020c40)="$eJzs3EtvG1UbB/DHzdvr25YI9bZBjIRAiVRbcZJWZYNSaFSQSBVxWbACx3Yst7Ynip0L3SHBjo/CBvEBWFSw4HuwQyyQ2CGBPDNBSWmlKnXjpPn9pOn/zJlznjnjKpGOHTmAY2sy+fOPUlyMsxExERHnI7J2qTgyC3lci4jXI+LErqNU9P/bcSoizkXExWHxvGapuHTh0eKj32/dvvTjz6/dnZx46/r4nhoYtzcjoruWt7e6eaatPO8X/bXNdpbd+c0i8wvdB8V5mudWcyWrsFXbGVfLcq6Vj0/XNvrDXO3U6sNstVez/rVefsP+ZmunTjbhfm09O280V7Js99MsWw/zdW0X+bA/yOs0inpfZuVjMNjJvL+53cyfZ+1BlvXeoOjP66aN5vYwN4ssbhf1tNPI1rGy75f50Puw3dvYTjab6/122ktuVKq3KtWb5ep62mgOmvPlWrdxcz6ZanWGw8qDZq270ErTVqdZqafd6WSqVa+Xq9Vk6k5zpV3rJdVqZa4yU74xXbSuJ3fvfZp0GsnUMN9t9zYG7U4/WU3Xk3zGdDJbmXt7Onmjmnz81XKy/NHi4tLyJ5/f+eze7aUP3isG/WdZydTszOxsuTpTnq1OvzTPvzSO57/2fNM57krjXgDA0WP/D4yD/b/9fxzY/vf74m4Hvv89cTie/0D2/2f38/9/Zj+TYIf9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAsfXryR/ezxqT+fn/i/4LRderEXE1Iq5ExOWI+PsJJuLUnpqXIqJUtJ80/uRja/ipFFmF4ZzTxXEuIhaK469XXvSrAAAAAEfeiadd+O6Xr7+JmBg2s3/eOchVMW7FmzZnRlUve8vnf6Oqdikrtj2iapd3So7ElYg4OfnbiKpdHf6Mnv9iRNWeycSeOLMrSnk89XcGAABwdO3dCYxs9wYAAMCh8+24F8DzevwP6p9tfGnX1OKz4NN5FB8Int1zBgAAABxBpXEvAAAAAHjhsv2/7/8DAACAl1v+/X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/sHP3uIkDURzAn2G9y35p0YqPq1CttqTgEDlCypQpktuk4wyRECfIAUiXI0QQYSZSjFBSeCwr6PeTzIwt+OsZqudBAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJsey+X8bn1z2zRnu2smz90AAAAAp2zK5byaDA/nP9P13+nS34iYRsQkIsYRcap378fXWuYoIoo0P/X+8qiG+4gqYf+Zb+n4ERH/0/H8p+1vAQAAAM7XejVbRPT30+rlXxw18pyz9FsPcuVVj3y+5EobVWFXmdLGr5FZTCKiHD5lSptGRO/XRaa09Pzsff3aMHgzFIeh91FCcd2oRAAAoAP1TmDfvT10Wg8AAABtuey6ALpRrdem/+KnteC0cpgWBL/XzgAAAIBPqOi6AAAAAKB1Vf9v/z8AAAA4b4f9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTplzO16vZomnOdtdMnrsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADghf15R4EQCIMw2Lu+7zR4/2NJg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf7cnUAIBEEY7Dv/c1rMPyxp0BhEqIKFjxnmYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrA/9ygKA2Ech9/M7rJJvUfYPuzHGWysRI/gBwiBnMEDeCEbK9vgRfQKCjqprSSFz9P8/sUMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr+ny8MRbRBSR+pkijTdfp/eI+Ii07brR520Wu/OxLe9ztj9Myv7+9LuKiCqKJ/8EAGAYdd88Vutm+ZP7m/uX+59bz9tmMeSjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4snP/rE2EcRzAnyRNtE52EMFJqYggGpNoyZBFodC3EdsYiqlKmsEWl+4uvgTBQcQtL8HB3UUcBP/MBRVcXJQkl/qUFrkOuYT284Hn8stx3D1PhsD3fpcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCR7O6Ea+M6F0K4MPevHvj44+nqYa9v+4vnxmN54dX3+JyDUxRDCPfXO62bGa5lll1Oedzm1vaDZqfT6ioUCsVeMeEvKAAAjpViMga5/kuxvzLYl2uE8OfF/vx/JapDyvz/7Nvru/G14vxfyWyFsy1t/i/3Nh6XN7e2r69vNNutduvhUu1WpVq9XVsqD2+nlN1UAQAA4D9KyYjzf75xsP9/JqpDyvx/79PnN/G1CvL/AUfv/094QgAAACfYwsVfP3OH7M+VSuFJs9frVkbbvffV0XYKU00vWdCpZMT5v9CY8twAAACATOzu5Pb1/9eiOqTs/5+9874dn7MQQphP+v83Vh911rJbzsyapd//T3ipAAAATNF8MuL+f3H4/H/+0viYfAjh6uKoTv4GMFX+//Du5fn4WvHz/7XsljiT8vXR55Em/w+PrYcwV89gYgAAABxLp5MxyP9fi/2V7u/nyyXP/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwlx07RmkgiAIAutnNKhZiQGysBLUV7awCFoJ4DVEQbOzTeABPkyPYp1VLa0nhDeTP7oik0ICyCfoezP7PzsD8nWr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN+anhQ7Oa/iMWjysn339Da6iPg8E8PDeHcrRuS9bsteQvWXs/04o+POigEAAOCfqnJ/XxTFSz0+i1gOU/+/H/laOzdab2Lu52f7/hxz7x9j+/X28WOjQbNPdMNX1zeXh5194XLbm3Pdxhxr0l1Cc0NTpaua8vxuc1qnU+/dTyanKyld/VnFAMBvOMixTfL/UcSjRRYGwJ/Vb0fxqf+vhoutCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAL7wEAAP///r1cWg==")
sendmsg$sock(0xffffffffffffffff, 0x0, 0x4000)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0xbb)

2.770981788s ago: executing program 2 (id=1951):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2c2e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00220500000077cd6f"], 0x0}, 0x0)

2.221294376s ago: executing program 2 (id=1956):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller0\x00', @random="b524732b4e4a"})
writev(r0, &(0x7f0000000400)=[{&(0x7f00000001c0)="89e7ee2c78dad9b4b473fec988a858", 0xf}, {&(0x7f0000000540)="4acfb717f0", 0x5}], 0x2)

2.221004172s ago: executing program 2 (id=1957):
r0 = io_uring_setup(0x2feb, &(0x7f0000000040)={0x0, 0x5503, 0x2, 0x2, 0x11d})
io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x700, 0x0)

2.151294763s ago: executing program 2 (id=1958):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000000b010200000000000000000300000008000240009b"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0)

2.150896279s ago: executing program 2 (id=1959):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="240000001800010600000000000000001c140000fe000001000000000400"], 0x24}}, 0x0)
symlink(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, 0x0, 0x0)
syz_usb_connect(0x0, 0xc06, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000862c6b203b0904a10100010203010902f40b03000010"], 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x692, &(0x7f0000000280)={0x0, 0xb2ef, 0x80, 0x3, 0x145})
syz_clone(0xc98b0700, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x40808)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)

1.561367505s ago: executing program 0 (id=1960):
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x2008018, &(0x7f0000001a00)=ANY=[], 0x5, 0x1f5, &(0x7f0000001000)="$eJxiGAWjYBSMWPDo4dcHvU4WIToMDAw8DCoM7FDxF8wINUxI6u/MLNWeaus6Z9PtpUfy+Gp3oZvHTqL9IGsOODIzlDBwQkX+/0eWVwGTjCwgV6hAxUIZmBg0GRgY9kO1qELFExiYGMKg7FQGRoZIKDsLiZ0PsyYnVS85PyclLTMn1QBEGIIIIxBhjGw/CwMDw9tGRoYUBgYGDrDr/v9nRJIvrqzKTszJSS1CZ7D+h9mDIUUqA1/4gd3nyMRgCw+9//9B8RXR0dwI4uuBCDZUPYYMTAyGULYxAyNDMJRtwcDOoKenhwgSJP9LsSDMZybG/1RjMKOLVKCpSXiES7ugLi0dRiUGKx3CcJSBzGBEFwFlaLiI2NtdpzF1PSXWii8FkIyBKcVItyyDxgAXXAwMDBhSl7hIM7AkFtVfsHIFq2JE+QQqvdWRyicWBhZ4+aFfklugX1xZpZuZm5iemp6aZ2RkbGZgYmBgaqQPLoggJEa59wde/nGAyycuJPNZcZSVbIxsDBWJJSVFhhUMDCVFhnC+EYREKnGDt+W/AethApd/TAwayhAzGGHFKY6KjhGKmcA0iKXBjMM5o2AUjIJRMApGwSgYBaNgFIyCUTAKRsEoGAWjYBSMglFAIpBnYASPgkInqv7jAEYBYNWAAAAA//+pLl8O")
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x0, 0x0}, 0x10)
creat(&(0x7f0000000240)='./bus\x00', 0xc2)
io_setup(0x7f, 0x0)
getdents(r0, 0x0, 0x0)

1.33798392s ago: executing program 0 (id=1961):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x2084811, 0x0, 0xf9, 0x0, &(0x7f0000000240))
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffa)
sendfile(r0, r0, 0x0, 0x800000009)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000480)='./file1\x00', 0x124681a, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYRES64, @ANYRES16], 0xb, 0x0, &(0x7f00000000c0))

720.958906ms ago: executing program 1 (id=1969):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xbf, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x37, @time={0x65757100, 0x316575}})

608.638931ms ago: executing program 1 (id=1970):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x1494)
fcntl$setstatus(r0, 0x4, 0x0)
fcntl$setstatus(r0, 0x4, 0x42400)

539.982562ms ago: executing program 1 (id=1971):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x11}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

