last executing test programs:

14m25.63424852s ago: executing program 0 (id=2242):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/vmallocinfo\x00', 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x2a801, 0x0)
sendfile(r1, r0, 0x0, 0xfffffffc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00'}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c504000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00226100000044a0"], 0x0}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
statx(0xffffffffffffffff, 0x0, 0x100, 0x4, &(0x7f0000002a00))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x10, 0x749}, 0x94)

14m20.675289776s ago: executing program 0 (id=2268):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x300, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

14m20.43364881s ago: executing program 0 (id=2270):
syz_open_procfs(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
socket$inet_udp(0x2, 0x2, 0x0)
io_setup(0x8, &(0x7f0000000000))
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

14m19.174837729s ago: executing program 0 (id=2280):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x800090, &(0x7f0000000640)={[{@nodiscard}, {@fault_type={'fault_type', 0x3d, 0x291}}, {@acl}, {@alloc_mode_reuse}, {@jqfmt_vfsv0}, {@segment_mode}, {@prjjquota={'prjjquota', 0x3d, '\x00'}}, {@nobarrier}, {@norecovery}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@jqfmt_vfsold}, {@nolazytime}]}, 0x1, 0x550d, &(0x7f00000102c0)="$eJzs3M1rY1UUAPCTdjrfjkVcuJsHg9DCJEw6H+hu1Bn8wBnKqAtXmiZpyEySV5o0rV25cCku/E9EwZVL/wYXrt3JLBR3gpJ3X3XqBwhNGzv9/eDlvHtzc3JuCIXzXkkAJ9Zi9stPlbgU5yJiPiIuRhTnlfIo3E7hhYi4HBFzTxyVcv6PidMRcT4iLk2Sp5yV8qnPr46v3Hz81s/ffHfm1IUvvv5+drsGZu3FiOhvpPPtfop5J8WH5Xxj3C1i/8a4jOmJ/qNynKe43V4rMmw39tY1ini9k9bnG1vDSVzvNZqT2OmuF/Mbg/SGw3FnL0/xgoeNzWLcaq8VsTvMi9jZTXXt7Ka/bbvDUcrTKvN9VKSP0Wgvpvn2TjvtZ+NREZuDUTmf8uat9s4kjstYvl00816rqGPtIJ/0/9vb3cHWTjZubw67+SC7Wau/VKvfqtY381Z71L5RbfRbt25kS53eZFl11G70b3fyvNNr15p5fzlb6jSb1Xo9W7rTXus2Blm9Xrteu1a9uVyeXc1ev/9e1mtlS5P4anewNer2htl6vpmlVyxnK7XrLy9nV+rZO/dWs9UHd+/eW333gzvv33/l3puvlYv+Vla2tHJtZaVav1ZdqS+foP1/UhY9xf3DgVRmXQDA8aP/B2bh8Pr/zQcRh9//h/5/Ko5V/3sI/f/jyffpBO8fDkT/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwYv2w8OUbxcliGl8o558pp54rx5WImIuI3/7BfJzel3O+zLPwL+sX/lLDt5UoMkze40x5nI+I2+Xx67OH/SkAAADA0+urjy9/lrr19LA464I4SumizdzFD6eUrxIRC4s/Tinb3OTh+SklK77fp2JnStmKC1hnp5QsXXI7Na1s/8n8vnD2iVBJYe5IywEAAI7E/k7gaLsQAAAAjtKnsy6A2ajE3q3MvXvBxX/e/3lD8Ny+EQAAAHAMVWZdAAAAAHDoiv7f7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NzPjdNAFAfgZycm4Z+IEHda4ZaUQQkcOaIUQBMpgENogQZSQ7hRAUIxiseE9cqHlTy2tavvk7yzYzm/zETJ4c1IAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJh+Vsfd9y/vvw7NudRDVHWe2QAAAAB9ztVx1/yzSf2X7f3X7a23bb+IiDIi+qr3RTzrZC7anOr/89861f69MfyIaBKu77FqrxcR8aG9/rwZ+1MAAACAp+u0P2xTtZ7+bOYeEFNKizblq4+Z8oqIqDa/MqWV17x3mcKa7/cyPmdKaxaw1pnC0pLbMlfagzQ/99uq3fpOU6Sm7H3ZbZDZ5g4AAExo0WmmrUIAAACY0qe5B8A8ivi3lXnbClylpt3ee97pAQAAAI9QMfcAAAAAgNE19f+o5//9rnufd/4fAAAATCed/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCYztVxd9oftkNzLvUweWYDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf9ucdBUIgDMJg7/rOZO5/WGnQ1NSkCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYuZ/XOKo4AOBvZna2tiquUfYQEQUPerHbbW3tTTwowYN/ghDSbY3d+qPNwZYi5uJNcu5F9CgiKPHW/yHnBHKJtxz2EMGzMrMz2ckPcP01s0k+H3jzvjsM875vFkK+814CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKXR25M4yQ6dcRwX5zb3Hi5l/dahPvN4bXs+a1kc1Zn0yfBi9UPUbS4RAAAAzo6krO9DCDvp+kLWx528/k/La7Ka/9unx3FZzx+u+8u+rP2z9svPu8/vD9QZj5Pd9ObycHDpaCqt/2+Ws+2Zv7yilT/5/N1Lkn8h8Xurz43S/HlGX29svNPOw3N1ZAsA/BMXy74Iyt+Hsr7fZGIAnBmtSuFd1v9Jp9mcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOowWg1PlnEUQphvTeLM1t7DpeP6x2vb82W79ujRWvhycs/sFmkI4ebycHCp1tnMtnv3H9xeHA4Hd+sPXgohNDX6W8X0b38wxcUhNPJ8BP9REBdf9qzkczKCBn8oAQBwKqVFy+r6nXR9ITsXzYXwx3cH6/9XK3GYsv7f/fDaZnWsav3fr22Gs6+3cufT3r37D15fvrN4a3Br8PEbl/tv9q9cv3r1ei9/V9LzxgQAAIB/p120av0fzx1d/79QicOU9f9n3/S/qI6VqP+PNVn0azoTAACAs+3Zl3//LTrmfNRuh88XV1bu9sfH/c+Xx8cGUv3bzhWtWv8nc01nBQAAANRhtBodWP+/UYnDlOv/T33/wo/VeyYhhPPF+v/FpU+GN+qbzkyr48+Jm54jAAAAzTpftOr6f5rv/4/3tzzEIYTXXhnHxb8BnKr+T9796ofqWNX9/1fqm+JMirvj55H33RBa3aYzAgAA4DR7omhZsf9rur7w0U8X3m/b/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtz8DAAD//y/BPuc=")
r0 = syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0))
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="2400000076000908000000000000000007020000", @ANYRES32=r1, @ANYBLOB="0c000d80"], 0x24}, 0x1, 0x5502000000000000, 0x0, 0x10004}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_open_dev$vcsa(&(0x7f0000000400), 0xfbd, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000f0000001c0007800c000400403a002d00002d2e0c0003"], 0x30}}, 0x20088004)
sendmsg$TIPC_NL_BEARER_ADD(r5, &(0x7f0000000980)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000780)={0x1f8, r7, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xf8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x96d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x816}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x18c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc85}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}]}, @TIPC_NLA_NODE={0x1c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x2}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}]}, @TIPC_NLA_NET={0x40, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x62e1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x72dc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x200}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffd}]}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MEDIA={0x44, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x1f8}, 0x1, 0x0, 0x0, 0xc0881}, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r4}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000012c0)='scsi_dispatch_cmd_start\x00', r8}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r9, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r10}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f00000009c0)=0x8000, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000a00)=ANY=[@ANYRESOCT=r7, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000000)={0x0, 0x7, 0x5, 0x0, 0x0, [{{r0}, 0x200}, {{r1}, 0x5}, {{r2}, 0x5}, {{r0}, 0x71}, {{r0}, 0x7}]})

