last executing test programs:

6m39.6210889s ago: executing program 32 (id=236):
io_setup(0x8, &(0x7f0000000600)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x400000}])

5m42.889798782s ago: executing program 33 (id=805):
r0 = syz_usb_connect(0x2, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e388d640697a01006ba8010203010902270201020010000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

5m14.987152125s ago: executing program 34 (id=1091):
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/50, 0xfd9f}], 0x2f)
writev(r1, &(0x7f0000000200)=[{&(0x7f0000000100)="19", 0xffc7}], 0x1)

2m41.78198326s ago: executing program 35 (id=2676):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x10, 0x20, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb"], 0x190)
syz_emit_ethernet(0x129, &(0x7f0000000700)=ANY=[@ANYBLOB="0180c2000003aaaaaaaaaaaa86dd6000000000f33a00fe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0)

2m19.897899483s ago: executing program 6 (id=2830):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan1\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r1, 0x1, 0x70bd26, 0x0, {0x1a}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x80)

2m19.644993723s ago: executing program 6 (id=2833):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))

2m19.302888541s ago: executing program 6 (id=2836):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d40)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "a2a88faa7ec665a571a9ad3d1f9512e3c591df4a4554c6c2e2cc6cb4d9aee4579684743ad4888f1522a47ddaff3d4f9450d288e8559bc4f795aa0d1bc74d926038adb808cba6e90535b2eb8ba3e8ff927207d17a86b10d604e77a459df67e7f0c842d463ca5977b7e2eb55fbb9881d15633717817c735da52a1da7d64bb22e58550d8ee20883e41ec2f119a6a6364d68900c1cce4a3b3225a9ce9e1e00b444e9e7bcd10e1dec202ce7786aa7cf10d4dd6bbcee586d7903a6239ff90b49cd7fddb0c67ddab326cdb2d0fa48a783f691be9ebaa1243b21afd04a372650aa7eb46a2675cc67ae12d3b99c9acb4d9fb7c78081d269b443affd86eededd4867311221"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0xfff, 0xfffffffc}}]}}]}, 0x14c}}, 0x0)

2m18.78849723s ago: executing program 6 (id=2842):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0xa, 0x522, &(0x7f0000000c00)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtlHVC+VUIVQJ0SOHbUicKIodR7FTmrCH7JE7EpU4wYkzByQOSD1xR+IANy7lgFRgBWqQkHDlsZ11/ji2sondjX8/aeQ38zz+3tvRvGd93swLYGLdioj9iLgWEe9GxFzneNLZ4s321nrfJ48eLB88erCcRLP5zj+TrL51LHrOaXmm85n5iPjBWxE/So4F/VNEfXdvY6lSKW93DhUb1a1ifXfv7np1aa28Vt4slRYXFudfv/da6cL6+lL1Nx9fj4jf/+7LH/1x/1s/aTVrtlPX24+L1O76zGGclumI+N5lBBuDqU5/rp3n5HOdxEVKI+JzEfFydv/PxVR2NY86epm+PcLWAQCXodmci+Zc7z4AcNWlWQ4sSQudXMBspGmh0M7hvRA30kqt3rizWtvZXGnnym7GTLq6XinPd3KFN2MmWV2fLi9k5e5+pVxKju7fi4jnI+JnuevZfmG5VlkZ5xcfAJhgzxyb//+Ta8//AMAVl39czI2zHQDA6OTH3QAAYOTM/wAwecz/ADB5zP8AMHnM/wAwecz/ADBRvv/2262tedB5/vXKe7s7G7X37q6U6xuF6s5yYbm2vVVYq9XWsmf2VAd9XqVW21p4NXbeLzbK9Uaxvrt3v1rb2Wzcz57rfb88M5JeAQBnef6lD/+SRMT+G9ezLXqe9z9wrn7xslsHXKZ03A0AxmZq3A0Axubkal/ApJCPh8n1/2azGT1r90bEw8NSz8NA+/4XoQ+GCpNaNxQ+e25/8Qny/8BTTf4fJtf58v++y8NVIP8Pk6vZTKz5DwATRo4fSAbU9/7+P9/s2Rnu938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4kmazLUkLnbXAZyNNC4WIZyPiZswkq+uV8nxEPBcRf87N5Fr7CxFh3SAAeJqlf08663/dnntl9njttdx/c9lrRPz4F+/8/P2lRmN7IeJa8q/D440POsdL42g/ADBId57uzuNdnzx6sNzdRtmej7/TXly0Ffegs7VrpmM6e81nuYYb/046+22t7ytTFxB//2FEfOG0/idZbuRmZ+XT4/FbsZ8dafz0SPw0q2u/tv4tPn8BbYFJ82Fr/HnztPsvjVvZ6+n3fz4boZ5cd/w7ODH+pYfj31Sf8e/WsDFe/cN3TxxszrXrHkZ8aTrioPvhPeNPN37SJ/4rQ8b/64tfeblfXfOXEbfjtP4nR2IVG9WtYn137+56dWmtvFbeLJUWFxbnX7/3WqmY5aiL3Uz1Sf94485z/eK3+n+jT/z8gP5/fcj+/+p/7/7wq2fE/+bXTr/+L5wRvzUnfmPI+Es3fpvvV9eKv9Kn/4Ou/50h43/0t72VEwcHLTgOAFya+u7exlKlUt5+8kL+zPekFxFiiEISsX/JIR4Xcr/+6VuD35wbWXvOWYh+VVOflRZemULuHGflL/Y+HbIw7pEJuGyPb/pxtwQAAAAAAAAAAAAAAOhnFH9ONO4+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHV9GgAA///+udUz")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)

2m18.496393166s ago: executing program 0 (id=2846):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e1301"], 0x16)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

2m18.409913151s ago: executing program 6 (id=2847):
r0 = socket$unix(0x1, 0x5, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x10, 0x0, 0x0)

2m17.616954125s ago: executing program 6 (id=2855):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x120, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f8, 0xffffffff, 0xffffffff, 0x1f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'syzkaller0\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x120, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x7, 0x4, 0x9}}, @inet=@rpfilter={{0x28}, {0x9}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x328)

2m17.180814535s ago: executing program 36 (id=2855):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x120, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f8, 0xffffffff, 0xffffffff, 0x1f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'syzkaller0\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x120, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x7, 0x4, 0x9}}, @inet=@rpfilter={{0x28}, {0x9}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x328)

2m17.171224054s ago: executing program 0 (id=2858):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x2, 0x2, 0xff, 0x6, 0xfc, 0x53}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))

2m17.00419827s ago: executing program 0 (id=2863):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000005, 0x38011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2m16.327684444s ago: executing program 0 (id=2871):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)

2m15.926776304s ago: executing program 0 (id=2875):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000000000000000005000600010000000800090001000000050002"], 0x44}}, 0x0)

2m14.16107584s ago: executing program 0 (id=2890):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file1\x00', 0x8, &(0x7f0000002500)=ANY=[], 0x1, 0x1d1, &(0x7f0000000480)="$eJzslc+q00AUxr9JatKKT+DGhQW7MU1SFTeFunHlQlAsLgSLTUs1tdJmYQsiPoF7dy58DKFufQipgiiIbtT1yPxJMpZUaW97s7jnB/fkS2bumTNn6DcgCOLE8unj7xX/1f5SBXAGdbj6+1c7n2MZ8z9Ufzx7d+N69+W9N+/dlVf7O5u79foVAMtrNhL9zjnn5nhdP2/DSvUpc7wLBk/r+7BwR+sIDHe1fmjoiZjveYNRHHkPJnFfCF+EQIRQhNZ6fd9fMPSN+pgxPpsvHvXiOJoeUBR3bvktq68KtI36zPPyoKr18/4hgIVA6xYYbml9FW7aG9USY/9nK3l++5/7d3DEbX8GkH8ZHLKzjlhqp38H2LGc/YGFDSnSEy29nr0LVPaWkLvA/+aIX0kJO33bUeeXlfpcvW+Xp7NhyNkyj+585p/8NcMFw5+UlbySl0UzGT9pzuaLi6NxbxgNo8dh2LriX/L9y2FTGpGKRQZoq/w16U+n8/y1Yr8EHObgaS9JpoGK2XuoYpHjWtL/LDTOq3tHuKmzlvcngHRRpv8s+RSqYW+qhyAIokzOgUlPlr6cCn2bZAOchzdLrpMgCIIgCIIgCIIgiN35EwAA//+cOlzo")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x1d00, 0x89)
io_setup(0x2e, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000880)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xf, r0, 0x0, 0x0, 0x4000000}])

2m13.415019946s ago: executing program 37 (id=2890):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file1\x00', 0x8, &(0x7f0000002500)=ANY=[], 0x1, 0x1d1, &(0x7f0000000480)="$eJzslc+q00AUxr9JatKKT+DGhQW7MU1SFTeFunHlQlAsLgSLTUs1tdJmYQsiPoF7dy58DKFufQipgiiIbtT1yPxJMpZUaW97s7jnB/fkS2bumTNn6DcgCOLE8unj7xX/1f5SBXAGdbj6+1c7n2MZ8z9Ufzx7d+N69+W9N+/dlVf7O5u79foVAMtrNhL9zjnn5nhdP2/DSvUpc7wLBk/r+7BwR+sIDHe1fmjoiZjveYNRHHkPJnFfCF+EQIRQhNZ6fd9fMPSN+pgxPpsvHvXiOJoeUBR3bvktq68KtI36zPPyoKr18/4hgIVA6xYYbml9FW7aG9USY/9nK3l++5/7d3DEbX8GkH8ZHLKzjlhqp38H2LGc/YGFDSnSEy29nr0LVPaWkLvA/+aIX0kJO33bUeeXlfpcvW+Xp7NhyNkyj+585p/8NcMFw5+UlbySl0UzGT9pzuaLi6NxbxgNo8dh2LriX/L9y2FTGpGKRQZoq/w16U+n8/y1Yr8EHObgaS9JpoGK2XuoYpHjWtL/LDTOq3tHuKmzlvcngHRRpv8s+RSqYW+qhyAIokzOgUlPlr6cCn2bZAOchzdLrpMgCIIgCIIgCIIgiN35EwAA//+cOlzo")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x1d00, 0x89)
io_setup(0x2e, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000880)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xf, r0, 0x0, 0x0, 0x4000000}])

56.120358192s ago: executing program 7 (id=3458):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmmsg$alg(r1, &(0x7f0000000680)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}], 0x1, 0x20048000)

55.844065846s ago: executing program 7 (id=3461):
r0 = socket(0x200000000000011, 0x2, 0x3c644)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @multicast}, 0x23)
syz_emit_ethernet(0x86, &(0x7f0000000340)={@empty, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x1, 0x3d, 0x78, 0x66, 0x0, 0xa6, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, {0x4e22, 0x4e21, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "ce6db0c222348b6b5e8f51338fb0ccee4b808b62c7e94e9a9c5d2fc4f7b35457", "a86ef6e9d8b5d827ff08b768ecb96c6a", {"b0a8daf7491f3dfc006caa605d25f41b", "d4d6291434bef8ef3ae97cf62998174d"}}}}}}}, 0x0)

55.101287587s ago: executing program 7 (id=3464):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c)
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @empty, 0x2}, 0x1c)

54.848603417s ago: executing program 7 (id=3468):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000580), 0x5, 0x4f3, &(0x7f00000005c0)="$eJzs3d1rW+cZAPBHku3YibN8bIwkgyWQQfZBLH8wYm+DsattF4GxwG42yDxb8TLLkbHkLDa5cLa7XOxibLRQetH7/gW9aa4aAqXXLb3tVUloUxfakoKKjiTHH5KjtraU+Px+cKJzzqvoeV/Zz+uj97xHJ4DUOlf7JxMxHBHvRMSx+ubWJ5yrP6w/vj1TWzJRrV75KJM8r7bdfGrz/x2JiLWIGIyIP/424m+ZnXHLK6vz08ViYamxna8sLObLK6sXry9MzxXmCjfGJi9NTU2OToxP7Vlb7/7nH3cvv/H7gdc/+/fD+/99681atYYbZZvbsZfqTe+PE5v29UXEr/YjWA/kGu0Z6nVF+EZqP7/vRsT5JP+PRS75aXbmyb7WDNhv1Wq1+mX1ULvitSpwYGWTY+BMdiQi6uvZ7MhI/Rj+e3E4WyyVKz+7Vlq+MVs/Vj4e/dlr14uF0cZnhePRn6ltjyXrT7fHt21PRCTHwP/LDSXbIzOl4mx3uzpgmyPb8v/TXD3/gZTo/CM/cNDIf0gv+Q/pJf8hveQ/pJf8h/SS/5Be8h/SS/5DerXK/6M9qAfQfbv9/R/oYj2ArvrD5cu1pdq8/n325sryfOnmxdlCeX5kYXlmZKa0tDgyVyrNJdfsLDzr9Yql0uLYz2P5Vr5SKFfy5ZXVqwul5RuVq8l1/VcL/V1pFdCJE2fvvZeJiLVfDCVLbPqTL1fhYKtWM9Hra5CB3sj1ugMCesapP0ivr/EZv+2XhAEvthZf0bth8Ejbol/H4r5UB+iC7G6FTx50ryJA11047fwfpJXxf0gv4/+QXo7xgd3G/6NxL7+WjP/DC2vX8X/gQBtuc/+vo5vu3TUaEd+JiHdz/Yea9/oCDoLsh5nG8f+FYz8a3l46kPk8OUUwEBH/fOXKS7emK5Wlsdr+jzf2V15u7B/vRf2B9raO8DXztJnHAEB6rT++PdNcuhn30W/qkxB2xu9rjE0OJkcwh9czW+YqZPZo7sLanYg41Sp+pnG/8/qZj8PruR3xTzYeM/WXSOrbl9w3vTvxT2+K/8NN8c9863cF0uFerf8ZbZV/2SSnYyP/tvY/w3s0d6LZ/zXnXG+O3+z/cm36v7Mdxvj7q/9qdXo3mez96E7EmZb9bzPeYBJre/xa3S50GP/hX/70/XZl1dfqr9MqflNtLV9ZWMyXV1YvXm/WYvLS1NTk6MT4VD4Zo843R6p3+uWpt++3i19rf0Ob9r+/o/1DjTr9pMP2f/GDB38+t0v8H59v/ft3Mnnc9v5Xqxt1+GmH8T8Z/+Cv7cpq8WfbvP/ZVvGjWRox0WH88v9/59phAHiOlFdW56eLxcKSFStWnu+Vvuhi0Gf1HGvd6aCAffM06XtdEwAAAAAAAAAAAKBT7Wb/3tvD6cS9biMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEHwVQAAAP//QUvQlg==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
linkat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file1\x00', 0xffffffffffffff9c, 0x0, 0x400)

53.610219477s ago: executing program 7 (id=3473):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x14022, 0x0, 0x0, 0x0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
setuid(0xee01)
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000002b80)='system.posix_acl_access\x00', 0x0, 0x0, 0x3)

52.92205436s ago: executing program 1 (id=3479):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9eebf9", 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e23, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x1, 0x0, 0xffd}}}}}}}, 0x0)

52.569046886s ago: executing program 1 (id=3482):
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x20002018})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000140)={0x77540947ad9a168d})

52.198369513s ago: executing program 1 (id=3487):
r0 = syz_open_dev$media(&(0x7f0000000080), 0x7, 0x0)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

51.98119377s ago: executing program 1 (id=3490):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
umount2(&(0x7f0000000380)='./file0\x00', 0x4)

51.762517347s ago: executing program 1 (id=3493):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_AIE_ON(r0, 0x7001)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x1, 0x0, {0xf, 0x35, 0x17, 0x8, 0x9, 0xfb, 0x2, 0x11, 0xffffffffffffffff}})

51.705666712s ago: executing program 7 (id=3494):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x2})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000280)={0x2, 0xfffffffa})
close(0x3)

51.139590618s ago: executing program 38 (id=3494):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x2})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000280)={0x2, 0xfffffffa})
close(0x3)

50.785098585s ago: executing program 1 (id=3503):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f00000000c0)={0x7d}, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x9}], 0x1c)
sendmmsg$inet6(r0, &(0x7f00000026c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811)

50.21048358s ago: executing program 39 (id=3503):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f00000000c0)={0x7d}, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x9}], 0x1c)
sendmmsg$inet6(r0, &(0x7f00000026c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811)

7.494373673s ago: executing program 9 (id=3800):
r0 = socket(0x11, 0x3, 0x0)
setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0xea, 0x4)
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)

6.356016812s ago: executing program 4 (id=3808):
socket$inet_mptcp(0x2, 0x1, 0x106)
mkdirat(0xffffffffffffffff, &(0x7f0000000280)='.\x02\x00', 0x102)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b"], 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x15}, {0x5, [{0xc9, 0x8}, {0xc9, 0x1}, {0xc8, 0x8}, {0xc8, 0x3}, {0xc8, 0xf}]}}}, 0x18)

6.043561138s ago: executing program 8 (id=3809):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r0, 0x1000)
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000080)=""/70, 0x46}], 0x1)

5.520331217s ago: executing program 9 (id=3813):
write(0xffffffffffffffff, &(0x7f0000000140)="fc00000018000703ab092500090007000a070000000000060000369321000700ff2500000005d00000000000000398996c92773411419da79bb94b46fe00006cf0abbb0000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab00f605f70c9ddefefe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f556", 0x97)
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x48d, 0x8595, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe0, 0x0, "", [{{0x9, 0x4, 0x0, 0x0, 0xfd, 0x3, 0x0, 0x4, 0x0, {0x9, 0x21, 0x20, 0x4, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x7, 0x8, 0xc3}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0})

4.406250667s ago: executing program 4 (id=3818):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x5}, 0x80, 0x0}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e21, 0x1641, @private2, 0xfffffff9}}, 0xfff, 0x9}, &(0x7f0000000200)=0x90)

3.947412531s ago: executing program 4 (id=3820):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000002c0)="69fc", 0x2}, {&(0x7f00000011c0)="ab", 0x1}], 0x2)

3.634112507s ago: executing program 4 (id=3823):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
syz_clone(0x6100200, 0x0, 0x0, 0x0, 0x0, 0x0)

3.067332786s ago: executing program 9 (id=3826):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, r1, 0x1, 0xffffbffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x10001}]}, 0x48}}, 0x20000000)