539.491784ms ago: executing program 1 (id=1972):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB='quota,iocharset=cp437,noquota,errors=continue,discard=0x00000\x00\x00000000004,errors=continue,quota,discard,grpquota,\x00'], 0x1, 0x60b9, &(0x7f0000013cc0)="$eJzs3UuPHFfZB/Cn+jaXvEmsLKK8FkKTxFxCiK/BGALEWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo8zma6eOb+fNK56+lRNn/K/qy9TVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgf/uDH56qIuPqrdMOJiP+LfkQvYqWp1yJiZe1EXn4QES/EdnM8HxHDpYhm/e1/no14PSI+eibiwcO7683N5/fZj+//+R9/+MlTP/r7n4Zn/vuX2/03pi13585v//PXewfbZgAAAChNXdd1lT7mn0yf73tddwoAmIv8+l8n+Xb1wtWbC9YftVqtVh/Buq2e7F67iIjN9jrNewaH4wHgiNmMj7vuAh2Sf9EGEfFU150AFlrVdQc4FA8e3l2vUr5V+/Vgbac9nwuyJ//Navf6jmnTWcbPMZnX42sr+vHclP6szKkPiyTn3xvP/+pO+ygtd9j5z8u0/Ec7lz4VJ+ffH89/zPHJvzcx/1Ll/AdPlH9f/gAAAAAAsMDy3/9PdHz8d+ngm7Ivjzv+uzanPgAAAAAAAADA5+2g4//tMv4fAAAALKzms3rjd888um3ad7E1t1+pIp4eWx4oTLpYZrXrfgAAAAAAAAAAAABASQY75/BeqSKGEfH06mpd181P23j9pA66/lFX+vZDybp+kgcAgB0fPTN2LX8VsRwRV9J3/Q1XV1frenlltV6tV5by+9nR0nK90vpcm6fNbUujfbwhHozq5pctt9Zrm/V5eVb7+O9r7mtU9/fRsfnoMHAAiIidV6MHXpGOmbp+Nrp+l8PRYP8/fuz/7EfXj1MAAADg8NV1XVfp67xPpmP+va47BQDMRX79Hz8uoFar1Wq1+vjVbfVk99pFRGy212neMxiOHwCOmM34uOsu0CH5F20QES903QlgoVVdd4BD8eDh3fUq5Vu1Xw/S+O75XJA9+W9W2+vl9SdNZxk/x2Rej6+t6MdzU/rz/Jz6sEhy/r3x/K/utI/Scoed/7xMy7/ZzhMd9KdrOf/+eP5jjk/+vYn5lyrnP3ii/PvyBwAAAACABZb//n9ioY7/jj7r5sz0uOO/a4d2rwAAAAAAAABwuB48vLuer3vNx/+/MGE5138eTzn/Sv5Fyvn3xvL/6thy/db8/bce5f/vh3fX/3j7X/+fp/vNfynPVOmRVaVHRJXuqRqk6UG27tO2hv1Rc0/DqtcfpHN+6uE7cT1uxEac3bNsL/1/PGo/t6e96elwu73u77Sf39M+2G3P61/Y0z5MZzrVK7n9dKzHz+NGvL3d3rQtzdj+5Rnt9Yz2nH/f/l+knP+g9dPkv5raq7Fp4/6HvU/t9+3ppPu5fP2Lvzl7+Jsz01b0d7etrdm+lzroz/b/yVOj+OWtjZun71y7ffvmuUiTPbeejzT5nOX8h+ln9/n/5Z32/Lzf3l/vfzh64vwXxVYMpub/cmu+2d5X5ty3LuT8R+kn5/92ap+8/x/l/Kfv/6920B8AAAAAAAAAAAAAAAB4nLquty8RvRwRF9P1P11dmwkAzNfl9JUbdZJvn1fdn/P9qdVHvK4WrD9zrT+pF6s/avVRrNvqyd5sFxHxt/Y6FyPi15N+GQCwyD6JiH923Qk6I/+C5e/7a6anuu4MMFe33v/gp9du3Ni4eavrngAAAAAAAAAAn1Ue/3OtNf7zqbqu740tt2f817di7aDjfw7yzO4Ao1MGqu4/+TY9zlZv1O+1hht/MaaN/z3cnXvc+N+DGfc3nNE+mtG+NKN9eUb7xAs9WnL+L7bGOz8VESfHhl8vYfzX8THvS5Dzf6n1eG7y/8rYcu38698f5fx7e/I/c/u9X5y59f4Hr11/79q7G+9u/OzCuXNnL1y8eOnSpTPvXL+xcXbn3w57fLhy/nnsa+eBliXnnzOXf1ly/l9KtfzLkvP/cqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP/XUi3/suT8X021/MuS8/96quVflpz/a6mWf1ly/qdTLf+y5PzPpHqf+a8cdr+Yj5x/PsJl/y9Lzj+f2SD/suT8z6da/mXJ+V9ItfzLkvN/PdXyL0vO/xupln9Zcv4XUy3/suT8v5lq+Zcl538p1fIvS87/W6mWf1ly/t9OtfzLkvN/I9XyL0vO/zupln9Zcv7fTbX8y5Lz/16q5V+WnP+bqZZ/WR59/78ZM2bM5Jmun5kAAAAAAAAAAAAAgHHzOJ24620EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt69xsh11vcDP3v12rkZCPk7+RtYO8YYZ5NdX+ILrYsJ14Zbya2kl9iud+0s+BavXZI0kh0FSiSMiirahhdtAUVt3lRYVV7QKqC8QK0qVSLtC/oGUaHyIqoCCkiV2ipkqznzPM/OzJ6d2bUn9sw5n48U/7wzZ+acOXPm7H7X+c4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA02vD+mS8OZFlW+y//Y22WXVv7++rxtfll77naWwgAAABcrl/mf756Q7pg/zJu1LDMP779+8/Pz8/PZ58e+pORr87PpyvGs2xkVZbl10UXf/zgQOMywVPZ2MBgw9eDHVY/1OH64Q7Xj3S4frTD9as6XD/W4fpFO2CR1fXfx+R3tin/69r6Ls1uzEby6zYV3OqpgVWDg/F3ObmB/DbzI0ey2exYNpNNNS1fX3YgX/6FDbV1fSSL6xpsWNf62hHy8ycOx20YCPt4U9O6Fu4z+un7svFf/PyJw3915pWbi2bH3dB0f/Xt3LKxtp2fD5fUt3UgW5X2SdzOwYbtXF/wnAw1bedAfrva31u389VlbufQwmZeUa3P+Vg2mP/9pXw/DTf+Wi/tp/Xhsv++Ncuy8wub3brMonVlg9mapksGF56fsfoRWbuP2qH05mx4RcfphmUcp7U5van5OG19TcTnf0O43fAS29D4NP30ydGG5/21+Us5TqPao17qtdJ6DHb7tdIrx2A8Ll7KH/TThcfgpvD4n9i89DFYeOwUHIPpcTccgxs7HYODo0P5NqcnYSC/zcIxuK1p+aF8TQP5fHlz+2Nw8szxU5Nzjz1+++zxQ0dnjs6c2LFt29SOXbv27NkzeWT22MxU/c9L3Nu9b002mF4DG8O+i6+Bd7Us23iozn9jdNH591Jfh2NtXodrW5bt9utwuPXBDVyZF+TiY7r+2rivttPHLgxmS7zG8udn6+W/DtPjbngdDje8Dgu/pxS8DoeX8TqsLXNq6/J+Zhlu+K9oG5b+XnB5x+DahmOw9eeR1mOw2z+P9MoxOBaOix9uXfp7wfqwvU9PrPTnkaFFx2B6uOHcU7sk/bw/ticfRcflLbUrrhnNzs7NnL7j0UNnzpzeloVxRbyl4VhpPV7XNDymbNHxOrji43X/7NufvqXg8rVhX43dXvtjbMnnqrbMzjvaP1f5d7fi/dl06fYsjC670vuz6Lt5bX+OZtnXvvfkPd954mvvX3J/1vLm5ycv/2fxlEsbzr8jS5x/Y+5/vb6+dFdPDY0M11+/Q2nvjDSdj5ufquH83DWQr/vVyeWdj0fCf1f6fHxjm/PxupZlu30+Hml9cPF8PNDptx2Xp/X5HAvHybGp9ufj2jLrtq/0mBxuez6+NcyBsP/fHZJCykUNx85Sx21a1/DwSHhcw3ENzcfpjqblR0I2q63rue2XdpxuubV+X0Pp0S24UsfpeMuy3T5O0+++ljpOBzr99u3StD6fY+G4uHFH++O0tsyLOy//3Lk6/rXh3Dna6RgcGRqtbfNIOgjz8302vzoeg3dkh7OT2bFsOr92ND+eBvJ1Tdy5vGNwNPx3pc+V69ocg1talu32MZi+jy117A0ML37wXdD6fI6F4+KZO9sfg7VlPrC7uz+7bgmXpGUafnZt/f3aUr/zuqVlN71Rx8pw2M7v7W7/u9naMsf2rDRntt9Pt4VLrinYT62v36VeU9PZldlP68J2vrJn6f1U257aMl/du8zjaX+WZeceuSv/fW/495W/PfuD55v+3aXo33TOPXLXz6478g8r2X4A+t/r9bGm/r2u4V+mlvPv/wAAAEBfiLl/MMxE/gcAAIDSiLk//l/hifwPAAAApRFz/3CYSUXy/7oPvDL7+rksNfPng3h92g1315eLHdep8PX4/ILa5Xc9O/Nff39ueesezLLstbv/oHD5dXfH7aobD9t58YPNly/y/O3LWvfB+8+l9Tb2178e7j8+nuUeBkUV3Kksy1644cv5esYfvJDPF+8+mM97zj/9VG2ZV/fWv463f/kt9eX/PJR/9x851HT7l8N++EmYUx8t3h/xdt+68O71ux9YWF+83cDG6/OH/cxD9fuN75Pzlafqy8f9vNT2f+dLz32rtvyj7yze/nODxdv/XLjfZ8P8n7fVl298Dmpfx9t9IWx/XF+83R3f/G7h9l/8Yn35Ux+qL3cwzLj+LeHrTR96ZbZxfz06cKjpcWUfri8X1z/1gz/Kr4/3F++/dfvHDlxo2h+tx8eL/1q/n8mW5ePlcT3R37Wsv3Y/jcdnXP9zf3iwaT93Wv/Fe15+W+1+W9d/W8typx7Zmq9/4f6a37HpL77w5cL1xe3Z/zenmh7P/k+F13FY/zMPheMxXP+/F+v31/ruCgc/1Xz+ict/fe25pscTfeQX9fVffO/RfK4aW73mmmuvu/78O2r7LsteWlW/v07rP/qXJ5u2/xs31fdHvD529FvXv5S4/tOfmzhxcu7s7HTaq0/ckL93zsfq2xO394Zwbm39+sDJMw/PnB6fGp/KsvHyvoXeJftmmD+rj/Ptl55fdAbden94Pm/5sxfWbP6XL8XL/+2++uUXPlr/vvWusNxXwuVrw/O3svUv9syGm/LX98CLYQvnF79f8OVYv+k/9yxrwfD4W38uiMf7qbc+nO+H2nX59434ur7M7f/RdP1+vh3263x4Z+aNNy2sr3H5+N4IF+6tv94ve/+F01x8Xv86PN8f/0n9/uN2xcf7o/BzzHfXNZ/v4vHx7XODrfefv4vH+XA+yc7Xr49Lxf194dWbCjcvvg9Jdv7m/Os/Tvdz84oe5lLmHpubPDZ74uyjk2dm5s5Mzj32+IHjJ8+eOHMgfy/PA5/pdPuF89Oa/Pw0PbNrZ5afrU7Wxxvsam//qfsPT++e2jw9c+TQ2SNn7j81c/ro4bm5wzPTc5sPHTky87lOt5+d3rdt+94du7dPHJ2d3rdn794deydmT5ysbUZ9ozrYNfXZiROnD+Q3mdu3c++2O+/cOTVx/OT0zL7dU1MTZzvdPv/eNFG79e9PnJ45dujM7PGZibnZx2f2bdu7a9f2ju8GePzUkbnxydNnT0yenZs5PVl/LONn8otr3/s63Z5ymvv3+s+zrQbqb8SXffK2Xen9WWuefXLJu6ov0vIGoq+E96L5pzed2rOcr2PuHwkzqUj+BwAAgCqIuX80zET+BwAAgNKIuX9VmIn8DwAAAKURc/9YmElF8n/p+v/rzi1r/fr/+v+N+0v/v2L9/3t7rf9fP1/o/3fH5fbv9f8D/X/9f/1//X/9f7qg1/r/MfevzrJK5n8AAACogpj714SZyP8AAABQGjH3XxNmIv8DAABAacTcf22YSUXyv/6//r/+v/6//n/x+vX/+5P+f3v6/x3o/09m1er/n+/m9uv/6/+zWK/1/2Puvy7MpCL5HwAAAKog5v7rw0zkfwAAACiNmPtvCDOR/wEAAKA0Yu5fG2ZSkfyv/6//r/+v/6//X7x+/f/+pP/fnv5/B/r/Pv9f/1//n67qtf5/zP1vCjOpSP4HAACAKoi5/81hJvI/AAAA9J7hS7tZzP1vCTNZlP8vcQUAAADAVRdz/41ZSxG8Iv/+r/+v/6//r/+v/1+8/uX3/4cy/f/eof/fnv5/B/r/+v/6//r/dFWv9f/z3J+NZW8NM6lI/gcAAIAqiLn/pjAT+R8AAABKI+b+/xdmIv8DAABAacTcvy7MpCL5X/9f/1//X/9f/794/T7/vz/p/7en/9+B/r/+v/6//j9d1Wv9/5j7bw4zqUj+BwAAgCqIuf+WMBP5HwAAAEoj5v7/H2Yi/wMAAEBpxNy/PsykIvlf/7/H+/+xOar/r/+v/6//r/+/LPr/7en/d6D/r/+v/6//T1f1Wv8/5v63hZlUJP8DAABAFcTc//YwE/kfAAAASiPm/neEmcj/AAAAUBox94+HmVQk/+v/93j/3+f/6//r/+v/6/+viP5/e/r/Hej/6//r/+v/01W91v+PuX9DmElF8j8AAABUQcz9G8NM5H8AAAAojZj7bw0zkf8BAACgNGLu3xRmUpH8r/+v/6//r/+v/1+8fv3//qT/357+fwf6//r/+v/6/3RVr/X/Y+5/Z5hJRfI/AAAAVEHM/ZvDTOR/AAAAKI2Y+98VZiL/AwAAQGnE3L8lzKQi+V//X/9f/1//X/+/eP36//1J/789/f8O9P/1//X/9f/pql7r/8fc/+4wk4rkfwAAAKiCmPu3hpnI/wAAAFAaMfffFmYi/wMAAEBpxNw/EWZSkfyv/6//r/+v/6//X7x+/f/+pP/fnv5/B/r/+v/6//r/dFWv9f9j7r89zKQi+R8AAACqIOb+O8JM5H8AAAAojZj7J8NM5H8AAAAojZj7p8JMKpL/9f/1//X/9f9X1P9/x8L96v/X6f/3Fv3/9vT/O9D/1/+/6v3/Ef1/SqXX+v8x928LM6lI/gcAAIAqiLl/e5iJ/A8AAAClEXP/jjAT+R8AAABKI+b+nWEmFcn/+v/6//r/+v8+/794/fr//Un/v73u9//jQ9T/1//X//f5//r/LNZr/f+Y++8MM6lI/gcAAIAqiLl/V5iJ/A8AAAClEXP/7jAT+R8AAABKI+b+PWEmFcn/+v/6//r/+v/6/8Xr1//vT/r/7fn8/w70//X/9f/1/+mqXuv/x9y/N8ykIvkfAAAAqiDm/veEmcj/AAAAUBox9/9KmIn8DwAAAKURc/+vhplUJP/r/+v/6//r/+v/F69f/78/6f+3p//fgf6//r/+v/4/XdVr/f+Y+/eFmVQk/wMAAEAVxNz/a2Em8j8AAACURsz97w0zkf8BAACgNGLu3x9mUpH8r/+v/6//r/+v/1+8fv3//qT/357+fwf6//r/+v/6/3RVr/X/Y+5/X5hJRfI/AAAAVEHM/XeFmcj/AAAAUBox978/zET+BwAAgNKIuf8DYSYVyf/6//r/+v/6//r/xevX/+9P+v/t6f93oP+v/6//r/9PV/Va/z/m/g+GmVQk/wMAAEAVxNz/oTAT+R8AAABKI+b+D4eZyP8AAABQGjH3fyTMpCL5X/9f/1//X/9f/794/fr//Un/vz39/w70/0vW/x+/Tv9f/583SlECWuzS+v/XvrbkCi+z/x9z/6+HmVQk/wMAAEAVxNx/d5iJ/A8AAAClEXP/R8NM5H8AAAAojZj7PxZmUpH8r/+v/6//r/+v/1+8fv3//qT/316f9f9/eX24XP+/Tv+/t7e/J/v/P16q/z+/qvX2+v+8ES6t/1+oK/3/mPs/HmZSkfwPAAAAVRBz/yfCTOR/AAAAKI2Y+z8ZZiL/AwAAQGnE3P8bYSYVyf/6/7XtWGgv6//r/+cX6P/r/+v/9y39//b6rP/v8/9b6P/39vb3ZP/f5/9zlfVa/z/m/k+FmVQk/wMAAEAVxNx/T5iJ/A8AAAClEXP/vWEm8j8AAACURsz994WZVCT/6//7/H/9f/1//f/i9ev/9yf9//b0/zvQ/9f/77X+/3/o/9Pfeq3/H3P//WEmFcn/AAAAUAUx9z8QZiL/AwAAQGnE3P+bYSbyPwAAAJRGzP2fDjOpSP7X/++X/v+4/r/+v/5/y+PR/9f/L6L/357+fwf6//r/vdb/9/n/9Lle6//H3P9gmMny8//YspcEAAAAroqY+38rzKQi//4PAAAAVRBz/2+Hmcj/AAAAUBox9/9OmElF8r/+f7/0/33+f6b/r//f8nj0//X/i1y5/n888+j/6//r/0f6//r/+v+06rX+f8z9vxtmUpH8DwAAAFUQc/9DYSbyPwAAAPSFov8nu1XM/QfCTOR/AAAAKI2Y+w+GmVQk/+v/6//r//do//9PN/7zD7//iYPb9P/1//X/V+SKfv5/7cXv8//1//X/E/1//X/9f1r1Wv8/5v5DYSYVyf8AAABQBTH3/16YifwPAAAApRFz/+EwE/kfAAAASiPm/ukwk4rkf/1//X/9/x7t//fx5//H/aH/36xr/f940tX/L3RF+/8PLPTE9f9X2v8fLbxU/1//v5+3X/9f/5/Feq3/H3P/TJhJRfI/AAAAVEHI/YNH6nPhCvkfAAAASiPm/qNhJvI/AAAAlEbM/Q+HmVQk/+v/6//r/+v/+/z/4vX3bP/f5/+3pf/fXu/0/4vp/+v/9/P26//r/7NYr/X/Y+6fDTOpSP4HAACAKoi5/zNhJvI/AAAAlEbM/Z8NM5H/AQAAoDRi7j8WZlKR/K//r/+v/6//r/9fvH79//6k/9+e/n8H+v/6//r/+v90Va/1/2PuPx5mUpH8DwAAAFUQc/+JMBP5HwAAAEoj5v6TYSbyPwAAAJRGzP2nwkz+j737aN6rLv84fuf/D2MyPAAXbtj7EFjoWh+ACzcudMZxoaPYG8FesfeCvWMBRWzYG9hQ7GLvigU76sRxcl1X8kvO79xJvJOc871er82lwXiiw4Af4T3fJvtf/6//H7b/v5v+f7/v6//1/yPT/8/T/2+h/9f/6//1/+zU0vr/3P0Pjlua7H8AAADoIHf/Q+IW+x8AAACGkbv/srjF/gcAAIBh5O5/aNzSZP+f1P8f2PTs/zPj1f+P1P97/3/f7+v/9f8jO7/9/xX//SOf/l//r/8P+n/9v/6fky2t/8/d/7C4pcn+BwAAgA5y9z88brH/AQAAYBi5+x8Rt9j/AAAAMIzc/Y+MW5rsf+//e/9f/6//1/9Pf1//v07e/5/Xqf+/7JaLH3j7dXe5/ky+r//X/+v/9f/s1tL6/9z9j4pbmux/AAAA6CB3/6PjFvsfAAAAhpG7/zFxi/0PAAAAw8jd/9i4pcn+1//r//X/+n/9//T39f/rpP+f16n/P5vv6//1//p//T+7tbT+P3f/4+KWJvsfAAAAOsjd//i4xf4HAACAYeTuvzxusf8BAABgGLn7j8QtTfa//v/c9///1v/r/+Pq//X/+v9zT/8/T/+/hf5f/6//1/+zU0vr/3P3XxG3NNn/AAAA0EHu/ifELfY/AAAADCN3/xPjFvsfAAAAhpG7/0lxS5P9r//3/r/+X/+v/5/+vv5/nfT/885//z/1Z8j96f9X3/9fpP/X/+v/OdEZ9v93zPxheyf9f+7+J8ctTfY/AAAAdJC7/ylxi/0PAAAAw8jd/9S4xf4HAACAYeTuf1rc0mT/6//1//p//b/+f/r7+v910v/PW8z7/wcOTv6w/n/1/b/3//X/+n/2WNr7/7n7nx63NNn/AAAA0EHu/mfELfY/AAAADCN3/zPjFvsfAAAAhpG7/1lxS5P9r//X/+v/9f/6/+nvz/X/15/w69P/L4v+f95i+v996P/1/2v+9ev/9f+camn9f+7+Z8ctTfY/AAAAdJC7/8q4xf4HAACAYeTuf07cYv8DAADAMHL3PzduabL/p/v/479d/3969P97f/36/+nfP3bV/+e/o/5/tv+/u/f/e9L/z9P/b6H/1//r//fr/w9v+/n6f6Ysrf/P3f+8uKXJ/gcAAIAOcvc/P26x/wEAAGAYuftfELfY/wAAADCM3P0vjFua7H/v/+v/9f/r6/+9/3/MhXz/f3Pe+/+D+v/TpP+fp//fQv+v/9f/e/+fnVpa/5+7/0VxS5P9DwAAAB3k7n9x3GL/AwAAwDqc+PcOnPw3lIbc/S+JW+x/AAAAGEbu/pfGLU32v/5f/6//1//37v8PraT/9/7/6dL/z9P/b3Fh+/8Dg/b/Bwfr/6/a7+cvof+/XP/Pwuzp/284/uMXqv/P3f+yuKXJ/gcAAIAOcve/PG6x/wEAAGAYuftfEbfY/wAAADCM3P2vjFua7P9z3v8f3v/b+n/9v/5f/3/h+/+1vP+v/z9d+v95+v8tvP/v/X/v/+v/2ak9/f8JLlT/n7v/VXFLk/0PAAAAHeTuf3XcYv8DAADAMHL3XxW32P8AAAAwjNz9r4lbmux/7//r//X/+n/9//T39f/rpP+fp//fQv+v/9f/6//ZqaX1/7n7Xxu3NNn/AAAA0EHu/tfFLfY/AAAADCN3/+vjFvsfAAAAhpG7/w1xS5P9r/8/t/1//rj+X/+/0f/r//X/50Xb/v/A1J+JTrVP/3/T/Y/cc++P6P/1//p//b/+nx1YRP9/9Pj/uszd/8a4pcn+BwAAgA5y978pbrH/AQAAYBi5+98ct9j/AAAAMIzc/W+JWwbZ/4e2/Hb9v/f/9f/6f/3/9Pf1/+vUtv8/Td7/30L/r//X/+v/2alF9P8n/PPc/W+NWwbZ/wAAAMCmdv/b4hb7HwAAAIaRu//tcYv9DwAAAMPI3f+OuKXJ/tf/6//1//p//f/09/X/66T/n6f/30L/r//X/+v/2aml9f+5+6+OW5rsfwAAAOggd/874xb7HwAAAIaRu/9dcYv9DwAAAMPI3f/uuKXJ/tf/6//1//p//f/09/X/66T/n6f/32w218z8Aqb6/6N30v/r//X/+n/O0tL6/9z974lbmux/AAAA6CB3/zVxi/0PAAAAw8jdf23cYv8DAADAMHL3vzduabL/9f/6f/2//l//P/19/f866f/n6f+38P6//l//r/9np5bW/+fuf1/c0mT/AwAAQAe5+6+LW+x/AAAAGEbu/vfHLfY/AAAADCN3//VxS5P9r//X/+v/9f/6/+nv6//X6dz1/xv9v/5f/7+F/l//r//nZEvr/3P3fyBuabL/AQAAoIPc/R+MW+x/AAAAGEbu/g/FLfY/AAAADCN3/4fjlib7X/+v/9f/6//1/9Pf1/+vk/f/5+n/t9D/6//1//p/dmpp/X/u/o/ELU32PwAAAHSQu/+GuMX+BwAAgGHk7v9o3GL/AwAAwDBy938sbmmy//X/+v+9/f9mo//X/+v/jzkP/f+hjf5/5/T/8/T/W+j/x+z//28zUP9/eN+fr/9niZbW/+fu/3jc0mT/AwAAQAe5+z8Rt9j/AAAAMIzc/Z+MW+x/AAAAGEbu/k/FLU32v/5f/+/9f/2//n/6+97/Xyf9/zz9/xb6/zH7f+//6/+5YJbW/+fu/3Tc0mT/AwAAQAe5+z8Tt9j/AAAAMIzc/Z+NW+x/AAAAGEbu/s/FLU32v/5f/6//1//r/6e/r/9fJ/3/PP3/Fvp//b/+X//PTi2t/8/d//m4pcn+BwAAgA5y998Yt9j/AAAAMIzc/TfFLfY/AAAADCN3/xfilib7X/+v/9f/r7P/P6T/1//r/yctpf+/9NJ73Kz/1//r//X/+n/9f3dL6/9z938xbmmy/wEAAKCD3P1filvsfwAAABhG7v4vxy32PwAAAAwjd/9X4pYm+//U/v+izbFC9Zip/j8aNf3/CfT/e3/9+v/p3z+8/6//1/+fe0vp/73/f3a/fv2//n/Nv/4z6v8vOfXn6/8Z0dL6/9z9N8ctTfY/AAAAdJC7/6txi/0PAAAAw8jd/7W4xf4HAACAYeTuvyVuabL/vf+v/9f/6//1/9Pf1/+vk/5/nv5/C/2//t/7/w+67//r/9mdpfX/ufu/Hrc02f8AAADQQe7+b8Qt9j8AAAAMI3f/N+MW+x8AAACGkbv/W3FLk/2v/9f/6//1//r/6e/r/9dJ/z9P/7+F/l//r//3/j87tbT+P3f/t+OWJvsfAAAAOsjd/524xf4HAACAYeTu/27cYv8DAADAMHL3fy9uabL/d9//X6L/D/r/pfT/99H/n/R9/b/+f2T6//wz+jT9/xb6f/2//l//z04trf/P3X9r3NJk/wMAAEAHufu/H7fY/wAAADCM3P0/iFvsfwAAABhG7v4fxi1N9r/3/3v1/wc2Hft/7//r//X/nej/5+n/t9D/6//1//p/dmpp/X/u/h/FLU32PwAAAKzVve76gFtP91+bu//HcYv9DwAAAMPI3f+TuMX+BwAAgGHk7v9p3NJk/+v/e/X/Pd//1//r//X/nej/5+n/t9D/6//1//p/dmpp/X/u/p/FLScMv4Nn/J8SAAAAWJLc/T+PW5r89X8AAADoIHf/L+KWU/b/0dP8u9oBAACApcnd/8u4pclf/9f/L7z/34zf/9+20f/r/4/R/+v/d0H/P+9/7P+PHtD/6/9n6P/1//p/Tra0/j93/6/ilib7HwAAAAa15/9RyN3/67jF/gcAAIBh5O7/Tdxi/wMAAMAwcvf/Nm5psv/1/wvv/8/q/f/D9Y/W0P97//8c9v9XHpr8vv5f/z8y/f887/9vof/X/+v/9f/s1NL6/9z9t8UtTfY/AAAAdJC7/3dxi/0PAAAAw8jd//u4xf4HAACAYeTu/0Pc0mT/6/9H7P/X9f6//t/7/2ff/9/54iM33vt+116t/+e489n/5+8L+n/9v/7/GP2//l//z8mW1v/n7v9j3NJk/wMAAEAHuftvj1vsfwAAABhG7v4/xS32PwAAAAwjd/+f45Ym+1//r/9fSv+f/11fgP7/yPr6/2yKu/f/3v/X/5/K+//z9P9b6P/1//p//T87tbT+P3f/X+KWJvsfAAAAOsjd/9e4xf4HAACAYeTu/1vcYv8DAADAMHL3/z1uabL/9f/6/6X0/8n7/8d/nvf/j9H/6//PhP5/nv5/C/2//l//r/9np5bW/+fu/0fc0mT/AwAAQAe5+++IW+x/AAAAGEbu/n/GLfY/AAAADCN3/7/ilib7X/+v/9f/6//1/9Pf1/+vk/5/nv5/C/2//l//r/9np5bW/+fu/08AAAD//6cRdCE=")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