14m18.722780036s ago: executing program 0 (id=2285):
chdir(&(0x7f0000000240)='./bus\x00')
fchdir(0xffffffffffffffff)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x100c404, &(0x7f0000000940)={[{@dots}, {@dots}, {@fat=@nfs_nostale_ro}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@fat=@tz_utc}, {@dots}, {@dots}, {@dots}, {@dots}, {@dots}, {@dots}, {@dots}, {@fat=@discard}, {@fat=@check_normal}, {@fat=@sys_immutable}, {@nodots}, {@dots}, {@fat=@usefree}, {@nodots}, {@fat=@showexec}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {@dots}]}, 0xfd, 0x202, &(0x7f0000001280)="$eJzs3c1qE1EUAOCTNr/SRXeCIIy40FVRn6AiFcSAUMlCd4JdmVW6Sd2kj+Er+F4+gHSVjVyJM0lqnDQhkInW79vkzJx75/4MmWSTkxS5b3e/RLtdi73jOI5xLQ5jL6YuAwC4TcYpxfeU2/VcAIBqrPH5/6PiKQEAW/b23fvXz7vdk9Msa0dcXQ57w17+mudfvuqePMl+OZz3uhoOe/uz/NNs8bvDJN+IO0X+Wd4/m6WbEdFrxuOHeX6Se/Gmm/3evxUft7x2AAAAAAAAAAAAAAAAAAAAAADYlfuRTZXW9zk6Wsx3inx+dK0+0EL9nnrcqxeH8/JAaVTFogAAAAAAAAAAAAAAAAAAAOAfc37x+dOHfv9sMA9aEXH9TL2kzfKgVlx4eZv9ta5TUbAXm3XvFMvcYNBasUXbXWCn/OauE0R9VZtGRPwtd7AsyCoYq/Pn9o7S7ExKk6D8XTAti7F0iObK7X10etMMJxdf1n2cUup/fTA4v4h04xDzZ0SrygcSAAAAAAAAAAAAAAAAAAD8x4of/R6U5drVTwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdqL4//+zwSbBKCIOYmXj6ViNaO92sQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANxaPwMAAP//1L0fPA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000dd4ecc33d4ae0a235b7f329b0e96144e3ff293750a0d03fd968f962874ee9855b08db619a0fb9b11006c31677e7431846901bae1687612c8b3b2a1e0954730e593a51e8c3fc2b67296e185b847"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
mount$incfs(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000000)="820d283076a169a40703d21d183d0b1395a2ca44e277c52cea70861ce0fb8d082b37be5fe66292f9c09342b9347eae231d225810b4b5ef0e2fbb", 0x3a}, {&(0x7f0000000080)="e2e77554b22a511c9f03f0af48238166436e6a05a86dfc8cdea54daafed307199300b9345b1ce7156bee746b3e5a2b20bbc7b51a5dc42802972495cdbf16dcf725ff2bd1792c04d0a665d6017c3451d4dd6e13fc3fdd9c0ebb96841d0105c9d26637c2ec774e0ff0bfada6975a3bce1c885648e01fe01ca7ab111bdb2090f144a4783fdec450363428807fc8ca435fd31dcc55409697aef3990d8f2b32eb79e8ea952c59c02955e54b02fa7e323895a983c09e5aad2a396c87e370a39d5398ca71ee5b28fa19414b93616419adcce0", 0xcf}, {&(0x7f0000000180)="9186a21ea0ceb94f87632dc87185eb0a4ffbe42f6ca833007df6ae5071d43309757e6a41122bc36c4d0519cbe4464d56368e04dbf746e89ae389fde32a3f2591440a4e6bb75d791fc93542a9ce9b290a17554297", 0x54}, {&(0x7f0000000240)="a8d29aa0f5a2df66a5fee6360928ba7796cf7dba03cbe0f4970cdcf45fa21c66036b8d58aa884754a2e6416ca9", 0x2d}], 0x4)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000840)={[{@grpjquota}, {@auto_da_alloc_val}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x9}}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@oldalloc}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@usrquota}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x53}}]}, 0xfa, 0x568, &(0x7f0000000f00)="$eJzs3d9rW1UcAPDvTZPup66DMdAHKezByVy6tv6Y4MN8FB0O9MmXGdqsjKbLaNKx1oHbg3vxRYYg4kD8A3z3cfgP+FcMdDBkFH3wJXLTmy5dk/5YszY2nw/c9px7b3LOybnfw7k5CQlgYI2mf3IRr0TEt0nEsbZj+cgOjq6ct/zk1lS6JdFofPpXEkm2r3V+kv0/0srkI377OuJMbn25tcWl2VKlUp7P8mP1uetjtcWls1fnSjPlmfK1icnJ829PTrz37js9a+sbl/754ZMHH57/5tTy9788On4viQtxNDvW3o4duN2eGY3R7DUpxIVnThzvQWH9JFmbfXmv6sH2DGVxXoh0DDgWQ1nUA/vfVxHRAAZUIv5hQLXmAa17+873wYXPd3lasmsef7ByA7S+/fmV90biYPPe6PBysubOKL3fHelB+WkZv/55/166Re/ehwDY1O07EXEun18//iXZ+Pf8zm3hnGfLMP7B7nmQzn/e7DT/ya3Of6LD/OdIh9h9HpvHf+5RD4rpKp3/vd9x/ru6aDUylOVeas75CsmVq5XyuWyR43QUDqT5jdZzzi8/bHQ71j7/S7e0/NZcMKvHo/yBtY+ZLtVLO2lzu8d3Il7tOP9NVvs/6dD/6etxae1TNQ50KeNk+f5r3crfvP0vVuPniNc79v/TFa1k4/XJseb1MNa6Ktb7++7J37uVv9ftT/v/8MbtH0na12tr2y/jp4P/lrsde97rfzj5rJkezvbdLNXr8+MRw8nH6/dPPH1sK986P23/6VMbj3+drv9DEfHFFtt/98Tdrqf2Q/9Px/A2+n/7iYcfffljt/K31v9vNVOnsz1bGf+2WsGdvHYAAAAAAADQb3IRcTSSXHE1ncsViyuf7zgRh3OVaq1+5kp14dp0NL8rOxKFXGul+1jb5yHGs8/DtvITz+QnI+J4RHw3dKiZL05VK9N73XgAAAAAAAAAAAAAAAAAAADoE0e6fP8/9cfQXtcOeOHW/OR3snf1AHbfpj/534tfegL60qbxD+xb4h8Gl/iHwSX+YXCJfxhc4h8Gl/iHwSX+AQAAAAAAAAAAAAAAAAAAAAAAAAAAoKcuXbyYbo3lJ7em0vz0jcWF2eqNs9Pl2mxxbmGqOFWdv16cqVZnKuXiVHVus+erVKvXxydi4eZYvVyrj9UWly7PVReu1S9fnSvNlC+XC7vSKgAAAAAAAAAAAAAAAAAAAPh/qS0uzZYqlfL8vk4MZa3tl/rsp0S+P6oh0ePEHg9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDmvwAAAP//mmY2oA==")