3.065703264s ago: executing program 4 (id=3827):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000540), 0x1, 0x78d, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCzbdhsQ80mW7Kb0oQcWkTwIqh4EPTSsy/15tWXq/4XHqSlalqseJDIbGbbbbObbtrsbjCfD0z2eWZm8zzffWaeeWZn2AlgzxpL/+QiDkXEh0nESDY/iYiBWqo/4sTGerfXVgvplMT6+pu/J7V1bq2tFqLhPakDWebJiPjhvYjDuc3lVpZX5qZLpeJilp+ozp+fqCyvHDk3Pz1bnC0uHJucmjp6/IXjx3Yu1j9/Xjl4/aPXnv36xN/vPnH1gx+TOBEHs2WNceyUsRjLPpOB9CO8x6s7XViPJb2uAA8l3TX7NvbyOBQj0VdLtTDUzZoBAJ2yDgDsQYkxAADsMfXvAW6trRbqU2+/keiuG69ExP6N+OvXNzeW9GfX7PbXroMO30ruuTKSRMToDpQ/FhGff/v2l+kUWTu4lgZ0w6XLEXFmdGxz/59sumdhu57bauH6YO1l7L7Ze+34A730XTr+ebHZ+C93Z/wTTcY/g0323Yfx4P0/dy1L9O1AcZuk47+XG+5tu90Qf2a0L8v9rzbmG0jOnisV077t/xExHgODaX6ytmrzkdv4zX9utiq/cfz3x8fvfJGWn77eXSN3rX/w3vfMTFenHzXuuhuXI57qbxZ/cqf9kxbj31NtlvH6S+9/1mpZGn8ab33aHH9nrV+JeKZp+99ty2TL+xMnapvDRH2jaOKbXz4dblV+Y/unU1p+/VygG9L2H946/tGk8X7NyvbL+OnKyPetlj04/ubb/77krVp6Xzbv4nS1ujgZsS95Y/P8o3ffW8/X10/jH3+6+f6/UWzz7T89JzzTZvz913/76uHj76w0/plttf/2E1dvz7Xsu9tr/6laajyb007/124FH+WzAwAAAAAAAAAAAAAAAAAAAAAAAIB25SLiYCS5/J10LpfPbzzD+/EYzpXKlerhs+WlhZmoPSt7NAZy9Z+6HGn4PdTJ7Pfw6/mj9+Wfj4jHIuKTwaFaPl8ol2Z6HTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZA60eP5/6tfBXtcOAOiY/b2uAADQdY7/ALD3bO/4P9SxegAA3eP8HwD2nraP/2c6Ww8AoHu2e/7f16F6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8J916uTJdFr/a221kOZnLiwvzZUvHJkpVuby80uFfKG8eD4/Wy7Plor5Qnm+5T+6tPFSKpfPT8XC0sWJarFSnagsr5yeLy8tVE+fm5+eLZ4uDnQtMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoX2V5ZW66VCouSmyZGNod1dg1if7YFdWQ6FiisZcY6l0HBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDL/RsAAP//gWUuJA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x80)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x7a680000)

3.009681545s ago: executing program 2 (id=3828):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000c80)='./file0\x00', 0x810400, &(0x7f0000000200)=ANY=[@ANYBLOB='lastblock=00000000000000000226,mode=00000000000000000000000,session=00000000000000000000,noadinicb,nostrict,uid=', @ANYRESDEC=0x0, @ANYRESDEC=0x0], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2, 0x11, r0, 0x0)
read(r0, &(0x7f0000001400)=""/4096, 0x1000)

2.805826581s ago: executing program 8 (id=3830):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0)
close(r0)
socket$kcm(0xa, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8b32, &(0x7f0000000080)={'virt_wifi0\x00', @random='\a\x00'})

2.735518637s ago: executing program 3 (id=3831):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000440)={0x24, 0x14, 0x105, 0x70bc26, 0x25dfdb6b, {0x11}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "3916f8d66cffe8ef8d"}]}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x54840)

2.442864507s ago: executing program 5 (id=3832):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000002c0)='veth0_to_hsr\x00', 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3, 0x80, 0xc2, 0x0, 0x0, 0x2}, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @empty}, "00186371ae9b1c03"}}}}}, 0x0)

2.418033952s ago: executing program 8 (id=3833):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000a500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000030000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000b500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
cachestat(r1, &(0x7f0000000140)={0xfffffffffffffffe, 0x7}, 0xfffffffffffffffd, 0x0)

2.325016376s ago: executing program 3 (id=3834):
write$tun(0xffffffffffffffff, &(0x7f0000000040)={@val={0xa, 0x201}, @void, @eth={@multicast, @broadcast, @val={@val={0x88a8, 0x2, 0x0, 0x1}, {0x8100, 0x1, 0x1}}, {@generic={0x6558}}}}, 0x1a)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b2c, &(0x7f0000000040))

2.189228169s ago: executing program 5 (id=3835):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x20, r0, 0x8de13c6b70ae92c3, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.125197254s ago: executing program 8 (id=3836):
r0 = add_key$keyring(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee01, 0xee01)
keyctl$setperm(0x5, r0, 0x34201127)
keyctl$read(0xb, r0, 0x0, 0x0)

2.102997604s ago: executing program 3 (id=3837):
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="00b35d3268245c4c2a9411ebab7d8c2c03b166e682521b4e1b19c5c04e7fd8ce33ffc5858dcbeb77dce0b6af502f64b815d42444ede74d8b78ffb029f286f43ace470d1688cdd29d4c5db5b65f65b7107d18c57570668630d18107b94e74dedc5d53c4a4c020b7be57cbd82363fe71c71351906ad5c01ffb206257cf81c62472d7c6730dcc5d7a31dbd0dfeac300"/157], 0x1, 0x13a, &(0x7f0000000200)="$eJzs2r9Kw0AcB/DfIAgdHZ0ClSho/mtddRQ33yC0uTR4Z0oiSPsC4iQonIMvIfgEPkJGN10EfYnI2au2qWgnD+H7Wfqlv+RyuYPL8nOKXASsdIi2BldHLytFLqxOtNtlAYtp7ICILBWqur5xac7TZ72qyf3mArPW3sa/7Y1UHl6wjCeh6SkBAAAAAAAAAAAAAAAAAAAAAMCC7JYOrb4U5yzjSTBVLYej45jzpCgNTc8429I9XMQkv1XrE83UN1+J7D2VMrlfqLo/e/+1Dut9yZ+b6+udioFXDkdOJuI0SZOTMIw6/rbv74Tex1hec0T7Ts+Jqvren28ns6f6zR4X6TfT+7+0msnLs+bTvvYfAQEBYRJ+PVf+i8n3r7cctR/U+ed2c97Tf/7Fchp8dwD4wXsAAAD//7SlOms=")
r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x112)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

2.022214038s ago: executing program 2 (id=3838):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x1, &(0x7f0000000380)=@raw=[@call={0x85, 0x0, 0x0, 0x6d}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r1, @ANYBLOB="800202000a000200577f0000aabb000020000e80050001008f000000050001000100000004000200050001"], 0x48}}, 0x0)

1.949251367s ago: executing program 9 (id=3839):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x8001, 0x4)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0xa, @empty, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0xb, @loopback, 0x1}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000140)='2', 0x1}], 0x1}}], 0x1, 0x8000)

1.810067047s ago: executing program 8 (id=3840):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000006140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f666c7573685f6d657267652c66617374626f6f742c746573745f64756d6d795f656e6372797074696f6e2c696e6c696e655f78617474725f73697a653d3078303030303030303030303030303030632c00e863cd59e1f6a329db71886ce3bac8c29075314f1d7afec0cd24ffcf74aa2b1c809f629d1ba3849699bffbda66cb78b431a5ddcd3c1086269413aa903a605e639fefe8d3b54bb838f236b49a869657fb097235d5fc303322a330a2890bcca6ca"], 0x1, 0x105ab, &(0x7f000003f380)="$eJzs3E1rY9UfB/Bfpv95/I9jkXnQlRdEaMCEpu0UBZGqM+iAHYoPC1eaJrchM0luadIHZ60rfQluBRF3vgY3vo3BheBKcCGMKLn3VqY6C7WZZpx+PnD7Pffk3F/OCdmc3HIDOLZmk59/qsSFOBsRMxFxPiJvV8ojt1LE0xHxbEScuO+olP1/dJyKiHMRcWFcvKhZKV9a/vXuvS+eufHyp1/drTZ++PLz6a0amLbnI6K/WbR3+0VmnSJvlf3NnW6e/aWdMosX+rfL86zI3XQ9r7Db3B/XzHOxU4zPNreH49zoNVvj7HQ38v7NQfGGw53Ofp38glvNrfy8na7n2R1meXbuFPPaK/POcFTUaZf1PsrLx2i0n0V/upcW69m8nWdrMCr7i7pZO90b506Z5dtFK+u183ms/+uP+ZH3VnewvZfspFvDbjZIrtYbL9Yby7XGVtZOR+lSrdlvLy8lc53eeFhtlDb7K50s6/TSeivrV5O5TqtVazSSuWvperc5SBqN+mJ9vna1WrZeSN64+V7Saydz43ytO9gedXvDZCPbSoorqslCffGlavJcI3lndS1Ze/v69dW1dz+49v7NV1dvvF4O+su0krmF+YWFWmO+ttCoWv9h/FI53PUcc74/AP+Y/T8wDfb/9v9h/3vs12/7xqH4AgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHFvfn/zmzbwxW5z/v+x/oux6KiKuRMTliLgUEb89wEycOlDzYkRUyvaDxp/80xy+rUReYXzN6fI4FxEr5XHvyYf9KQAAAMDj6+vvPv4kYmbczP+8Mu0JcZTKH23OTKpe/pPP/yZV7WJebG9C1S7tl5yIyxFxcvbHCVW7EhEnzn84oWp/y8yBOHNfVIo4cZSzAQAAjsbBncDEdm8AAAA8cj6b9gSYjvx+bfm/+OW94NNFlDcEzx44AwAAAP6DKtOeAAAAAPDQ5ft/z/8DAACAx1vx/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPidnbvJURsGwwD8AU2hfyqq+LkKq6pLFhyiR+iyB2hv0x1nqIQ4B931CCMYkXjQBNjFCWjmeaSM7Wh49QWJhW0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KZ/xXr5Z/vrd9Oc/aGZPE8DAAAAXLMr1suyM67GH9L9T+nWl4iYR8QsIqYRcW3uPoi3tcxJRPRS/9r/F2c1/I0oE46vGabrfUR8S9fD57bfBQAAAHi5tpvFKmJw7JZ/vp56vAJp0WaUK69c8nmTK21Shv3MlDZ9isxiFhHF+H+mtHlE9D9+T6NOPn+DWjN61vSqpt9FFQAAQLfqM4FsszcAAADuzo9bF8BtlPu16bv4aS94WDVpQ/BdbQQAAADcr/Nf25/0uq0DAAAAuIFy/n9x/l9aFWjt/L/hZSHO/wMAAID2VOf/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KZdsV5uN4tV05z9oZk8TwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/szzsKhEAYhMHe9X2nwfsfSxo0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3vzuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fVrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725+4EQiAIwmDf+Z/TYv5hSYPGIEIVLHzMMA8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB80e9++T8xNc4kc6eNpeORZO2qsXXV2HvQOHow3v4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCxAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWF/bm3TRgI4zj82kmUuE1GSG/xMQMNFYIR+JCQLHkGBmAhGipai0VgBRBw0NKZgudp/j+drrgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID3dHp64yMiss9H5pEPV3+Hy8FX5OumGXxfM9sc9/XPLSfb3Sjlb4z/i4goImvhNwAA7Svvm2KxrOadtN20vbT9tOW0rmavfDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGd27pi1iTcMAPibtMn/X50crSCCgy42NrEaIYtDobsg6BbaWIqpSpqhLV36CUQnV7+C3fQr+AUEBy04OHRQcBFEueTSvsEgKcJdaH8/eO6eXODufTMcPPe8FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOJaD3XB2kBdCCLPTR3ni/ded5VH7t88+zA7iy503F+NzJqcohRAerrVb1zOcy6Tb2Np+1Gy3Wx2JRHL6kuQmMPKrvO9MAACcNKU0krr+U2lvKTlWaITw69Vw/X8lysNf6v/PL89fGMTPzXfd+Fpx/T+f2QwnX6W7/rSysbV9bW29udpabT2u1aoLNxdu3L5VrfSelVQ8MQEAAODflNOI6/9i48/+/5koD2PW//cWH9yPrzWl/h/pqOmX90gAAABOt3OXvn8rjDheKJfDZrPb7cz3t4efq/1tDkM9tv/SiOv/qUbeowIAAACycLBbGOr/r0R5GLP/P/d6Zz8+51QIYSbt/88tP2mvZDediZbFm8Z5zxEAAIB8zaQR9/9LvfX/xcMlD8UQwtXL/Tz9G8Cx6v+PL+4OvbQer/+vZTfFiVSs93+P3r4ewnQ97xEBAABwkv2fRlLs75f2ljo/ni+Wrf8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dc79o/SQBDFAXj/ZLUSA1Zq5QVEO6uAhSA2HkIUBE8ggngAsbX0DpbeIbWCjYVlCm8gbzZjIE263Ui+D5L3CEPm7WyzvwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWmhzP+jq+hm1fTX97/7m7iPoxV8P38/ZufKIvuxz6HyqP+p4AAACAVVDnfF8UxVfzehq1GqX83+Q1kflfNto+5/n53J/r29PnTs7/9+d7t38bDdt94k+vrm8uDzq7wuW3uXDFIJ18evdSpxtSnT1sTZp0nuXjeHyyltr1diUAsHz2c502+Xko6mGfgwGwMgbFLDPm/F+P+p0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAu/AQAA//8mX148")
statx(0xffffffffffffff9c, 0x0, 0x1000, 0xffff4a9c0080ffff, &(0x7f0000001180))

1.776999803s ago: executing program 5 (id=3841):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, 0x0)

1.770751953s ago: executing program 3 (id=3842):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1}]}, 0x10)
bind$inet6(r0, &(0x7f0000001240)={0xa, 0x4e20, 0x6, @ipv4={'\x00', '\xff\xff', @loopback}, 0xffff}, 0x1c)

1.623337089s ago: executing program 2 (id=3843):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xc}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0xfff2, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x0, 0x9}}, @TCA_FLOWER_KEY_CT_ZONE_MASK={0x6, 0x5e, 0x401}, @TCA_FLOWER_KEY_CT_ZONE={0x6}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20045010}, 0x0)

1.448486264s ago: executing program 4 (id=3844):
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000040))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@window={0x3, 0x7, 0x6}, @timestamp, @window={0x3, 0x10, 0x1}, @mss={0x2, 0xfffffffb}], 0x4)

1.325979888s ago: executing program 3 (id=3845):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000080)='|')
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080))

1.297367431s ago: executing program 5 (id=3846):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880088a84803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x6558, r1}, 0x14)

1.257211989s ago: executing program 2 (id=3847):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000880)={@in6={{0xa, 0x4e24, 0xf37, @loopback, 0x8000}}, 0x0, 0x0, 0x1e, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e24740bd4c0b42a21d7214bff16d2ccd00"}, 0xd8)
sendto$inet6(r0, &(0x7f0000000080)="00c76e161c59bc4527d8da65d066e0503e025bf72c8199b8c2093e2865cf20e2c97c22ac77c1841c804db96cb1541e1123e644fe03dff0c2f2382b6cc8b3c23783f5a3433e70b5c9b31dda8ac4fc17c91c451bbb7eaa9940c0898091da4d95d9c1c1b15d53d2dee4a949db944057f1a109638343db6ce9ff9810b64277d3d8d4ec23556e9f656a1c4f3c8bb7d21bae75ce466aae1dabc797eeb97e93facd44aef5b4b6dab0c86888442cb4a5d291924b5861ede2384dcfc8bde337a44e", 0xfffffffffffffc9d, 0x200080d5, &(0x7f00000001c0)={0xa, 0x42, 0x400040, @empty, 0x200000}, 0x1c)

898.815643ms ago: executing program 3 (id=3848):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20700, 0x2000000, {0x0, 0x0, 0x0, 0x0, 0x8203}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)

825.821849ms ago: executing program 5 (id=3849):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x3, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000002000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000025000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000090000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x61800, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2, r1, 0x6000}, 0xc)

734.797135ms ago: executing program 2 (id=3850):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)

518.870796ms ago: executing program 9 (id=3851):
socket(0x1e, 0x805, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r1, 0x1, 0x70bd2b, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

206.973344ms ago: executing program 5 (id=3852):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000140)='./bus\x00', 0x2000014, &(0x7f0000000480)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESOCT=0x0, @ANYRESDEC, @ANYRESDEC, @ANYRESDEC, @ANYBLOB="0ea1a3ed758749a35b0cf19e7301710a8a7c5e7fe9b7c49589266bd5045f15f1817fcc4ea04eeac3f0df37b8beaeafc22a5a08a1a70024", @ANYBLOB="97b61e88553572fd2efdef5bcdc603f5cf17a49bf1d8457078ace3df30c7c941b1103b86953f4b1b43816a58622af5d511ff04c37a8893dc5ea494888e218c88326783f69ee710da511f74fe812d33a93825fb7eb8eca7196d483f5689286f28bf447eca9c6676aad40948ce1a2154e82ce6ecb85f76965d75d05e46"], 0xfe, 0x2ce, &(0x7f00000008c0)="$eJzs3UFrE1sUwPHTpq9JU9rkwePBe6AedKOb0MYPoEFaEANKbURdCFM70ZAxKTOhEhGTjbj1cxSX7gT1C3Qjbty7K4LgpgtxpDOTdtImTdqmSWr/Pyhz7px7uLdNWk4GZrpx9/WTYt5J5Y2KjMZURkXqsimS3IoCI8Fx1IvHJawulyZ/fDlz+979G5lsdm5BdT6zeDmtqtPn3j99/ub8x8rknbfT76Kynnyw8T39dX18/b+NX4uPC44WHC2VK2roUrlcMZYsU5cLTjGlessyDcfUQskx7aZ83iqvrFTVKC1PxVds03HUKFW1aFa1UtaKXVXjkVEoaSqV0qm4nG5jXczJrS0sGJm2aTfS0x3h2E20OmnbmXrrZG6tD3sCAABDZv/+3+/12/X/O93hQfr/fzv3/yLh/j8WLEL/3wP1plGH/h8nU615aNsZIx78/jaj/wcAAAAAAAAAAAAAAAAAAAAA4CTYdN2E67qJrWNwyhtHRSTm3wLujQe8TRyT8Ovvhr62X/9gvKvsyoC2ix4L3bgXE7FereZWc/7Rz2fyUhBLTJmRhPz03g8BP56/np2bUU9SPli1oL62motItFHfkGxVf/bvWb9em+v/knh4/bQk5J/W66db1o/LxQuh+pQk5NNDKYsly977eqf+xazqtZvZXfUT3jwAAAAAAP4EKd225/O7l/cmxGRv3q8PXR9wXbe23/WBXZ+vx+T/bh5RCQAAAAAAjsypPisalmXahwiiItJ5sjtyhCUOFriuSL/Wah9EZJCrtwuuisgQbKNfQUxE/DN6mPJv2+VdVbldzBkL/gPHcPx8OgeD/ssEAAAAoNd2mv4DFH1+eYw7AgAAAAAAAAAAAAAAAAAAAAAAAAAAAADg9On2eWCN+XtSjcQ+5aHlIn3/BgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAh8jsAAP//QNEWCQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x60843, 0x15)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0xfc2, 0xfffffffffffffff7, 0x4000000000006976})