407.176978ms ago: executing program 0 (id=1973):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x44, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x30, 0x18, 0x0, 0x0, @binary="0dac0f000bac0f005608936caaf06bec869c1eba340c8e5349c00de3bf542907da861ef4bbab00d0043522c1"}]}, 0x44}, 0x1, 0x0, 0x0, 0x42804}, 0x84)

292.351025ms ago: executing program 1 (id=1974):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x27}}}}, &(0x7f0000000140)=0x84)

120.966651ms ago: executing program 0 (id=1975):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)={0x1c, r0, 0x1, 0x80, 0x6, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004044}, 0x0)

120.725376ms ago: executing program 1 (id=1976):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c04, &(0x7f0000000340), 0x1, 0x779, &(0x7f0000001900)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTuZ206bmWmSJjPV+XzgZs65907O+c79cc7MPdwbQN8aT//kIg5HxLtJxGhjfhIRQ/XUYMTJjfVura0W0ymJ9fWXf0nq69xcWy1G03tSBxuZ/0fEN29FHMltLre6vDJXKJdLi438ZG3+wmR1eeXo+fnCbGm2tHB8anr62ImnThzfvVh/+37l0LX3Xnj885N/vPm/q+98m8TJONRY1hzHbhmP8cZnMpR+hHd5frcL67Gk1xVgR9JDc2DjKI/DMRoD9RQA8E/2ekSsAwB9JtH+A0CfyX4HuLm2Wsym3v4i0V3Xn4uI/RvxZ9c3N5YMNq7Z7a9fBx25mdx1ZSSJiLFdKH88Ij7+8tVP0yn26DokQCtvXI6Is2Pjm8//yaYxC9v1RIdl+xqv4/fMd/6D7vkq7f883ar/l7vd/4kW/Z/hFsfuTtz3+D+wC4V0kPb/nm0a23arKf6GsYFG7l/1Pt9Qcu58uZSe2/4dERMxNJzmpzqUMXHjzxvtljX3/359/7VP0vLT1ztr5H4aHL77PTOFWuFBYm52/XLEI4Ot4k9ub/+kTf/39BbLePGZtz9qtyyNP403mzbHH43RSXtj/UrEYy23/50RbUnH8YmT9d1hMtspWvjihw9H2pXfvP3TKS0/+y7QDen2H+kc/1jSPF6zuv0yvrsy+nW7ZfePv/X+vy95pZ7O+hGXCrXa4lTEvuSlzfOP3Xlvls/WT+OfeLT18d9p/0+/E57dYvyD137+bOfx7600/pltbf/tJ67emhtoV/7Wtv90PTXRmLOV899WK/ggnx0AAAAAAAAAAAAAAAAAAAAAAAAAbFUuIg5FksvfTudy+fzGM7z/GyO5cqVaO3KusrQwE/VnZY/FUC671eVo0/1Qpxr3w8/yx+7JPxkR/4mID4YPJNl9FGd6HDsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZA62ef5/6sfhXtcOANgz+3tdAQCg67T/ANB/tP8A0H+0/wDQf7T/ANB/tP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADssdOnTqXT+u9rq8U0P3NxeWmucvHoTKk6l59fKuaLlcUL+dlKZbZcyhcr8/f7f+VK5cJ0LCxdmqyVqrXJ6vLKmfnK0kLtzPn5wmzpTGmoK1EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPZUl1fmCuVyaVFiB4n1h6MavU8MNHanh6U+XU0kD0c1djnR6ayR687JCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBv4K8AAAD//8yLIwE=")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x167842, 0x19)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180200000600000000000000000000008500000041000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0xfe2a, 0x0, &(0x7f0000000d40)="fae56ac553d73f32", 0x0, 0x8009, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0)

120.343554ms ago: executing program 0 (id=1977):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

0s ago: executing program 0 (id=1978):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x68, 0x30, 0x9, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x80000000}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x6}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9}}}]}]}, 0x68}}, 0x8050)

kernel console output (not intermixed with test programs):