14m18.244072163s ago: executing program 0 (id=2288):
pipe(&(0x7f00000000c0))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_setup(0x20, &(0x7f0000001140))
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)

14m18.224435014s ago: executing program 32 (id=2288):
pipe(&(0x7f00000000c0))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_setup(0x20, &(0x7f0000001140))
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)

10.390208427s ago: executing program 3 (id=5875):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x2, 0x8001}, {}, 0x0, 0x1, 0x1}, {{@in=@empty, 0x4d6, 0x3c}, 0xa, @in6=@private2, 0x0, 0x1}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000400000000000008020000000000000000000001050000018000000000000000010000850200000000000000010000000000000400000000da"], 0x0, 0x52}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCCONS(r6, 0x541d)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1d, 0xc, &(0x7f0000000280)=ANY=[@ANYRES64=r2, @ANYRES32=r0, @ANYRES16, @ANYRESOCT=r6], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0))
bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="020000000400000007000000020000000010"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)

9.303095624s ago: executing program 3 (id=5878):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/vmallocinfo\x00', 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c504000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00226100000044a0"], 0x0}, 0x0)

5.78127174s ago: executing program 4 (id=5888):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r5, 0x0, 0x800003d, 0x7ff)
write$binfmt_script(r5, &(0x7f00000000c0), 0xb)
lseek(r5, 0x0, 0x3)

5.78045586s ago: executing program 5 (id=5889):
pipe(&(0x7f00000000c0))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_setup(0x20, &(0x7f0000001140))
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
getsockname$packet(r4, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}, 0x1, 0xd}, 0x0)

5.73218736s ago: executing program 1 (id=5890):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x2, 0x8001}, {}, 0x0, 0x1, 0x1}, {{@in=@empty, 0x4d6, 0x3c}, 0xa, @in6=@private2, 0x0, 0x1}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000400000000000008020000000000000000000001050000018000000000000000010000850200000000000000010000000000000400000000da"], 0x0, 0x52}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCCONS(r6, 0x541d)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1d, 0xc, &(0x7f0000000280)=ANY=[@ANYRES64=r2, @ANYRES32=r0, @ANYRES16, @ANYRESOCT=r6], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0))
bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="020000000400000007000000020000000010"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)

5.201389199s ago: executing program 5 (id=5891):
r0 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r5, &(0x7f0000003440)={0x2020}, 0x2020)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)

5.146908089s ago: executing program 3 (id=5892):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
pipe2$9p(&(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x0)
io_setup(0x9, &(0x7f0000003080)=<r5=>0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
io_getevents(r5, 0x1, 0x1, &(0x7f0000000000)=[{}], 0x0)
io_submit(r5, 0x1, &(0x7f0000000940)=[&(0x7f0000001940)={0x0, 0x0, 0x0, 0x7, 0x0, r4, 0x0}])
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0))
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10)
close(0x3)

4.837217584s ago: executing program 4 (id=5893):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000002000000e27f000005"], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='mm_page_free_batched\x00', r0}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x96)
pwrite64(r1, &(0x7f0000000140)='2', 0x155c2, 0x8000c64)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x60)
sendfile(r2, r2, 0x0, 0xe0000000)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x10000003)
mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000009, 0x20010, 0xffffffffffffffff, 0x4758e000)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x4b, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="b8000000190001000000400010000000e0000002000000000000000000000000fe8000000000000000000000000000bb00000002000000000a00000000000000f80897b4e9a3fd79c23f9515fabf7a5e6a38cffe620a54cc7795d0a1e1b0c479f0e69682bf20eefae58da4e533b284ce7d518d7b8a502b9122489436a180b04096494fe07c6d206acabecb15e6a698091e31508d6f75aa85e4c11ac88888cb1d30aa8b17aa395a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000fbffffffffffffff0101000000000000050000000000000000000000000000000900000000000000000000000000000000000000800000000000000200000000"], 0xb8}}, 0x4004)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8000000140001000000000000000000e0000002000000000000000000000000fe80000000000000000000000000001300000000000000000a00002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000080000000000000000ffffffffffffffff00000000000000000004000000000000000000000000008c9d97146b2c000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000063b436b35796d8cd8acec7c28c20502f7b064e6616f62a2dd2b40a83b4c473312583dc197c01d28d72be5626f1d70e335fb4a674c326de8bc2997b1ed14dabfb29694a8f4bae7ba3a8deccf928b88d73ab2bd2224260feed6494f4f618b0e0f7eb7bd7e0e52d00d59be1985b8e94db9307a2f3f43ce4d5e7ac2839d5087df5bda07286dc4ccbfaf01d1c088437f9f49598801ef1bef7d4ab94075570241a7254289a934ae1e421b172ba194374c497102b0971df8ba635854617b77c1902ec"], 0xb8}}, 0x0)
pipe(&(0x7f00000000c0))
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)