89.494267ms ago: executing program 8 (id=3853):
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800082, &(0x7f0000000680)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303030333737372c616c6c6f775f7574696d653d30303030303030332c000000000083ec4c0d6e84de0249d09f31ef580c3d00000000"], 0x1, 0x191, &(0x7f00000002c0)="$eJzs3c+qElEcB/Cff5qkletoMdCmlVRPYIWCNBAULmpVYG00gtxMrXyL3qBX6XXClTsv3hHlyly4F64O1/l8Nn7xq5xzZjFnNWc+P/k+nfyYf/v77090Oo1o96Mfq0Z0oxmtKCwCADgnq/U6/q8LN/j56xNMCQA4slvu/wDAGbD/A0D92P8BoH4+fPz09lWWDd6naSdiucjH+bj4LPrhKBs8Ty919/9a5vm4tetfFH16tX8Qj7b9y9I+iWdPi37TvXmXHfQPY1I24X7jzq8BAAAAAAAAAAAAAAAAAAAAAACcWi/dKT3fp9dLrumLNBwl2+8Oz/dpx+N2yYDJUZYBAAAAAAAAAAAAAAAAAAAA99r81+/pl9ns609BEIRdqPrOBAAAAAAAAAAAAAAAAAAA9bN/6LfqmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAdfbv/z9e2IzTrHqhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU2kUAAAD//1z+TP8=")
r0 = fsopen(&(0x7f0000000180)='ubifs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

48.765581ms ago: executing program 9 (id=3854):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x7, 0x201, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0xc004}, 0x80c0)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001080)={0x20, 0x0, 0x7, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000019}, 0x8080)
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000030701"], 0x14}, 0x1, 0x0, 0x0, 0x840}, 0x80)

0s ago: executing program 2 (id=3855):
r0 = syz_usb_connect$printer(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c40000000000109022472510000000009040000120701030009050102000000000009058202"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

kernel console output (not intermixed with test programs):