e number 11 using dummy_hcd
[  130.769937][ T5865] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  130.779020][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.781607][ T5865] usb 3-1: Product: syz
[  130.782983][ T5865] usb 3-1: Manufacturer: syz
[  130.799132][ T5865] usb 3-1: SerialNumber: syz
[  130.841136][ T5865] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  130.931260][   T96] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  131.013730][ T7304] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  131.448446][ T6079] usb 3-1: USB disconnect, device number 11
[  131.978915][   T96] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  131.982456][   T96] ath9k_htc: Failed to initialize the device
[  131.987711][ T6079] usb 3-1: ath9k_htc: USB layer deinitialized
[  132.048443][ T5903] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  132.300261][ T5903] usb 1-1: config 0 has an invalid interface number: 235 but max is 0
[  132.303698][ T5903] usb 1-1: config 0 has no interface number 0
[  132.306342][ T5903] usb 1-1: config 0 interface 235 altsetting 16 endpoint 0x5 has invalid maxpacket 65535, setting to 64
[  132.350916][ T5903] usb 1-1: config 0 interface 235 has no altsetting 0
[  132.386542][ T5903] usb 1-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18
[  132.398635][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.402042][ T5903] usb 1-1: Product: syz
[  132.403739][ T5903] usb 1-1: Manufacturer: syz
[  132.405556][ T5903] usb 1-1: SerialNumber: syz
[  132.423489][ T5903] usb 1-1: config 0 descriptor??
[  132.426619][ T7322] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  132.433532][ T5903] keyspan 1-1:0.235: Keyspan 1 port adapter converter detected
[  132.436447][ T5903] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 87
[  132.440848][ T5903] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 7
[  132.446207][ T5903] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 81
[  132.449256][ T5903] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 1
[  132.452333][ T5903] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 85
[  132.460483][ T5903] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  132.502566][ T7331] loop1: detected capacity change from 0 to 128
[  132.523591][ T7331] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  132.536375][ T7331] hpfs: filesystem error: improperly stopped
[  132.542916][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.544580][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  132.556280][ T7331] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  132.565314][ T7331] hpfs: You really don't want any checks? You are crazy...
[  132.569763][ T7331] hpfs: hpfs_map_sector(): read error
[  132.573643][ T7331] hpfs: code page support is disabled
[  132.577168][ T7331] hpfs: hpfs_map_4sectors(): unaligned read
[  132.581273][ T7331] hpfs: hpfs_map_4sectors(): unaligned read
[  132.584926][ T7331] hpfs: filesystem error: unable to find root dir
[  132.658647][ T5903] usb 1-1: USB disconnect, device number 12
[  132.682339][ T5903] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  132.694022][ T5903] keyspan 1-1:0.235: device disconnected
[  132.774822][ T7339] loop1: detected capacity change from 0 to 256
[  132.787996][ T7339] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  132.795793][ T7339] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  133.150655][ T7352] loop2: detected capacity change from 0 to 512
[  133.155354][ T7352] EXT4-fs (loop2): Test dummy encryption mode enabled
[  133.166650][ T7352] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  133.180432][ T7352] EXT4-fs (loop2): Errors on filesystem, clearing orphan list.
[  133.187966][ T7352] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  133.304384][ T7352] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  133.311512][ T7352] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters
[  133.360932][ T5861] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.447908][ T7346] loop1: detected capacity change from 0 to 40427
[  133.466726][ T7346] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  133.476431][ T7346] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  133.478353][ T5903] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  133.573764][ T7346] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  133.590766][ T7346] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  133.593314][ T7346] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  133.650465][ T5903] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.655154][ T5903] usb 1-1: config 0 interface 0 has no altsetting 0
[  133.657881][ T5903] usb 1-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00
[  133.670908][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.691750][ T5903] usb 1-1: config 0 descriptor??
[  133.776229][ T7361] loop2: detected capacity change from 0 to 32768
[  133.825881][ T7361] ERROR: (device loop2): dbAlloc: the hint is outside the map
[  133.825881][ T7361] 
[  133.833662][ T7361] ERROR: (device loop2): remounting filesystem as read-only
[  134.096037][ T7373] netlink: 72 bytes leftover after parsing attributes in process `syz.2.558'.
[  134.114062][ T5903] hid-alps 0003:044E:1215.0007: hidraw0: USB HID v0.04 Device [HID 044e:1215] on usb-dummy_hcd.0-1/input0
[  134.186363][ T7377] netlink: 'syz.1.560': attribute type 22 has an invalid length.
[  134.192413][ T7377] (unnamed net_device) (uninitialized): option ad_select: invalid value (6)
[  134.345493][ T5903] usb 1-1: USB disconnect, device number 13
[  134.755432][ T7385] loop1: detected capacity change from 0 to 32768
[  134.791614][ T7385] JBD2: Ignoring recovery information on journal
[  134.841396][ T7385] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  134.930871][ T5863] ocfs2: Unmounting device (7,1) on (node local)
[  135.132381][ T7398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.569'.
[  135.598427][ T5903] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  135.908365][ T5903] usb 1-1: config 160 has an invalid interface number: 200 but max is 0
[  135.915233][ T5903] usb 1-1: config 160 has no interface number 0
[  135.917919][ T5903] usb 1-1: config 160 interface 200 has no altsetting 0
[  135.925706][ T5903] usb 1-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  135.929766][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.933479][ T5903] usb 1-1: Product: syz
[  135.935286][ T5903] usb 1-1: Manufacturer: syz
[  135.940769][ T5903] usb 1-1: SerialNumber: syz
[  136.181961][ T5903] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  136.185786][ T5903] usb 1-1: MIDIStreaming interface descriptor not found
[  136.287417][ T5903] usb 1-1: USB disconnect, device number 14
[  136.341731][ T5871] udevd[5871]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  136.386031][ T7439] loop2: detected capacity change from 0 to 256
[  136.401837][ T7439] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  136.654317][ T7442] loop2: detected capacity change from 0 to 1024
[  136.689627][ T7442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.694616][ T7442] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.767529][ T5861] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.962463][ T7458] loop0: detected capacity change from 0 to 128
[  136.970015][ T7458] EXT4-fs (loop0): Test dummy encryption mode enabled
[  136.994862][ T7458] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  137.000878][ T7458] ext4 filesystem being mounted at /215/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  137.131325][ T7458] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  137.217948][ T5858] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  137.552218][ T7474] loop2: detected capacity change from 0 to 40427
[  137.556634][ T7474] F2FS-fs (loop2): build fault injection rate: 14
[  137.559393][ T7474] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  137.580828][ T7474] F2FS-fs (loop2): invalid crc value
[  137.584646][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  137.595337][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  137.647898][ T7474] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  137.651515][ T7474] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  137.657084][ T7474] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  137.723522][ T7474] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40
[  137.774763][ T7474] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_create+0x14c/0x5c0
[  137.782349][ T7492] random: crng reseeded on system resumption
[  137.931927][ T7496] loop0: detected capacity change from 0 to 512
[  137.936128][ T7496] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  138.498454][ T7499] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  138.508896][ T7499] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  138.657491][ T7499] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  138.660020][ T7499] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  138.668971][ T7499] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  138.671779][ T7499] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  139.252883][ T7518] Bluetooth: hci0: unsupported parameter 233
[  139.255705][ T7518] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  139.316515][ T7520] loop1: detected capacity change from 0 to 1024
[  139.320786][ T7520] EXT4-fs: Ignoring removed nomblk_io_submit option
[  139.327135][ T7520] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  139.331037][ T7520] System zones: 0-1, 3-36
[  139.337682][ T7522] loop2: detected capacity change from 0 to 512
[  139.341983][ T7520] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.349509][ T7522] EXT4-fs: Ignoring removed i_version option
[  139.359473][ T7522] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  139.366052][ T7522] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[  139.370087][ T7522] System zones: 1-12
[  139.372289][ T7522] EXT4-fs (loop2): orphan cleanup on readonly fs
[  139.379904][ T7522] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.612: invalid indirect mapped block 12 (level 1)
[  139.385916][ T7522] EXT4-fs (loop2): Remounting filesystem read-only
[  139.388868][ T7522] EXT4-fs (loop2): 1 truncate cleaned up
[  139.396052][ T7522] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  139.440054][ T5861] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  139.476762][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.533315][ T7557] loop2: detected capacity change from 0 to 512
[  140.536588][ T7545] loop0: detected capacity change from 0 to 32768
[  140.541068][ T7557] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  140.544392][ T7545] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.621 (7545)
[  140.557625][ T7545] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  140.562436][ T7545] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  140.564230][ T7557] EXT4-fs error (device loop2): ext4_init_orphan_info:585: inode #3: comm syz.2.626: iget: special inode unallocated
[  140.576273][ T7557] EXT4-fs (loop2): Remounting filesystem read-only
[  140.584137][ T7557] EXT4-fs (loop2): get orphan inode failed
[  140.587027][ T7557] EXT4-fs (loop2): mount failed
[  140.615473][ T7545] BTRFS info (device loop0): enabling ssd optimizations
[  140.628376][ T7545] BTRFS info (device loop0): enabling free space tree
[  140.710463][ T7576] loop2: detected capacity change from 0 to 128
[  140.727018][ T7576] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  140.727041][   T33] audit: type=1800 audit(1757332304.157:12): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.621" name="bus" dev="loop0" ino=263 res=0 errno=0
[  140.734345][ T7576] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  140.876523][ T5858] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  141.065279][ T7581] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  141.644620][ T7591] loop0: detected capacity change from 0 to 256
[  141.647983][ T7591] exfat: Deprecated parameter 'utf8'
[  141.683926][ T7591] exfat: Invalid uid '0xffffffff'
[  141.718922][ T7591] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  141.740242][  T793] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  141.750232][ T7591] loop0: detected capacity change from 0 to 8
[  141.791839][ T7591] SQUASHFS error: lzo decompression failed, data probably corrupt
[  141.800382][ T7591] SQUASHFS error: Failed to read block 0x91: -5
[  141.802948][ T7591] SQUASHFS error: Unable to read metadata cache entry [8f]
[  141.828516][ T7591] SQUASHFS error: Unable to read inode 0x11f
[  142.350174][   T96] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  142.488382][  T793] usb 2-1: Using ep0 maxpacket: 32
[  142.494275][  T793] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  142.498855][  T793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.502014][   T96] usb 3-1: config 201 has an invalid interface number: 249 but max is 0
[  142.505338][  T793] usb 2-1: config 0 descriptor??
[  142.518540][   T96] usb 3-1: config 201 has an invalid descriptor of length 0, skipping remainder of the config
[  142.523411][  T793] gspca_main: nw80x-2.14.0 probing 055f:d001
[  142.525125][   T96] usb 3-1: config 201 has no interface number 0
[  142.531828][   T96] usb 3-1: config 201 interface 249 altsetting 4 has an endpoint descriptor with address 0xF1, changing to 0x81
[  142.540589][   T96] usb 3-1: config 201 interface 249 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  142.545061][   T96] usb 3-1: config 201 interface 249 altsetting 4 endpoint 0x3 has invalid maxpacket 255, setting to 64
[  142.549934][   T96] usb 3-1: config 201 interface 249 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  142.555196][   T96] usb 3-1: config 201 interface 249 has no altsetting 0
[  142.572221][   T96] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df
[  142.582968][   T96] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.587395][   T96] usb 3-1: Product: syz
[  142.591556][   T96] usb 3-1: Manufacturer: syz
[  142.593428][   T96] usb 3-1: SerialNumber: syz
[  142.617493][ T7600] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  143.490460][   T96] ath6kl: Failed to submit usb control message: -71
[  143.493245][   T96] ath6kl: unable to send the bmi data to the device: -71
[  143.496034][   T96] ath6kl: Unable to send get target info: -71
[  143.523814][   T96] ath6kl: Failed to init ath6kl core: -71
[  143.537030][   T96] ath6kl_usb 3-1:201.249: probe with driver ath6kl_usb failed with error -71
[  143.604829][   T96] usb 3-1: USB disconnect, device number 12
[  143.737044][  T793] gspca_nw80x: reg_w err -71
[  143.739796][  T793] nw80x 2-1:0.0: probe with driver nw80x failed with error -71
[  143.750579][  T793] usb 2-1: USB disconnect, device number 10
[  143.821514][ T7622] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  143.993276][ T7630] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  144.067669][ T7624] loop0: detected capacity change from 0 to 32768
[  144.083091][ T7624] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  144.092065][ T5923] (kworker/u8:4,5923,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  144.145209][ T7636] netlink: 'syz.2.652': attribute type 1 has an invalid length.
[  144.200678][ T5858] (syz-executor,5858,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 70
[  144.207815][ T5858] (syz-executor,5858,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  144.214621][ T5858] ocfs2: Unmounting device (7,0) on (node local)
[  145.511597][ T7660] loop2: detected capacity change from 0 to 4096
[  145.516797][ T7660] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  145.551712][ T7660] ntfs3(loop2): ino=b, mi_enum_attr
[  145.554094][ T7660] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  145.558610][ T7660] ntfs3(loop2): Failed to load $Extend (-22).
[  145.561385][ T7660] ntfs3(loop2): Failed to initialize $Extend.
[  145.689253][   T96] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  145.698592][   T52] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  145.838863][   T96] usb 2-1: Using ep0 maxpacket: 16
[  145.843006][   T96] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  145.846460][   T96] usb 2-1: config 0 has no interface number 0
[  145.850572][   T96] usb 2-1: config 0 interface 2 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  145.854982][   T96] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  145.860613][   T96] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  145.860712][   T52] usb 1-1: config 0 has an invalid interface number: 194 but max is 0
[  145.866160][   T96] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[  145.867723][   T52] usb 1-1: config 0 has no interface number 0
[  145.872866][   T96] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  145.876793][   T96] usb 2-1: Product: syz
[  145.876915][   T52] usb 1-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.d2
[  145.878574][   T96] usb 2-1: SerialNumber: syz
[  145.884314][   T52] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.884967][   T96] usb 2-1: config 0 descriptor??
[  145.887306][   T52] usb 1-1: Product: syz
[  145.892050][   T52] usb 1-1: Manufacturer: syz
[  145.893960][   T52] usb 1-1: SerialNumber: syz
[  145.898823][   T52] usb 1-1: config 0 descriptor??
[  145.898889][ T6079] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  146.058296][ T6079] usb 3-1: Using ep0 maxpacket: 16
[  146.064721][ T6079] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  146.067917][ T6079] usb 3-1: config 0 has no interface number 0
[  146.074421][ T6079] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=da.32
[  146.078023][ T6079] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.081746][ T6079] usb 3-1: Product: syz
[  146.083642][ T6079] usb 3-1: Manufacturer: syz
[  146.085629][ T6079] usb 3-1: SerialNumber: syz
[  146.099488][ T6079] usb 3-1: config 0 descriptor??
[  146.115914][   T96] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  146.117246][   T52] f81534a_ctrl 1-1:0.194: failed to set register 0x116: -5
[  146.119030][ T6079] usb_ehset_test 3-1:0.255: probe with driver usb_ehset_test failed with error -32
[  146.123359][   T52] f81534a_ctrl 1-1:0.194: failed to enable ports: -5
[  146.126333][   T96] usb 2-1: invalid MIDI out EP 0
[  146.129409][   T52] f81534a_ctrl 1-1:0.194: probe with driver f81534a_ctrl failed with error -5
[  146.146798][   T52] usb 1-1: USB disconnect, device number 15
[  146.215947][   T96] snd-usb-audio 2-1:0.2: probe with driver snd-usb-audio failed with error -22
[  146.224563][   T96] usb 2-1: USB disconnect, device number 11
[  146.250985][ T5862] udevd[5862]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  146.318629][ T6079] usb 3-1: USB disconnect, device number 13
[  146.754120][ T7670] netlink: 17 bytes leftover after parsing attributes in process `syz.0.667'.
[  146.757677][ T7670] netlink: zone id is out of range
[  146.761384][ T7670] netlink: zone id is out of range
[  146.764512][ T7670] netlink: zone id is out of range
[  146.766976][ T7670] netlink: zone id is out of range
[  146.769360][ T7670] netlink: zone id is out of range
[  146.771375][ T7670] netlink: zone id is out of range
[  146.773270][ T7670] netlink: zone id is out of range
[  146.775392][ T7670] netlink: zone id is out of range
[  146.779491][ T7670] netlink: zone id is out of range
[  146.781587][ T7670] netlink: zone id is out of range
[  146.801088][ T7674] netlink: 'syz.1.669': attribute type 3 has an invalid length.
[  147.412377][ T7713] loop0: detected capacity change from 0 to 512
[  147.416271][ T7713] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  147.450555][ T7713] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.688: Invalid block bitmap block 0 in block_group 0
[  147.457877][ T7713] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  147.463124][ T7713] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #11: comm syz.0.688: attempt to clear invalid blocks 983261 len 1
[  147.470407][ T7713] EXT4-fs error (device loop0): __ext4_get_inode_loc:4861: comm syz.0.688: Invalid inode table block 0 in block_group 0
[  147.480820][ T7713] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  147.486019][ T7713] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[  147.491201][ T7713] EXT4-fs error (device loop0): __ext4_get_inode_loc:4861: comm syz.0.688: Invalid inode table block 0 in block_group 0
[  147.499114][ T7713] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  147.503857][ T7713] EXT4-fs error (device loop0): ext4_truncate:4666: inode #11: comm syz.0.688: mark_inode_dirty error
[  147.510662][ T7713] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[  147.515129][ T7713] EXT4-fs error (device loop0): __ext4_get_inode_loc:4861: comm syz.0.688: Invalid inode table block 0 in block_group 0
[  147.521141][ T7701] loop2: detected capacity change from 0 to 32768
[  147.522129][ T7713] EXT4-fs (loop0): 1 truncate cleaned up
[  147.534756][ T7713] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.649669][ T7713] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  147.722573][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.933462][ T7722] loop2: detected capacity change from 0 to 40427
[  148.945313][ T7722] F2FS-fs (loop2): build fault injection rate: 14
[  148.947390][ T7722] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  148.964785][ T7722] F2FS-fs (loop2): invalid crc value
[  148.974051][    C1] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  148.981225][    C1] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  149.160937][ T7738] loop0: detected capacity change from 0 to 32768
[  149.227622][ T7722] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  149.233801][ T7722] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  149.239041][ T7722] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  149.257284][ T7722] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  149.266026][ T7722] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_convert_inline_inode+0x677/0x880
[  149.308481][ T7738] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  149.308496][ T7738]   allowing incompatible features above 0.0: (unknown version)
[  149.308501][ T7738]   features: lz4
[  149.319890][ T7738] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  149.322606][ T7738] bcachefs (loop0): initializing new filesystem
[  149.331115][ T7738] bcachefs (loop0): going read-write
[  149.345941][ T5861] syz-executor: attempt to access beyond end of device
[  149.345941][ T5861] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  149.354549][ T7738] bcachefs (loop0): marking superblocks
[  149.371620][ T5861] CPU: 0 UID: 0 PID: 5861 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  149.371642][ T5861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  149.371650][ T5861] Call Trace:
[  149.371668][ T5861]  <TASK>
[  149.371675][ T5861]  dump_stack_lvl+0x189/0x250
[  149.371699][ T5861]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.371715][ T5861]  ? __pfx_queue_work_on+0x10/0x10
[  149.371727][ T5861]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  149.371746][ T5861]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  149.371773][ T5861]  f2fs_handle_critical_error+0x37c/0x540
[  149.371797][ T5861]  f2fs_write_end_io+0x886/0xb60
[  149.371825][ T5861]  __submit_merged_bio+0x27a/0x6a0
[  149.371881][ T5861]  __submit_merged_write_cond+0x255/0x530
[  149.371903][ T5861]  f2fs_write_data_pages+0x261d/0x3000
[  149.371948][ T5861]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  149.372025][ T5861]  ? __lock_acquire+0xab9/0xd20
[  149.372050][ T5861]  ? do_raw_spin_lock+0x121/0x290
[  149.372074][ T5861]  ? do_raw_spin_unlock+0x4d/0x240
[  149.372087][ T5861]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  149.372104][ T5861]  do_writepages+0x32e/0x550
[  149.372127][ T5861]  ? do_raw_spin_unlock+0x4d/0x240
[  149.372142][ T5861]  filemap_fdatawrite+0x199/0x240
[  149.372158][ T5861]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  149.372208][ T5861]  ? do_raw_spin_unlock+0x4d/0x240
[  149.372222][ T5861]  f2fs_sync_dirty_inodes+0x31f/0x830
[  149.372242][ T5861]  f2fs_write_checkpoint+0x95a/0x1df0
[  149.372268][ T5861]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  149.372308][ T5861]  ? kill_f2fs_super+0x298/0x6c0
[  149.372322][ T5861]  kill_f2fs_super+0x2c3/0x6c0
[  149.372336][ T5861]  ? __pfx_kill_f2fs_super+0x10/0x10
[  149.372344][ T5861]  ? radix_tree_delete_item+0x2b6/0x400
[  149.372363][ T5861]  ? shrinker_free+0x2ce/0x3e0
[  149.372376][ T5861]  deactivate_locked_super+0xbc/0x130
[  149.372390][ T5861]  cleanup_mnt+0x425/0x4c0
[  149.372401][ T5861]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.372417][ T5861]  task_work_run+0x1d4/0x260
[  149.372432][ T5861]  ? __pfx_task_work_run+0x10/0x10
[  149.372443][ T5861]  ? __x64_sys_umount+0x122/0x160
[  149.372458][ T5861]  ? exit_to_user_mode_loop+0x40/0x110
[  149.372474][ T5861]  exit_to_user_mode_loop+0xec/0x110
[  149.372488][ T5861]  do_syscall_64+0x2bd/0x3b0
[  149.372497][ T5861]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.372510][ T5861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.372522][ T5861]  ? exc_page_fault+0x9f/0xf0
[  149.372539][ T5861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.372549][ T5861] RIP: 0033:0x7fe915b8ff17
[  149.372561][ T5861] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  149.372569][ T5861] RSP: 002b:00007ffe93e21c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  149.372580][ T5861] RAX: 0000000000000000 RBX: 00007fe915c11c05 RCX: 00007fe915b8ff17