4.798644495s ago: executing program 1 (id=5894):
r0 = syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000ac0)={[{@lazytime}, {@i_version}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@abort}, {@auto_da_alloc}, {@lazytime}, {@errors_remount}, {@block_validity}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
fdatasync(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESHEX=r0], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="00000000f91222598cce9b5a09d4a2540300000000b7020000850000008600000800000000646c612500000400002020207b1af8ff00000000bfa1000000000000eed30000f8ffffffb702020208000000b70300e1a3dcf39dcd02a3000000002088933789a86803c218306cd31c445a2ff55229102cfabec30fb3699e0d926af3c175145f0daa11a7da13f00ff6d3a0ba4a2a22942989bd8463a6a75a7afd6d7ac4081ac1a38f7be806e57499b85d7cda41c9b1a359a713421a3e3dfeac031b57e462408b1cfe0cb91668f87625494a3a44e619fee3751704ba95083064bedee21606feb06d3c10b3c90cd82af7e12dd467b7935169defb3234da67c7b693f891c1ace0a6307b2f22bcff1359f38b9518e5fe0af96077570b67649ea2fca93d9944bd842b63d02fb8dde565d5ef4aa2341bbfbd6e5c47b4e882388bbecde906554226bab8a55c20520fea04f86c48df68a953669f454c3776106a9ccd2ed80c4222928a7d047d6406cc74f2ff"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r3}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES8=r5], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010328bd7000fedbdf251c0000000c000180080001"], 0x20}}, 0x10)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)

4.791501075s ago: executing program 3 (id=5895):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
pipe2$9p(&(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="2b446c4c3fc12e0893fd08d0802a"])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
writev(0xffffffffffffffff, 0x0, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
r5 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c00009040000020701010009050102"], 0x0)
syz_usb_control_io$printer(r5, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x3, 0x0)
getsockname$packet(r8, &(0x7f00000002c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x24, 0x66, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
close_range(r10, 0xffffffffffffffff, 0x0)

4.699306307s ago: executing program 1 (id=5896):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008001000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

4.632813258s ago: executing program 1 (id=5897):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r6, 0x0, 0x800003d, 0x7ff)
lseek(r6, 0x0, 0x3)
sendto$inet(r0, 0x0, 0x0, 0x814, 0x0, 0x0)

4.631466707s ago: executing program 4 (id=5898):
fchdir(0xffffffffffffffff)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x100c404, &(0x7f0000000940)={[{@dots}, {@dots}, {@fat=@nfs_nostale_ro}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@fat=@tz_utc}, {@dots}, {@dots}, {@dots}, {@dots}, {@dots}, {@dots}, {@dots}, {@fat=@discard}, {@fat=@check_normal}, {@fat=@sys_immutable}, {@nodots}, {@dots}, {@fat=@usefree}, {@nodots}, {@fat=@showexec}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {@dots}]}, 0xfd, 0x202, &(0x7f0000001280)="$eJzs3c1qE1EUAOCTNr/SRXeCIIy40FVRn6AiFcSAUMlCd4JdmVW6Sd2kj+Er+F4+gHSVjVyJM0lqnDQhkInW79vkzJx75/4MmWSTkxS5b3e/RLtdi73jOI5xLQ5jL6YuAwC4TcYpxfeU2/VcAIBqrPH5/6PiKQEAW/b23fvXz7vdk9Msa0dcXQ57w17+mudfvuqePMl+OZz3uhoOe/uz/NNs8bvDJN+IO0X+Wd4/m6WbEdFrxuOHeX6Se/Gmm/3evxUft7x2AAAAAAAAAAAAAAAAAAAAAADYlfuRTZXW9zk6Wsx3inx+dK0+0EL9nnrcqxeH8/JAaVTFogAAAAAAAAAAAAAAAAAAAOAfc37x+dOHfv9sMA9aEXH9TL2kzfKgVlx4eZv9ta5TUbAXm3XvFMvcYNBasUXbXWCn/OauE0R9VZtGRPwtd7AsyCoYq/Pn9o7S7ExKk6D8XTAti7F0iObK7X10etMMJxdf1n2cUup/fTA4v4h04xDzZ0SrygcSAAAAAAAAAAAAAAAAAAD8x4of/R6U5drVTwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdqL4//+zwSbBKCIOYmXj6ViNaO92sQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANxaPwMAAP//1L0fPA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000dd4ecc33d4ae0a235b7f329b0e96144e3ff293750a0d03fd968f962874ee9855b08db619a0fb9b"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
mount$incfs(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000000)="820d283076a169a40703d21d183d0b1395a2ca44e277c52cea70861ce0fb8d082b37be5fe66292f9c09342b9347eae231d225810b4b5ef0e2fbb", 0x3a}, {&(0x7f0000000180)="9186a21ea0ceb94f87632dc87185eb0a4ffbe42f6ca833007df6ae5071d43309757e6a41122bc36c4d0519cbe4464d56368e04dbf746e89a", 0x38}, {&(0x7f0000000240)="a8d29aa0f5a2df66a5fee6360928ba7796cf7dba03cbe0f4970cdcf45f", 0x1d}], 0x3)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000840)={[{@grpjquota}, {@auto_da_alloc_val}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x9}}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@oldalloc}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@usrquota}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x53}}]}, 0xfa, 0x568, &(0x7f0000000f00)="$eJzs3d9rW1UcAPDvTZPup66DMdAHKezByVy6tv6Y4MN8FB0O9MmXGdqsjKbLaNKx1oHbg3vxRYYg4kD8A3z3cfgP+FcMdDBkFH3wJXLTmy5dk/5YszY2nw/c9px7b3LOybnfw7k5CQlgYI2mf3IRr0TEt0nEsbZj+cgOjq6ct/zk1lS6JdFofPpXEkm2r3V+kv0/0srkI377OuJMbn25tcWl2VKlUp7P8mP1uetjtcWls1fnSjPlmfK1icnJ829PTrz37js9a+sbl/754ZMHH57/5tTy9788On4viQtxNDvW3o4duN2eGY3R7DUpxIVnThzvQWH9JFmbfXmv6sH2DGVxXoh0DDgWQ1nUA/vfVxHRAAZUIv5hQLXmAa17+873wYXPd3lasmsef7ByA7S+/fmV90biYPPe6PBysubOKL3fHelB+WkZv/55/166Re/ehwDY1O07EXEun18//iXZ+Pf8zm3hnGfLMP7B7nmQzn/e7DT/ya3Of6LD/OdIh9h9HpvHf+5RD4rpKp3/vd9x/ru6aDUylOVeas75CsmVq5XyuWyR43QUDqT5jdZzzi8/bHQ71j7/S7e0/NZcMKvHo/yBtY+ZLtVLO2lzu8d3Il7tOP9NVvs/6dD/6etxae1TNQ50KeNk+f5r3crfvP0vVuPniNc79v/TFa1k4/XJseb1MNa6Ktb7++7J37uVv9ftT/v/8MbtH0na12tr2y/jp4P/lrsde97rfzj5rJkezvbdLNXr8+MRw8nH6/dPPH1sK986P23/6VMbj3+drv9DEfHFFtt/98Tdrqf2Q/9Px/A2+n/7iYcfffljt/K31v9vNVOnsz1bGf+2WsGdvHYAAAAAAADQb3IRcTSSXHE1ncsViyuf7zgRh3OVaq1+5kp14dp0NL8rOxKFXGul+1jb5yHGs8/DtvITz+QnI+J4RHw3dKiZL05VK9N73XgAAAAAAAAAAAAAAAAAAADoE0e6fP8/9cfQXtcOeOHW/OR3snf1AHbfpj/534tfegL60qbxD+xb4h8Gl/iHwSX+YXCJfxhc4h8Gl/iHwSX+AQAAAAAAAAAAAAAAAAAAAAAAAAAAoKcuXbyYbo3lJ7em0vz0jcWF2eqNs9Pl2mxxbmGqOFWdv16cqVZnKuXiVHVus+erVKvXxydi4eZYvVyrj9UWly7PVReu1S9fnSvNlC+XC7vSKgAAAAAAAAAAAAAAAAAAAPh/qS0uzZYqlfL8vk4MZa3tl/rsp0S+P6oh0ePEHg9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDmvwAAAP//mmY2oA==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r5, 0x0, 0x0, 0xfecc)