390.407493][T13744] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  390.517076][T13843] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  390.536775][T13843] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  390.548084][T13843] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  390.562592][T13843] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  390.583948][T13843] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  390.596324][T13843] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  390.612017][T13843] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  390.625435][T13843] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  390.729612][T13744] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.772983][T13744] 8021q: adding VLAN 0 to HW filter on device team0
[  390.807531][   T84] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.814685][   T84] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.832676][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.839845][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.900013][T13843] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.950370][T13843] 8021q: adding VLAN 0 to HW filter on device team0
[  390.984553][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.991759][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  391.027526][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.034705][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  391.762463][T13744] 8021q: adding VLAN 0 to HW filter on device batadv0
[  391.879136][T13744] veth0_vlan: entered promiscuous mode
[  391.902367][T13744] veth1_vlan: entered promiscuous mode
[  391.976744][T13744] veth0_macvtap: entered promiscuous mode
[  391.997265][T13843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.011568][T13744] veth1_macvtap: entered promiscuous mode
[  392.035043][T13744] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.064479][T13744] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.089209][   T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.111208][   T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  392.134740][   T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  392.163733][   T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  392.371656][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  392.397855][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  392.416881][ T5284] 8021q: adding VLAN 0 to HW filter on device eth18
[  392.470548][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  392.480251][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  392.962440][T13843] veth0_vlan: entered promiscuous mode
[  393.064184][T13843] veth1_vlan: entered promiscuous mode
[  393.280648][T13843] veth0_macvtap: entered promiscuous mode
[  393.360562][T13843] veth1_macvtap: entered promiscuous mode
[  393.460068][T13843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  393.569712][T13843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  393.645828][ T1102] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  393.691709][ T1102] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.749821][ T1102] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.815846][ T1102] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.315898][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.371365][T14261] loop2: detected capacity change from 0 to 32768
[  394.381039][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.427196][T14261] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  394.435659][T14261] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  394.616666][T14261] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 5ms
[  394.631306][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  394.640712][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  394.692963][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.713763][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.878321][T14235] loop1: detected capacity change from 0 to 32768
[  394.912381][ T5759] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  395.012329][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 347ms
[  395.035691][T14235] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  395.052489][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  395.062344][T14261] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  395.086655][T14284] macvlan0: entered promiscuous mode
[  395.139148][ T5759] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  395.162217][T14284] netlink: 'syz.9.2984': attribute type 1 has an invalid length.
[  395.170512][ T5759] usb 4-1: config 0 has no interface number 0
[  395.179480][ T5759] usb 4-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  395.190997][T14284] netlink: 'syz.9.2984': attribute type 2 has an invalid length.
[  395.209046][ T5759] usb 4-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.219155][ T5759] usb 4-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  395.238628][ T5759] usb 4-1: config 0 interface 1 has no altsetting 0
[  395.249254][ T5759] usb 4-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  395.282229][ T5759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.317183][ T5759] usb 4-1: config 0 descriptor??
[  395.344438][T14235] XFS (loop1): Ending clean mount
[  395.516575][T14235] XFS (loop1): Quotacheck needed: Please wait.
[  395.753202][T14261] gfs2: fsid=syz:syz.0: found 1 quota changes
[  395.859580][T14235] XFS (loop1): Quotacheck: Done.
[  395.929374][ T5284] 8021q: adding VLAN 0 to HW filter on device eth19
[  396.003775][T14301] loop4: detected capacity change from 0 to 128
[  396.029825][ T5622] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  396.048403][T14301] EXT4-fs (loop4): Test dummy encryption mode enabled
[  396.062715][ T5759] uclogic 0003:145F:0212.0024: pen parameters not found
[  396.094953][T14301] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042]
[  396.125022][ T5759] uclogic 0003:145F:0212.0024: interface is invalid, ignoring
[  396.139550][ T5759] usb 4-1: USB disconnect, device number 16
[  396.170116][T14301] System zones: 1-3, 19-19, 35-36
[  396.230167][T14301] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  396.329086][T14301] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  396.473296][T14301] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  396.630763][T13843] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  397.179382][T14324] siw: device registration error -23
[  397.232217][T14324] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2992'.
[  397.261764][T14327] loop9: detected capacity change from 0 to 64
[  397.372002][T14324] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  397.392911][T14327] minix: block size(59136) > page size(4096) not supported by filesystem
[  397.453444][T14324] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  397.555451][T14324] bond0 (unregistering): Released all slaves
[  398.336579][    T9] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  398.525107][    T9] usb 10-1: Using ep0 maxpacket: 8
[  398.570821][    T9] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  398.614089][    T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  398.655677][    T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  398.688725][    T9] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  398.729658][    T9] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  398.767626][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.981495][T14365] loop7: detected capacity change from 0 to 256
[  398.990542][ T5284] 8021q: adding VLAN 0 to HW filter on device eth20
[  399.065394][    T9] usb 10-1: GET_CAPABILITIES returned 0
[  399.095992][T14367] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  399.097795][    T9] usbtmc 10-1:16.0: can't read capabilities
[  399.375085][T14341] loop4: detected capacity change from 0 to 32768
[  399.430427][    T9] usb 10-1: USB disconnect, device number 2
[  399.437091][T14341] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  399.617176][T14341] XFS (loop4): Ending clean mount
[  399.669934][T14375] loop3: detected capacity change from 0 to 4096
[  400.220365][T13843] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  401.210017][   T24] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  401.393830][T14429] loop7: detected capacity change from 0 to 64
[  401.431111][   T24] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  401.473312][   T24] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  401.573168][   T24] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  401.621686][   T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.661125][   T24] usb 10-1: Product: syz
[  401.681751][   T24] usb 10-1: Manufacturer: syz
[  401.717200][   T24] usb 10-1: SerialNumber: syz
[  401.871379][ T5632] Bluetooth: hci5: command tx timeout
[  401.965974][T14453] loop2: detected capacity change from 0 to 256
[  402.090898][   T24] cdc_ether 10-1:1.0: probe with driver cdc_ether failed with error -22
[  402.137775][   T24] usb 10-1: USB disconnect, device number 3
[  402.662483][   T24] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[  402.752450][T14476] loop4: detected capacity change from 0 to 256
[  402.867572][   T24] usb 10-1: config index 0 descriptor too short (expected 301, got 72)
[  402.894413][   T24] usb 10-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  402.921078][   T24] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  402.951422][   T24] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64
[  402.996481][   T24] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  403.034593][   T24] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  403.071276][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.164545][ T5736] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  403.194803][T14489] tun0: tun_chr_ioctl cmd 2147767521
[  403.346857][ T5736] usb 3-1: Using ep0 maxpacket: 8
[  403.383679][   T24] usb 10-1: usb_control_msg returned -71
[  403.396220][ T5736] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  403.409454][   T24] usbtmc 10-1:16.0: can't read capabilities
[  403.427397][ T5736] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.459275][ T5736] usb 3-1: Product: syz
[  403.466225][   T24] usb 10-1: USB disconnect, device number 4
[  403.478524][ T5736] usb 3-1: Manufacturer: syz
[  403.497375][ T5736] usb 3-1: SerialNumber: syz
[  403.531798][ T5736] usb 3-1: config 0 descriptor??
[  403.576115][ T5736] gspca_main: sq930x-2.14.0 probing 2770:930c
[  404.136080][T14490] loop3: detected capacity change from 0 to 40427
[  404.159466][T14490] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  404.186196][T14490] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  404.248265][T14493] loop1: detected capacity change from 0 to 32768
[  404.423577][ T5736] gspca_sq930x: ucbus_write failed -71
[  404.455794][ T5736] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  404.503988][ T5736] usb 3-1: USB disconnect, device number 2
[  404.615820][T14490] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  404.736251][T14515] netlink: 136 bytes leftover after parsing attributes in process `syz.1.3052'.
[  404.793544][T14490] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  404.822367][T14490] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  405.503435][T14530] loop7: detected capacity change from 0 to 4096
[  405.626997][T14530] NILFS (loop7): invalid segment: Checksum error in segment payload
[  405.690743][T14530] NILFS (loop7): trying rollback from an earlier position
[  405.800421][T14530] NILFS (loop7): recovery complete
[  405.840155][T14536] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  406.605050][T14521] loop1: detected capacity change from 0 to 32768
[  406.717674][T14521] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  406.776415][T14521] XFS (loop1): Ending clean mount
[  406.989250][T14573] loop4: detected capacity change from 0 to 2048
[  407.009229][   T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  407.044800][T14573] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  407.076944][   T31] audit: type=1800 audit(1777463241.629:103): pid=14573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3068" name="bus" dev="loop4" ino=1367 res=0 errno=0
[  407.196358][   T10] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  407.224856][   T10] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  407.292743][ T5622] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  407.301405][   T10] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  407.301529][   T10] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  407.301554][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.337708][T14565] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  407.419539][T14586] loop3: detected capacity change from 0 to 256
[  407.421180][T14576] loop9: detected capacity change from 0 to 4096
[  407.537409][T14586] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  407.876196][   T10] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  407.923316][   T10] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input20
[  408.318185][   T10] usb 3-1: USB disconnect, device number 3
[  408.324126][    C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  408.527118][T14609] loop4: detected capacity change from 0 to 256
[  408.611842][T14609] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  408.668227][   T31] audit: type=1800 audit(1777463243.125:104): pid=14609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3078" name="file0" dev="loop4" ino=1048795 res=0 errno=0
[  409.293470][   T30] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  409.551181][   T30] usb 10-1: Using ep0 maxpacket: 16
[  409.597286][   T30] usb 10-1: config 0 has an invalid interface number: 105 but max is 0
[  409.615902][T14632] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3085'.
[  409.634046][   T30] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  409.665681][T14632] bridge_slave_1: left allmulticast mode
[  409.673936][   T30] usb 10-1: config 0 has no interface number 0
[  409.690401][T14632] bridge_slave_1: left promiscuous mode
[  409.702364][   T30] usb 10-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  409.715421][T14632] bridge0: port 2(bridge_slave_1) entered disabled state
[  409.733245][   T30] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.772026][   T30] usb 10-1: Product: syz
[  409.777722][T14632] bridge_slave_0: left allmulticast mode
[  409.806737][   T30] usb 10-1: Manufacturer: syz
[  409.813288][T14632] bridge_slave_0: left promiscuous mode
[  409.822712][   T30] usb 10-1: SerialNumber: syz
[  409.832133][T14632] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.857726][   T30] usb 10-1: config 0 descriptor??
[  410.108768][   T30] uvcvideo 10-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  410.147444][   T30] uvcvideo 10-1:0.105: No valid video chain found.
[  410.193299][   T30] usb 10-1: USB disconnect, device number 5
[  410.841448][T14673] netlink: 190972 bytes leftover after parsing attributes in process `syz.4.3099'.
[  411.113366][T14682] loop7: detected capacity change from 0 to 512
[  411.144032][T14682] EXT4-fs: Ignoring removed nomblk_io_submit option
[  411.199116][T14684] loop4: detected capacity change from 0 to 1024
[  411.224134][T14682] EXT4-fs (loop7): 1 truncate cleaned up
[  411.252390][T14684] EXT4-fs: Ignoring removed mblk_io_submit option
[  411.417761][T14699] loop9: detected capacity change from 0 to 512
[  411.427708][T14684] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  411.467931][T14682] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  411.543771][T14684] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  411.923026][ T8181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.005737][T14711] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3105: bg 0: block 112: padding at end of block bitmap is not set
[  412.027112][T14684] EXT4-fs error (device loop4): ext4_map_blocks:833: inode #15: block 3: comm syz.4.3105: lblock 3 mapped to illegal pblock 3 (length 3)
[  412.074720][T14684] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  412.098070][T14715] netlink: 184 bytes leftover after parsing attributes in process `syz.2.3112'.
[  412.147186][T14684] EXT4-fs (loop4): This should not happen!! Data will be lost
[  412.147186][T14684] 
[  412.278080][   T12] EXT4-fs error (device loop4): ext4_map_blocks:833: inode #15: block 8: comm kworker/u8:0: lblock 8 mapped to illegal pblock 8 (length 5)
[  412.333538][   T12] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 5 with error 117
[  412.388966][   T12] EXT4-fs (loop4): This should not happen!! Data will be lost
[  412.388966][   T12] 
[  412.468415][T13843] EXT4-fs warning (device loop4): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  412.520921][T13843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  412.717552][T14729] loop2: detected capacity change from 0 to 4096
[  412.824594][T14735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3116'.
[  412.873378][T14735] netlink: 'syz.4.3116': attribute type 20 has an invalid length.
[  412.908580][T14735] netlink: 'syz.4.3116': attribute type 21 has an invalid length.
[  413.190842][T14739] program syz.1.3121 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  413.253865][T14717] loop9: detected capacity change from 0 to 32768
[  413.323823][T14743] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3122'.
[  413.376440][T14717] JBD2: Ignoring recovery information on journal
[  413.480115][T14743] ipvlan2: entered allmulticast mode
[  413.485558][T14743] syz_tun: entered allmulticast mode
[  413.543328][T14717] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  413.844605][ T5632] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  414.180141][T13139] ocfs2: Unmounting device (7,9) on (node local)
[  414.417346][T14769] loop1: detected capacity change from 0 to 1024
[  414.481061][T14769] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (38034!=20869)
[  414.535928][T14769] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  414.539253][T14775] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3131'.
[  414.585587][T14769] System zones: 0-1, 2-3, 5-36, 22-22, 98-101, 102-102
[  414.606686][T14769] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  414.913588][T14769] EXT4-fs error (device loop1): ext4_ext_check_inode:521: inode #16: comm syz.1.3129: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 1796(4), depth 0(0)
[  414.931007][T14783] loop7: detected capacity change from 0 to 2048
[  415.050084][T14792] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  415.165089][ T5622] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.388960][T14801] loop9: detected capacity change from 0 to 8
[  416.049723][T14818] loop7: detected capacity change from 0 to 1024
[  416.075514][T14818] EXT4-fs: Ignoring removed nomblk_io_submit option
[  416.120449][T14818] EXT4-fs: Ignoring removed orlov option
[  416.127419][T14824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3148'.
[  417.009084][T14852] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3160'.
[  417.061054][T14852] netlink: 'syz.4.3160': attribute type 6 has an invalid length.
[  417.085407][T14855] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3162'.
[  417.150854][T14849] mac80211_hwsim hwsim24 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  417.256482][T14863] loop1: detected capacity change from 0 to 256
[  417.340482][T14863] FAT-fs (loop1): Directory bread(block 64) failed
[  417.362311][T14863] FAT-fs (loop1): Directory bread(block 65) failed
[  417.407182][T14863] FAT-fs (loop1): Directory bread(block 66) failed
[  417.451078][T14863] FAT-fs (loop1): Directory bread(block 67) failed
[  417.496911][T14863] FAT-fs (loop1): Directory bread(block 68) failed
[  417.516207][T14873] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3168'.
[  417.538861][T14863] FAT-fs (loop1): Directory bread(block 69) failed
[  417.582038][T14863] FAT-fs (loop1): Directory bread(block 70) failed
[  417.587072][T14873] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3168'.
[  417.635825][T14863] FAT-fs (loop1): Directory bread(block 71) failed
[  417.682835][T14863] FAT-fs (loop1): Directory bread(block 72) failed
[  417.704516][T14863] FAT-fs (loop1): Directory bread(block 73) failed
[  417.777714][T14881] loop7: detected capacity change from 0 to 16
[  417.814420][T14882] loop9: detected capacity change from 0 to 512
[  417.869596][T14882] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002]
[  417.885891][T14882] System zones: 1-12
[  417.917218][T14882] EXT4-fs error (device loop9): dx_probe:791: inode #2: comm syz.9.3172: Directory hole found for htree index block 0
[  417.941624][T14881] erofs (device loop7): mounted with root inode @ nid 36.
[  418.006541][T14882] loop9: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117
[  418.013509][    C1] EXT4-fs (loop9): error count since last fsck: 1
[  418.029092][    C1] EXT4-fs (loop9): initial error at time 1777463507: dx_probe:791: inode 2
[  418.037747][    C1] EXT4-fs (loop9): last error at time 1777463507: dx_probe:791: inode 2
[  418.059175][T14882] EXT4-fs (loop9): Remounting filesystem read-only
[  418.066851][T14882] EXT4-fs (loop9): Cannot turn on journaled quota: type 0: error -117
[  418.075614][T14882] EXT4-fs (loop9): Cannot turn on journaled quota: type 1: error -117
[  418.086656][T14882] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  418.126352][T14882] EXT4-fs (loop9): shut down requested (2)
[  418.287821][T13139] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.355326][T14898] loop7: detected capacity change from 0 to 16
[  418.400219][T14898] erofs (device loop7): mounted with root inode @ nid 36.
[  418.469282][T14898] erofs (device loop7): invalid de[0].nameoff 14 @ nid 36
[  419.220674][T14886] loop2: detected capacity change from 0 to 32768
[  419.290793][T14920] loop7: detected capacity change from 0 to 1024
[  419.308989][T14886] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3173 (14886)
[  419.419566][T14886] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  419.477990][T14886] BTRFS info (device loop2): using crc32c checksum algorithm
[  419.753895][T14886] BTRFS info (device loop2): enabling ssd optimizations
[  419.778121][T14886] BTRFS info (device loop2): turning on flush-on-commit
[  419.821162][T14886] BTRFS info (device loop2): enabling free space tree
[  419.864325][T14886] BTRFS info (device loop2): force zlib compression, level 3
[  419.910634][T14886] BTRFS info (device loop2): max_inline set to 4096
[  419.921109][ T1024] wlan1: Trigger new scan to find an IBSS to join
[  420.201563][T13744] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  420.374244][T14911] loop4: detected capacity change from 0 to 32768
[  420.417910][T14911] BTRFS info: device /dev/loop4 (7:4) using temp-fsid 30167869-921e-490f-9ca9-f532b018d886
[  420.465163][T14911] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.3183 (14911)
[  420.660450][T14911] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  420.723910][T14911] BTRFS info (device loop4): using crc32c checksum algorithm
[  421.110206][T14911] BTRFS info (device loop4): enabling ssd optimizations
[  421.119814][T14989] loop9: detected capacity change from 0 to 128
[  421.136186][T14911] BTRFS info (device loop4): turning on flush-on-commit
[  421.225953][T14911] BTRFS info (device loop4): enabling free space tree
[  421.326135][T14911] BTRFS info (device loop4): enabling auto defrag
[  421.387286][T14911] BTRFS info (device loop4): use lzo compression, level 1
[  421.438338][T14911] BTRFS info (device loop4): max_inline set to 4096
[  421.826538][T14998] loop2: detected capacity change from 0 to 1024
[  421.882869][T15003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3205'.
[  421.933567][T15003] netlink: 'syz.1.3205': attribute type 30 has an invalid length.
[  421.943800][T15003] netlink: 'syz.1.3205': attribute type 29 has an invalid length.
[  421.952092][T15003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3205'.
[  422.003768][T14998] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  422.090139][T13843] BTRFS info (device loop4): last unmount of filesystem 30167869-921e-490f-9ca9-f532b018d886
[  422.324845][T13744] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.480866][T15019] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3211'.
[  422.708041][ T5772] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  422.894397][ T5772] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.947057][ T5772] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.016471][ T5772] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  423.086058][ T5772] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.178567][ T5772] usb 5-1: config 0 descriptor??
[  423.654909][ T5772] hid_parser_main: 22 callbacks suppressed
[  423.654936][ T5772] playstation 0003:054C:0DF2.0025: unknown main item tag 0x0
[  423.760988][ T5772] playstation 0003:054C:0DF2.0025: unknown main item tag 0x0
[  423.792066][T15049] bridge_slave_0: left allmulticast mode
[  423.813457][T15049] bridge_slave_0: left promiscuous mode
[  423.819194][ T5772] playstation 0003:054C:0DF2.0025: unknown main item tag 0x0
[  423.819230][ T5772] playstation 0003:054C:0DF2.0025: unknown main item tag 0x0
[  423.819256][ T5772] playstation 0003:054C:0DF2.0025: unknown main item tag 0x0
[  423.922258][T15049] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.960738][ T5772] playstation 0003:054C:0DF2.0025: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0
[  424.121704][ T5772] playstation 0003:054C:0DF2.0025: Invalid reportID received, expected 9 got 32
[  424.170827][ T5772] playstation 0003:054C:0DF2.0025: Failed to retrieve DualSense pairing info: -22
[  424.195697][   T37] wlan1: Trigger new scan to find an IBSS to join