[  149.372587][ T5861] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe93e21d40
[  149.372592][ T5861] RBP: 00007ffe93e21d40 R08: 0000000000000000 R09: 0000000000000000
[  149.372598][ T5861] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe93e22dd0
[  149.372604][ T5861] R13: 00007fe915c11c05 R14: 0000000000024698 R15: 00007ffe93e22e10
[  149.372621][ T5861]  </TASK>
[  149.372626][ T5861] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  149.373174][ T7738] bcachefs (loop0): initializing freespace
[  149.489591][ T7738] bcachefs (loop0): done initializing freespace
[  149.494244][ T7738] bcachefs (loop0): reading snapshots table
[  149.496466][ T7738] bcachefs (loop0): reading snapshots done
[  149.537966][ T7738] bcachefs (loop0): done starting filesystem
[  149.657602][ T7738] syz.0.698 (7738) used greatest stack depth: 17256 bytes left
[  149.811491][ T5858] bcachefs (loop0): shutting down
[  149.813382][ T5858] bcachefs (loop0): going read-only
[  149.815689][ T5858] bcachefs (loop0): finished waiting for writes to stop
[  149.857319][ T5858] bcachefs (loop0): flushing journal and stopping allocators, journal seq 5
[  149.895613][ T7753] loop2: detected capacity change from 0 to 8
[  150.022678][ T5858] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 5
[  150.044223][ T5858] bcachefs (loop0): clean shutdown complete, journal seq 6
[  150.047882][ T5858] bcachefs (loop0): marking filesystem clean
[  150.153361][ T5858] bcachefs (loop0): shutdown complete
[  150.471923][ T7771] netlink: 'syz.2.707': attribute type 1 has an invalid length.
[  150.495373][ T7771] 8021q: adding VLAN 0 to HW filter on device bond1
[  150.514688][ T7771] bond1: (slave ip6gretap1): making interface the new active one
[  150.519123][ T7771] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  150.570527][ T7774] loop2: detected capacity change from 0 to 256
[  150.577825][ T7774] exfat: Deprecated parameter 'utf8'
[  150.584107][ T7774] exfat: Deprecated parameter 'utf8'
[  150.585952][ T7774] exfat: Deprecated parameter 'utf8'
[  150.594540][ T7774] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  150.971680][ T7793] loop1: detected capacity change from 0 to 512
[  150.975078][ T7793] EXT4-fs: Ignoring removed bh option
[  150.990114][ T7793] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  151.010611][ T7793] EXT4-fs (loop1): 1 truncate cleaned up
[  151.014178][ T7793] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.608060][   T33] audit: type=1800 audit(1757332314.947:13): pid=7801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.715" name="bus" dev="loop1" ino=18 res=0 errno=0
[  151.876393][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.951179][ T7803] loop2: detected capacity change from 0 to 32768
[  151.968290][ T7803] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.717 (7803)
[  152.037467][ T7803] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  152.051813][ T7803] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  152.208091][ T7803] BTRFS info (device loop2): setting nodatasum
[  152.224601][ T7803] BTRFS info (device loop2): enabling free space tree
[  152.228065][ T7803] BTRFS info (device loop2): use zlib compression, level 3
[  152.250293][ T7803] BTRFS info (device loop2): max_inline set to 0
[  152.441350][ T5861] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  152.767937][ T7847] loop0: detected capacity change from 0 to 512
[  152.769303][ T7849] loop2: detected capacity change from 0 to 256
[  152.802949][ T7849] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d)
[  152.842705][ T7847] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #3: comm syz.0.728: corrupted inode contents
[  152.864127][ T7847] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #3: comm syz.0.728: mark_inode_dirty error
[  152.893243][ T7847] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #3: comm syz.0.728: corrupted inode contents
[  152.902830][ T7847] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.728: mark_inode_dirty error
[  152.914153][ T7847] Quota error (device loop0): write_blk: dquota write failed
[  152.917272][ T7847] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  152.922664][ T7847] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.728: Failed to acquire dquot type 0
[  152.933864][ T7847] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.728: corrupted inode contents
[  152.939616][ T7847] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #16: comm syz.0.728: mark_inode_dirty error
[  152.944364][ T7847] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.728: corrupted inode contents
[  152.951531][ T7847] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.728: mark_inode_dirty error
[  152.956364][ T7847] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.728: corrupted inode contents
[  152.962312][ T7847] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[  152.965929][ T7847] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.728: corrupted inode contents
[  152.973178][ T7847] EXT4-fs error (device loop0): ext4_truncate:4666: inode #16: comm syz.0.728: mark_inode_dirty error
[  152.977826][ T7847] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[  152.984362][ T7847] EXT4-fs (loop0): 1 truncate cleaned up
[  152.987433][ T7847] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.993959][ T7847] ext4 filesystem being mounted at /262/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.024453][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.702479][ T7863] loop1: detected capacity change from 0 to 512
[  153.721034][ T7863] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  153.724734][ T7863] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  153.728089][ T7863] System zones: 0-1, 15-15, 18-18, 34-34
[  153.730666][ T7863] EXT4-fs (loop1): orphan cleanup on readonly fs
[  153.733323][ T7863] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0
[  153.742636][ T7863] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  153.755120][ T7863] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  153.763720][ T7863] EXT4-fs (loop1): 1 truncate cleaned up
[  153.771370][ T7863] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  153.784426][ T7863] fscrypt (loop1, inode 16): Error -61 getting encryption context
[  153.835013][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.042323][ T7876] netlink: 24 bytes leftover after parsing attributes in process `syz.2.738'.
[  154.256362][ T7880] loop2: detected capacity change from 0 to 4096
[  154.682527][ T7886] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  154.839502][ T7885] loop0: detected capacity change from 0 to 40427
[  154.843839][ T7885] F2FS-fs (loop0): build fault injection rate: 771
[  154.849103][ T7885] F2FS-fs (loop0): invalid crc value
[  154.908543][ T7885] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  154.912908][ T7885] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  155.278579][ T7903] loop1: detected capacity change from 0 to 32768
[  155.282700][ T7903] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.748 (7903)
[  155.290881][ T7903] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  155.294885][ T7903] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  155.347145][ T7903] BTRFS info (device loop1): enabling ssd optimizations
[  155.355341][ T7903] BTRFS info (device loop1): enabling free space tree
[  155.513987][ T5863] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  155.821618][ T7933] program syz.1.754 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  156.458535][   T52] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  156.623022][ T7952] loop1: detected capacity change from 0 to 512
[  156.639032][   T52] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  156.642450][   T52] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.645080][   T52] usb 3-1: Product: syz
[  156.675926][   T52] usb 3-1: Manufacturer: syz
[  156.677472][   T52] usb 3-1: SerialNumber: syz
[  156.690759][ T7952] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.695671][   T52] usb 3-1: config 0 descriptor??
[  156.700795][ T7952] ext4 filesystem being mounted at /254/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.767737][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.803915][ T7961] loop1: detected capacity change from 0 to 128
[  156.824026][   T33] audit: type=1800 audit(1757332320.257:14): pid=7961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.765" name="file1" dev="loop1" ino=1048630 res=0 errno=0
[  156.834515][ T7961] FAT-fs (loop1): error, invalid FAT chain (i_pos 548, last_block 8)
[  156.837976][ T7961] FAT-fs (loop1): Filesystem has been set read-only
[  156.849394][ T7961] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522)
[  156.905726][   T52] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  157.066657][ T7969] loop1: detected capacity change from 0 to 2048
[  157.074841][ T7969] udf: Unknown parameter 'adi|cb'
[  157.371841][ T7971] loop0: detected capacity change from 0 to 32768
[  157.915382][   T52] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  158.119900][   T96] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  158.127735][ T6079] usb 3-1: USB disconnect, device number 14
[  158.270163][   T96] usb 1-1: config 2 has an invalid interface number: 77 but max is 0
[  158.276534][   T96] usb 1-1: config 2 has no interface number 0
[  158.284264][   T96] usb 1-1: config 2 interface 77 has no altsetting 0
[  158.295243][   T96] usb 1-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice=3d.a0
[  158.299765][   T96] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.302898][   T96] usb 1-1: Product: syz
[  158.304753][   T96] usb 1-1: Manufacturer: syz
[  158.306634][   T96] usb 1-1: SerialNumber: syz
[  158.329575][ T7994] loop1: detected capacity change from 0 to 4096
[  158.332625][ T7994] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  158.353010][ T7994] ntfs3(loop1): ino=3, ntfs_set_state failed, -22.
[  158.377650][ T1092] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22.
[  158.381525][ T5863] ntfs3(loop1): ino=3, ntfs_set_state failed, -22.
[  158.383984][ T5863] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  158.386945][ T5863] ntfs3(loop1): ino=3, ntfs_set_state failed, -22.
[  158.394169][ T1092] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22.
[  158.466554][ T7998] netlink: 'syz.1.783': attribute type 3 has an invalid length.
[  158.469938][ T7998] netlink: 766 bytes leftover after parsing attributes in process `syz.1.783'.
[  158.543068][   T96] usb 1-1: USB disconnect, device number 16
[  158.595763][ T8006] loop1: detected capacity change from 0 to 2048
[  158.601717][ T8006] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=3932051, location=3932051
[  158.608077][ T8006] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  158.614966][ T8006] UDF-fs: error (device loop1): udf_fiiter_advance_blk: extent after position 40 not allocated in directory (ino 1376)
[  158.681137][ T8010] netlink: 68 bytes leftover after parsing attributes in process `syz.1.789'.
[  158.756528][ T8016] netlink: 16 bytes leftover after parsing attributes in process `syz.1.792'.
[  158.765050][ T8016] net_ratelimit: 13 callbacks suppressed
[  158.765075][ T8016] openvswitch: netlink: EtherType 0 is less than min 600
[  159.089487][ T8029] loop0: detected capacity change from 0 to 4096
[  159.251843][ T8038] binder: 8037:8038 ioctl c0306201 2000000003c0 returned -14
[  159.566010][ T8047] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.649208][ T8047] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.754404][ T8047] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.831542][ T8047] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.951407][ T5923] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.972923][ T5923] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.988417][ T5923] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  160.003482][ T5923] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.142420][ T8063] loop0: detected capacity change from 0 to 1024
[  160.195602][   T27] hfsplus: b-tree write err: -5, ino 4
[  160.239871][ T8065] loop1: detected capacity change from 0 to 1024
[  160.246398][ T8069] loop2: detected capacity change from 0 to 128
[  160.287587][ T8069] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  160.307588][ T8069] ext4 filesystem being mounted at /247/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.332388][ T8067] loop0: detected capacity change from 0 to 4096
[  160.335460][ T6772] hfsplus: b-tree write err: -5, ino 4
[  160.352424][ T8067] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  160.443948][ T5861] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  160.701272][ T8091] loop0: detected capacity change from 0 to 1024
[  160.706396][ T8093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.825'.
[  161.358613][   T96] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  161.520763][   T96] usb 3-1: Using ep0 maxpacket: 8
[  161.533861][   T96] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  161.537456][   T96] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.549661][   T96] usb 3-1: Product: syz
[  161.551208][   T96] usb 3-1: Manufacturer: syz
[  161.553148][   T96] usb 3-1: SerialNumber: syz
[  161.560609][   T96] usb 3-1: config 0 descriptor??
[  161.572322][   T96] usbtest 3-1:0.0: FX2 device
[  161.573994][   T96] usbtest 3-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  161.793242][   T96] usb 3-1: USB disconnect, device number 15
[  161.976407][ T8123] ref_ctr increment failed for inode: 0x627 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88810d622b00
[  162.026000][ T8126] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  162.028401][ T8126] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  162.031251][ T8126] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  162.035676][ T8126] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  162.039338][ T8126] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  162.042005][ T8126] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  162.044723][ T8126] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  162.061710][ T8126] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  162.064382][ T8126] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  162.066963][ T8126] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  162.070125][ T8126] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  162.072793][ T8126] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  162.075558][ T8126] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  162.079109][ T8126] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  162.438526][   T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  162.590471][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  162.594613][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  162.598770][   T10] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  162.602443][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.608623][   T10] usb 1-1: config 0 descriptor??
[  163.439741][   T10] uclogic 0003:256C:006D.0008: failed retrieving Huion firmware version: -71
[  163.446160][   T10] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[  163.450352][   T10] uclogic 0003:256C:006D.0008: probe with driver uclogic failed with error -71
[  163.466965][   T10] usb 1-1: USB disconnect, device number 17
[  163.838366][  T793] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  163.858228][   T52] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  164.001566][  T793] usb 2-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[  164.011389][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.014540][  T793] usb 2-1: Product: syz
[  164.016932][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  164.022379][  T793] usb 2-1: Manufacturer: syz
[  164.024091][  T793] usb 2-1: SerialNumber: syz
[  164.026477][   T52] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  164.031532][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  164.035413][   T52] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  164.040187][   T52] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.042846][  T793] usb 2-1: config 0 descriptor??
[  164.051658][   T52] usb 3-1: config 0 descriptor??
[  164.059725][   T52] em28xx 3-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  164.269087][  T793] int51x1 2-1:0.0: probe with driver int51x1 failed with error -22
[  164.283517][  T793] usb 3-1: USB disconnect, device number 16
[  164.477280][   T52] usb 2-1: USB disconnect, device number 12
[  164.670667][ T8181] loop0: detected capacity change from 0 to 32768
[  164.681553][ T8181] (syz.0.863,8181,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  164.687038][ T8181] (syz.0.863,8181,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  164.708086][ T8181] JBD2: Ignoring recovery information on journal
[  164.743060][ T8181] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  164.847075][ T5858] ocfs2: Unmounting device (7,0) on (node local)
[  166.147680][ T8194] loop1: detected capacity change from 0 to 32768
[  166.154373][ T8194] XFS: ikeep mount option is deprecated.
[  166.157364][ T8194] XFS: ikeep mount option is deprecated.
[  166.161683][ T8194] XFS: noikeep mount option is deprecated.
[  166.174599][ T8194] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.234143][ T8194] XFS (loop1): Ending clean mount
[  166.246483][ T8214] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  166.274018][ T5863] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.331434][ T6079] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  166.490632][ T6079] usb 3-1: config 116 has an invalid interface number: 166 but max is 0
[  166.493945][ T6079] usb 3-1: config 116 has no interface number 0
[  166.496358][ T6079] usb 3-1: config 116 interface 166 has no altsetting 0
[  166.508494][ T6079] usb 3-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=25.5c
[  166.512221][ T6079] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.531238][ T6079] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:116.166/input/input7
[  166.708429][   T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  166.736733][ T5282] bcm5974 3-1:116.166: could not read from device
[  166.737120][   T96] usb 3-1: USB disconnect, device number 17
[  166.746412][ T7440] bcm5974 3-1:116.166: could not read from device
[  166.868488][ T6079] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  166.873019][   T10] usb 2-1: Using ep0 maxpacket: 16
[  166.877678][   T10] usb 2-1: config 8 has an invalid interface number: 57 but max is 0
[  166.881151][   T10] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  166.885143][   T10] usb 2-1: config 8 has no interface number 0
[  166.887720][   T10] usb 2-1: config 8 interface 57 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  166.893017][   T10] usb 2-1: config 8 interface 57 has no altsetting 0
[  166.898712][   T10] usb 2-1: New USB device found, idVendor=39c6, idProduct=8f68, bcdDevice=dd.44
[  166.902256][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.905347][   T10] usb 2-1: Product: syz
[  166.906920][   T10] usb 2-1: Manufacturer: syz
[  166.909126][   T10] usb 2-1: SerialNumber: syz
[  167.020455][ T6079] usb 1-1: config 127 has an invalid interface number: 124 but max is 0
[  167.023848][ T6079] usb 1-1: config 127 has no interface number 0
[  167.026386][ T6079] usb 1-1: config 127 interface 124 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  167.030842][ T6079] usb 1-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=1d.4f
[  167.034505][ T6079] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.131812][   T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  167.134702][   T10] usb 2-1: MIDIStreaming interface descriptor not found
[  167.159386][   T10] usb 2-1: USB disconnect, device number 13
[  167.200060][ T5862] udevd[5862]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:8.57/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  167.251250][ T6079] usb 1-1: USB disconnect, device number 18
[  167.322188][ T8231] netlink: 16 bytes leftover after parsing attributes in process `syz.2.880'.
[  167.353278][ T8233] netlink: 'syz.2.881': attribute type 298 has an invalid length.
[  167.423726][ T8237] loop2: detected capacity change from 0 to 1024
[  167.451939][ T8237] hfsplus: bad catalog entry type
[  167.470389][ T6761] hfsplus: b-tree write err: -5, ino 4
[  167.861987][ T8255] loop0: detected capacity change from 0 to 256
[  168.012874][ T8263] loop0: detected capacity change from 0 to 64
[  168.299795][ T5864] Bluetooth: hci0: command tx timeout
[  168.340395][ T8278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.904'.
[  168.491409][ T8281] loop2: detected capacity change from 0 to 4096
[  168.637013][ T8281] NILFS (loop2): invalid segment: Checksum error in segment payload
[  168.667674][ T8281] NILFS (loop2): trying rollback from an earlier position
[  168.861310][ T8281] NILFS (loop2): recovery complete
[  168.864550][ T8284] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  169.003240][ T8286] loop2: detected capacity change from 0 to 128
[  169.018561][ T8280] loop0: detected capacity change from 0 to 40427
[  169.019439][ T8286] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  169.036371][ T8286] ext4 filesystem being mounted at /283/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.041806][ T8280] F2FS-fs (loop0): invalid crc value
[  169.076125][ T5861] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  169.261900][ T8280] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  169.283765][ T8280] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  169.492950][ T8297] loop1: detected capacity change from 0 to 32768
[  169.496529][ T8297] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.909 (8297)
[  169.694290][ T8297] BTRFS info (device loop1 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  169.715082][ T8297] BTRFS info (device loop1 state S): using crc32c (crc32c-lib) checksum algorithm
[  169.783677][ T6410] BTRFS warning (device loop1 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x3a96e814 level 0, ignored
[  169.803946][ T8297] BTRFS error (device loop1 state S): devid 1 uuid ffe9ff7f-0000-0000-0000-9003f3eadbc4 is missing
[  169.817717][ T8297] BTRFS error (device loop1 state S): failed to read chunk tree: -2
[  169.857574][ T8297] BTRFS error (device loop1 state S): open_ctree failed: -2
[  170.028463][ T6079] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  170.200713][ T6079] usb 1-1: unable to get BOS descriptor or descriptor too short
[  170.204701][ T6079] usb 1-1: not running at top speed; connect to a high speed hub
[  170.209529][ T6079] usb 1-1: config 8 has an invalid interface number: 250 but max is 0
[  170.213249][ T6079] usb 1-1: config 8 has no interface number 0
[  170.215938][ T6079] usb 1-1: config 8 interface 250 has no altsetting 0
[  170.223038][ T6079] usb 1-1: New USB device found, idVendor=0458, idProduct=7005, bcdDevice=b9.7d
[  170.228695][ T6079] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.232025][ T6079] usb 1-1: Product: syz
[  170.233808][ T6079] usb 1-1: Manufacturer: syz
[  170.237013][ T6079] usb 1-1: SerialNumber: syz
[  170.359920][ T8329] netlink: 'syz.2.916': attribute type 12 has an invalid length.
[  170.363056][ T8329] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.916'.
[  170.469190][ T6079] gspca_main: sn9c2028-2.14.0 probing 0458:7005
[  170.473119][ T6079] gspca_sn9c2028: read1 error -71
[  170.476467][ T6079] gspca_sn9c2028: read1 error -71
[  170.480612][ T6079] gspca_sn9c2028: read1 error -71
[  170.483027][ T6079] sn9c2028 1-1:8.250: probe with driver sn9c2028 failed with error -71
[  170.489779][ T6079] usb 1-1: USB disconnect, device number 19
[  171.042385][ T8343] loop0: detected capacity change from 0 to 2048
[  171.077645][ T8343] UDF-fs: warning (device loop0): udf_fill_super: No fileset found
[  171.221392][ T8349] netlink: 'syz.0.925': attribute type 21 has an invalid length.
[  171.224478][ T8349] netlink: 128 bytes leftover after parsing attributes in process `syz.0.925'.
[  171.230552][ T8349] netlink: 'syz.0.925': attribute type 4 has an invalid length.
[  171.233624][ T8349] netlink: 'syz.0.925': attribute type 5 has an invalid length.
[  171.236608][ T8349] netlink: 3 bytes leftover after parsing attributes in process `syz.0.925'.
[  171.319749][ T8353] netlink: 202368 bytes leftover after parsing attributes in process `syz.0.927'.
[  171.428465][   T52] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  171.602496][   T52] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  171.608313][   T52] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  171.615573][   T52] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  171.623232][   T52] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  171.625942][   T52] usb 2-1: SerialNumber: syz
[  171.735499][ T8355] loop0: detected capacity change from 0 to 32768
[  171.749646][ T8355] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 0 transid 8 /dev/loop0 (7:0) scanned by syz.0.928 (8355)
[  171.792062][ T7440] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 0 transid 8 /dev/loop0 (7:0) scanned by udevd (7440)
[  171.889327][   T52] usb 2-1: 0:2 : does not exist
[  171.898768][ T8366] sctp: [Deprecated]: syz.0.933 (pid 8366) Use of struct sctp_assoc_value in delayed_ack socket option.