3.686665632s ago: executing program 5 (id=5899):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000002000000e27f000005"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x96)
pwrite64(r0, &(0x7f0000000140)='2', 0x155c2, 0x8000c64)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x60)
sendfile(r1, r1, 0x0, 0xe0000000)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x10000003)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x4b, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="b8000000190001000000400010000000e0000002000000000000000000000000fe8000000000000000000000000000bb00000002000000000a00000000000000f80897b4e9a3fd79c23f9515fabf7a5e6a38cffe620a54cc7795d0a1e1b0c479f0e69682bf20eefae58da4e533b284ce7d518d7b8a502b9122489436a180b04096494fe07c6d206acabecb15e6a698091e31508d6f75aa85e4c11ac88888cb1d30aa8b17aa395a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000fbffffffffffffff0101000000000000050000000000000000000000000000000900000000000000000000000000000000000000800000000000000200000000"], 0xb8}}, 0x4004)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8000000140001000000000000000000e0000002000000000000000000000000fe80000000000000000000000000001300000000000000000a00002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xb8}}, 0x0)
pipe(&(0x7f00000000c0))
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)

3.686025032s ago: executing program 1 (id=5900):
pipe(&(0x7f00000000c0))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_setup(0x20, &(0x7f0000001140))
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
getsockname$packet(r4, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x3}]}, 0x28}, 0x1, 0xd}, 0x0)

3.684928203s ago: executing program 4 (id=5901):
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file1\x00', 0x50, &(0x7f0000000280)={[{@usrquota}, {}, {@nobh}, {@grpjquota}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
unshare(0x20000400)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32], 0xe)
unshare(0x22020600)
r4 = timerfd_create(0x0, 0x0)
timerfd_settime(r4, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(0xffffffffffffffff, 0x40046210, &(0x7f0000000040))
syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRES32], 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}})

3.576427554s ago: executing program 2 (id=5902):
pipe(&(0x7f00000000c0))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_setup(0x20, &(0x7f0000001140))
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
getsockname$packet(r4, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}, 0x1, 0xd}, 0x0)

2.686036948s ago: executing program 4 (id=5903):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/vmallocinfo\x00', 0x0, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x2a801, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c504000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[], 0x0}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
statx(0xffffffffffffffff, 0x0, 0x100, 0x4, &(0x7f0000002a00))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x10, 0x749}, 0x94)

2.628049599s ago: executing program 5 (id=5904):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00'}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYBLOB="2b446c4c3fc12e0893fd08d0802a"])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
socket(0x1a, 0xa, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c00009040000020701010009050102"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)

2.497063711s ago: executing program 2 (id=5905):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x2, 0x8001}, {}, 0x0, 0x1, 0x1}, {{@in=@empty, 0x4d6, 0x3c}, 0xa, @in6=@private2, 0x0, 0x1}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000400000000000008020000000000000000000001050000018000000000000000010000850200000000000000010000000000000400000000da"], 0x0, 0x52}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCCONS(r6, 0x541d)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1d, 0xc, &(0x7f0000000280)=ANY=[@ANYRES64=r2, @ANYRES32=r0, @ANYRES16, @ANYRESOCT=r6], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0))
bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="020000000400000007000000020000000010"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)