[  424.253739][ T5772] playstation 0003:054C:0DF2.0025: Failed to get MAC address from DualSense
[  424.307490][ T5772] playstation 0003:054C:0DF2.0025: Failed to create dualsense.
[  424.378703][ T5772] playstation 0003:054C:0DF2.0025: probe with driver playstation failed with error -22
[  424.446454][ T5772] usb 5-1: USB disconnect, device number 6
[  424.453192][   T31] audit: type=1326 audit(1777463513.881:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15061 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  424.475193][T15063] pim6reg: entered allmulticast mode
[  424.542827][T15062] pim6reg: left allmulticast mode
[  424.559905][   T31] audit: type=1326 audit(1777463513.947:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15061 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  424.669393][   T31] audit: type=1326 audit(1777463513.947:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15061 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  424.781982][   T31] audit: type=1326 audit(1777463513.947:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15061 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  424.860668][   T31] audit: type=1326 audit(1777463513.947:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15061 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  424.979087][   T31] audit: type=1326 audit(1777463513.956:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15061 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  425.301831][   T84] wlan1: Creating new IBSS network, BSSID 82:3f:70:fc:ff:7d
[  425.419830][T15087] netlink: 'syz.2.3231': attribute type 4 has an invalid length.
[  425.732723][ T5772] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  425.761609][T15096] bond1: ARP target 9.0.0.0 is already present
[  425.783859][T15096] bond1: option arp_ip_target: invalid value (9)
[  425.836023][T15104] loop9: detected capacity change from 0 to 256
[  425.844482][T15104] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  425.888921][T15096] bond1 (unregistering): Released all slaves
[  425.897785][T15104] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  425.909583][ T5772] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  425.925297][ T5772] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.982506][ T5772] usb 2-1: config 0 descriptor??
[  426.006976][T15102] loop2: detected capacity change from 0 to 4096
[  426.016732][ T5772] cp210x 2-1:0.0: cp210x converter detected
[  426.036952][T15102] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  426.192855][T15102] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  426.224400][T15102] ntfs3(loop2): Failed to load root (-22).
[  426.350049][T15108] program syz.4.3238 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  426.460916][ T5772] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  426.507142][ T5772] usb 2-1: cp210x converter now attached to ttyUSB0
[  426.731021][   T10] usb 2-1: USB disconnect, device number 14
[  426.781800][   T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  426.837874][   T10] cp210x 2-1:0.0: device disconnected
[  427.016450][ T5628] Bluetooth: hci6: command 0x1003 tx timeout
[  427.025048][ T5632] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  427.152877][T15130] loop4: detected capacity change from 0 to 2048
[  427.232255][T15130] EXT4-fs: Ignoring removed oldalloc option
[  427.330888][T15130] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002]
[  427.375404][T15130] System zones: 0-7
[  427.389722][T15130] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  427.446329][T15130] EXT4-fs error (device loop4): ext4_find_extent:939: inode #2: comm syz.4.3245: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  427.683888][T15130] EXT4-fs (loop4): Remounting filesystem read-only
[  427.742413][   T10] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  427.828000][T13843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  427.941154][   T10] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  427.972322][   T10] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  428.028064][   T10] usb 10-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  428.083879][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.122686][   T10] usb 10-1: Product: syz
[  428.144166][   T10] usb 10-1: Manufacturer: syz
[  428.165891][   T10] usb 10-1: SerialNumber: syz
[  428.237893][   T10] usb 10-1: config 0 descriptor??
[  428.264247][T15141] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  428.304036][T15141] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  428.601957][T15141] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  428.635036][T15141] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  428.701476][T15181] vlan2: entered promiscuous mode
[  428.707082][T15181] bridge0: entered promiscuous mode
[  428.768033][T15185] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3263'.
[  428.810446][T15185] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3263'.
[  429.122407][   T10] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  429.291628][T15196] loop7: detected capacity change from 0 to 8
[  429.351946][   T10] dm9601 10-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  429.426529][   T10] usb 10-1: USB disconnect, device number 6
[  429.826923][T15169] loop1: detected capacity change from 0 to 40427
[  429.833944][T15174] loop3: detected capacity change from 0 to 32768
[  429.846370][T15169] F2FS-fs (loop1): Invalid SB checksum offset: 0
[  429.855647][T15169] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  429.873413][T15169] F2FS-fs (loop1): invalid crc value
[  429.912036][T15174] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  429.930271][T15169] F2FS-fs (loop1): invalid journal entries nats 512 sits 6
[  429.943473][T15169] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-22)
[  430.068220][T15174] XFS (loop3): Ending clean mount
[  430.167344][T15174] XFS (loop3): Quotacheck needed: Please wait.
[  430.180090][T15228] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3273'.
[  430.229640][T15228] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3273'.
[  430.598862][T15174] XFS (loop3): Quotacheck: Done.
[  430.798967][T15244] xt_hashlimit: size too large, truncated to 1048576
[  430.839221][ T5618] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  430.868305][T15245] ¾x9ÿ: renamed from bridge_slave_0 (while UP)
[  430.981870][   T30] kernel read not supported for file /dsp (pid: 30 comm: kworker/1:2)
[  431.122726][T15248] xt_hashlimit: size too large, truncated to 1048576
[  431.478074][T15231] loop4: detected capacity change from 0 to 32768
[  431.614382][T15231] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  431.783751][T15231] XFS (loop4): Ending clean mount
[  432.336663][T13843] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  432.526437][T15284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3288'.
[  432.590095][T15284] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3288'.
[  432.628863][T15284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3288'.
[  433.307983][T15299] netlink: 'syz.2.3294': attribute type 12 has an invalid length.
[  433.827229][T15310] loop1: detected capacity change from 0 to 512
[  433.930285][T15310] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  434.025490][T15310] ext4 filesystem being mounted at /606/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  434.221095][T15317] loop2: detected capacity change from 0 to 1024
[  434.230947][T15296] loop3: detected capacity change from 0 to 131072
[  434.251033][T15310] EXT4-fs (loop1): shut down requested (2)
[  434.257624][T15296] F2FS-fs (loop3): Test dummy encryption mode enabled
[  434.268580][T15296] F2FS-fs (loop3): invalid crc value
[  434.423716][T15296] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  434.440087][T15296] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  434.535557][ T5622] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  434.677183][T15289] loop7: detected capacity change from 0 to 32768
[  434.717529][T15325] loop9: detected capacity change from 0 to 1024
[  434.753005][T15289] XFS (loop7): DAX unsupported by block device. Turning off DAX.
[  434.790812][T15325] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  434.809068][T15289] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  434.938648][T15289] XFS (loop7): Ending clean mount
[  435.008460][T15289] XFS (loop7): Quotacheck needed: Please wait.
[  435.250276][T15349] program syz.2.3308 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  435.378450][ T5736] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  435.423391][T15289] XFS (loop7): Quotacheck: Done.
[  435.603050][ T5736] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  435.646046][ T5736] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  435.686712][ T5736] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  435.726875][ T5736] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  435.731109][T15359] loop2: detected capacity change from 0 to 2048
[  435.783323][ T5736] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  435.830985][ T5736] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  435.871803][ T5736] usb 5-1: Product: syz
[  435.886749][T15359] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  435.904135][ T5736] usb 5-1: Manufacturer: syz
[  435.959418][ T5736] cdc_wdm 5-1:1.0: skipping garbage
[  435.965559][ T8181] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  435.996291][ T5736] cdc_wdm 5-1:1.0: skipping garbage
[  436.011257][ T5736] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  436.018427][ T5736] cdc_wdm 5-1:1.0: Unknown control protocol
[  436.235178][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.241996][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.248382][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.254980][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.263231][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.269827][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.279220][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.285826][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.293082][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.299682][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.307141][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.313747][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.320048][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.326646][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.333038][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.339634][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.346553][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.353150][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.359615][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  436.366210][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  436.374344][ T5736] usb 5-1: USB disconnect, device number 7
[  436.380254][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  437.235514][T15391] ALSA: seq fatal error: cannot create timer (-22)
[  437.271151][T15392] loop4: detected capacity change from 0 to 256
[  437.334241][T15392] exfat: Deprecated parameter 'utf8'
[  437.369555][T15392] exfat: Deprecated parameter 'utf8'
[  437.443364][T15392] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  437.496088][T15398] loop9: detected capacity change from 0 to 256
[  437.612498][T15398] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xb963610a, utbl_chksum : 0xe619d30d)
[  437.629454][T15394] loop1: detected capacity change from 0 to 4096
[  437.673474][T15394] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  437.828402][T15394] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  437.961915][T15410] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3328'.
[  437.999550][   T31] audit: type=1800 audit(1777463527.568:111): pid=15394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3323" name="file1" dev="loop1" ino=30 res=0 errno=0
[  438.050308][T15410] netlink: 'syz.7.3328': attribute type 1 has an invalid length.
[  438.537634][T15424] netlink: 'syz.1.3332': attribute type 11 has an invalid length.
[  438.593102][T15424] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3332'.
[  439.413138][T15451] program syz.9.3341 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  439.708655][T15459] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3344'.
[  440.098852][T15473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3349'.
[  440.120912][   T30] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  440.315264][   T30] usb 3-1: Using ep0 maxpacket: 8
[  440.336042][   T30] usb 3-1: config 0 has an invalid interface number: 186 but max is 0
[  440.363323][   T30] usb 3-1: config 0 has no interface number 0
[  440.377209][   T30] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  440.411690][   T30] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 18, changing to 8
[  440.435924][   T30] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  440.474203][   T30] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  440.524932][   T30] usb 3-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  440.586324][   T30] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  440.608465][   T30] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.638627][   T30] usb 3-1: Product: syz
[  440.647049][   T30] usb 3-1: Manufacturer: syz
[  440.671467][   T30] usb 3-1: SerialNumber: syz
[  440.695588][   T30] usb 3-1: config 0 descriptor??
[  440.911216][T15498] netdevsim netdevsim9 netdevsim0: IPsec offload requires 128 bit authentication
[  440.950002][   T30] iowarrior 3-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  441.262000][   T30] usb 3-1: USB disconnect, device number 4
[  441.359891][T15510] loop4: detected capacity change from 0 to 512
[  441.622355][T15510] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2810: inode #11: comm syz.4.3362: corrupted xattr block 95: invalid header
[  441.738448][T15510] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  441.743244][T15510] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3362: bg 0: block 7: invalid block bitmap
[  441.752494][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  441.752518][    C1] EXT4-fs (loop4): initial error at time 1777463531: ext4_expand_extra_isize_ea:2810: inode 11
[  441.752559][    C1] EXT4-fs (loop4): last error at time 1777463531: ext4_expand_extra_isize_ea:2810: inode 11
[  442.117833][T15521] loop1: detected capacity change from 0 to 2048
[  442.171135][T15510] loop4: lost filesystem error report for type 5 error -117
[  442.178511][T15510] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  442.244828][T15525] loop9: detected capacity change from 0 to 1024
[  442.266332][T15527] bridge_slave_0: entered promiscuous mode
[  442.315533][T15510] loop4: lost filesystem error report for type 5 error -117
[  442.317366][T15510] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2972: inode #11: comm syz.4.3362: corrupted xattr block 95: invalid header
[  442.366000][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3369'.
[  442.389068][T15525] EXT4-fs (loop9): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  442.423766][T15531] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  442.440559][T15512] loop7: detected capacity change from 0 to 131072
[  442.450039][T15512] F2FS-fs (loop7): invalid crc value
[  442.471154][T15527] bridge_slave_0: left promiscuous mode
[  442.479891][T15525] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  442.490614][T15510] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  442.493480][T15510] EXT4-fs warning (device loop4): ext4_evict_inode:287: xattr delete (err -117)
[  442.543886][T15537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3370'.
[  442.563972][T15512] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  442.581979][T15512] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  442.616332][T15510] EXT4-fs (loop4): 1 orphan inode deleted
[  442.651477][T15510] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  442.679041][T15525] EXT4-fs error (device loop9): ext4_map_blocks:833: inode #15: block 3: comm syz.9.3368: lblock 3 mapped to illegal pblock 3 (length 3)
[  442.713753][T15512] F2FS-fs (loop7): recover xattr in inode (7), error(0)
[  442.721629][T15512] F2FS-fs (loop7): set inode (7) has corrupted xattr
[  442.824231][T15525] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  442.868133][T15525] EXT4-fs (loop9): This should not happen!! Data will be lost
[  442.868133][T15525] 
[  442.992439][T15540] EXT4-fs error (device loop9): ext4_map_blocks:833: inode #15: comm syz.9.3368: lblock 0 mapped to illegal pblock 0 (length 3)
[  443.071065][T15540] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 117
[  443.089161][T13843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  443.123277][T15549] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input21
[  443.175259][T15540] EXT4-fs (loop9): This should not happen!! Data will be lost
[  443.175259][T15540] 
[  443.271077][T15552] misc userio: Begin command sent, but we're already running
[  443.457345][   T12] EXT4-fs error (device loop9): ext4_map_blocks:833: inode #15: block 4: comm kworker/u8:0: lblock 4 mapped to illegal pblock 4 (length 2)
[  443.527522][   T12] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117
[  443.573870][   T12] EXT4-fs (loop9): This should not happen!! Data will be lost
[  443.573870][   T12] 
[  443.615587][   T84] EXT4-fs error (device loop9): ext4_map_blocks:833: inode #15: block 8: comm kworker/u8:5: lblock 8 mapped to illegal pblock 8 (length 8)
[  443.668607][   T84] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  443.733973][   T84] EXT4-fs (loop9): This should not happen!! Data will be lost
[  443.733973][   T84] 
[  443.813926][T13139] EXT4-fs warning (device loop9): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  443.880642][T13139] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  444.211389][T15576] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3383'.
[  444.425687][T15579] tap0: tun_chr_ioctl cmd 1074025681
[  444.551991][T15557] loop2: detected capacity change from 0 to 32768
[  444.636952][T15557] diRead: diIAGRead returned -5
[  445.626519][T15602] loop1: detected capacity change from 0 to 512
[  445.660697][T15602] EXT4-fs: Ignoring removed bh option
[  445.728019][T15602] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  445.825152][T15602] EXT4-fs (loop1): 1 truncate cleaned up
[  445.898814][T15602] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  446.199356][T15619] loop2: detected capacity change from 0 to 256
[  446.236190][T15619] exfat: Deprecated parameter 'utf8'
[  446.252386][ T5622] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  446.378482][T15619] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x72bddf51, utbl_chksum : 0xe619d30d)
[  446.430979][T15626] loop7: detected capacity change from 0 to 64
[  446.752461][T15626] Trying to free block not in datazone
[  446.776538][T15638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3405'.
[  446.821579][T15638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3405'.
[  446.835711][   T10] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  446.883092][T15638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3405'.
[  446.925350][T15638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3405'.
[  446.951779][T15638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3405'.
[  447.113842][   T10] usb 10-1: Using ep0 maxpacket: 32
[  447.137735][   T10] usb 10-1: config 0 has an invalid interface number: 51 but max is 0
[  447.160799][   T10] usb 10-1: config 0 has no interface number 0
[  447.174009][   T10] usb 10-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  447.185309][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.194489][   T10] usb 10-1: Product: syz
[  447.199225][   T10] usb 10-1: Manufacturer: syz
[  447.204028][   T10] usb 10-1: SerialNumber: syz
[  447.242368][   T10] usb 10-1: config 0 descriptor??
[  447.255106][   T10] quatech2 10-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  447.561250][   T10] usb 10-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  447.622693][   T10] usb 10-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  447.774820][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 101
[  447.944109][T15664] loop7: detected capacity change from 0 to 64
[  448.045597][    C0] usb 10-1: qt2_read_bulk_callback - non-zero urb status: -71
[  448.051988][ T5772] usb 10-1: USB disconnect, device number 7
[  448.082932][ T5772] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  448.162353][ T5772] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  448.220664][ T5772] quatech2 10-1:0.51: device disconnected
[  448.886833][T15682] loop4: detected capacity change from 0 to 32768
[  448.909758][T15682] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  448.918008][T15682] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  449.085434][T15682] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  449.099047][ T5861] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  449.112925][ T5861] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  449.480973][ T5861] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 344ms
[  449.519422][ T5861] gfs2: fsid=syz:syz.0: jid=0: Done
[  449.527602][T15705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3428'.
[  449.551953][T15682] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  449.570242][T15708] loop1: detected capacity change from 0 to 256
[  449.626313][ T5772] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  449.728443][T15708] FAT-fs (loop1): Directory bread(block 64) failed
[  449.771368][T15708] FAT-fs (loop1): Directory bread(block 65) failed
[  449.781793][T15705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3428'.
[  449.804863][T15708] FAT-fs (loop1): Directory bread(block 66) failed
[  449.838608][T15708] FAT-fs (loop1): Directory bread(block 67) failed
[  449.846069][ T5772] usb 10-1: Using ep0 maxpacket: 8
[  449.868562][ T5772] usb 10-1: config 179 has an invalid interface number: 65 but max is 0
[  449.890580][T15708] FAT-fs (loop1): Directory bread(block 68) failed
[  449.899921][ T5772] usb 10-1: config 179 has no interface number 0
[  449.911914][T15708] FAT-fs (loop1): Directory bread(block 69) failed
[  449.919962][ T5772] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  449.948253][T15708] FAT-fs (loop1): Directory bread(block 70) failed
[  449.955021][ T5772] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  449.974947][T15708] FAT-fs (loop1): Directory bread(block 71) failed
[  449.978091][T15715] hugetlbfs: syz.2.3432 (15715): Using mlock ulimits for SHM_HUGETLB is obsolete
[  449.984421][T15708] FAT-fs (loop1): Directory bread(block 72) failed
[  449.998568][ T5772] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  450.016292][ T5772] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  450.033709][T15708] FAT-fs (loop1): Directory bread(block 73) failed
[  450.040567][ T5772] usb 10-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  450.051143][T15716] blkio.reset_stats is deprecated
[  450.093471][ T5772] usb 10-1: config 179 interface 65 has no altsetting 0
[  450.103319][ T5772] usb 10-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  450.133219][ T5772] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.276249][ T5772] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:179.65/input/input23
[  450.546446][ T5772] usb 10-1: USB disconnect, device number 8
[  450.546544][    C1] xpad 10-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  452.019757][T15756] loop3: detected capacity change from 0 to 256
[  452.050325][T15756] exfat: Deprecated parameter 'utf8'
[  452.098099][T15756] exfat: Deprecated parameter 'namecase'
[  452.206352][T15756] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  452.299385][T15762] loop7: detected capacity change from 0 to 1024
[  452.312852][T15763] erspan0: entered promiscuous mode
[  452.451284][T15762] hfsplus: bad catalog file entry
[  452.620303][T15732] loop2: detected capacity change from 0 to 40427
[  452.646877][   T12] hfsplus: bad catalog file entry
[  452.672929][T15732] F2FS-fs (loop2): Corrupted extension count (64 + 1 > 64)
[  452.721893][T15732] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  452.782751][T15732] F2FS-fs (loop2): invalid crc value
[  453.173568][T15732] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  453.329969][T15732] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  453.348073][T15732] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  453.442975][T15773] f2fs_ckpt-7:2: attempt to access beyond end of device
[  453.442975][T15773] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  453.548814][T15773] CPU: 1 UID: 0 PID: 15773 Comm: f2fs_ckpt-7:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  453.548855][T15773] Tainted: [L]=SOFTLOCKUP
[  453.548864][T15773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  453.548881][T15773] Call Trace:
[  453.548890][T15773]  <TASK>
[  453.548900][T15773]  dump_stack_lvl+0xe8/0x150
[  453.548934][T15773]  f2fs_stop_checkpoint+0x3c7/0x590
[  453.548985][T15773]  f2fs_write_end_io+0x1274/0x1740
[  453.549041][T15773]  __submit_merged_bio+0x256/0x6a0
[  453.549079][T15773]  __submit_merged_write_cond+0x3c9/0x4e0
[  453.549136][T15773]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  453.549195][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549236][T15773]  f2fs_write_data_pages+0x287e/0x34f0
[  453.549267][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549335][T15773]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  453.549386][T15773]  ? arch_stack_walk+0x11b/0x150
[  453.549453][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549482][T15773]  ? add_lock_to_list+0xc7/0x100