[  171.898768][ T8366] Use struct sctp_sack_info instead
[  171.914839][   T52] usb 2-1: USB disconnect, device number 14
[  171.962475][ T8368] netlink: 'syz.2.934': attribute type 1 has an invalid length.
[  172.010348][ T5870] udevd[5870]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  172.230542][ T8379] loop0: detected capacity change from 0 to 16
[  172.234134][ T8379] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  172.565216][ T8392] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  172.568182][ T8392] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  172.591917][ T8392] vhci_hcd vhci_hcd.0: Device attached
[  172.595016][ T8394] netlink: 200 bytes leftover after parsing attributes in process `syz.1.945'.
[  172.613082][ T8393] vhci_hcd: connection closed
[  172.616643][   T12] vhci_hcd: stop threads
[  172.634478][   T12] vhci_hcd: release socket
[  172.636398][   T12] vhci_hcd: disconnect device
[  172.834816][ T8412] loop1: detected capacity change from 0 to 1024
[  174.606346][ T8444] loop1: detected capacity change from 0 to 512
[  174.617596][ T8444] EXT4-fs: Ignoring removed orlov option
[  174.619332][ T8446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.967'.
[  174.624605][ T8446] netlink: 20 bytes leftover after parsing attributes in process `syz.2.967'.
[  174.627037][ T8444] EXT4-fs: Ignoring removed bh option
[  174.632971][ T8444] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  174.647530][ T8446] geneve3: entered promiscuous mode
[  174.650867][ T8446] geneve3: entered allmulticast mode
[  174.659104][ T8444] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c119, mo2=0002]
[  174.667402][ T8444] System zones: 1-12
[  174.693536][ T8444] EXT4-fs error (device loop1): ext4_orphan_get:1392: comm syz.1.965: inode #15: comm syz.1.965: iget: illegal inode #
[  174.701761][ T8444] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.965: couldn't read orphan inode 15 (err -117)
[  174.707548][ T8444] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.376953][ T8457] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #12: comm syz.1.965: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  176.031300][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.286360][ T8481] loop0: detected capacity change from 0 to 256
[  176.310480][ T8481] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[  176.315393][ T8481] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  176.483417][ T8487] vlan2: entered promiscuous mode
[  176.485234][ T8487] macvtap0: entered promiscuous mode
[  176.588704][ T8495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.981'.
[  176.696698][  T793] kernel write not supported for file /snd/seq (pid: 793 comm: kworker/1:2)
[  176.819331][ T8503] netlink: 32 bytes leftover after parsing attributes in process `syz.0.986'.
[  176.877451][ T8505] loop0: detected capacity change from 0 to 1024
[  176.886582][ T8505] EXT4-fs: inline encryption not supported
[  176.889952][ T8505] EXT4-fs: Ignoring removed nobh option
[  176.892365][ T8505] EXT4-fs: Ignoring removed bh option
[  176.916584][ T8505] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.958977][   T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  176.979198][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.138759][   T10] usb 3-1: New USB device found, idVendor=050d, idProduct=0121, bcdDevice=6f.3b
[  177.145902][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.375344][   T10] pegasus 3-1:254.0: probe with driver pegasus failed with error -71
[  177.387543][   T10] usb 3-1: USB disconnect, device number 18
[  177.432668][ T8528] loop0: detected capacity change from 0 to 512
[  177.436371][ T8528] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  178.643155][ T8561] loop0: detected capacity change from 0 to 128
[  178.646965][ T8561] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  178.652881][ T8561] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  178.709596][ T1376] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  178.829443][ T8565] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1013'.
[  178.992932][ T8575] loop1: detected capacity change from 0 to 8
[  179.013637][ T8575] SQUASHFS error: lzo decompression failed, data probably corrupt
[  179.019905][ T8575] SQUASHFS error: Failed to read block 0x144: -5
[  179.024842][ T8575] SQUASHFS error: Unable to read metadata cache entry [142]
[  179.028016][ T8575] SQUASHFS error: Unable to read inode 0x11f
[  179.383022][ T8594] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1027'.
[  179.478390][   T10] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  179.846065][   T10] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  179.849377][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.852085][   T10] usb 1-1: Product: syz
[  179.854835][   T10] usb 1-1: Manufacturer: syz
[  179.856675][   T10] usb 1-1: SerialNumber: syz
[  179.862977][   T10] usb 1-1: config 0 descriptor??
[  179.870320][   T10] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  180.300030][   T10] gspca_sunplus: reg_w_riv err -71
[  180.306622][   T10] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  180.426703][   T10] usb 1-1: USB disconnect, device number 20
[  181.579324][ T8633] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1038'.
[  181.795073][ T8635] loop0: detected capacity change from 0 to 32768
[  181.800625][ T8635] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section members_v1: too many devices for section size
[  181.800625][ T8635] members_v1 (size 64):
[  181.800625][ T8635] nr_devices mismatch: have 0 entries, should be 8
[  181.809811][ T8635] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  182.454515][ T8645] loop0: detected capacity change from 0 to 32768
[  182.495815][ T8645] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  182.554150][ T8645] XFS (loop0): Ending clean mount
[  182.581433][ T8645] XFS (loop0): Quotacheck needed: Please wait.
[  182.680627][ T8645] XFS (loop0): Quotacheck: Done.
[  182.745844][ T5858] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  183.215982][ T8694] tmpfs: Bad value for 'mpol'
[  183.277429][ T8698] loop0: detected capacity change from 0 to 2048
[  183.295072][ T8698] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[  183.307116][ T8698] UDF-fs: Scanning with blocksize 512 failed
[  183.325506][ T8698] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  183.598373][   T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  183.748464][   T10] usb 2-1: Using ep0 maxpacket: 8
[  183.755264][   T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  183.760840][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.764874][   T10] usb 2-1: Product: syz
[  183.766617][   T10] usb 2-1: Manufacturer: syz
[  183.769398][   T10] usb 2-1: SerialNumber: syz
[  183.775986][   T10] usb 2-1: config 0 descriptor??
[  183.988758][   T10] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  184.523879][ T8731] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  184.570952][ T8733] veth1_to_bridge: entered promiscuous mode
[  184.573584][ T8733] veth1_to_bridge: left promiscuous mode
[  184.748780][ T8739] 9pnet: bogus RWRITE count (2 > 1)
[  184.798015][   T10] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  184.807835][   T10] usb 2-1: USB disconnect, device number 15
[  184.852547][ T8741] bond2: (slave ip6gretap2): making interface the new active one
[  184.856466][ T8741] bond2: (slave ip6gretap2): Enslaving as an active interface with an up link
[  185.624624][ T8765] loop1: detected capacity change from 0 to 2048
[  185.634835][ T8765] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  185.646272][ T8765] UDF-fs: Scanning with blocksize 512 failed
[  185.688050][ T8765] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  186.455322][ T8786] loop1: detected capacity change from 0 to 1024
[  186.462350][ T8786] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  186.466618][ T8786] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[  186.477174][ T8786] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  186.485289][ T8786] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #3: comm syz.1.1107: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  186.493236][ T8786] EXT4-fs (loop1): no journal found
[  186.495750][ T8786] EXT4-fs (loop1): can't get journal size
[  186.508018][ T8786] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  186.621962][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.668584][ T8789] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.674753][ T8789] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.909668][ T8791] loop1: detected capacity change from 0 to 32768
[  186.945052][ T8791] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  186.990339][ T8791] XFS (loop1): Ending clean mount
[  187.104873][ T5863] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  187.463019][ T8820] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1119'.
[  187.466789][ T8820] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  189.658329][ T6079] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  189.809414][ T6079] usb 1-1: Using ep0 maxpacket: 8
[  189.814418][ T6079] usb 1-1: unable to get BOS descriptor or descriptor too short
[  189.826260][ T6079] usb 1-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=2b.cd
[  189.831446][ T6079] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.838285][ T6079] usb 1-1: Product: syz
[  189.840129][ T6079] usb 1-1: Manufacturer: syz
[  189.842037][ T6079] usb 1-1: SerialNumber: syz
[  190.057459][ T6079] kalmia 1-1:1.0: probe with driver kalmia failed with error -22
[  190.065708][ T6079] usb 1-1: USB disconnect, device number 21
[  190.674872][ T8892] loop0: detected capacity change from 0 to 4096
[  190.685312][ T8892] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  190.747298][ T8892] ntfs3(loop0): ino=19, mi_enum_attr
[  190.753605][ T8892] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  190.767424][ T8892] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  190.984317][ T8905] loop1: detected capacity change from 0 to 16
[  191.013300][ T8905] erofs (device loop1): mounted with root inode @ nid 36.
[  191.050089][   T57] erofs (device loop1): failed to decompress -26 in[46, 0] out[9000]
[  191.059237][ T8905] erofs (device loop1): failed to decompress -26 in[46, 4050] out[8192]
[  191.062769][ T8905] erofs (device loop1): read error -117 @ 1 of nid 89
[  191.065947][   T33] audit: type=1800 audit(1757332354.497:15): pid=8905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1157" name="file2" dev="loop1" ino=89 res=0 errno=0
[  191.144327][ T8907] loop0: detected capacity change from 0 to 4096
[  191.182236][ T8907] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  191.249050][ T8907] ntfs3(loop0): ino=1a, mi_enum_attr
[  191.251265][ T8907] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  191.260889][ T8909] loop1: detected capacity change from 0 to 1024
[  191.278711][ T8907] ntfs3(loop0): ino=1a, mi_enum_attr
[  191.280964][ T8907] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  191.378713][ T6761] hfsplus: b-tree write err: -5, ino 4
[  191.497595][ T8916] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1160'.
[  191.502261][ T8913] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1160'.
[  192.146888][ T8928] loop0: detected capacity change from 0 to 8192
[  192.152310][ T8928] msdos: Unknown parameter ''
[  193.011841][ T8934] loop0: detected capacity change from 0 to 32768
[  193.050091][ T8934] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  193.079382][ T8946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1170'.
[  193.083325][ T8946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1170'.
[  193.098942][ T8937] loop1: detected capacity change from 0 to 32768
[  193.099820][ T8934] XFS (loop0): Ending clean mount
[  193.104079][ T8937] (syz.1.1169,8937,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  193.114386][ T8937] (syz.1.1169,8937,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  193.125844][ T8937] (syz.1.1169,8937,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdde57c9f, computed 0xfec4e493. Applying ECC.
[  193.135319][ T8937] (syz.1.1169,8937,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdde57c9f, computed 0xfec4e493
[  193.158469][ T8937] (syz.1.1169,8937,1):ocfs2_validate_inode_block:1455 ERROR: Checksum failed for dinode 25
[  193.175349][ T8937] (syz.1.1169,8937,0):ocfs2_read_locked_inode:597 ERROR: status = -5
[  193.179357][ T8937] (syz.1.1169,8937,0):_ocfs2_get_system_file_inode:144 ERROR: status = -5
[  193.183581][ T8937] (syz.1.1169,8937,0):ocfs2_init_global_system_inodes:465 ERROR: status = -22
[  193.187412][ T5858] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  193.189044][ T8937] (syz.1.1169,8937,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 6, possibly corrupt fs?
[  193.190941][ T8937] (syz.1.1169,8937,0):ocfs2_init_global_system_inodes:476 ERROR: status = -22
[  193.200409][ T8937] (syz.1.1169,8937,0):ocfs2_initialize_super:2198 ERROR: status = -22
[  193.207496][ T8937] (syz.1.1169,8937,0):ocfs2_fill_super:1177 ERROR: status = -22
[  193.466756][ T8959] loop0: detected capacity change from 0 to 2048
[  193.493111][ T8959] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  193.506897][ T8959] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[  193.510350][ T8959] UDF-fs: Scanning with blocksize 512 failed
[  193.520384][ T8959] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  193.550881][   T33] audit: type=1800 audit(1757332356.987:16): pid=8959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1172" name="bus" dev="loop0" ino=851 res=0 errno=0
[  193.560731][ T8965] loop1: detected capacity change from 0 to 512
[  193.589283][ T8965] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  193.644859][ T8965] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.659408][ T8965] ext4 filesystem being mounted at /382/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.685353][ T8965] EXT4-fs (loop1): shut down requested (2)
[  193.764888][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.981848][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  194.607947][ T8995] loop1: detected capacity change from 0 to 40427
[  194.619736][ T9007] mmap: syz.0.1198 (9007) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  194.631438][ T8995] F2FS-fs (loop1): invalid crc value
[  194.743288][ T8995] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  194.757987][ T8995] F2FS-fs (loop1): Start checkpoint disabled!
[  194.794870][ T8995] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  194.851135][ T6768] kworker/u9:9: attempt to access beyond end of device
[  194.851135][ T6768] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  194.860955][ T6768] CPU: 0 UID: 0 PID: 6768 Comm: kworker/u9:9 Not tainted syzkaller #0 PREEMPT(full) 
[  194.860978][ T6768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  194.860989][ T6768] Workqueue: writeback wb_workfn (flush-7:1)
[  194.861013][ T6768] Call Trace:
[  194.861019][ T6768]  <TASK>
[  194.861027][ T6768]  dump_stack_lvl+0x189/0x250
[  194.861048][ T6768]  ? __pfx_dump_stack_lvl+0x10/0x10
[  194.861065][ T6768]  ? __pfx_queue_work_on+0x10/0x10
[  194.861077][ T6768]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  194.861096][ T6768]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  194.861126][ T6768]  f2fs_handle_critical_error+0x37c/0x540
[  194.861151][ T6768]  f2fs_write_end_io+0x886/0xb60
[  194.861182][ T6768]  __submit_merged_bio+0x27a/0x6a0
[  194.861207][ T6768]  __submit_merged_write_cond+0x255/0x530
[  194.861233][ T6768]  f2fs_write_data_pages+0x261d/0x3000
[  194.861285][ T6768]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.861318][ T6768]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  194.861365][ T6768]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  194.861384][ T6768]  ? look_up_lock_class+0x74/0x170
[  194.861412][ T6768]  ? trace_f2fs_writepages+0x7f/0x200
[  194.861432][ T6768]  ? f2fs_write_node_pages+0x478/0x6e0
[  194.861454][ T6768]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  194.861486][ T6768]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.861541][ T6768]  do_writepages+0x32e/0x550
[  194.861565][ T6768]  ? reacquire_held_locks+0x127/0x1d0
[  194.861579][ T6768]  ? writeback_sb_inodes+0x384/0x1010
[  194.861604][ T6768]  __writeback_single_inode+0x145/0xff0
[  194.861621][ T6768]  ? do_raw_spin_unlock+0x4d/0x240
[  194.861640][ T6768]  writeback_sb_inodes+0x6c7/0x1010
[  194.861682][ T6768]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  194.861739][ T6768]  ? rcu_is_watching+0x15/0xb0
[  194.861762][ T6768]  wb_writeback+0x43b/0xaf0
[  194.861787][ T6768]  ? queue_io+0x3d1/0x590
[  194.861807][ T6768]  ? __pfx_wb_writeback+0x10/0x10
[  194.861832][ T6768]  ? _raw_spin_unlock_irq+0x23/0x50
[  194.861854][ T6768]  wb_workfn+0x409/0xef0
[  194.861888][ T6768]  ? __pfx_wb_workfn+0x10/0x10
[  194.861907][ T6768]  ? __lock_acquire+0xab9/0xd20
[  194.861937][ T6768]  ? process_scheduled_works+0x9ef/0x17b0
[  194.861957][ T6768]  ? _raw_spin_unlock_irq+0x23/0x50
[  194.861972][ T6768]  ? process_scheduled_works+0x9ef/0x17b0
[  194.861985][ T6768]  ? process_scheduled_works+0x9ef/0x17b0
[  194.861999][ T6768]  process_scheduled_works+0xae1/0x17b0
[  194.862042][ T6768]  ? __pfx_process_scheduled_works+0x10/0x10
[  194.862073][ T6768]  worker_thread+0x8a0/0xda0
[  194.862113][ T6768]  kthread+0x711/0x8a0
[  194.862133][ T6768]  ? __pfx_worker_thread+0x10/0x10
[  194.862146][ T6768]  ? __pfx_kthread+0x10/0x10
[  194.862164][ T6768]  ? _raw_spin_unlock_irq+0x23/0x50
[  194.862181][ T6768]  ? lockdep_hardirqs_on+0x9c/0x150
[  194.862197][ T6768]  ? __pfx_kthread+0x10/0x10
[  194.862215][ T6768]  ret_from_fork+0x3fc/0x770
[  194.862232][ T6768]  ? __pfx_ret_from_fork+0x10/0x10
[  194.862252][ T6768]  ? __switch_to_asm+0x39/0x70
[  194.862267][ T6768]  ? __switch_to_asm+0x33/0x70
[  194.862282][ T6768]  ? __pfx_kthread+0x10/0x10
[  194.862299][ T6768]  ret_from_fork_asm+0x1a/0x30
[  194.862332][ T6768]  </TASK>
[  194.862338][ T6768] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  194.936169][ T9022] loop0: detected capacity change from 0 to 512
[  195.020900][ T9022] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  195.024296][ T9022] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  195.030411][ T9022] System zones: 0-1, 15-15, 18-18, 34-34
[  195.034595][ T9022] EXT4-fs (loop0): orphan cleanup on readonly fs
[  195.041768][ T9022] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0
[  195.045767][ T9022] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  195.070080][ T9022] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  195.078652][ T9022] EXT4-fs (loop0): 1 truncate cleaned up
[  195.082809][ T9022] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  195.129581][ T9022] fscrypt (loop0, inode 16): Error -61 getting encryption context
[  195.148585][ T9022] fscrypt (loop0, inode 16): Error -61 getting encryption context
[  195.187976][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.628529][ T9046] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  195.638499][ T9046] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  196.234118][ T9082] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1229'.
[  196.631183][ T6079] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  196.792699][ T6079] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  196.795472][ T6079] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  196.799616][ T6079] usb 2-1: config 0 has no interface number 0
[  196.802095][ T6079] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  196.806026][ T6079] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  196.814750][ T6079] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  196.818088][ T6079] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.821834][ T6079] usb 2-1: Product: syz
[  196.823466][ T6079] usb 2-1: Manufacturer: syz
[  196.825270][ T6079] usb 2-1: SerialNumber: syz
[  196.839952][ T6079] usb 2-1: config 0 descriptor??
[  197.204051][ T9117] netlink: 'syz.0.1246': attribute type 2 has an invalid length.
[  197.207511][ T9117] netlink: 'syz.0.1246': attribute type 1 has an invalid length.
[  197.213430][ T9117] netlink: 'syz.0.1246': attribute type 1 has an invalid length.
[  197.262571][ T6079] usb 2-1: USB disconnect, device number 16
[  198.212663][ T9148] tmpfs: Bad value for 'mpol'
[  199.146969][ T9163] loop0: detected capacity change from 0 to 32768
[  199.243701][ T9163] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  199.284204][   T33] audit: type=1800 audit(1757332362.717:17): pid=9178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1269" name="nullb0" dev="tmpfs" ino=2180 res=0 errno=0
[  199.314993][ T9163] XFS (loop0): Ending clean mount
[  199.336311][ T9163] XFS (loop0): Quotacheck needed: Please wait.
[  199.406414][ T9163] XFS (loop0): Quotacheck: Done.
[  199.459441][ T5858] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  199.718944][   T52] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  199.814528][ T9189] overlayfs: failed to clone lowerpath
[  199.901881][ T9190] overlayfs: failed to clone upperpath
[  199.943910][   T52] usb 2-1: Using ep0 maxpacket: 32
[  200.006266][   T52] usb 2-1: config 0 has an invalid interface number: 108 but max is 0
[  200.017395][   T52] usb 2-1: config 0 has no interface number 0
[  200.028922][   T52] usb 2-1: config 0 interface 108 altsetting 180 endpoint 0x2 has invalid wMaxPacketSize 0
[  200.044290][   T52] usb 2-1: config 0 interface 108 has no altsetting 0
[  200.101601][   T52] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=97.c3
[  200.104579][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.107487][   T52] usb 2-1: Product: syz
[  200.110181][   T52] usb 2-1: Manufacturer: syz
[  200.112268][   T52] usb 2-1: SerialNumber: syz
[  200.120889][   T52] usb 2-1: config 0 descriptor??
[  200.131308][   T52] ttusbir 2-1:0.108: cannot find expected altsetting
[  200.331916][ T6079] usb 2-1: USB disconnect, device number 17
[  200.523770][ T9210] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  201.018041][ T9241] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1295'.
[  201.092169][ T9243] loop1: detected capacity change from 0 to 512
[  201.109646][ T9243] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  201.147533][ T9243] EXT4-fs (loop1): 1 truncate cleaned up
[  201.159781][ T9243] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.177551][ T9243] EXT4-fs error (device loop1): ext4_find_dest_de:2052: inode #2: block 13: comm syz.1.1296: bad entry in directory: '.' directory cannot be the last in data block - offset=0, inode=2, rec_len=1024, size=1024 fake=1
[  201.547650][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.193902][ T9282] loop1: detected capacity change from 0 to 2048
[  202.227054][ T9282] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.239813][ T9285] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1314'.
[  202.251729][ T9282] EXT4-fs error (device loop1): ext4_search_dir:1474: inode #12: block 9: comm syz.1.1313: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0
[  202.303861][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.316551][ T9287] netlink: 236 bytes leftover after parsing attributes in process `syz.0.1315'.
[  202.393182][ T9289] loop0: detected capacity change from 0 to 256
[  202.412507][ T9289] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1f7c91f3, utbl_chksum : 0xe619d30d)
[  202.424459][ T9291] loop1: detected capacity change from 0 to 64
[  202.577694][ T9295] exFAT-fs (loop0): valid_size(100667392) is greater than size(4096)
[  202.713202][ T9299] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1320'.
[  202.911723][ T9308] netlink: 'syz.1.1323': attribute type 10 has an invalid length.
[  202.929097][ T9308] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  203.248814][ T5865] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  203.418383][ T5865] usb 2-1: Using ep0 maxpacket: 8
[  203.429629][ T5865] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[  203.435097][ T5865] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  203.437891][ T5865] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  203.451232][ T5865] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  203.455574][ T5865] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x2B, changing to 0xB
[  203.461115][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 239, changing to 11
[  203.465280][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 34725, setting to 1024
[  203.470708][ T5865] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  203.496343][ T5865] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  203.499980][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.504454][ T5865] usb 2-1: Product: syz
[  203.505884][ T5865] usb 2-1: Manufacturer: syz
[  203.513161][ T5865] usb 2-1: SerialNumber: syz
[  203.516752][ T5865] usb 2-1: config 0 descriptor??
[  203.528892][ T9315] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  203.541445][ T5865] hub 2-1:0.0: bad descriptor, ignoring hub
[  203.543744][ T5865] hub 2-1:0.0: probe with driver hub failed with error -5
[  203.849718][ T5865] usb 2-1: USB disconnect, device number 18
[  203.915492][ T9356] loop0: detected capacity change from 0 to 32768
[  204.022035][ T9356] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,promote_target=invalid device 15,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io