2.441919802s ago: executing program 1 (id=5906):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1808014, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b048000000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f0378072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd78997da864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4bff1d00"/716], 0x5, 0x558b, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbbbFBAhoEgEUJE6wEJTt7R0RQgUMfAnIEWpUwIuhTYDrSJKFjaUuQuCESEkUNjyP3RupC5l65AhSEwMQXe+S8+JoVFp79zm95Oe3+fz9b3vna0qn98ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCw9W682szjJH2YHMTFsdvbKwtpv7mnT22s3ZlJWxo3Ks77CfBa+cnx6foSAQAA4PBIivo+Iu621+fSvjmZ1f/t4py05v/huUFc1PN76/7N7ZWj+UszRf3/+2/3XtqdaDLJ5kkHXVzq907tT6X1mJY49p5/4Bmt7Mpn370k2RvS/HD1xa12dj0b39269X4nC49UkS0A8DBOFn0eFH8PpX23zsQAODRapcK7qP+TyXpzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjC1mo8U8SNiJhp3Y9Tm9srC6P6b9buzGzk7dzNm2vlMdMh2hGxuNTvnapwLeOruJrXP5vv93tXrl6rOjgeESNeunGwf57k6f/rOZ2IGDpy4uUR43x8gLn2jLMvyD+eUe01nEjX98CTG0NHGvsu+Hs7A3V8AKoKmvn7My75PMqg+Ow9+pEr/u8IAICnXjtvaSV6t70+lx5rTEXs/Dhc/79RimOo7t+5MTgyeL5Rqv/vfXLudnmucv3frWh9T4LZ5UtfzF69dv2tpUvzF3sXe5+/fbr7TvfM+bNnz89m35XMLkbTNyYAAAD8D528lev/5tT+/f9jpTj+Y/+/XP9/+X336/Jcifp/pPubfnVnAgAAcBh1dqMXXv/rz8aIMxqdTnw1v7x8pTt43H1+evBYaboP6UjeyvV/MlV3VgAAAEAVtlYbQ/v/F0pxHHD//9mfXvmlPGYSERMRlyOid3Lhcv9CdcsZa1X8UDmbqFP3SgEAAKjLRN7K+//t7P7/5u4tD82IePNExN/5b/jjgPV/8sG3P5fnKt//f6bSVY6f5vTgemT9dERruu6MAAAAeJodzVta7P/RXp/79NdjH3Xc/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtX8CAAD//4ztMoY=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000003})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xacd6d66594b140a4, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001780)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r4, @ANYBLOB="00000000000000005c001280110001006272696467655f736c61766500000000440005800500050000000000050020000100000005000800000000000600", @ANYRES8=r4], 0x7c}}, 0x0)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1e44000010203010902640002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000108000905810320000000000904010000020d00000904010102020d0000090582020004fefc0009050302000200"], 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x20, 0x80, 0x1c, {0x26, 0x200, 0x10, 0xc, 0xe, 0x10, 0x91, 0x1ff, 0xf, 0x0, 0x7, 0x2010}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@version_u}]}})
timerfd_settime(r6, 0x400000000000000, 0x0, 0x0)

1.578841545s ago: executing program 2 (id=5907):
r0 = syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000ac0)={[{@lazytime}, {@i_version}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@abort}, {@auto_da_alloc}, {@lazytime}, {@errors_remount}, {@block_validity}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
fdatasync(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESHEX=r0], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="00000000f91222598cce9b5a09d4a2540300000000b7020000850000008600000800000000646c612500000400002020207b1af8ff00000000bfa1000000000000eed30000f8ffffffb702020208000000b70300e1a3dcf39dcd02a3000000002088933789a86803c218306cd31c445a2ff55229102cfabec30fb3699e0d926af3c175145f0daa11a7da13f00ff6d3a0ba4a2a22942989bd8463a6a75a7afd6d7ac4081ac1a38f7be806e57499b85d7cda41c9b1a359a713421a3e3dfeac031b57e462408b1cfe0cb91668f87625494a3a44e619fee3751704ba95083064bedee21606feb06d3c10b3c90cd82af7e12dd467b7935169defb3234da67c7b693f891c1ace0a6307b2f22bcff1359f38b9518e5fe0af96077570b67649ea2fca93d9944bd842b63d02fb8dde565d5ef4aa2341bbfbd6e5c47b4e882388bbecde906554226bab8a55c20520fea04f86c48df68a953669f454c3776106a9ccd2ed80c4222928a7d047d6406cc74f2ff"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r3}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES8=r5], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010328bd7000fedbdf251c0000000c000180080001"], 0x20}}, 0x10)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)

1.519517757s ago: executing program 2 (id=5908):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008001000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

1.455822757s ago: executing program 2 (id=5909):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r5, 0x0, 0x800003d, 0x7ff)

1.391396678s ago: executing program 3 (id=5910):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f00000000c0), 0xb)
lseek(r5, 0x0, 0x3)

1.002456594s ago: executing program 5 (id=5911):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r6, 0x0, 0x800003d, 0x7ff)
write$binfmt_script(r6, &(0x7f00000000c0), 0xb)
lseek(r6, 0x0, 0x3)
sendto$inet(r0, 0x0, 0x0, 0x814, 0x0, 0x0)

819.769787ms ago: executing program 4 (id=5912):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c00009040000020701010009050102"], 0x0)

526.271002ms ago: executing program 2 (id=5913):
openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)

250.975806ms ago: executing program 3 (id=5914):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000002000000e27f000005"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x96)
pwrite64(r0, &(0x7f0000000140)='2', 0x155c2, 0x8000c64)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x60)
sendfile(r1, r1, 0x0, 0xe0000000)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x10000003)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x4b, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="b8000000190001000000400010000000e0000002000000000000000000000000fe8000000000000000000000000000bb00000002000000000a00000000000000f80897b4e9a3fd79c23f9515fabf7a5e6a38cffe620a54cc7795d0a1e1b0c479f0e69682bf20eefae58da4e533b284ce7d518d7b8a502b9122489436a180b04096494fe07c6d206acabecb15e6a698091e31508d6f75aa85e4c11ac88888cb1d30aa8b17aa395a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000fbffffffffffffff0101000000000000050000000000000000000000000000000900000000000000000000000000000000000000800000000000000200000000"], 0xb8}}, 0x4004)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8000000140001000000000000000000e0000002000000000000000000000000fe80000000000000000000000000001300000000000000000a00002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000080000000000000000ffffffffffffffff00000000000000000004000000000000000000000000008c9d97146b2c000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000063b436b35796d8cd8acec7c28c20502f7b064e6616f62a2dd2b40a83b4c473312583dc197c01d28d72be56"], 0xb8}}, 0x0)
pipe(&(0x7f00000000c0))
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)

0s ago: executing program 5 (id=5915):
pipe(&(0x7f00000000c0))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_setup(0x20, &(0x7f0000001140))
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
getsockname$packet(r4, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}, 0x1, 0xd}, 0x0)

kernel console output (not intermixed with test programs):