[  453.549518][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549558][T15773]  ? __lock_acquire+0x146e/0x2cf0
[  453.549617][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549647][T15773]  ? do_raw_spin_lock+0x12b/0x2f0
[  453.549691][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549725][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549755][T15773]  ? do_raw_spin_unlock+0xf5/0x210
[  453.549793][T15773]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  453.549825][T15773]  do_writepages+0x32e/0x550
[  453.549858][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549890][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549924][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.549953][T15773]  ? do_raw_spin_unlock+0xf5/0x210
[  453.549997][T15773]  filemap_fdatawrite+0x1e9/0x2f0
[  453.550032][T15773]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  453.550111][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.550144][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.550179][T15773]  ? do_raw_spin_unlock+0xf5/0x210
[  453.550222][T15773]  f2fs_sync_dirty_inodes+0x30e/0x830
[  453.550272][T15773]  f2fs_write_checkpoint+0x9df/0x26a0
[  453.550344][T15773]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  453.550375][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.550449][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.550478][T15773]  ? down_write+0x16d/0x200
[  453.550513][T15773]  ? __pfx_down_write+0x10/0x10
[  453.550547][T15773]  ? uplift_priority+0xdb/0x700
[  453.550573][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.550603][T15773]  ? __schedule+0x17ca/0x5680
[  453.550638][T15773]  __write_checkpoint_sync+0x124/0x2b0
[  453.550682][T15773]  ? __pfx___write_checkpoint_sync+0x10/0x10
[  453.550735][T15773]  ? __pfx___schedule+0x10/0x10
[  453.550768][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.550807][T15773]  __checkpoint_and_complete_reqs+0x53/0x2d0
[  453.550851][T15773]  issue_checkpoint_thread+0xd6/0x280
[  453.550888][T15773]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  453.550924][T15773]  ? __pfx_autoremove_wake_function+0x10/0x10
[  453.550962][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.550993][T15773]  ? __kthread_parkme+0x7a/0x1f0
[  453.551022][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.551062][T15773]  kthread+0x388/0x470
[  453.551106][T15773]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  453.551139][T15773]  ? __pfx_kthread+0x10/0x10
[  453.551174][T15773]  ret_from_fork+0x514/0xb70
[  453.551205][T15773]  ? __pfx_ret_from_fork+0x10/0x10
[  453.551231][T15773]  ? srso_alias_return_thunk+0x5/0xfbef5
[  453.551260][T15773]  ? __switch_to+0xc79/0x1410
[  453.551301][T15773]  ? __pfx_kthread+0x10/0x10
[  453.551336][T15773]  ret_from_fork_asm+0x1a/0x30
[  453.551386][T15773]  </TASK>
[  453.922132][T15773] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  454.316865][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  454.324792][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  454.471337][T15805] loop7: detected capacity change from 0 to 512
[  454.499110][T15805] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  454.522167][T15805] ext4 filesystem being mounted at /430/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  454.632620][T15813] loop3: detected capacity change from 0 to 512
[  454.682535][T15813] EXT4-fs: Ignoring removed bh option
[  454.740761][T15813] EXT4-fs: Ignoring removed mblk_io_submit option
[  454.779650][T15813] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  454.799451][T15817] EXT4-fs error (device loop7): ext4_lookup:1785: inode #14: comm syz.7.3468: invalid fast symlink length 39
[  454.845558][T15813] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  454.886141][T15813] EXT4-fs (loop3): orphan cleanup on readonly fs
[  454.887820][T15826] loop1: detected capacity change from 0 to 256
[  454.907858][T15826] exfat: Deprecated parameter 'utf8'
[  454.952200][T15826] exfat: Deprecated parameter 'utf8'
[  454.969842][T15813] Quota error (device loop3): do_insert_tree: Free block already used in tree: block 4
[  454.997485][T15826] exfat: Deprecated parameter 'namecase'
[  455.004777][T15813] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  455.034130][T15826] exfat: Deprecated parameter 'utf8'
[  455.049987][T15813] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.3467: Failed to acquire dquot type 1
[  455.064197][T15826] exfat: Deprecated parameter 'namecase'
[  455.104516][T15813] loop3: lost filesystem error report for type 5 error -5
[  455.105354][T15813] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3467: Invalid block bitmap block 0 in block_group 0
[  455.112609][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  455.112634][    C1] EXT4-fs (loop3): last error at time 1777463543: ext4_acquire_dquot:7034
[  455.144108][T15826] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  455.283839][T15813] loop3: lost filesystem error report for type 5 error -117
[  455.290131][T15813] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3467: Invalid block bitmap block 0 in block_group 0
[  455.427737][T15813] loop3: lost filesystem error report for type 5 error -117
[  455.428256][T15813] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3467: Invalid block bitmap block 0 in block_group 0
[  455.502349][T15813] loop3: lost filesystem error report for type 5 error -117
[  455.504013][T15813] Quota error (device loop3): write_blk: dquota write failed
[  455.574928][T15813] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  455.598977][T15836] vxlan1: entered promiscuous mode
[  455.609159][T15836] vxlan1: entered allmulticast mode
[  455.615339][T15813] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.3467: Failed to acquire dquot type 1
[  455.641030][   T37] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  455.660885][T15813] loop3: lost filesystem error report for type 5 error -28
[  455.662076][T15813] Quota error (device loop3): write_blk: dquota write failed
[  455.701623][   T37] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  455.737880][T15813] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  455.757223][   T37] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  455.798218][T15813] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.3467: Failed to acquire dquot type 1
[  455.811750][ T1169] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  455.851193][T15813] loop3: lost filesystem error report for type 5 error -28
[  455.851812][T15813] EXT4-fs (loop3): 1 orphan inode deleted
[  455.950157][ T8181] EXT4-fs error (device loop7): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[  455.979341][T15813] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  456.032491][ T8181] EXT4-fs error (device loop7): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[  456.217559][T15813] EXT4-fs (loop3): shut down requested (2)
[  456.340728][T15855] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3475'.
[  456.432509][ T5618] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.454138][T15857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3478'.
[  456.527715][T15857] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3478'.
[  456.658110][T12311] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.144574][T15879] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3488'.
[  457.411006][ T1169] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  457.446035][T15875] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3486'.
[  457.743450][T15893] loop3: detected capacity change from 0 to 512
[  457.766705][T15893] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  457.865268][T15893] EXT4-fs (loop3): 1 truncate cleaned up
[  457.879008][T15893] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  458.073819][ T1169] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.101421][ T5618] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.291355][T15902] loop3: detected capacity change from 0 to 256
[  458.305365][T15900] loop2: detected capacity change from 0 to 512
[  458.318674][T15902] exfat: Deprecated parameter 'namecase'
[  458.347649][T15902] exfat: Deprecated parameter 'utf8'
[  458.375012][T15902] exfat: Deprecated parameter 'utf8'
[  458.510884][T15902] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe5fd08b, utbl_chksum : 0xe619d30d)
[  458.675550][ T5628] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  458.693129][ T5628] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  458.706972][ T5628] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  458.746290][ T5628] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  458.768850][ T5628] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  458.844331][ T1169] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.217392][ T1169] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.250295][T15917] program syz.2.3507 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  459.370537][ T5632] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  459.391891][ T5632] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  459.405780][ T5632] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  459.418024][ T5632] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  459.431992][ T5632] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  460.035118][T15944] loop4: detected capacity change from 0 to 1024
[  460.093485][T15944] EXT4-fs: Ignoring removed nobh option
[  460.099199][T15944] EXT4-fs: Ignoring removed i_version option
[  460.157253][ T1169] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.228902][T15944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  460.480247][   T31] audit: type=1326 audit(1777463548.586:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15959 comm="syz.3.3523" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2dfb79cdd9 code=0x0
[  460.488405][T15944] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  460.653869][T15944] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  460.707079][T15944] EXT4-fs (loop4): This should not happen!! Data will be lost
[  460.707079][T15944] 
[  460.757762][T15944] EXT4-fs (loop4): Total free blocks count 0
[  460.801936][T15944] EXT4-fs (loop4): Free/Dirty block details
[  460.838381][T15944] EXT4-fs (loop4): free_blocks=20480
[  460.870665][T15944] EXT4-fs (loop4): dirty_blocks=80
[  460.895086][T15944] EXT4-fs (loop4): Block reservation details
[  460.938563][T15944] EXT4-fs (loop4): i_reserved_data_blocks=5
[  460.968582][ T5632] Bluetooth: hci3: command tx timeout
[  461.177544][ T1024] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28
[  461.247847][T13843] EXT4-fs warning (device loop4): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  461.653387][ T5632] Bluetooth: hci4: command tx timeout
[  462.004141][ T1169] bridge0: port 2(bridge_slave_1) entered disabled state
[  462.094113][ T1169] bridge_slave_0: left allmulticast mode
[  462.158780][ T1169] bridge_slave_0: left promiscuous mode
[  462.203492][ T1169] bridge0: port 1(bridge_slave_0) entered disabled state
[  462.232223][T15995] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3531'.
[  462.499596][T15986] loop2: detected capacity change from 0 to 131072
[  462.566503][T15997] loop3: detected capacity change from 0 to 32768
[  462.576150][T15986] F2FS-fs (loop2): invalid crc value
[  462.576197][T15997] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3532 (15997)
[  462.598280][T15997] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  462.612393][T15997] BTRFS info (device loop3): using sha256 checksum algorithm
[  462.691440][T15986] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  462.708634][T15986] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  462.872653][T15997] BTRFS info (device loop3): enabling ssd optimizations
[  462.879767][T15997] BTRFS info (device loop3): turning on async discard
[  462.887776][T15997] BTRFS info (device loop3): enabling free space tree
[  462.985116][ T5618] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  463.194390][ T5628] Bluetooth: hci3: command tx timeout
[  463.893972][ T5632] Bluetooth: hci4: command tx timeout
[  463.938510][T16031] loop3: detected capacity change from 0 to 512
[  463.948610][T16031] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  463.967078][T16031] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3538: invalid indirect mapped block 9 (level 0)
[  464.036238][T16031] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  464.036621][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  464.052293][    C1] EXT4-fs (loop3): initial error at time 1777463551: ext4_free_branches:1023: inode 11
[  464.062035][    C1] EXT4-fs (loop3): last error at time 1777463551: ext4_free_branches:1023: inode 11
[  464.077783][T16031] EXT4-fs (loop3): 1 truncate cleaned up
[  464.086135][T16031] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  464.221671][T15995] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  464.259295][T15995] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  464.300306][T15995] bond0 (unregistering): Released all slaves
[  464.368089][ T5750] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  464.551261][ T5750] usb 4-1: Using ep0 maxpacket: 16
[  464.587367][ T5750] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  464.608931][ T5750] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.629159][ T5750] usb 4-1: Product: syz
[  464.636940][ T5750] usb 4-1: Manufacturer: syz
[  464.653747][ T5750] usb 4-1: SerialNumber: syz
[  464.724742][ T5750] usb 4-1: config 0 descriptor??
[  464.792087][ T5750] ums-onetouch 4-1:0.0: USB Mass Storage device detected
[  464.847721][T16039] loop4: detected capacity change from 0 to 2048
[  464.929052][T16033] loop9: detected capacity change from 0 to 32768
[  464.929472][T16047] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  464.949767][T16033] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3539 (16033)
[  465.016391][T16039] NILFS error (device loop4): nilfs_lookup: deleted inode referenced: 12
[  465.064120][T16033] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  465.080811][T16039] Remounting filesystem read-only
[  465.123000][T16033] BTRFS info (device loop9): using sha256 checksum algorithm
[  465.215014][ T5750] usb 4-1: USB disconnect, device number 17
[  465.341821][T16033] BTRFS info (device loop9): enabling ssd optimizations
[  465.400948][T16033] BTRFS info (device loop9): turning on async discard
[  465.415777][ T5632] Bluetooth: hci3: command tx timeout
[  465.442637][T16033] BTRFS info (device loop9): enabling free space tree
[  466.100784][ T5632] Bluetooth: hci4: command tx timeout
[  466.236134][ T5618] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  466.805675][T13139] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  467.142996][T16097] loop3: detected capacity change from 0 to 128
[  467.289972][T16101] netlink: 192 bytes leftover after parsing attributes in process `syz.2.3548'.
[  467.640213][ T5632] Bluetooth: hci3: command tx timeout
[  467.660833][ T1169] hsr_slave_0: left promiscuous mode
[  467.704300][ T1169] hsr_slave_1: left promiscuous mode
[  467.739794][ T1169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  467.773957][ T1169] batman_adv: batadv0: Removing interface: batadv_slave_0
[  467.848110][ T1169] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  467.868539][ T1169] batman_adv: batadv0: Removing interface: batadv_slave_1
[  467.888152][ T5750] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  467.905175][ T5736] kernel read not supported for file /swradio7 (pid: 5736 comm: kworker/1:3)
[  467.933307][ T1169] veth1_macvtap: left promiscuous mode
[  467.946957][ T1169] veth0_macvtap: left promiscuous mode
[  467.957247][ T1169] veth1_vlan: left promiscuous mode
[  467.968445][ T1169] veth0_vlan: left promiscuous mode
[  468.068698][T14064] usb 10-1: new low-speed USB device number 9 using dummy_hcd
[  468.069460][ T5750] usb 5-1: Using ep0 maxpacket: 16
[  468.116168][ T5750] usb 5-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.149212][ T5750] usb 5-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.198898][ T5750] usb 5-1: config 0 interface 0 has no altsetting 0
[  468.219328][ T5750] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b25, bcdDevice= 0.00
[  468.255357][T14064] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  468.256353][ T5750] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.279843][T14064] usb 10-1: config 0 has no interface number 0
[  468.324339][ T5632] Bluetooth: hci4: command tx timeout
[  468.331945][T14064] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  468.359950][ T5750] usb 5-1: config 0 descriptor??
[  468.378683][T14064] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  468.402327][T14064] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  468.412871][T14064] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.450537][T16132] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3557'.
[  468.460213][T14064] usb 10-1: config 0 descriptor??
[  468.467704][T16113] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  468.520061][T14064] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  468.717956][ T5772] usb 10-1: USB disconnect, device number 9
[  468.723985][    C1] iowarrior 10-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  468.882452][ T5750] hid-corsair-void 0003:1B1C:1B25.0026: unknown main item tag 0x0
[  468.919686][ T5750] hid-corsair-void 0003:1B1C:1B25.0026: unknown main item tag 0x0
[  468.954593][ T5750] hid-corsair-void 0003:1B1C:1B25.0026: unknown main item tag 0x0
[  468.989599][ T5750] hid-corsair-void 0003:1B1C:1B25.0026: unknown main item tag 0x0
[  469.025947][ T5750] hid-corsair-void 0003:1B1C:1B25.0026: unknown main item tag 0x0
[  469.076903][ T5750] hid-corsair-void 0003:1B1C:1B25.0026: hidraw0: USB HID v0.05 Device [HID 1b1c:1b25] on usb-dummy_hcd.4-1/input0
[  469.160165][ T1169] team0 (unregistering): Port device team_slave_1 removed
[  469.163909][ T5750] usb 5-1: USB disconnect, device number 8
[  469.224507][ T1169] team0 (unregistering): Port device team_slave_0 removed
[  469.324073][T16137] fido_id[16137]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  469.481407][T15906] bridge0: port 1(bridge_slave_0) entered blocking state
[  469.490429][T15906] bridge0: port 1(bridge_slave_0) entered disabled state
[  469.497744][T15906] bridge_slave_0: entered allmulticast mode
[  469.514475][T15906] bridge_slave_0: entered promiscuous mode
[  469.670736][T15906] bridge0: port 2(bridge_slave_1) entered blocking state
[  469.713110][T15906] bridge0: port 2(bridge_slave_1) entered disabled state
[  469.778638][T15906] bridge_slave_1: entered allmulticast mode
[  469.807413][T15906] bridge_slave_1: entered promiscuous mode
[  470.079680][   T13] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  470.107340][   T13] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  470.253449][T15906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  470.361134][   T13] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  470.382352][   T13] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  470.418250][T15906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  470.468011][T15921] bridge0: port 1(bridge_slave_0) entered blocking state
[  470.488699][T15921] bridge0: port 1(bridge_slave_0) entered disabled state
[  470.511097][T15921] bridge_slave_0: entered allmulticast mode
[  470.543988][T15921] bridge_slave_0: entered promiscuous mode
[  470.775849][T15921] bridge0: port 2(bridge_slave_1) entered blocking state
[  470.795413][T15921] bridge0: port 2(bridge_slave_1) entered disabled state
[  470.826360][T15921] bridge_slave_1: entered allmulticast mode
[  470.846765][T15921] bridge_slave_1: entered promiscuous mode
[  470.871191][T15906] team0: Port device team_slave_0 added
[  471.042215][T15906] team0: Port device team_slave_1 added
[  471.077593][ T1169] IPVS: stop unused estimator thread 0...
[  471.148100][T15921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  471.232459][T16189] bond0: entered promiscuous mode
[  471.237581][T16189] bond_slave_0: entered promiscuous mode
[  471.271321][T16189] bond_slave_1: entered promiscuous mode
[  471.316164][T16189] batadv0: entered promiscuous mode
[  471.346477][T16189] debugfs: 'hsr1' already exists in 'hsr'
[  471.366022][T16189] Cannot create hsr debugfs directory
[  471.389405][T16189] 8021q: adding VLAN 0 to HW filter on device hsr1
[  471.424643][T16189] bond0: left promiscuous mode
[  471.433540][T16189] bond_slave_0: left promiscuous mode
[  471.449082][T16189] bond_slave_1: left promiscuous mode
[  471.464812][T16189] batadv0: left promiscuous mode
[  471.512632][T16174] loop9: detected capacity change from 0 to 32768
[  471.557421][T16174] XFS (loop9): Mounting V5 filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d in no-recovery mode. Filesystem will be inconsistent.
[  471.583103][T15906] batman_adv: batadv0: Adding interface: batadv_slave_0
[  471.590856][T15906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  471.618216][T15906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  471.621242][T16174] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  471.634933][T15921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  471.688762][T15906] batman_adv: batadv0: Adding interface: batadv_slave_1
[  471.728241][T15906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  471.852280][T15906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  471.946721][T16214] loop4: detected capacity change from 0 to 256
[  471.966174][T16214] exfat: Deprecated parameter 'utf8'
[  471.974777][T16214] exfat: Deprecated parameter 'namecase'
[  471.975815][T15921] team0: Port device team_slave_0 added
[  472.030147][T15921] team0: Port device team_slave_1 added
[  472.039623][T16214] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xf974f890, utbl_chksum : 0xe619d30d)
[  472.366885][T15906] hsr_slave_0: entered promiscuous mode
[  472.406664][T15906] hsr_slave_1: entered promiscuous mode
[  472.431048][T16228] netlink: 'syz.4.3583': attribute type 1 has an invalid length.
[  472.442855][T15906] debugfs: 'hsr0' already exists in 'hsr'
[  472.473291][T15906] Cannot create hsr debugfs directory
[  472.694689][T16227] bond1: invalid ARP target 0.0.0.0 specified for addition
[  472.718306][T16227] bond1: option arp_ip_target: invalid value (0)
[  472.738091][T16227] bond1 (unregistering): Released all slaves
[  473.089870][T15921] batman_adv: batadv0: Adding interface: batadv_slave_0
[  473.119356][T15921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  473.176887][T15921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  473.342416][T15921] batman_adv: batadv0: Adding interface: batadv_slave_1
[  473.374432][T15921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  473.665637][T16261] netlink: 'syz.9.3595': attribute type 1 has an invalid length.
[  473.703963][T16256] loop4: detected capacity change from 0 to 32768
[  473.706469][T16261] netlink: 'syz.9.3595': attribute type 2 has an invalid length.
[  473.723391][T15921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  473.767131][T16256] JBD2: Ignoring recovery information on journal
[  473.805013][T16236] loop2: detected capacity change from 0 to 32768
[  473.845914][T16236] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3586 (16236)
[  473.869981][T16256] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  473.918722][T16256] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 0 but claims that 2046 are free
[  473.936988][T16256] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  473.947359][T16256] OCFS2: File system is now read-only.
[  473.952834][T16256] (syz.4.3593,16256,0):ocfs2_search_chain:1913 ERROR: status = -30
[  473.963536][T16256] (syz.4.3593,16256,0):ocfs2_search_chain:2036 ERROR: status = -30
[  473.972094][T16256] (syz.4.3593,16256,0):ocfs2_claim_suballoc_bits:2123 ERROR: status = -30
[  473.980741][T16256] (syz.4.3593,16256,0):ocfs2_claim_suballoc_bits:2176 ERROR: status = -30
[  473.993240][T16256] (syz.4.3593,16256,0):ocfs2_claim_new_inode:2417 ERROR: status = -30
[  474.001514][T16256] (syz.4.3593,16256,0):ocfs2_claim_new_inode:2432 ERROR: status = -30
[  474.009748][T16256] (syz.4.3593,16256,0):ocfs2_mknod_locked:642 ERROR: status = -30
[  474.017698][T16256] (syz.4.3593,16256,0):ocfs2_symlink:1954 ERROR: status = -30
[  474.026130][T16256] (syz.4.3593,16256,0):ocfs2_symlink:2078 ERROR: status = -30
[  474.091394][T16236] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  474.106015][T16236] BTRFS info (device loop2): using sha256 checksum algorithm
[  474.234682][T13843] ocfs2: Unmounting device (7,4) on (node local)
[  474.271626][T16236] BTRFS info (device loop2): enabling ssd optimizations
[  474.283645][T15921] hsr_slave_0: entered promiscuous mode
[  474.292715][T15921] hsr_slave_1: entered promiscuous mode
[  474.299316][T15921] debugfs: 'hsr0' already exists in 'hsr'
[  474.305265][T15921] Cannot create hsr debugfs directory
[  474.317889][T16236] BTRFS info (device loop2): turning on async discard
[  474.356981][T16236] BTRFS info (device loop2): enabling free space tree
[  474.892176][T13744] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  475.628995][T16282] loop9: detected capacity change from 0 to 32768
[  475.888727][T16282] syz.9.3598: attempt to access beyond end of device
[  475.888727][T16282] loop9: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  475.908827][T16287] loop4: detected capacity change from 0 to 40427
[  475.956207][T16282] metapage_write_end_io: I/O error
[  475.982607][T16282] ERROR: (device loop9): release_metapage: metapage_write_one() failed
[  475.982607][T16282] 
[  476.029331][ T5772] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  476.062963][T16282] ERROR: (device loop9): remounting filesystem as read-only
[  476.083935][T16287] F2FS-fs (loop4): invalid crc value
[  476.084797][T16282] ERROR: (device loop9): diWrite: ixpxd invalid