[  204.022061][ T9356]   allowing incompatible features above 0.0: (unknown version)
[  204.022070][ T9356]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  204.041601][ T9356] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  204.045083][ T9356] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  204.047990][ T9356] bcachefs (loop0): Version upgrade required:
[  204.047990][ T9356] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  204.047990][ T9356] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  204.047990][ T9356]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  204.078955][ T9356] bcachefs (loop0): dropping and reconstructing all alloc info
[  204.105188][ T9356] bcachefs (loop0): accounting_read... done
[  204.111582][ T9356] bcachefs (loop0): alloc_read... done
[  204.114216][ T9356] bcachefs (loop0): snapshots_read... done
[  204.117418][ T9356] bcachefs (loop0): done starting filesystem
[  204.174365][ T5858] bcachefs (loop0): shutting down
[  204.267993][ T5858] bcachefs (loop0): shutdown complete
[  205.285234][ T9392] vlan2: entered promiscuous mode
[  205.287453][ T9392] vlan2: entered allmulticast mode
[  205.295253][ T9392] hsr_slave_1: entered allmulticast mode
[  205.352701][ T9392] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1358'.
[  205.543151][ T9402] fuse: Bad value for 'fd'
[  206.348637][ T9431] cgroup: Invalid name
[  206.637549][ T9451] loop1: detected capacity change from 0 to 16
[  206.643802][ T9451] erofs (device loop1): mounted with root inode @ nid 36.
[  206.657849][   T33] audit: type=1800 audit(1757332370.087:18): pid=9451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1384" name="file1" dev="loop1" ino=86 res=0 errno=0
[  207.127999][ T5865] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  207.288513][ T5865] usb 1-1: Using ep0 maxpacket: 8
[  207.382155][ T5865] usb 1-1: unable to get BOS descriptor or descriptor too short
[  207.459561][ T5865] usb 1-1: config 7 has an invalid interface number: 142 but max is 0
[  207.485612][ T5865] usb 1-1: config 7 has no interface number 0
[  207.543032][ T5865] usb 1-1: New USB device found, idVendor=045e, idProduct=0775, bcdDevice=dd.6d
[  207.547236][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.550554][ T5865] usb 1-1: Product: syz
[  207.552299][ T5865] usb 1-1: Manufacturer: syz
[  207.554136][ T5865] usb 1-1: SerialNumber: syz
[  207.587377][ T9467] ceph: No mds server is up or the cluster is laggy
[  207.587400][ T9460] ceph: No mds server is up or the cluster is laggy
[  207.777240][ T5865] usb 1-1: USB disconnect, device number 22
[  208.278476][ T5865] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  208.303110][ T9497] loop0: detected capacity change from 0 to 256
[  208.384706][ T9501] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.441365][ T5865] usb 2-1: unable to get BOS descriptor or descriptor too short
[  208.448454][ T5865] usb 2-1: not running at top speed; connect to a high speed hub
[  208.451833][ T5865] usb 2-1: config 5 has an invalid interface number: 246 but max is 0
[  208.455352][ T5865] usb 2-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  208.461305][ T5865] usb 2-1: config 5 has no interface number 0
[  208.463951][ T5865] usb 2-1: config 5 interface 246 altsetting 4 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  208.475051][ T5865] usb 2-1: config 5 interface 246 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  208.479984][ T5865] usb 2-1: config 5 interface 246 has no altsetting 0
[  208.484584][ T5865] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4
[  208.488876][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.492240][ T5865] usb 2-1: Product: syz
[  208.493973][ T5865] usb 2-1: Manufacturer: syz
[  208.502710][ T5865] usb 2-1: SerialNumber: syz
[  208.636359][ T9517] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.674867][ T9519] loop0: detected capacity change from 0 to 16
[  208.687669][ T9519] erofs (device loop0): mounted with root inode @ nid 36.
[  208.765406][ T5865] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  208.780335][ T5923] usb 2-1: Failed to submit usb control message: -71
[  208.783549][ T5923] usb 2-1: unable to send the bmi data to the device: -71
[  208.790800][ T5865] usb 2-1: USB disconnect, device number 19
[  208.803680][ T5923] usb 2-1: unable to get target info from device
[  208.806253][ T5923] usb 2-1: could not get target info (-71)
[  208.829032][ T5923] usb 2-1: could not probe fw (-71)
[  209.484251][ T9547] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1426'.
[  209.621655][ T9557] loop1: detected capacity change from 0 to 256
[  209.646342][ T9557] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  210.165772][ T9590] loop0: detected capacity change from 0 to 128
[  210.170585][ T9590] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  210.175255][ T9590] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  210.214638][ T1092] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  210.608811][ T5890] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  210.737154][ T9614] loop1: detected capacity change from 0 to 2048
[  210.756007][ T5870] udevd[5870]: incorrect nilfs2 checksum on /dev/loop1
[  210.759761][ T9614] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  210.762853][ T9614] NILFS (loop1): mounting unchecked fs
[  210.785299][ T5870] udevd[5870]: incorrect nilfs2 checksum on /dev/loop1
[  210.798739][ T9614] NILFS (loop1): recovery complete
[  210.801280][ T9616] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  210.848452][ T5890] usb 1-1: Using ep0 maxpacket: 32
[  210.985611][ T5890] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  211.005972][ T5890] usb 1-1: config 0 interface 0 has no altsetting 0
[  211.009057][ T5890] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  211.013010][ T5890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.025192][ T5890] usb 1-1: config 0 descriptor??
[  211.165017][ T9620] fuse: Bad value for 'fd'
[  211.524234][ T5890] vrc2 0003:07C0:1125.0009: fixing up VRC-2 report descriptor
[  211.537867][ T5890] input: HID 07c0:1125 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:07C0:1125.0009/input/input10
[  211.583058][ T9639] netlink: 360 bytes leftover after parsing attributes in process `syz.2.1465'.
[  211.667471][ T5890] vrc2 0003:07C0:1125.0009: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.0-1/input0
[  211.691144][ T5890] usb 1-1: USB disconnect, device number 23
[  212.852429][ T9669] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  212.854937][ T9669] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  212.868483][ T9669] vhci_hcd vhci_hcd.0: Device attached
[  212.912944][ T9665] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(8)
[  212.914991][ T9665] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  212.920604][ T9665] vhci_hcd vhci_hcd.0: Device attached
[  212.924676][ T9665] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  212.932461][ T9665] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  212.941112][ T9665] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(14)
[  212.943230][ T9665] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  212.945993][ T9665] vhci_hcd vhci_hcd.0: Device attached
[  212.950159][ T9674] vhci_hcd: connection closed
[  212.950449][ T9677] vhci_hcd: connection closed
[  212.956041][ T9671] vhci_hcd: connection closed
[  212.956206][ T5923] vhci_hcd: stop threads
[  212.961139][ T5923] vhci_hcd: release socket
[  212.962732][ T5923] vhci_hcd: disconnect device
[  212.966365][ T5923] vhci_hcd: stop threads
[  212.967801][ T5923] vhci_hcd: release socket
[  212.972244][ T5923] vhci_hcd: disconnect device
[  212.974235][ T5923] vhci_hcd: stop threads
[  212.975651][ T5923] vhci_hcd: release socket
[  212.977072][ T5923] vhci_hcd: disconnect device
[  213.259462][ T9682] cgroup: fork rejected by pids controller in /syz2
[  213.416689][ T9733] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1484'.
[  213.421128][ T9733] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1484'.
[  213.764656][ T9737] loop0: detected capacity change from 0 to 32768
[  213.789570][ T9751] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1495'.
[  213.793879][ T9737] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  213.793879][ T9737] 
[  213.806493][ T9737] ERROR: (device loop0): remounting filesystem as read-only
[  213.817528][ T9737] ialloc: diAlloc returned -5!
[  214.133700][   T33] audit: type=1326 audit(2000000002.350:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9768 comm="syz.0.1504" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9acd8ebe9 code=0x0
[  214.478336][ T5890] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  214.630465][ T5890] usb 2-1: config 0 has an invalid interface number: 112 but max is 0
[  214.633651][ T5890] usb 2-1: config 0 has no interface number 0
[  214.635977][ T5890] usb 2-1: config 0 interface 112 altsetting 0 endpoint 0xF has invalid maxpacket 1007, setting to 64
[  214.640842][ T5890] usb 2-1: New USB device found, idVendor=3154, idProduct=721e, bcdDevice= 9.c6
[  214.644275][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.652161][ T5890] usb 2-1: config 0 descriptor??
[  214.660227][ T5890] usb-storage 2-1:0.112: USB Mass Storage device detected
[  214.874342][ T5890] usb 2-1: USB disconnect, device number 20
[  215.234858][ T9802] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1515'.
[  215.291205][ T9805] netlink: 'syz.0.1516': attribute type 6 has an invalid length.
[  215.712178][ T9834] PKCS8: Unsupported PKCS#8 version
[  217.098340][ T6079] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  217.258268][ T6079] usb 2-1: Using ep0 maxpacket: 32
[  217.262364][ T6079] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  217.265512][ T6079] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.270992][ T6079] usb 2-1: config 0 descriptor??
[  217.281547][ T6079] as10x_usb: device has been detected
[  217.283737][ T6079] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  217.297889][ T6079] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  217.322674][ T6079] as10x_usb: error during firmware upload part1
[  217.325773][ T6079] Registered device nBox DVB-T Dongle
[  217.480147][  T793] usb 2-1: USB disconnect, device number 21
[  217.515561][  T793] Unregistered device nBox DVB-T Dongle
[  217.518577][  T793] as10x_usb: device has been disconnected
[  217.838284][ T6079] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  217.992415][ T6079] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.996771][ T6079] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  218.006780][ T6079] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  218.012035][ T6079] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.018622][ T6079] usb 1-1: config 0 descriptor??
[  218.137686][ T9906] loop1: detected capacity change from 0 to 512
[  218.183456][ T9906] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.189319][ T9906] ext4 filesystem being mounted at /486/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  218.235324][ T9906] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #12: comm syz.1.1562: corrupted xattr block 6: invalid header
[  218.243115][ T9906] EXT4-fs (loop1): Remounting filesystem read-only
[  218.259155][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.273203][ T6409] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  218.276944][ T6409] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  218.360974][ T9911] loop1: detected capacity change from 0 to 512
[  218.398059][ T9911] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.408757][ T9911] ext4 filesystem being mounted at /487/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  218.437945][ T9886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.447998][ T9886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.461345][ T6079] usbhid 1-1:0.0: can't add hid device: -71
[  218.463857][ T6079] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  218.484028][ T6079] usb 1-1: USB disconnect, device number 24
[  218.520070][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.639118][ T9919] loop1: detected capacity change from 0 to 256
[  218.646654][ T9919] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  218.659585][ T9919] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  218.671559][ T9919] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  220.098370][ T5865] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  220.467179][ T5865] usb 1-1: Using ep0 maxpacket: 32
[  220.982186][ T5865] usb 1-1: unable to get BOS descriptor or descriptor too short
[  220.986458][ T5865] usb 1-1: config 4 has an invalid interface number: 10 but max is 0
[  220.990154][ T5865] usb 1-1: config 4 has no interface number 0
[  220.992639][ T5865] usb 1-1: config 4 interface 10 has no altsetting 0
[  221.000171][ T5865] usb 1-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=b6.15
[  221.003764][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.013657][ T5865] usb 1-1: Product: syz
[  221.015691][ T5865] usb 1-1: Manufacturer: syz
[  221.019015][ T5865] usb 1-1: SerialNumber: syz
[  221.172914][ T9990] sch_fq: defrate 0 ignored.
[  221.245656][ T9994] netlink: 'syz.1.1600': attribute type 3 has an invalid length.
[  221.249897][ T9994] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1600'.
[  221.345584][ T5865] radio-si470x 1-1:4.10: could not find interrupt in endpoint
[  221.386600][ T5865] radio-si470x 1-1:4.10: probe with driver radio-si470x failed with error -5
[  221.390993][ T5865] usbhid 1-1:4.10: couldn't find an input interrupt endpoint
[  221.408412][ T5865] usb 1-1: USB disconnect, device number 25
[  224.093090][T10039] bad cache= option: no%e
[  224.093090][T10039] 
[  224.096238][T10039] CIFS: VFS: bad cache= option: no%e
[  224.209906][T10041] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1621'.
[  224.235016][T10040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  224.259742][T10032] loop0: detected capacity change from 0 to 32768
[  224.291146][T10032] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  224.338033][T10032] XFS (loop0): Ending clean mount
[  224.363043][   T33] audit: type=1800 audit(2000000012.570:20): pid=10032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1615" name="file1" dev="loop0" ino=6150 res=0 errno=0
[  224.409476][T10032] Direct I/O collision with buffered writes! File: /file1 Comm: syz.0.1615
[  224.473901][ T5858] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  224.664073][T10060] loop0: detected capacity change from 0 to 128
[  224.679730][T10060] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  224.720362][ T5858] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  224.912199][T10074] syz.2.1633 (10074): attempted to duplicate a private mapping with mremap.  This is not supported.
[  224.931583][T10076] netlink: 'syz.0.1632': attribute type 1 has an invalid length.
[  225.345106][T10079] loop1: detected capacity change from 0 to 32768
[  225.389468][T10079] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  225.776631][ T5863] ocfs2: Unmounting device (7,1) on (node local)
[  225.868785][ T6079] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  226.074640][T10104] loop1: detected capacity change from 0 to 32768
[  226.078568][T10104] BTRFS info: device /dev/loop1 (7:1) using temp-fsid 0252de8f-327e-47f7-984b-af4899bb52df
[  226.082233][T10104] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1645 (10104)
[  226.088136][T10104] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  226.091310][T10104] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  226.094567][T10104] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  226.168936][ T6079] usb 1-1: Using ep0 maxpacket: 16
[  226.181359][ T6079] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.202587][ T6079] usb 1-1: config 0 interface 0 has no altsetting 0
[  226.205377][ T6079] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  226.223915][ T6079] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.232319][T10104] BTRFS info (device loop1): rebuilding free space tree
[  226.273608][T10104] BTRFS info (device loop1): disabling free space tree
[  226.276601][T10104] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  226.280905][T10104] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  226.292731][T10104] BTRFS info (device loop1): setting nodatasum
[  226.295329][T10104] BTRFS info (device loop1): setting nodatacow
[  226.297779][T10104] BTRFS info (device loop1): enabling ssd optimizations
[  226.300654][T10104] BTRFS info (device loop1): using spread ssd allocation scheme
[  226.303710][T10104] BTRFS info (device loop1): turning off barriers
[  226.306268][T10104] BTRFS info (device loop1): enabling disk space caching
[  226.309108][T10104] BTRFS info (device loop1): force clearing of disk cache
[  226.319509][ T6079] usb 1-1: config 0 descriptor??
[  226.371436][   T33] audit: type=1800 audit(2000000014.590:21): pid=10104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1645" name="bus" dev="loop1" ino=263 res=0 errno=0
[  226.433902][ T5863] BTRFS info (device loop1): last unmount of filesystem 0252de8f-327e-47f7-984b-af4899bb52df
[  226.760754][ T6079] nzxt-smart2 0003:1E71:2009.000A: unknown main item tag 0x0
[  226.763822][ T6079] nzxt-smart2 0003:1E71:2009.000A: unknown main item tag 0x0
[  226.766793][ T6079] nzxt-smart2 0003:1E71:2009.000A: unknown main item tag 0x0
[  226.791747][ T6079] nzxt-smart2 0003:1E71:2009.000A: unknown main item tag 0x0
[  226.794660][ T6079] nzxt-smart2 0003:1E71:2009.000A: unknown main item tag 0x0
[  226.819400][ T6079] nzxt-smart2 0003:1E71:2009.000A: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0
[  226.946974][    C0] usb 1-1: input irq status -75 received
[  227.060636][T10135] loop1: detected capacity change from 0 to 128
[  227.072616][T10135] FAT-fs (loop1): Directory bread(block 32) failed
[  227.075229][T10135] FAT-fs (loop1): Directory bread(block 33) failed
[  227.082188][T10135] FAT-fs (loop1): Directory bread(block 34) failed
[  227.084955][T10135] FAT-fs (loop1): Directory bread(block 35) failed
[  227.087698][T10135] FAT-fs (loop1): Directory bread(block 36) failed
[  227.095992][T10135] FAT-fs (loop1): Directory bread(block 37) failed
[  227.100343][T10135] FAT-fs (loop1): Directory bread(block 38) failed
[  227.110068][T10135] FAT-fs (loop1): Directory bread(block 39) failed
[  227.114846][T10135] FAT-fs (loop1): Directory bread(block 40) failed
[  227.117329][T10135] FAT-fs (loop1): Directory bread(block 41) failed
[  227.171930][  T793] usb 1-1: USB disconnect, device number 26
[  227.253433][T10142] Falling back ldisc for ptm0.
[  227.277172][T10143] kAFS: No cell specified
[  227.363204][T10148] loop1: detected capacity change from 0 to 1024
[  227.385453][T10148] EXT4-fs: Ignoring removed nobh option
[  227.387765][T10148] EXT4-fs: Ignoring removed bh option
[  227.407963][T10148] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.425545][T10148] syz_tun: entered allmulticast mode
[  227.436264][T10147] syz_tun: left allmulticast mode
[  227.460710][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.532513][T10159] sp0: Synchronizing with TNC
[  227.551709][T10158] [U] 
[  227.906327][T10172] netlink: 'syz.0.1666': attribute type 1 has an invalid length.
[  228.754474][T10190] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1676'.
[  229.174818][T10194] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (16777216)
[  230.409943][T10220] loop0: detected capacity change from 0 to 131072
[  230.414135][T10220] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  230.417695][T10220] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  230.423368][T10220] F2FS-fs (loop0): invalid crc value
[  230.501542][T10220] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  230.509755][T10220] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  230.512469][T10220] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  230.744545][T10245] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1699'.
[  230.753119][T10245] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1699'.
[  230.856898][T10247] loop1: detected capacity change from 0 to 256
[  230.867756][T10247] exfat: Deprecated parameter 'namecase'
[  230.877219][T10247] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  231.237330][T10258] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1696'.
[  231.642866][T10266] trusted_key: syz.0.1706 sent an empty control message without MSG_MORE.
[  233.972761][T10324] cgroup: Name too long
[  234.162824][T10322] loop1: detected capacity change from 0 to 32768
[  234.173443][T10322] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  234.217765][T10322] XFS (loop1): Ending clean mount
[  234.234355][T10322] XFS (loop1): Quotacheck needed: Please wait.
[  234.277015][T10322] XFS (loop1): Quotacheck: Done.
[  234.328675][ T5863] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  234.765488][T10350] loop0: detected capacity change from 0 to 128
[  235.668695][   T33] audit: type=1326 audit(2000000023.880:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.677170][   T33] audit: type=1326 audit(2000000023.880:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.683892][T10368] loop1: detected capacity change from 0 to 1024
[  235.693609][   T33] audit: type=1326 audit(2000000023.880:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.703215][   T33] audit: type=1326 audit(2000000023.880:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.713662][   T33] audit: type=1326 audit(2000000023.880:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.723794][   T33] audit: type=1326 audit(2000000023.880:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.834681][T10368] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  235.850790][   T33] audit: type=1326 audit(2000000023.880:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.890725][   T33] audit: type=1326 audit(2000000023.880:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.907287][   T33] audit: type=1326 audit(2000000023.880:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  235.933404][   T33] audit: type=1326 audit(2000000023.880:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10367 comm="syz.1.1747" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f416298ebe9 code=0x7ffc0000
[  236.062394][T10378] usb usb1: usbfs: process 10378 (syz.0.1750) did not claim interface 4 before use
[  236.106779][T10368] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.1747: Allocating blocks 497-513 which overlap fs metadata
[  236.360984][T10368] EXT4-fs (loop1): pa ffff888103565e80: logic 32, phys. 161, len 22
[  236.364213][T10368] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[  236.371491][T10368] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 97:freeing already freed block (bit 6); block bitmap corrupt.
[  236.453739][T10403] loop0: detected capacity change from 0 to 256
[  236.457122][T10403] exfat: Deprecated parameter 'utf8'
[  236.460335][T10403] exfat: Unexpected value for 'utf8'
[  236.514621][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.520637][T10404] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1761'.
[  237.158328][  T793] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  237.329531][  T793] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  237.339359][  T793] usb 2-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  237.342814][  T793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.354969][  T793] usb 2-1: config 0 descriptor??
[  237.381579][  T793] smsusb:smsusb_probe: board id=8, interface number 0
[  237.384972][  T793] smsusb:smsusb_probe: Device initialized with return code -19
[  237.604823][  T793] usb 2-1: USB disconnect, device number 22
[  237.884415][   T57] block nbd1: Receive control failed (result -107)
[  237.928321][T10415] nbd1: detected capacity change from 0 to 32
[  237.936371][ T5870] block nbd1: Dead connection, failed to find a fallback
[  237.943749][ T5870] block nbd1: shutting down sockets
[  237.947228][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  237.953928][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  237.967647][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  237.978133][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  237.988536][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  237.994748][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  237.998019][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.005149][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  238.013321][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.017784][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  238.021379][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.025653][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  238.038934][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.042798][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  238.046265][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.051242][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  238.058543][ T5870] ldm_validate_partition_table(): Disk read failed.
[  238.061549][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.070045][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  238.074067][ T5870] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.077874][ T5870] Buffer I/O error on dev nbd1, logical block 0, async page read
[  238.081884][ T5870] Dev nbd1: unable to read RDB block 0