0) entered disabled state
[ 1245.669839][T21194] device bridge_slave_1 left promiscuous mode
[ 1245.679762][T21194] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1245.689898][ T3984] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1245.706563][ T3984] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1245.727054][ T3984] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1245.757336][ T3984] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1245.774301][ T3984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1245.788353][T21196] loop3: detected capacity change from 0 to 40427
[ 1245.793181][ T3984] usb 5-1: Product: syz
[ 1245.800272][T21196] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1245.806406][  T885] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1245.812339][T21196] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1245.822336][ T3984] usb 5-1: Manufacturer: syz
[ 1245.827082][ T3984] usb 5-1: SerialNumber: syz
[ 1245.832907][T21196] F2FS-fs (loop3): invalid crc value
[ 1245.849958][T21196] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1245.879466][T21196] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1245.886758][T21196] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1246.010632][  T885] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1246.020431][  T885] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1246.061744][ T3984] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 36 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1246.255633][  T885] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1246.278318][T21185] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5571'.
[ 1246.285625][  T885] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1246.296927][  T885] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1246.319520][  T885] usb 6-1: Product: syz
[ 1246.323707][  T885] usb 6-1: Manufacturer: syz
[ 1246.328292][  T885] usb 6-1: SerialNumber: syz
[ 1246.359781][T21213] syz.2.5578[21213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1246.359875][T21213] syz.2.5578[21213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1246.374731][T21213] loop2: detected capacity change from 0 to 512
[ 1246.392855][T21213] EXT4-fs: Ignoring removed nobh option
[ 1246.404979][T21213] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1246.515065][T12507] syz-executor: attempt to access beyond end of device
[ 1246.515065][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1246.530923][ T3984] usb 5-1: USB disconnect, device number 36
[ 1246.538752][ T3984] usblp0: removed
[ 1246.549193][  T885] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 52 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1246.765382][T21192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1246.775505][T21192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1246.784041][T21192] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5572'.
[ 1247.013574][ T3984] usb 6-1: USB disconnect, device number 52
[ 1247.020634][ T3984] usblp0: removed
[ 1247.158701][T21222] loop4: detected capacity change from 0 to 40427
[ 1247.174660][T12262] EXT4-fs (loop2): unmounting filesystem.
[ 1247.185647][T21222] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1247.192100][T21222] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1247.214476][T21226] loop2: detected capacity change from 0 to 256
[ 1247.221316][T21222] F2FS-fs (loop4): invalid crc value
[ 1247.286075][T21222] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1247.321436][T21222] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1247.328567][T21222] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1248.310555][T20394] syz-executor: attempt to access beyond end of device
[ 1248.310555][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1248.385539][T21234] loop5: detected capacity change from 0 to 40427
[ 1248.400459][T21234] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1248.415370][T21234] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1248.449900][T21234] F2FS-fs (loop5): invalid crc value
[ 1248.646668][T21234] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1248.715314][T21234] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1248.722610][T21234] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1248.739049][T21258] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5588'.
[ 1248.802044][ T3984] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1248.992308][T20631] syz-executor: attempt to access beyond end of device
[ 1248.992308][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1249.014747][ T3984] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1249.025883][ T3984] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1249.040064][ T3984] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1249.054620][ T3984] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1249.070795][ T3984] usb 5-1: config 0 descriptor??
[ 1249.090618][T21264] netlink: 'syz.5.5590': attribute type 6 has an invalid length.
[ 1249.120523][  T885] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1249.133992][T21266] 9pnet_fd: Insufficient options for proto=fd
[ 1249.234571][T21268] device syzkaller0 entered promiscuous mode
[ 1249.310321][T21270] 9pnet_fd: Insufficient options for proto=fd
[ 1249.324705][  T885] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1249.334638][  T885] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1249.344274][  T885] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1249.358597][  T885] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1249.367636][  T885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1249.375702][  T885] usb 4-1: Product: syz
[ 1249.379881][  T885] usb 4-1: Manufacturer: syz
[ 1249.384465][  T885] usb 4-1: SerialNumber: syz
[ 1249.430566][T20970] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1249.510821][ T3984] logitech-djreceiver 0003:046D:C534.0055: item fetching failed at offset 2/5
[ 1249.520036][ T3984] logitech-djreceiver 0003:046D:C534.0055: logi_dj_probe: parse failed
[ 1249.528348][ T3984] logitech-djreceiver: probe of 0003:046D:C534.0055 failed with error -22
[ 1249.601601][  T759] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1249.611972][  T885] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 66 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1249.634614][  T885] usb 4-1: USB disconnect, device number 66
[ 1249.640749][T20970] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1249.654993][T20970] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1249.667037][  T885] usblp0: removed
[ 1249.673920][T20970] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1249.688353][T20970] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1249.697430][T20970] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1249.705647][T20970] usb 6-1: Product: syz
[ 1249.710197][T20970] usb 6-1: Manufacturer: syz
[ 1249.714799][T20970] usb 6-1: SerialNumber: syz
[ 1249.730785][  T385] usb 5-1: USB disconnect, device number 37
[ 1249.816363][  T759] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1249.826075][  T759] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1249.835758][  T759] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1249.850158][  T759] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1249.859240][  T759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1249.867325][  T759] usb 3-1: Product: syz
[ 1249.871505][  T759] usb 3-1: Manufacturer: syz
[ 1249.876083][  T759] usb 3-1: SerialNumber: syz
[ 1249.936325][T20970] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 53 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1250.018538][ T3984] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1250.096522][  T759] usblp 3-1:1.0: usblp1: USB Unidirectional printer dev 72 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1250.151206][T21266] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5591'.
[ 1250.171877][T21276] loop3: detected capacity change from 0 to 256
[ 1250.216075][ T3984] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1250.225905][ T3984] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1250.236053][ T3984] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1250.250161][ T3984] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1250.259214][ T3984] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1250.267298][ T3984] usb 2-1: Product: syz
[ 1250.271450][ T3984] usb 2-1: Manufacturer: syz
[ 1250.276406][ T3984] usb 2-1: SerialNumber: syz
[ 1250.504215][  T759] usb 6-1: USB disconnect, device number 53
[ 1250.510369][ T3984] usblp 2-1:1.0: usblp2: USB Unidirectional printer dev 53 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1250.523877][T21270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1250.542479][T21270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1250.544588][ T3984] usb 2-1: USB disconnect, device number 53
[ 1250.560002][ T3984] usblp2: removed
[ 1250.568011][T21270] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5593'.
[ 1250.622635][T21278] loop4: detected capacity change from 0 to 40427
[ 1250.632732][T21278] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1250.639151][T21278] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1250.648234][T21278] F2FS-fs (loop4): invalid crc value