[  476.084797][T16282] 
[  476.137555][T16282] ERROR: (device loop9): txCommit: 
[  476.137555][T16282] 
[  476.193733][T16282] blkno = 8ed2c, nblocks = 1
[  476.202744][ T5772] usb 3-1: Using ep0 maxpacket: 32
[  476.213560][T16282] ERROR: (device loop9): dbUpdatePMap: blocks are outside the map
[  476.213560][T16282] 
[  476.214050][ T5772] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  476.236449][ T5772] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.268479][ T5772] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  476.293588][ T5772] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  476.324994][ T5772] usb 3-1: config 0 interface 0 has no altsetting 0
[  476.339414][ T5772] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  476.375678][ T5772] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.406915][ T5772] usb 3-1: config 0 descriptor??
[  476.420865][T16287] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  476.489844][  T117] blkno = 8ed23, nblocks = 1
[  476.498355][  T117] ERROR: (device loop9): dbUpdatePMap: blocks are outside the map
[  476.498355][  T117] 
[  476.521506][T16287] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  476.536546][  T117] blkno = 8ed2c, nblocks = 4
[  476.547145][  T117] ERROR: (device loop9): dbUpdatePMap: blocks are outside the map
[  476.547145][  T117] 
[  476.560352][T13139] syz-executor: attempt to access beyond end of device
[  476.560352][T13139] loop9: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  476.575399][T13139] metapage_write_end_io: I/O error
[  476.585612][T13139] JFS: metapage_get_blocks failed
[  476.598160][T13139] JFS: metapage_get_blocks failed
[  476.604778][T13139] JFS: metapage_get_blocks failed
[  476.617897][T13139] JFS: metapage_get_blocks failed
[  476.629320][T13139] JFS: metapage_get_blocks failed
[  476.645963][ T5284] 8021q: adding VLAN 0 to HW filter on device eth1
[  476.693214][T13843] syz-executor: attempt to access beyond end of device
[  476.693214][T13843] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  476.731350][T13843] CPU: 1 UID: 0 PID: 13843 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  476.731392][T13843] Tainted: [L]=SOFTLOCKUP
[  476.731406][T13843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  476.731422][T13843] Call Trace:
[  476.731432][T13843]  <TASK>
[  476.731444][T13843]  dump_stack_lvl+0xe8/0x150
[  476.731479][T13843]  f2fs_stop_checkpoint+0x3c7/0x590
[  476.731535][T13843]  f2fs_write_end_io+0x1274/0x1740
[  476.731592][T13843]  __submit_merged_bio+0x256/0x6a0
[  476.731628][T13843]  __submit_merged_write_cond+0x3c9/0x4e0
[  476.731683][T13843]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  476.731742][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.731783][T13843]  f2fs_write_data_pages+0x287e/0x34f0
[  476.731815][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.731887][T13843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  476.731917][T13843]  ? is_bpf_text_address+0x26/0x2b0
[  476.731959][T13843]  ? arch_stack_walk+0xfb/0x150
[  476.732025][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732055][T13843]  ? add_lock_to_list+0xc7/0x100
[  476.732093][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732123][T13843]  ? __lock_acquire+0x146e/0x2cf0
[  476.732183][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732213][T13843]  ? do_raw_spin_lock+0x12b/0x2f0
[  476.732259][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732294][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732325][T13843]  ? do_raw_spin_unlock+0xf5/0x210
[  476.732364][T13843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  476.732397][T13843]  do_writepages+0x32e/0x550
[  476.732427][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732460][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732495][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732531][T13843]  ? do_raw_spin_unlock+0xf5/0x210
[  476.732574][T13843]  filemap_fdatawrite+0x1e9/0x2f0
[  476.732608][T13843]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  476.732680][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732713][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.732749][T13843]  ? do_raw_spin_unlock+0xf5/0x210
[  476.732793][T13843]  f2fs_sync_dirty_inodes+0x30e/0x830
[  476.732844][T13843]  f2fs_write_checkpoint+0x9df/0x26a0
[  476.732877][T13843]  ? __lock_acquire+0x6b5/0x2cf0
[  476.732942][T13843]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  476.732979][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.733072][T13843]  kill_f2fs_super+0x314/0x730
[  476.733111][T13843]  ? __pfx_kill_f2fs_super+0x10/0x10
[  476.733158][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.733188][T13843]  ? lockdep_hardirqs_on+0x7a/0x110
[  476.733218][T13843]  ? srso_alias_return_thunk+0x5/0xfbef5
[  476.733264][T13843]  deactivate_locked_super+0xbc/0x130
[  476.733302][T13843]  cleanup_mnt+0x437/0x4d0
[  476.733339][T13843]  ? _raw_spin_unlock_irq+0x23/0x50
[  476.733370][T13843]  task_work_run+0x1d9/0x270
[  476.733413][T13843]  ? __pfx_task_work_run+0x10/0x10
[  476.733459][T13843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.733489][T13843]  exit_to_user_mode_loop+0xed/0x480
[  476.733515][T13843]  ? rcu_is_watching+0x15/0xb0
[  476.733554][T13843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.733582][T13843]  do_syscall_64+0x33e/0xf80
[  476.733612][T13843]  ? trace_irq_disable+0x3b/0x140
[  476.733658][T13843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.733684][T13843] RIP: 0033:0x7fc56bb9e017
[  476.733708][T13843] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  476.733729][T13843] RSP: 002b:00007ffd52fb3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  476.733756][T13843] RAX: 0000000000000000 RBX: 00007fc56bc32120 RCX: 00007fc56bb9e017
[  476.733774][T13843] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd52fb30f0
[  476.733792][T13843] RBP: 00007ffd52fb30f0 R08: 00007ffd52fb40f0 R09: 00000000ffffffff
[  476.733811][T13843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd52fb4180
[  476.733828][T13843] R13: 00007fc56bc32120 R14: 0000000000070571 R15: 00007ffd52fb41c0
[  476.733870][T13843]  </TASK>
[  476.747810][T13843] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  476.855711][ T5772] corsair-psu 0003:1B1C:1C09.0027: unknown main item tag 0x0
[  477.286663][ T5772] corsair-psu 0003:1B1C:1C09.0027: unknown main item tag 0x0
[  477.294433][ T5772] corsair-psu 0003:1B1C:1C09.0027: unknown main item tag 0x0
[  477.301874][ T5772] corsair-psu 0003:1B1C:1C09.0027: item fetching failed at offset 4/5
[  477.311718][ T5772] corsair-psu 0003:1B1C:1C09.0027: probe with driver corsair-psu failed with error -22
[  477.350170][ T5772] usb 3-1: USB disconnect, device number 5
[  478.050529][T16339] loop2: detected capacity change from 0 to 4096
[  478.070926][T16339] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  478.095546][T16347] loop4: detected capacity change from 0 to 64
[  478.204400][T16339] ntfs3(loop2): ino=1a, mi_enum_attr
[  478.248818][T16339] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  478.640430][T16356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3618'.
[  479.572295][ T5284] 8021q: adding VLAN 0 to HW filter on device eth2
[  479.704502][T16367] loop9: detected capacity change from 0 to 128
[  479.723735][T16368] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3621'.
[  481.223414][T16417] syz_tun: entered allmulticast mode
[  481.299287][T16417] syz_tun: left allmulticast mode
[  481.447479][T15906] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  481.502490][T15906] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  481.522096][ T5284] 8021q: adding VLAN 0 to HW filter on device eth3
[  481.530519][T16423] binder: BC_ACQUIRE_RESULT not supported
[  481.537563][T15906] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  481.545906][T16423] binder: 16422:16423 ioctl c0306201 2000000004c0 returned -22
[  481.582007][T15906] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  481.617250][T15906] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  481.635194][T16397] loop4: detected capacity change from 0 to 32768
[  481.660902][T15906] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  481.688062][T15906] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  481.691467][T16397] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  481.725512][T15906] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  481.769441][T16426] loop9: detected capacity change from 0 to 1764
[  481.854470][T16397] XFS (loop4): Ending clean mount
[  481.899912][T16397] XFS (loop4): Quotacheck needed: Please wait.
[  482.154700][T16448] openvswitch: netlink: EtherType 50a is less than min 600
[  482.196323][T16397] XFS (loop4): Quotacheck: Done.
[  482.291198][T15921] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  482.345105][T15921] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  482.373419][T15921] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  482.440175][T15921] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  482.453336][T16458] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3649'.
[  482.471563][T15921] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  482.504935][T15921] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  482.545524][T15921] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  482.558103][T13843] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  482.583863][T15921] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  482.830116][T15906] 8021q: adding VLAN 0 to HW filter on device bond0
[  482.982749][T15906] 8021q: adding VLAN 0 to HW filter on device team0
[  483.059493][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.066728][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[  483.097607][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.104841][ T3318] bridge0: port 2(bridge_slave_1) entered forwarding state
[  483.413608][T15921] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.594189][T15921] 8021q: adding VLAN 0 to HW filter on device team0
[  483.612122][T16491] loop9: detected capacity change from 0 to 4096
[  483.626055][T16491] ntfs3(loop9): Different NTFS sector size (4096) and media sector size (512).
[  483.763317][T16491] ntfs3(loop9): ino=19, mi_enum_attr
[  483.777685][T16491] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[  484.267217][ T5284] 8021q: adding VLAN 0 to HW filter on device eth4
[  484.401257][   T84] bridge0: port 1(bridge_slave_0) entered blocking state
[  484.408502][   T84] bridge0: port 1(bridge_slave_0) entered forwarding state
[  484.536567][   T84] bridge0: port 2(bridge_slave_1) entered blocking state
[  484.543819][   T84] bridge0: port 2(bridge_slave_1) entered forwarding state
[  485.752030][T16550] netlink: 16 bytes leftover after parsing attributes in process `syz.9.3674'.
[  485.764222][T16550] netlink: 16 bytes leftover after parsing attributes in process `syz.9.3674'.
[  485.970662][T15906] 8021q: adding VLAN 0 to HW filter on device batadv0
[  486.206200][T16568] loop2: detected capacity change from 0 to 128
[  486.228251][T16569] loop4: detected capacity change from 0 to 64
[  486.343322][   T31] audit: type=1800 audit(1777463572.785:113): pid=16569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3680" name="file0" dev="loop4" ino=22 res=0 errno=0
[  486.451430][   T31] audit: type=1800 audit(1777463572.785:114): pid=16569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3680" name="file0" dev="loop4" ino=22 res=0 errno=0
[  486.955818][T15921] 8021q: adding VLAN 0 to HW filter on device batadv0
[  487.192906][ T5736] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  487.315367][T15906] veth0_vlan: entered promiscuous mode
[  487.385474][ T5736] usb 10-1: Using ep0 maxpacket: 32
[  487.393835][T15906] veth1_vlan: entered promiscuous mode
[  487.410117][ T5736] usb 10-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  487.444932][ T5736] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.509894][ T5736] usb 10-1: config 0 descriptor??
[  487.551178][ T5736] as10x_usb: device has been detected
[  487.566044][ T5736] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  487.592328][T15906] veth0_macvtap: entered promiscuous mode
[  487.639533][T15906] veth1_macvtap: entered promiscuous mode
[  487.680566][ T5736] usb 10-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  487.741217][T15906] batman_adv: batadv0: Interface activated: batadv_slave_0
[  487.790742][ T5736] as10x_usb: error during firmware upload part1
[  487.815018][ T5736] Registered device nBox DVB-T Dongle
[  487.827502][T15906] batman_adv: batadv0: Interface activated: batadv_slave_1
[  487.862982][ T5736] usb 10-1: USB disconnect, device number 10
[  487.898178][ T5861] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  487.935934][ T1102] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  487.978706][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  488.019328][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  488.064938][   T84] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  488.077355][ T5736] Unregistered device nBox DVB-T Dongle
[  488.088770][ T5736] as10x_usb: device has been disconnected
[  488.108971][ T5861] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  488.160167][ T5861] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  488.203949][ T5861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.245458][ T5861] usb 5-1: Product: syz
[  488.262835][ T5861] usb 5-1: Manufacturer: syz
[  488.290286][ T5861] usb 5-1: SerialNumber: syz
[  488.331647][ T5861] usb 5-1: config 0 descriptor??
[  488.355806][ T5861] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  488.574352][ T3318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  488.617017][ T3318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  488.646114][T15921] veth0_vlan: entered promiscuous mode
[  488.778697][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  488.810089][T15921] veth1_vlan: entered promiscuous mode
[  488.814940][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  488.892345][T14064] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  488.998949][T15921] veth0_macvtap: entered promiscuous mode
[  489.054661][T15921] veth1_macvtap: entered promiscuous mode
[  489.067968][T14064] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  489.106985][T14064] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  489.146940][T15921] batman_adv: batadv0: Interface activated: batadv_slave_0
[  489.158244][T14064] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  489.215562][T14064] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.236491][T15921] batman_adv: batadv0: Interface activated: batadv_slave_1
[  489.246604][ T5861] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71
[  489.265679][T14064] usb 10-1: config 0 descriptor??
[  489.268704][ T5861] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  489.319180][ T3318] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  489.346947][ T5861] usb 5-1: USB disconnect, device number 9
[  489.367827][ T3318] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  489.421159][ T3318] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  489.448258][ T3318] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  489.774952][T14064] pyra 0003:1E7D:2CF6.0028: unknown main item tag 0x2
[  489.776758][ T3318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  489.830371][ T3318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  489.891325][T14064] pyra 0003:1E7D:2CF6.0028: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.9-1/input0
[  490.112316][ T3318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.146854][ T3318] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.188895][T14064] pyra 0003:1E7D:2CF6.0028: couldn't init struct pyra_device
[  490.237358][T14064] pyra 0003:1E7D:2CF6.0028: couldn't install mouse
[  490.279799][T14064] pyra 0003:1E7D:2CF6.0028: probe with driver pyra failed with error -71
[  490.346052][T14064] usb 10-1: USB disconnect, device number 11
[  490.778403][T16689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3711'.
[  490.792227][T16683] loop8: detected capacity change from 0 to 4096
[  490.831908][T16683] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512).
[  491.263453][T16698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3715'.
[  491.318141][T16698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3715'.
[  491.362299][T16698] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3715'.
[  491.386069][T16702] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3716'.
[  491.629715][   T29] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  491.833344][   T29] usb 6-1: Using ep0 maxpacket: 8
[  491.875622][   T29] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  491.915512][   T29] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  491.942185][   T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.992503][   T29] usb 6-1: config 0 descriptor??
[  492.076346][T16723] loop8: detected capacity change from 0 to 512
[  492.100543][   T29] gspca_main: vc032x-2.14.0 probing 046d:0892
[  492.117865][T16723] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  492.293547][T16723] EXT4-fs (loop8): 1 orphan inode deleted
[  492.299560][T16723] EXT4-fs (loop8): 1 truncate cleaned up
[  492.308355][T16723] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  492.325578][T16729] netlink: 'syz.9.3724': attribute type 12 has an invalid length.
[  492.336705][T16729] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3724'.
[  492.461572][T16723] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000.
[  492.552211][T16732] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000.
[  492.727456][   T29] gspca_vc032x: reg_r err -71
[  492.761441][   T29] vc032x 6-1:0.0: probe with driver vc032x failed with error -71
[  492.798569][   T29] usb 6-1: USB disconnect, device number 7
[  492.852978][T15921] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  493.505444][T16760] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3734'.
[  493.837730][T16772] loop2: detected capacity change from 0 to 256
[  493.881889][T16772] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  494.768361][   T29] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  494.909915][   T29] hid-generic 0000:0000:0000.0029: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  495.046157][T16800] netlink: 'syz.3.3745': attribute type 1 has an invalid length.
[  495.090253][T16800] netlink: 'syz.3.3745': attribute type 2 has an invalid length.
[  495.134701][T16800] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3745'.
[  495.256540][T16803] loop9: detected capacity change from 0 to 128
[  495.456061][T16803] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  495.488229][T16781] loop2: detected capacity change from 0 to 32768
[  495.594267][   T31] audit: type=1800 audit(1777463581.437:115): pid=16781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3739" name="file2" dev="loop2" ino=7 res=0 errno=0
[  495.627224][T16803] ext4 filesystem being mounted at /191/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  496.004660][T13139] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  496.679466][T16839] loop8: detected capacity change from 0 to 4096
[  496.704741][T16839] EXT4-fs: inline encryption not supported
[  496.750519][T16839] EXT4-fs: Ignoring removed bh option
[  496.795906][T16839] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  496.851459][T16839] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8802c018, mo2=0003]
[  496.971124][T16839] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  497.050852][   T31] audit: type=1800 audit(1777463582.803:116): pid=16839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.3756" name="file0" dev="loop8" ino=13 res=0 errno=0
[  497.289485][T15921] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  497.873088][T16835] loop9: detected capacity change from 0 to 32768
[  498.191087][T16835] UFO tlock:0xffffc9000289a120
[  498.342633][T16847] loop4: detected capacity change from 0 to 32768
[  498.455895][T16847] JBD2: Ignoring recovery information on journal
[  498.598350][T16847] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  499.122323][T16892] program syz.9.3772 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  499.162952][   T31] audit: type=1800 audit(1777463584.767:117): pid=16847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3760" name="file1" dev="loop4" ino=17058 res=0 errno=0
[  499.619788][T13843] ocfs2: Unmounting device (7,4) on (node local)
[  500.115943][T16923] netlink: 196 bytes leftover after parsing attributes in process `syz.2.3785'.
[  500.622723][ T5736] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  500.769721][T16930] loop9: detected capacity change from 0 to 32768
[  500.777180][T16930] btrfs: Deprecated parameter 'usebackuproot'
[  500.783353][T16930] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  500.795760][T16930] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3787 (16930)
[  500.817753][T16930] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  500.828741][T16930] BTRFS info (device loop9): using crc32c checksum algorithm
[  500.834426][ T5736] usb 5-1: Using ep0 maxpacket: 8
[  500.836190][T16930] BTRFS warning (device loop9): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  500.857218][ T5736] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  500.928497][ T5736] usb 5-1: config 0 has no interface number 0
[  500.974579][ T5736] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  500.992569][ T3318] BTRFS warning (device loop9): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb0e5ffa5 level 0
[  501.018218][ T5736] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  501.071869][ T5736] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  501.110684][ T5736] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  501.138680][T16930] BTRFS warning (device loop9): couldn't read tree root
[  501.145743][T16930] BTRFS warning (device loop9): try to load backup roots slot 1
[  501.153915][ T1024] BTRFS warning (device loop9): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x32d10ca2 level 0
[  501.199712][ T5736] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  501.238509][T16930] BTRFS warning (device loop9): couldn't read tree root
[  501.245854][ T5736] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.260840][ T5736] usb 5-1: config 0 descriptor??
[  501.266533][T16930] BTRFS warning (device loop9): try to load backup roots slot 2
[  501.278782][ T1024] BTRFS warning (device loop9): checksum verify failed on logical 5255168 mirror 1 wanted 0x9df47653 found 0x6344b7f5 level 1
[  501.299727][ T5736] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  501.357594][T16930] BTRFS warning (device loop9): couldn't read tree root
[  501.364623][T16930] BTRFS warning (device loop9): try to load backup roots slot 3
[  501.387419][T16930] BTRFS info (device loop9): rebuilding free space tree
[  501.486567][T16930] BTRFS info (device loop9): disabling free space tree
[  501.493600][T16930] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  501.505681][T16930] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  501.533133][T16930] BTRFS info (device loop9): checking UUID tree
[  501.539896][T16930] BTRFS info (device loop9): enabling ssd optimizations
[  501.546881][T16930] BTRFS info (device loop9): turning off barriers
[  501.554293][T16930] BTRFS info (device loop9): turning on sync discard
[  501.561083][T16930] BTRFS info (device loop9): enabling disk space caching
[  501.568121][T16930] BTRFS info (device loop9): force clearing of disk cache
[  501.575346][T16930] BTRFS info (device loop9): enabling auto defrag
[  501.581796][T16930] BTRFS info (device loop9): trying to use backup root at mount time
[  501.590046][T16930] BTRFS info (device loop9): max_inline set to 0
[  501.629136][ T5759] usb 5-1: USB disconnect, device number 10
[  501.629259][    C1] ldusb 5-1:0.55: usb_submit_urb failed (-19)
[  501.689378][ T5759] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  501.845109][T13139] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  501.918644][T16932] ldusb: No device or device unplugged -19
[  502.298497][T16985] loop8: detected capacity change from 0 to 32768
[  502.393817][T16994] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3803'.
[  502.438940][T16985] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  502.701573][T16985] XFS (loop8): Ending clean mount
[  502.739516][T16985] XFS (loop8): Quotacheck needed: Please wait.
[  503.018321][T16965] loop5: detected capacity change from 0 to 32768
[  503.137593][T16965] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  503.157910][T16985] XFS (loop8): Quotacheck: Done.
[  503.165160][T17012] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3807'.
[  503.270651][T15921] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  503.408932][T16965] XFS (loop5): Ending clean mount
[  503.465437][ T5759] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  503.518990][T16965] XFS (loop5): Quotacheck needed: Please wait.
[  503.689207][ T5759] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  503.756195][ T5759] usb 5-1: config 0 has no interfaces?
[  503.772023][ T5759] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  503.807168][ T5759] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.879678][T16965] XFS (loop5): Quotacheck: Done.
[  503.892386][ T5759] usb 5-1: config 0 descriptor??
[  504.052831][T17032] block nbd1: server does not support multiple connections per device.
[  504.081386][T17032] block nbd1: shutting down sockets
[  504.142170][   T29] usb 5-1: USB disconnect, device number 11
[  504.143902][T17029] Bluetooth: hci5: hcon ffff888025d18000 sent 1 < count 8
[  504.162151][T17029] Bluetooth: hci5: hcon ffff888025d18000 sent 0 < count 1