[  238.084721][ T5870]  nbd1: unable to read partition table
[  238.095889][ T5870] ldm_validate_partition_table(): Disk read failed.
[  238.099722][ T5870] Dev nbd1: unable to read RDB block 0
[  238.102618][ T5870]  nbd1: unable to read partition table
[  238.441264][T10450] loop0: detected capacity change from 0 to 2048
[  238.481694][T10450] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.498536][T10450] ext4 filesystem being mounted at /596/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.516128][T10458] loop1: detected capacity change from 0 to 256
[  238.534509][T10458] FAT-fs (loop1): Directory bread(block 64) failed
[  238.537244][T10458] FAT-fs (loop1): Directory bread(block 65) failed
[  238.541136][T10458] FAT-fs (loop1): Directory bread(block 66) failed
[  238.543881][T10458] FAT-fs (loop1): Directory bread(block 67) failed
[  238.546600][T10458] FAT-fs (loop1): Directory bread(block 68) failed
[  238.549546][T10458] FAT-fs (loop1): Directory bread(block 69) failed
[  238.552631][T10458] FAT-fs (loop1): Directory bread(block 70) failed
[  238.555501][T10458] FAT-fs (loop1): Directory bread(block 71) failed
[  238.559515][T10458] FAT-fs (loop1): Directory bread(block 72) failed
[  238.562751][T10458] FAT-fs (loop1): Directory bread(block 73) failed
[  238.573497][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.701403][ T6761] kworker/u9:7: attempt to access beyond end of device
[  238.701403][ T6761] loop1: rw=1, sector=1224, nr_sectors = 32 limit=256
[  238.710427][ T6761] kworker/u9:7: attempt to access beyond end of device
[  238.710427][ T6761] loop1: rw=1, sector=1288, nr_sectors = 32 limit=256
[  238.716646][ T6761] kworker/u9:7: attempt to access beyond end of device
[  238.716646][ T6761] loop1: rw=1, sector=1352, nr_sectors = 32 limit=256
[  238.730406][ T6761] kworker/u9:7: attempt to access beyond end of device
[  238.730406][ T6761] loop1: rw=1, sector=1416, nr_sectors = 32 limit=256
[  238.829722][  T793] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  238.848653][  T793] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  239.066624][T10473] loop1: detected capacity change from 0 to 1024
[  239.518447][ T6079] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  239.688508][ T6079] usb 2-1: Using ep0 maxpacket: 8
[  239.703049][ T6079] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  239.707113][ T6079] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  239.717321][ T6079] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.730407][ T6079] usb 2-1: config 0 descriptor??
[  239.957344][ T6079] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  240.176253][ T5865] usb 2-1: USB disconnect, device number 23
[  240.188836][T10500] loop0: detected capacity change from 0 to 131072
[  240.208327][T10500] F2FS-fs (loop0): invalid crc value
[  240.256082][T10500] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  240.262577][T10500] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  240.274508][T10500] F2FS-fs (loop0): lookup inode (7) has corrupted xattr
[  241.026706][T10532] loop1: detected capacity change from 0 to 32768
[  241.539956][T10569] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1835'.
[  242.373340][T10588] Invalid ELF header magic: != ELF
[  242.416648][T10591] sp0: Synchronizing with TNC
[  242.420907][T10591] sp0: Found TNC
[  242.578791][T10600] batadv_slave_1: entered promiscuous mode
[  242.583527][T10599] batadv_slave_1: left promiscuous mode
[  242.703485][T10606] unknown channel width for channel at 909000KHz?
[  242.805798][T10610] sp0: Synchronizing with TNC
[  243.504325][T10608] overlayfs: failed to clone upperpath
[  243.591610][T10623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1859'.
[  243.595669][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1859'.
[  243.608365][T10623] netlink: 'syz.1.1859': attribute type 12 has an invalid length.
[  243.611534][T10623] netlink: 'syz.1.1859': attribute type 11 has an invalid length.
[  243.682958][T10629] ptrace attach of "/syz-executor exec"[5858] was attempted by ""[10629]
[  243.774740][T10631] loop0: detected capacity change from 0 to 1024
[  243.813080][T10631] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.888955][T10642] 9pnet_fd: Insufficient options for proto=fd
[  243.917518][T10644] sch_tbf: peakrate 7 is lower than or equals to rate 7 !
[  243.993008][T10649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1869'.
[  244.017348][ T5865] usb 2-1: new low-speed USB device number 24 using dummy_hcd
[  244.329936][ T5865] usb 2-1: config index 0 descriptor too short (expected 36, got 30)
[  244.333647][ T5865] usb 2-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config
[  244.337591][ T5865] usb 2-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  244.343607][ T5865] usb 2-1: config 0 interface 0 has no altsetting 0
[  244.346109][ T5865] usb 2-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00
[  244.349472][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.354673][ T5865] usb 2-1: config 0 descriptor??
[  244.363149][ T5865] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  244.568953][  T793] usb 2-1: USB disconnect, device number 24
[  244.671303][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.777889][T10662] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1875'.
[  244.954901][T10670] loop0: detected capacity change from 0 to 1024
[  245.006546][T10670] hfsplus: catalog searching failed
[  245.030636][ T6772] hfsplus: b-tree write err: -5, ino 3
[  245.461237][T10696] loop0: detected capacity change from 0 to 128
[  245.502084][T10696] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  245.513706][T10696] ext4 filesystem being mounted at /630/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  245.554930][ T5858] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  248.490335][T10781] bond_slave_0: entered promiscuous mode
[  248.493350][T10781] bond_slave_1: entered promiscuous mode
[  248.508106][T10781] macsec1: entered promiscuous mode
[  248.513442][T10781] bond0: entered promiscuous mode
[  248.515869][T10781] macsec1: entered allmulticast mode
[  248.517816][T10781] bond0: entered allmulticast mode
[  248.520405][T10781] bond_slave_0: entered allmulticast mode
[  248.522440][T10781] bond_slave_1: entered allmulticast mode
[  248.529304][T10781] bond0: left allmulticast mode
[  248.530881][T10781] bond_slave_0: left allmulticast mode
[  248.532595][T10781] bond_slave_1: left allmulticast mode
[  248.534268][T10781] bond0: left promiscuous mode
[  248.536464][T10781] bond_slave_0: left promiscuous mode
[  248.538640][T10781] bond_slave_1: left promiscuous mode
[  248.639481][T10790] loop0: detected capacity change from 0 to 4096
[  248.692383][T10796] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1930'.
[  248.745927][T10798] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1931'.
[  249.009196][T10806] loop1: detected capacity change from 0 to 32768
[  249.038862][T10806] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  249.049763][   T33] kauditd_printk_skb: 65 callbacks suppressed
[  249.049774][   T33] audit: type=1800 audit(2000000037.270:97): pid=10806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1935" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  249.099284][T10817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1939'.
[  249.105086][ T5863] ocfs2: Unmounting device (7,1) on (node local)
[  249.376263][T10831] 8021q: VLANs not supported on lo
[  250.859679][T10849] loop0: detected capacity change from 0 to 4096
[  250.887757][T10849] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.925345][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.990722][T10853] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1954'.
[  251.449867][T10867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1959'.
[  251.926889][T10869] loop0: detected capacity change from 0 to 16
[  251.932565][T10869] erofs (device loop0): mounted with root inode @ nid 36.
[  252.040215][T10869] erofs (device loop0): corrupted dir block 72 @ nid 36
[  252.076352][T10870] erofs (device loop0): invalid de[0].nameoff 0 @ nid 36
[  252.452067][T10874] loop0: detected capacity change from 0 to 32768
[  252.461638][T10874] (syz.0.1961,10874,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  252.472180][T10874] (syz.0.1961,10874,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  252.513814][T10874] JBD2: Ignoring recovery information on journal
[  252.563033][T10874] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  252.661566][   T33] audit: type=1800 audit(2000000040.880:98): pid=10874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1961" name="file1" dev="loop0" ino=16979 res=0 errno=0
[  253.140359][T10899] loop1: detected capacity change from 0 to 32768
[  253.148406][ T5858] ocfs2: Unmounting device (7,0) on (node local)
[  253.395445][T10908] loop1: detected capacity change from 0 to 2048
[  253.419041][T10908] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.434378][   T33] audit: type=1800 audit(2000000041.650:99): pid=10908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1976" name="bus" dev="loop1" ino=18 res=0 errno=0
[  253.547090][T10915] ==================================================================
[  253.550329][T10915] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  253.553264][T10915] Read of size 4 at addr ffff8880271440c4 by task syz.0.1979/10915
[  253.556569][T10915] 
[  253.558325][T10915] CPU: 1 UID: 0 PID: 10915 Comm: syz.0.1979 Not tainted syzkaller #0 PREEMPT(full) 
[  253.558347][T10915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.558358][T10915] Call Trace:
[  253.558365][T10915]  <TASK>
[  253.558374][T10915]  dump_stack_lvl+0x189/0x250
[  253.558402][T10915]  ? __kasan_check_byte+0x12/0x40
[  253.558428][T10915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.558444][T10915]  ? lock_release+0x4b/0x3e0
[  253.558466][T10915]  ? __virt_addr_valid+0x4a5/0x5c0
[  253.558484][T10915]  print_report+0xca/0x240
[  253.558504][T10915]  ? xfrm_alloc_spi+0x570/0xf30
[  253.558522][T10915]  kasan_report+0x118/0x150
[  253.558543][T10915]  ? xfrm_alloc_spi+0x570/0xf30
[  253.558561][T10915]  xfrm_alloc_spi+0x570/0xf30
[  253.558575][T10915]  ? xfrm_alloc_spi+0x2a0/0xf30
[  253.558595][T10915]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  253.558610][T10915]  ? xfrm_find_acq+0x87/0xa0
[  253.558627][T10915]  xfrm_alloc_userspi+0x70b/0xc90
[  253.558649][T10915]  ? apparmor_capable+0x137/0x1b0
[  253.558664][T10915]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  253.558683][T10915]  ? __nla_parse+0x40/0x60
[  253.558705][T10915]  xfrm_user_rcv_msg+0x7a3/0xab0
[  253.558723][T10915]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  253.558751][T10915]  ? __pfx___mutex_trylock_common+0x10/0x10
[  253.558768][T10915]  ? rcu_is_watching+0x15/0xb0
[  253.558781][T10915]  ? trace_contention_end+0x39/0x120
[  253.558796][T10915]  ? __mutex_lock+0x335/0x1350
[  253.558811][T10915]  netlink_rcv_skb+0x208/0x470
[  253.558834][T10915]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  253.558850][T10915]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  253.558876][T10915]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.558896][T10915]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.558916][T10915]  xfrm_netlink_rcv+0x79/0x90
[  253.558933][T10915]  netlink_unicast+0x82f/0x9e0
[  253.558953][T10915]  ? __pfx_netlink_unicast+0x10/0x10
[  253.558971][T10915]  ? netlink_sendmsg+0x642/0xb30
[  253.558982][T10915]  ? skb_put+0x11b/0x210
[  253.558997][T10915]  netlink_sendmsg+0x805/0xb30
[  253.559013][T10915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.559027][T10915]  ? aa_sock_msg_perm+0xf1/0x1d0
[  253.559043][T10915]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  253.559063][T10915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.559080][T10915]  __sock_sendmsg+0x21c/0x270
[  253.559105][T10915]  ____sys_sendmsg+0x505/0x830
[  253.559131][T10915]  ? __pfx_____sys_sendmsg+0x10/0x10
[  253.559153][T10915]  ? import_iovec+0x74/0xa0
[  253.559176][T10915]  ___sys_sendmsg+0x21f/0x2a0
[  253.559233][T10915]  ? __pfx____sys_sendmsg+0x10/0x10
[  253.559270][T10915]  ? __fget_files+0x2a/0x420
[  253.559284][T10915]  ? __fget_files+0x3a0/0x420
[  253.559305][T10915]  __x64_sys_sendmsg+0x19b/0x260
[  253.559324][T10915]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  253.559350][T10915]  ? rcu_is_watching+0x15/0xb0
[  253.559382][T10915]  ? do_syscall_64+0xbe/0x3b0
[  253.559402][T10915]  do_syscall_64+0xfa/0x3b0
[  253.559417][T10915]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.559440][T10915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.559460][T10915]  ? exc_page_fault+0x9f/0xf0
[  253.559483][T10915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.559506][T10915] RIP: 0033:0x7fe9acd8ebe9
[  253.559523][T10915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.559539][T10915] RSP: 002b:00007fe9adbea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  253.559557][T10915] RAX: ffffffffffffffda RBX: 00007fe9acfc5fa0 RCX: 00007fe9acd8ebe9
[  253.559574][T10915] RDX: 0000000000000010 RSI: 0000200000000640 RDI: 0000000000000003
[  253.559586][T10915] RBP: 00007fe9ace11e19 R08: 0000000000000000 R09: 0000000000000000
[  253.559601][T10915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.559613][T10915] R13: 00007fe9acfc6038 R14: 00007fe9acfc5fa0 R15: 00007fff8a1b1b48
[  253.559637][T10915]  </TASK>
[  253.559645][T10915] 
[  253.707652][T10915] Allocated by task 8185:
[  253.709430][T10915]  kasan_save_track+0x3e/0x80
[  253.711336][T10915]  __kasan_slab_alloc+0x6c/0x80
[  253.713317][T10915]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  253.715563][T10915]  xfrm_state_alloc+0x24/0x2f0
[  253.717504][T10915]  xfrm_state_find+0x37d4/0x5400
[  253.719499][T10915]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  253.721990][T10915]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  253.723884][T10915]  xfrm_lookup_route+0x3c/0x1c0
[  253.725842][T10915]  __ip4_datagram_connect+0x9a5/0x1270
[  253.728011][T10915]  __ip6_datagram_connect+0x9f0/0x1150
[  253.730169][T10915]  ip6_datagram_connect_v6_only+0x63/0xa0
[  253.732425][T10915]  __sys_connect+0x316/0x440
[  253.734275][T10915]  __x64_sys_connect+0x7a/0x90
[  253.736132][T10915]  do_syscall_64+0xfa/0x3b0
[  253.737918][T10915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.740289][T10915] 
[  253.741249][T10915] Freed by task 6079:
[  253.742796][T10915]  kasan_save_track+0x3e/0x80
[  253.744627][T10915]  kasan_save_free_info+0x46/0x50
[  253.746598][T10915]  __kasan_slab_free+0x5b/0x80
[  253.748510][T10915]  kmem_cache_free+0x18f/0x400
[  253.750358][T10915]  xfrm_state_gc_task+0x52d/0x6b0
[  253.752335][T10915]  process_scheduled_works+0xae1/0x17b0
[  253.754512][T10915]  worker_thread+0x8a0/0xda0
[  253.756311][T10915]  kthread+0x711/0x8a0
[  253.757907][T10915]  ret_from_fork+0x3fc/0x770
[  253.759774][T10915]  ret_from_fork_asm+0x1a/0x30
[  253.761697][T10915] 
[  253.762662][T10915] The buggy address belongs to the object at ffff888027144000
[  253.762662][T10915]  which belongs to the cache xfrm_state of size 928
[  253.767779][T10915] The buggy address is located 196 bytes inside of
[  253.767779][T10915]  freed 928-byte region [ffff888027144000, ffff8880271443a0)
[  253.773062][T10915] 
[  253.774031][T10915] The buggy address belongs to the physical page:
[  253.776543][T10915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888027144000 pfn:0x27144
[  253.780439][T10915] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  253.783712][T10915] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  253.786691][T10915] page_type: f5(slab)
[  253.788306][T10915] raw: 00fff00000000040 ffff888104c1b780 dead000000000122 0000000000000000
[  253.791690][T10915] raw: ffff888027144000 00000000800e000c 00000000f5000000 0000000000000000
[  253.795053][T10915] head: 00fff00000000040 ffff888104c1b780 dead000000000122 0000000000000000
[  253.798430][T10915] head: ffff888027144000 00000000800e000c 00000000f5000000 0000000000000000
[  253.801811][T10915] head: 00fff00000000002 ffffea00009c5101 00000000ffffffff 00000000ffffffff
[  253.805258][T10915] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  253.808710][T10915] page dumped because: kasan: bad access detected
[  253.811244][T10915] page_owner tracks the page as allocated
[  253.813575][T10915] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6055, tgid 6054 (syz.0.56), ts 79064646399, free_ts 78907720164
[  253.820851][T10915]  post_alloc_hook+0x240/0x2a0
[  253.822807][T10915]  get_page_from_freelist+0x21e4/0x22c0
[  253.824991][T10915]  __alloc_frozen_pages_noprof+0x181/0x370
[  253.827312][T10915]  alloc_pages_mpol+0x232/0x4a0
[  253.829246][T10915]  allocate_slab+0x8a/0x370
[  253.831053][T10915]  ___slab_alloc+0xbeb/0x1410
[  253.832984][T10915]  kmem_cache_alloc_noprof+0x283/0x3c0
[  253.835194][T10915]  xfrm_state_alloc+0x24/0x2f0
[  253.837094][T10915]  __find_acq_core+0x8a7/0x1c00
[  253.839022][T10915]  xfrm_find_acq+0x78/0xa0
[  253.840802][T10915]  xfrm_alloc_userspi+0x6b3/0xc90
[  253.842784][T10915]  xfrm_user_rcv_msg+0x7a3/0xab0
[  253.844758][T10915]  netlink_rcv_skb+0x208/0x470
[  253.846867][T10915]  xfrm_netlink_rcv+0x79/0x90
[  253.848794][T10915]  netlink_unicast+0x82f/0x9e0
[  253.850737][T10915]  netlink_sendmsg+0x805/0xb30
[  253.852688][T10915] page last free pid 6043 tgid 6043 stack trace:
[  253.855228][T10915]  __free_frozen_pages+0xbc4/0xd30
[  253.857306][T10915]  __put_partials+0x156/0x1a0
[  253.859116][T10915]  put_cpu_partial+0x17c/0x250
[  253.861038][T10915]  __slab_free+0x2d5/0x3c0
[  253.862852][T10915]  qlist_free_all+0x97/0x140
[  253.864778][T10915]  kasan_quarantine_reduce+0x148/0x160
[  253.867006][T10915]  __kasan_slab_alloc+0x22/0x80
[  253.868978][T10915]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  253.871332][T10915]  proc_reg_open+0x1f4/0x540
[  253.873241][T10915]  do_dentry_open+0x953/0x13f0
[  253.875150][T10915]  vfs_open+0x3b/0x340
[  253.876834][T10915]  path_openat+0x2ee5/0x3830
[  253.878779][T10915]  do_filp_open+0x1fa/0x410
[  253.880601][T10915]  do_sys_openat2+0x121/0x1c0
[  253.882520][T10915]  __x64_sys_openat+0x138/0x170
[  253.884558][T10915]  do_syscall_64+0xfa/0x3b0
[  253.886388][T10915] 
[  253.887347][T10915] Memory state around the buggy address:
[  253.889539][T10915]  ffff888027143f80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[  253.892619][T10915]  ffff888027144000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  253.895756][T10915] >ffff888027144080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  253.898803][T10915]                                            ^
[  253.901273][T10915]  ffff888027144100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  253.904371][T10915]  ffff888027144180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  253.907527][T10915] ==================================================================
[  253.911035][T10915] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  253.913868][T10915] CPU: 1 UID: 0 PID: 10915 Comm: syz.0.1979 Not tainted syzkaller #0 PREEMPT(full) 
[  253.917458][T10915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.921341][T10915] Call Trace:
[  253.922643][T10915]  <TASK>
[  253.923826][T10915]  dump_stack_lvl+0x99/0x250
[  253.925669][T10915]  ? __asan_memcpy+0x40/0x70
[  253.927501][T10915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.929572][T10915]  ? __pfx__printk+0x10/0x10
[  253.931436][T10915]  vpanic+0x281/0x750
[  253.932992][T10915]  ? __pfx_vpanic+0x10/0x10
[  253.934738][T10915]  ? irqentry_exit+0x74/0x90
[  253.936571][T10915]  panic+0xb9/0xc0
[  253.938076][T10915]  ? __pfx_panic+0x10/0x10
[  253.939829][T10915]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  253.942107][T10915]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  253.944481][T10915]  ? xfrm_alloc_spi+0x570/0xf30
[  253.946422][T10915]  check_panic_on_warn+0x89/0xb0
[  253.948416][T10915]  ? xfrm_alloc_spi+0x570/0xf30
[  253.950418][T10915]  end_report+0x78/0x160
[  253.952102][T10915]  kasan_report+0x129/0x150
[  253.953950][T10915]  ? xfrm_alloc_spi+0x570/0xf30
[  253.955899][T10915]  xfrm_alloc_spi+0x570/0xf30
[  253.957799][T10915]  ? xfrm_alloc_spi+0x2a0/0xf30
[  253.959767][T10915]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  253.961808][T10915]  ? xfrm_find_acq+0x87/0xa0
[  253.963665][T10915]  xfrm_alloc_userspi+0x70b/0xc90
[  253.965659][T10915]  ? apparmor_capable+0x137/0x1b0
[  253.967626][T10915]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  253.969863][T10915]  ? __nla_parse+0x40/0x60
[  253.971665][T10915]  xfrm_user_rcv_msg+0x7a3/0xab0
[  253.973618][T10915]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  253.975829][T10915]  ? __pfx___mutex_trylock_common+0x10/0x10
[  253.978206][T10915]  ? rcu_is_watching+0x15/0xb0
[  253.980104][T10915]  ? trace_contention_end+0x39/0x120
[  253.982277][T10915]  ? __mutex_lock+0x335/0x1350
[  253.984203][T10915]  netlink_rcv_skb+0x208/0x470
[  253.986120][T10915]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  253.988321][T10915]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  253.990459][T10915]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.992621][T10915]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.994737][T10915]  xfrm_netlink_rcv+0x79/0x90
[  253.996697][T10915]  netlink_unicast+0x82f/0x9e0
[  253.998687][T10915]  ? __pfx_netlink_unicast+0x10/0x10
[  254.000860][T10915]  ? netlink_sendmsg+0x642/0xb30
[  254.002827][T10915]  ? skb_put+0x11b/0x210
[  254.004522][T10915]  netlink_sendmsg+0x805/0xb30
[  254.006449][T10915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.008594][T10915]  ? aa_sock_msg_perm+0xf1/0x1d0
[  254.010562][T10915]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  254.012643][T10915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.014753][T10915]  __sock_sendmsg+0x21c/0x270
[  254.016631][T10915]  ____sys_sendmsg+0x505/0x830
[  254.018542][T10915]  ? __pfx_____sys_sendmsg+0x10/0x10
[  254.020611][T10915]  ? import_iovec+0x74/0xa0
[  254.022431][T10915]  ___sys_sendmsg+0x21f/0x2a0
[  254.024299][T10915]  ? __pfx____sys_sendmsg+0x10/0x10
[  254.026399][T10915]  ? __fget_files+0x2a/0x420
[  254.028298][T10915]  ? __fget_files+0x3a0/0x420
[  254.030192][T10915]  __x64_sys_sendmsg+0x19b/0x260
[  254.032146][T10915]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  254.034371][T10915]  ? rcu_is_watching+0x15/0xb0
[  254.036262][T10915]  ? do_syscall_64+0xbe/0x3b0
[  254.038060][T10915]  do_syscall_64+0xfa/0x3b0
[  254.039885][T10915]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.041951][T10915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.044184][T10915]  ? exc_page_fault+0x9f/0xf0
[  254.045761][T10915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.048057][T10915] RIP: 0033:0x7fe9acd8ebe9
[  254.049843][T10915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.057318][T10915] RSP: 002b:00007fe9adbea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  254.060578][T10915] RAX: ffffffffffffffda RBX: 00007fe9acfc5fa0 RCX: 00007fe9acd8ebe9
[  254.063478][T10915] RDX: 0000000000000010 RSI: 0000200000000640 RDI: 0000000000000003
[  254.066421][T10915] RBP: 00007fe9ace11e19 R08: 0000000000000000 R09: 0000000000000000
[  254.069346][T10915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  254.071946][T10915] R13: 00007fe9acfc6038 R14: 00007fe9acfc5fa0 R15: 00007fff8a1b1b48
[  254.074355][T10915]  </TASK>
[  254.075900][T10915] Kernel Offset: disabled
[  254.077223][T10915] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:53:37  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000000f RBX=ffffffff8e139f20 RCX=0000000000000007 RDX=0000000000000000
RSI=0000000000000000 RDI=ffff888027001cc0 RBP=0000000000000007 RSP=ffffc90001776788
R8 =0000000000000000 R9 =ffffffff8172c195 R10=ffffc900017769d8 R11=ffffffff81ac3aa0
R12=0000000000020000 R13=0000000000000000 R14=ffff888027002828 R15=ffff8880270027b0
RIP=ffffffff819d6422 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f41637406c0 ffffffff 00c00000
GS =0000 ffff8880b8618000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000020000004e000 CR3=000000002405c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=9500000023000000 8500000041000000 XMM03=8500000000000000 0000000006000002
XMM04=00007f41636fd100 00007f4162b97460 XMM05=00007f4162b97478 00007f4162b974c0
XMM06=00007f4162b974b8 00007f4162b974b0 XMM07=00007f4162b974a8 00007f4162b974a0
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f4162a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffffffff33be460 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=00000000000014b2 RDI=00000000000014b3 RBP=ffffffff99df26b0 RSP=ffffc90006676990
R8 =ffff888106ed0237 R9 =1ffff11020dda046 R10=dffffc0000000000 R11=ffffffff854f3ab0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99df2420 R15=0000000000000000
RIP=ffffffff854f3b27 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe9adbea6c0 ffffffff 00c00000
GS =0000 ffff8881a3c18000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000640 CR3=000000012135a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0200000000000000 0000000000000120
XMM02=00007fe9acf97498 ffffffff81acef87 XMM03=00007fe9acf974a8 00007fe9acf974a0
XMM04=00007fe9adafd100 00007fe9acf97460 XMM05=00007fe9acf97478 00007fe9acf974c0
XMM06=00007fe9acf974b8 00007fe9acf974b0 XMM07=00007fe9acf974a8 00007fe9acf974a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fe9ace12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