[  504.170276][T17029] Bluetooth: hci5: hcon ffff888050bc4000 sent 1 < count 8
[  504.179448][T17029] Bluetooth: hci5: hcon ffff888050bc4000 sent 0 < count 3
[  504.188750][T17029] Bluetooth: hci5: hcon ffff888050bc4000 sent 0 < count 15
[  504.267442][T14064] usb 10-1: new full-speed USB device number 12 using dummy_hcd
[  504.413310][T15906] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  504.440918][ T5759] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0
[  504.481926][T14064] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  504.502272][T14064] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  504.537282][ T5759] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  504.540972][T14064] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  504.644012][T14064] usb 10-1: New USB device found, idVendor=048d, idProduct=8595, bcdDevice= 0.00
[  504.710970][T14064] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.809096][T14064] usb 10-1: config 0 descriptor??
[  504.826717][T17036] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  505.007812][   T31] audit: type=1326 audit(1777463590.240:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  505.113682][   T31] audit: type=1326 audit(1777463590.277:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b6459cdd9 code=0x7ffc0000
[  505.259721][   T31] audit: type=1326 audit(1777463590.305:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.284923][T14064] hid (null): unknown global tag 0xe
[  505.322699][T14064] itetech 0003:048D:8595.002B: unknown main item tag 0x0
[  505.371100][T14064] itetech 0003:048D:8595.002B: unknown main item tag 0x0
[  505.395231][   T31] audit: type=1326 audit(1777463590.305:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.405581][T14064] itetech 0003:048D:8595.002B: unknown main item tag 0x0
[  505.511728][T14064] itetech 0003:048D:8595.002B: unknown main item tag 0x0
[  505.521979][   T31] audit: type=1326 audit(1777463590.305:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.535275][T14064] itetech 0003:048D:8595.002B: unknown main item tag 0x0
[  505.555154][T17062] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3816'.
[  505.585029][T17066] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3821'.
[  505.619103][T14064] itetech 0003:048D:8595.002B: unknown main item tag 0x0
[  505.619488][   T31] audit: type=1326 audit(1777463590.305:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.641203][T17066] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3821'.
[  505.667052][T14064] itetech 0003:048D:8595.002B: unknown global tag 0xe
[  505.695750][   T31] audit: type=1326 audit(1777463590.305:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.719693][   T31] audit: type=1326 audit(1777463590.305:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.742337][   T31] audit: type=1326 audit(1777463590.305:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.752133][T14064] itetech 0003:048D:8595.002B: item 0 0 1 14 parsing failed
[  505.768519][   T31] audit: type=1326 audit(1777463590.305:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17049 comm="syz.2.3817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0b6453e159 code=0x7ffc0000
[  505.811336][T17029] Bluetooth: hci1: command 0x0406 tx timeout
[  505.818273][ T5632] Bluetooth: hci2: command 0x0406 tx timeout
[  505.849242][T14064] itetech 0003:048D:8595.002B: probe with driver itetech failed with error -22
[  505.875687][T14064] usb 10-1: USB disconnect, device number 12
[  505.994070][T17080] netlink: 5192 bytes leftover after parsing attributes in process `syz.5.3825'.
[  506.073463][T17080] netlink: 'syz.5.3825': attribute type 1 has an invalid length.
[  506.140036][T17080] nbd: error processing sock list
[  506.529235][T17091] loop4: detected capacity change from 0 to 2048
[  506.550995][T17089] loop2: detected capacity change from 0 to 2048
[  506.605470][T17091] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  506.622873][T17089] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  506.651314][T17089] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  506.661289][T17089] UDF-fs: Scanning with blocksize 512 failed
[  506.780778][T17091] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  506.783572][T17089] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  506.918642][T17091] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  507.044581][T17091] EXT4-fs (loop4): This should not happen!! Data will be lost
[  507.044581][T17091] 
[  507.119013][T17091] EXT4-fs (loop4): Total free blocks count 0
[  507.163477][T17091] EXT4-fs (loop4): Free/Dirty block details
[  507.178619][T17087] nbd1: detected capacity change from 0 to 128
[  507.194231][T17091] EXT4-fs (loop4): free_blocks=2415919504
[  507.204638][ T5623] block nbd1: Receive control failed (result -32)
[  507.208369][ T5638] block nbd1: Receive control failed (result -32)
[  507.239117][T17091] EXT4-fs (loop4): dirty_blocks=48
[  507.288814][T17091] EXT4-fs (loop4): Block reservation details
[  507.345989][ T5732] block nbd1: Dead connection, failed to find a fallback
[  507.373144][T17091] EXT4-fs (loop4): i_reserved_data_blocks=3
[  507.430556][T17102] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 12 with error 28
[  507.452472][ T5732] block nbd1: shutting down sockets
[  507.491917][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.542838][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  507.608723][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.669064][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  507.698493][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.782414][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  507.850196][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.915071][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  508.031877][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  508.114191][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  508.175245][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  508.252201][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  508.309095][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  508.379255][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  508.461398][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  508.537741][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  508.614961][ T5732] ldm_validate_partition_table(): Disk read failed.
[  508.659517][T13843] EXT4-fs warning (device loop4): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  508.699745][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  508.726501][T17125] loop8: detected capacity change from 0 to 131072
[  508.742659][T17125] F2FS-fs (loop8): Test dummy encryption mode enabled
[  508.752298][T17125] F2FS-fs (loop8): invalid crc value
[  508.775483][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  508.794250][T17144] macvtap1: entered allmulticast mode
[  508.836659][T17144] dummy0: entered allmulticast mode
[  508.840342][T17125] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  508.854336][T17125] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  508.905540][T17144] dummy0: entered promiscuous mode
[  508.946202][ T5732] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  508.997869][ T5732] Buffer I/O error on dev nbd1, logical block 0, async page read
[  509.009233][T17144] dummy0: left allmulticast mode
[  509.053062][ T5732] Dev nbd1: unable to read RDB block 0
[  509.120418][ T5732]  nbd1: unable to read partition table
[  509.175297][ T5732] ldm_validate_partition_table(): Disk read failed.
[  509.199343][ T5732] Dev nbd1: unable to read RDB block 0
[  509.224425][ T5732]  nbd1: unable to read partition table
[  509.288387][ T5732] 
[  509.290747][ T5732] ======================================================
[  509.297754][ T5732] WARNING: possible circular locking dependency detected
[  509.304764][ T5732] syzkaller #0 Tainted: G             L     
[  509.310732][ T5732] ------------------------------------------------------
[  509.317820][ T5732] udevd/5732 is trying to acquire lock:
[  509.323349][ T5732] ffff888025ca3840 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: __submit_bio+0x1c0/0x580
[  509.333330][ T5732] 
[  509.333330][ T5732] but task is already holding lock:
[  509.340681][ T5732] ffff88802308fc80 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_get_pages+0x991/0x1ef0
[  509.350908][ T5732] 
[  509.350908][ T5732] which lock already depends on the new lock.
[  509.350908][ T5732] 
[  509.361297][ T5732] 
[  509.361297][ T5732] the existing dependency chain (in reverse order) is:
[  509.370302][ T5732] 
[  509.370302][ T5732] -> #9 (mapping.invalidate_lock){++++}-{4:4}:
[  509.378644][ T5732]        down_read+0x47/0x2e0
[  509.383409][ T5732]        page_cache_sync_ra+0x81e/0xa90
[  509.388953][ T5732]        ntfs_read_run_nb_ra+0x5ea/0x10f0
[  509.394675][ T5732]        ntfs_read_bh_ra+0x47/0x7f0
[  509.399869][ T5732]        indx_read_ra+0x2fe/0xc00
[  509.404892][ T5732]        ntfs_readdir+0x862/0xe40
[  509.409907][ T5732]        iterate_dir+0x399/0x570
[  509.414844][ T5732]        __se_sys_getdents64+0xf1/0x280
[  509.420479][ T5732]        do_syscall_64+0x15f/0xf80
[  509.425583][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.431985][ T5732] 
[  509.431985][ T5732] -> #8 (&indx->run_lock){.+.+}-{4:4}:
[  509.439633][ T5732]        down_read+0x47/0x2e0
[  509.444309][ T5732]        indx_read_ra+0x2d7/0xc00
[  509.449332][ T5732]        indx_find+0x600/0xe50
[  509.454093][ T5732]        indx_insert_entry+0x5d1/0x8a0
[  509.459555][ T5732]        ni_add_name+0x8a8/0xc90
[  509.464496][ T5732]        ntfs_link_inode+0x134/0x150
[  509.469780][ T5732]        ntfs_link+0x118/0x280
[  509.474531][ T5732]        vfs_link+0x518/0x6e0
[  509.479200][ T5732]        filename_linkat+0x273/0x600
[  509.484475][ T5732]        __se_sys_link+0x55/0x2c0
[  509.489491][ T5732]        do_syscall_64+0x15f/0xf80
[  509.494609][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.501020][ T5732] 
[  509.501020][ T5732] -> #7 (&ni->ni_lock/5){+.+.}-{4:4}:
[  509.508593][ T5732]        __mutex_lock+0x1a3/0x1550
[  509.513712][ T5732]        attr_data_get_block+0x219/0x310
[  509.519341][ T5732]        ntfs_file_mmap_prepare+0x5d5/0xa30
[  509.525238][ T5732]        mmap_region+0xe8f/0x22a0
[  509.530297][ T5732]        do_mmap+0xc39/0x10c0
[  509.534969][ T5732]        vm_mmap_pgoff+0x2c9/0x4f0
[  509.540077][ T5732]        ksys_mmap_pgoff+0x51e/0x760
[  509.545358][ T5732]        do_syscall_64+0x15f/0xf80
[  509.550469][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.556887][ T5732] 
[  509.556887][ T5732] -> #6 (&mm->mmap_lock){++++}-{4:4}:
[  509.564446][ T5732]        __might_fault+0xcb/0x130
[  509.569469][ T5732]        _copy_from_user+0x28/0xb0
[  509.574580][ T5732]        csum_and_copy_from_iter_full+0x1e7/0x1f00
[  509.581076][ T5732]        ip_generic_getfrag+0x149/0x2d0
[  509.586621][ T5732]        __ip6_append_data+0x3902/0x3e90
[  509.592333][ T5732]        ip6_append_data+0x10f/0x280
[  509.597611][ T5732]        rawv6_sendmsg+0x12d3/0x18e0
[  509.602889][ T5732]        ____sys_sendmsg+0x80a/0x9f0
[  509.608173][ T5732]        ___sys_sendmsg+0x2a5/0x360
[  509.613406][ T5732]        __x64_sys_sendmsg+0x1bd/0x2a0
[  509.618864][ T5732]        do_syscall_64+0x15f/0xf80
[  509.623970][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.630377][ T5732] 
[  509.630377][ T5732] -> #5 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  509.638110][ T5732]        lock_sock_nested+0x41/0x100
[  509.643392][ T5732]        inet_shutdown+0x6a/0x390
[  509.648420][ T5732]        nbd_mark_nsock_dead+0x2e9/0x560
[  509.654045][ T5732]        sock_shutdown+0x15e/0x260
[  509.659152][ T5732]        nbd_clear_sock+0x24/0x170
[  509.664256][ T5732]        nbd_config_put+0x2dd/0x580
[  509.669445][ T5732]        nbd_genl_connect+0x19d5/0x1cf0
[  509.674980][ T5732]        genl_family_rcv_msg_doit+0x22a/0x330
[  509.681052][ T5732]        genl_rcv_msg+0x61c/0x7a0
[  509.686077][ T5732]        netlink_rcv_skb+0x232/0x4b0
[  509.691356][ T5732]        genl_rcv+0x28/0x40
[  509.695861][ T5732]        netlink_unicast+0x75c/0x8e0
[  509.701141][ T5732]        netlink_sendmsg+0x813/0xb40
[  509.706424][ T5732]        ____sys_sendmsg+0x972/0x9f0
[  509.711708][ T5732]        ___sys_sendmsg+0x2a5/0x360
[  509.716905][ T5732]        __x64_sys_sendmsg+0x1bd/0x2a0
[  509.722448][ T5732]        do_syscall_64+0x15f/0xf80
[  509.727579][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.733985][ T5732] 
[  509.733985][ T5732] -> #4 (&nsock->tx_lock){+.+.}-{4:4}:
[  509.741640][ T5732]        __mutex_lock+0x1a3/0x1550
[  509.746758][ T5732]        nbd_queue_rq+0x37b/0x1100
[  509.751868][ T5732]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  509.757939][ T5732]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  509.764804][ T5732]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  509.771315][ T5732]        blk_mq_run_hw_queue+0x348/0x4f0
[  509.776947][ T5732]        blk_mq_dispatch_list+0xd16/0xe10
[  509.782671][ T5732]        blk_mq_flush_plug_list+0x48d/0x570
[  509.788572][ T5732]        __blk_flush_plug+0x3ed/0x4d0
[  509.793949][ T5732]        __submit_bio+0x28d/0x580
[  509.798980][ T5732]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  509.805133][ T5732]        block_read_full_folio+0x7b7/0x830
[  509.810934][ T5732]        filemap_read_folio+0x137/0x3b0
[  509.816481][ T5732]        do_read_cache_folio+0x358/0x590
[  509.822115][ T5732]        read_part_sector+0xb6/0x2b0
[  509.827404][ T5732]        adfspart_check_ICS+0xb1/0x960
[  509.832872][ T5732]        bdev_disk_changed+0x817/0x1770
[  509.838426][ T5732]        blkdev_get_whole+0x380/0x510
[  509.843803][ T5732]        bdev_open+0x31e/0xd30
[  509.848580][ T5732]        blkdev_open+0x470/0x610
[  509.853516][ T5732]        do_dentry_open+0x785/0x14e0
[  509.858800][ T5732]        vfs_open+0x3b/0x340
[  509.863382][ T5732]        path_openat+0x2e08/0x3860
[  509.868491][ T5732]        do_file_open+0x23e/0x4a0
[  509.873523][ T5732]        do_sys_openat2+0x113/0x200
[  509.878717][ T5732]        __x64_sys_openat+0x138/0x170
[  509.884181][ T5732]        do_syscall_64+0x15f/0xf80
[  509.889286][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.895695][ T5732] 
[  509.895695][ T5732] -> #3 (&cmd->lock){+.+.}-{4:4}:
[  509.902926][ T5732]        __mutex_lock+0x1a3/0x1550
[  509.908055][ T5732]        nbd_queue_rq+0xc6/0x1100
[  509.913120][ T5732]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  509.919202][ T5732]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  509.926065][ T5732]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  509.932573][ T5732]        blk_mq_run_hw_queue+0x348/0x4f0
[  509.938208][ T5732]        blk_mq_dispatch_list+0xd16/0xe10
[  509.943930][ T5732]        blk_mq_flush_plug_list+0x48d/0x570
[  509.949866][ T5732]        __blk_flush_plug+0x3ed/0x4d0
[  509.955265][ T5732]        __submit_bio+0x28d/0x580
[  509.960301][ T5732]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  509.966472][ T5732]        block_read_full_folio+0x7b7/0x830
[  509.972290][ T5732]        filemap_read_folio+0x137/0x3b0
[  509.977847][ T5732]        do_read_cache_folio+0x358/0x590
[  509.983572][ T5732]        read_part_sector+0xb6/0x2b0
[  509.988871][ T5732]        adfspart_check_ICS+0xb1/0x960
[  509.994341][ T5732]        bdev_disk_changed+0x817/0x1770
[  509.999892][ T5732]        blkdev_get_whole+0x380/0x510
[  510.005277][ T5732]        bdev_open+0x31e/0xd30
[  510.010054][ T5732]        blkdev_open+0x470/0x610
[  510.014987][ T5732]        do_dentry_open+0x785/0x14e0
[  510.020273][ T5732]        vfs_open+0x3b/0x340
[  510.024858][ T5732]        path_openat+0x2e08/0x3860
[  510.029971][ T5732]        do_file_open+0x23e/0x4a0
[  510.034999][ T5732]        do_sys_openat2+0x113/0x200
[  510.040191][ T5732]        __x64_sys_openat+0x138/0x170
[  510.045566][ T5732]        do_syscall_64+0x15f/0xf80
[  510.050678][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.057085][ T5732] 
[  510.057085][ T5732] -> #2 (set->srcu){.+.+}-{0:0}:
[  510.064213][ T5732]        __synchronize_srcu+0xca/0x300
[  510.069674][ T5732]        elevator_switch+0x1e8/0x7a0
[  510.074968][ T5732]        elevator_change+0x2cc/0x450
[  510.080259][ T5732]        elevator_set_default+0x36c/0x430
[  510.085985][ T5732]        blk_register_queue+0x3e9/0x4e0
[  510.091538][ T5732]        __add_disk+0x677/0xd50
[  510.096474][ T5732]        add_disk_fwnode+0xfb/0x480
[  510.101671][ T5732]        nbd_dev_add+0x72c/0xb50
[  510.106603][ T5732]        nbd_init+0x168/0x1f0
[  510.111335][ T5732]        do_one_initcall+0x250/0x870
[  510.116613][ T5732]        do_initcall_level+0x104/0x190
[  510.122067][ T5732]        do_initcalls+0x59/0xa0
[  510.126909][ T5732]        kernel_init_freeable+0x2a6/0x3e0
[  510.132621][ T5732]        kernel_init+0x1d/0x1d0
[  510.137467][ T5732]        ret_from_fork+0x514/0xb70
[  510.142593][ T5732]        ret_from_fork_asm+0x1a/0x30
[  510.147880][ T5732] 
[  510.147880][ T5732] -> #1 (&q->elevator_lock){+.+.}-{4:4}:
[  510.155703][ T5732]        __mutex_lock+0x1a3/0x1550
[  510.160814][ T5732]        elevator_change+0x1b3/0x450
[  510.166103][ T5732]        elevator_set_none+0xb5/0x140
[  510.171476][ T5732]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  510.177800][ T5732]        nbd_start_device+0x17f/0xb10
[  510.183165][ T5732]        nbd_genl_connect+0x165b/0x1cf0
[  510.188698][ T5732]        genl_family_rcv_msg_doit+0x22a/0x330
[  510.194778][ T5732]        genl_rcv_msg+0x61c/0x7a0
[  510.199810][ T5732]        netlink_rcv_skb+0x232/0x4b0
[  510.205106][ T5732]        genl_rcv+0x28/0x40
[  510.209627][ T5732]        netlink_unicast+0x75c/0x8e0
[  510.214921][ T5732]        netlink_sendmsg+0x813/0xb40
[  510.220292][ T5732]        ____sys_sendmsg+0x972/0x9f0
[  510.225579][ T5732]        ___sys_sendmsg+0x2a5/0x360
[  510.230778][ T5732]        __x64_sys_sendmsg+0x1bd/0x2a0
[  510.236236][ T5732]        do_syscall_64+0x15f/0xf80
[  510.241340][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.247750][ T5732] 
[  510.247750][ T5732] -> #0 (&q->q_usage_counter(io)#50){++++}-{0:0}:
[  510.256370][ T5732]        __lock_acquire+0x15a5/0x2cf0
[  510.261743][ T5732]        lock_acquire+0x106/0x350
[  510.266769][ T5732]        blk_mq_submit_bio+0x6de/0x28e0
[  510.272329][ T5732]        __submit_bio+0x1c0/0x580
[  510.277359][ T5732]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  510.283540][ T5732]        block_read_full_folio+0x7b7/0x830
[  510.289416][ T5732]        filemap_read_folio+0x137/0x3b0
[  510.294973][ T5732]        filemap_get_pages+0x1744/0x1ef0
[  510.300613][ T5732]        filemap_read+0x447/0x1230
[  510.305725][ T5732]        blkdev_read_iter+0x30a/0x440
[  510.311098][ T5732]        vfs_read+0x582/0xa70
[  510.315783][ T5732]        ksys_read+0x150/0x270
[  510.320553][ T5732]        do_syscall_64+0x15f/0xf80
[  510.325664][ T5732]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.332075][ T5732] 
[  510.332075][ T5732] other info that might help us debug this:
[  510.332075][ T5732] 
[  510.342296][ T5732] Chain exists of:
[  510.342296][ T5732]   &q->q_usage_counter(io)#50 --> &indx->run_lock --> mapping.invalidate_lock
[  510.342296][ T5732] 
[  510.357043][ T5732]  Possible unsafe locking scenario:
[  510.357043][ T5732] 
[  510.364487][ T5732]        CPU0                    CPU1
[  510.369851][ T5732]        ----                    ----
[  510.375217][ T5732]   rlock(mapping.invalidate_lock);
[  510.380413][ T5732]                                lock(&indx->run_lock);
[  510.387348][ T5732]                                lock(mapping.invalidate_lock);
[  510.394979][ T5732]   rlock(&q->q_usage_counter(io)#50);
[  510.400447][ T5732] 
[  510.400447][ T5732]  *** DEADLOCK ***
[  510.400447][ T5732] 
[  510.408578][ T5732] 2 locks held by udevd/5732:
[  510.413240][ T5732]  #0: ffff88802308fae8 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440
[  510.424055][ T5732]  #1: ffff88802308fc80 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_get_pages+0x991/0x1ef0
[  510.434701][ T5732] 
[  510.434701][ T5732] stack backtrace:
[  510.440582][ T5732] CPU: 1 UID: 0 PID: 5732 Comm: udevd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  510.440612][ T5732] Tainted: [L]=SOFTLOCKUP
[  510.440622][ T5732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  510.440636][ T5732] Call Trace:
[  510.440646][ T5732]  <TASK>
[  510.440657][ T5732]  dump_stack_lvl+0xe8/0x150
[  510.440686][ T5732]  print_circular_bug+0x2e1/0x300
[  510.440719][ T5732]  check_noncircular+0x12e/0x150
[  510.440753][ T5732]  __lock_acquire+0x15a5/0x2cf0
[  510.440780][ T5732]  ? mempool_alloc_noprof+0x1ce/0x300
[  510.440803][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.440830][ T5732]  ? stack_trace_save+0xa9/0x100
[  510.440864][ T5732]  ? __pfx_stack_trace_save+0x10/0x10
[  510.440899][ T5732]  ? mempool_alloc_noprof+0x1ce/0x300
[  510.440921][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.440947][ T5732]  ? stack_depot_save_flags+0x33/0x810
[  510.440976][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.441006][ T5732]  ? __submit_bio+0x1c0/0x580
[  510.441039][ T5732]  lock_acquire+0x106/0x350
[  510.441063][ T5732]  ? __submit_bio+0x1c0/0x580
[  510.441099][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.441127][ T5732]  ? blk_mq_submit_bio+0x3d1/0x28e0
[  510.441161][ T5732]  ? __submit_bio+0x1c0/0x580
[  510.441195][ T5732]  blk_mq_submit_bio+0x6de/0x28e0
[  510.441227][ T5732]  ? __submit_bio+0x1c0/0x580
[  510.441264][ T5732]  ? blk_mq_submit_bio+0x3d1/0x28e0
[  510.441300][ T5732]  ? __pfx_blk_mq_submit_bio+0x10/0x10
[  510.441334][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.441361][ T5732]  ? __lock_acquire+0x6b5/0x2cf0
[  510.441392][ T5732]  __submit_bio+0x1c0/0x580
[  510.441428][ T5732]  ? __pfx___submit_bio+0x10/0x10
[  510.441462][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.441492][ T5732]  ? blk_add_trace_bio+0x2e/0x2f0
[  510.441521][ T5732]  submit_bio_noacct_nocheck+0x2f4/0xa40
[  510.441559][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.441588][ T5732]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  510.441623][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.441658][ T5732]  block_read_full_folio+0x7b7/0x830
[  510.441685][ T5732]  ? __pfx_blkdev_get_block+0x10/0x10
[  510.441709][ T5732]  filemap_read_folio+0x137/0x3b0
[  510.441742][ T5732]  ? __pfx_blkdev_read_folio+0x10/0x10
[  510.441778][ T5732]  ? __pfx_filemap_read_folio+0x10/0x10
[  510.441813][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.441839][ T5732]  ? down_read+0x270/0x2e0
[  510.441868][ T5732]  ? filemap_get_pages+0x987/0x1ef0
[  510.441900][ T5732]  filemap_get_pages+0x1744/0x1ef0
[  510.441947][ T5732]  ? __pfx_filemap_get_pages+0x10/0x10
[  510.441984][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.442012][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.442043][ T5732]  filemap_read+0x447/0x1230
[  510.442073][ T5732]  ? aa_file_perm+0x192/0x15e0
[  510.442114][ T5732]  ? __pfx_filemap_read+0x10/0x10
[  510.442160][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.442186][ T5732]  ? down_read+0x270/0x2e0
[  510.442213][ T5732]  ? blkdev_read_iter+0x177/0x440
[  510.442235][ T5732]  blkdev_read_iter+0x30a/0x440
[  510.442260][ T5732]  vfs_read+0x582/0xa70
[  510.442296][ T5732]  ? __pfx_vfs_read+0x10/0x10
[  510.442325][ T5732]  ? vm_mmap_pgoff+0x373/0x4f0
[  510.442350][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.442381][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.442409][ T5732]  ? srso_alias_return_thunk+0x5/0xfbef5
[  510.442438][ T5732]  ksys_read+0x150/0x270
[  510.442471][ T5732]  ? __pfx_ksys_read+0x10/0x10
[  510.442506][ T5732]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.442534][ T5732]  do_syscall_64+0x15f/0xf80
[  510.442564][ T5732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.442588][ T5732] RIP: 0033:0x7ff9456a7407
[  510.442608][ T5732] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  510.442627][ T5732] RSP: 002b:00007fff56c6dc40 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[  510.442649][ T5732] RAX: ffffffffffffffda RBX: 00007ff945d86880 RCX: 00007ff9456a7407
[  510.442667][ T5732] RDX: 0000000000000200 RSI: 00007ff945d85000 RDI: 0000000000000009
[  510.442682][ T5732] RBP: 000055af03d6e050 R08: 0000000000000000 R09: 0000000000000000
[  510.442696][ T5732] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  510.442710][ T5732] R13: 0000000000000000 R14: 000055af03d7d1d8 R15: 00007ff945ead39c
[  510.442735][ T5732]  </TASK>
[  511.063851][T14064] dummy0: left promiscuous mode
[  511.164549][T17170] loop5: detected capacity change from 0 to 128
[  511.172511][T17170] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  511.194387][ T5759] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  511.204671][T17170] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  511.357829][ T5759] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  511.383051][ T5759] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  511.412613][ T5759] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  511.432674][ T5759] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  511.455252][ T5759] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  511.476907][ T5759] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  511.525596][ T5759] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  511.541532][ T5759] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.554639][ T5759] usb 3-1: config 0 descriptor??
[  511.794761][ T5759] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  511.879645][T17190] loop8: detected capacity change from 0 to 256
[  511.904905][T17190] UBIFS error (pid: 17190): cannot open "c:::", error -22
[  512.016981][ T5759] usb 3-1: USB disconnect, device number 6
[  512.040267][ T5759] usblp0: removed