[ 1250.655068][T21278] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1250.676535][T21278] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1250.683745][T21278] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1250.798971][T21269] usblp0: removed
[ 1250.804244][ T3984] usb 3-1: USB disconnect, device number 72
[ 1250.816000][ T3984] usblp1: removed
[ 1251.053173][T21290] loop5: detected capacity change from 0 to 1024
[ 1251.060125][T21290] EXT4-fs: Ignoring removed i_version option
[ 1251.080710][T21290] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[ 1251.132904][T20631] EXT4-fs (loop5): unmounting filesystem.
[ 1251.216773][T20394] syz-executor: attempt to access beyond end of device
[ 1251.216773][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1251.249192][T21294] loop3: detected capacity change from 0 to 40427
[ 1251.275879][T21294] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1251.290720][T21294] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1251.303810][T21294] F2FS-fs (loop3): invalid crc value
[ 1251.323455][T21294] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1251.372863][T21294] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1251.380115][T21294] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1251.414754][T21305] device syzkaller0 entered promiscuous mode
[ 1251.461747][  T759] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1251.886599][T21306] loop4: detected capacity change from 0 to 40427
[ 1251.894784][T21306] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1251.901372][T21306] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1251.911933][  T759] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1251.920882][T21306] F2FS-fs (loop4): invalid crc value
[ 1251.935473][  T759] usb 2-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1251.944617][  T759] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.952175][T21306] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1251.954003][  T759] usb 2-1: config 0 descriptor??
[ 1251.975504][  T759] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1251.979022][T21306] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1251.989916][T21306] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1252.056392][T12507] syz-executor: attempt to access beyond end of device
[ 1252.056392][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1252.141179][T21325] 9pnet_fd: Insufficient options for proto=fd
[ 1252.341879][T20970] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1252.402152][T20394] syz-executor: attempt to access beyond end of device
[ 1252.402152][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1252.455980][ T3984] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1252.472194][T21331] loop4: detected capacity change from 0 to 1024
[ 1252.479100][T21331] EXT4-fs: Ignoring removed i_version option
[ 1252.487287][T21331] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1252.518947][T20394] EXT4-fs (loop4): unmounting filesystem.
[ 1252.542576][T20970] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1252.553978][T20970] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1252.563833][T20970] usb 6-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1252.572952][T20970] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1252.581619][T20970] usb 6-1: config 0 descriptor??
[ 1252.649515][ T3984] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1252.659975][ T3984] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1252.671347][ T3984] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1252.692415][ T3984] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1252.712514][ T3984] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1252.720669][ T3984] usb 4-1: Product: syz
[ 1252.724924][ T3984] usb 4-1: Manufacturer: syz
[ 1252.729520][ T3984] usb 4-1: SerialNumber: syz
[ 1252.961580][ T3984] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 67 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1253.017254][T20970] logitech-djreceiver 0003:046D:C534.0056: item fetching failed at offset 2/5
[ 1253.026712][T20970] logitech-djreceiver 0003:046D:C534.0056: logi_dj_probe: parse failed
[ 1253.035172][T20970] logitech-djreceiver: probe of 0003:046D:C534.0056 failed with error -22
[ 1253.065239][T21338] loop4: detected capacity change from 0 to 40427
[ 1253.074707][T21338] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1253.081164][T21338] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1253.090212][T21338] F2FS-fs (loop4): invalid crc value
[ 1253.096932][T21338] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1253.119305][T21338] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1253.126368][T21338] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1253.176330][T21325] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5608'.
[ 1253.242650][T20970] usb 6-1: USB disconnect, device number 54
[ 1253.407691][  T759] usb 4-1: USB disconnect, device number 67
[ 1253.414075][  T759] usblp0: removed
[ 1253.854396][T20394] syz-executor: attempt to access beyond end of device
[ 1253.854396][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1254.041842][T21349] loop4: detected capacity change from 0 to 40427
[ 1254.054098][T21349] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1254.060975][T21349] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1254.079125][T21349] F2FS-fs (loop4): invalid crc value
[ 1254.085863][T21349] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1254.115674][T21349] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1254.115767][T21351] loop3: detected capacity change from 0 to 40427
[ 1254.122903][T21349] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1254.129230][  T759] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[ 1254.151190][T21351] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1254.158006][T21351] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1254.178104][T21351] F2FS-fs (loop3): invalid crc value
[ 1254.185091][T21351] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1254.217670][T21351] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1254.225117][T21351] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1254.580022][ T3984] usb 2-1: USB disconnect, device number 54
[ 1254.755880][  T759] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1254.768919][  T759] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1254.784665][  T759] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1254.818116][  T759] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1254.832771][  T759] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1254.844372][T20394] syz-executor: attempt to access beyond end of device
[ 1254.844372][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1254.917220][T12507] syz-executor: attempt to access beyond end of device
[ 1254.917220][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1254.933700][  T759] usb 6-1: Product: syz
[ 1254.939399][  T759] usb 6-1: Manufacturer: syz
[ 1254.944019][  T759] usb 6-1: SerialNumber: syz
[ 1255.175930][  T759] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 55 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1255.197886][  T759] usb 6-1: USB disconnect, device number 55
[ 1255.208314][T21382] device syzkaller0 entered promiscuous mode
[ 1255.230648][T21371] loop2: detected capacity change from 0 to 40427
[ 1255.238035][  T759] usblp0: removed
[ 1255.263802][T21371] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1255.270871][T21384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5622'.
[ 1255.292564][T21384] loop4: detected capacity change from 0 to 256
[ 1255.294152][T21371] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1255.324826][T21371] F2FS-fs (loop2): invalid crc value
[ 1255.335876][T21384] FAT-fs (loop4): Directory bread(block 64) failed
[ 1255.342934][T21384] FAT-fs (loop4): Directory bread(block 65) failed
[ 1255.345555][T21371] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1255.349573][T21384] FAT-fs (loop4): Directory bread(block 66) failed
[ 1255.367234][T21384] FAT-fs (loop4): Directory bread(block 67) failed
[ 1255.373794][T21384] FAT-fs (loop4): Directory bread(block 68) failed
[ 1255.380441][T21371] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1255.380556][T21384] FAT-fs (loop4): Directory bread(block 69) failed
[ 1255.387986][T21371] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1255.394334][T21384] FAT-fs (loop4): Directory bread(block 70) failed
[ 1255.408307][T21384] FAT-fs (loop4): Directory bread(block 71) failed
[ 1255.414878][T21384] FAT-fs (loop4): Directory bread(block 72) failed
[ 1255.421577][T21384] FAT-fs (loop4): Directory bread(block 73) failed
[ 1255.437670][   T28] kauditd_printk_skb: 20 callbacks suppressed
[ 1255.437685][   T28] audit: type=1326 audit(1750927326.265:8132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.459729][T21384] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5622'.
[ 1255.467377][   T28] audit: type=1326 audit(1750927326.284:8133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.480898][T21384] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56323 sclass=netlink_route_socket pid=21384 comm=syz.4.5622
[ 1255.499766][   T28] audit: type=1326 audit(1750927326.284:8134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.536128][   T28] audit: type=1326 audit(1750927326.284:8135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.559810][   T28] audit: type=1326 audit(1750927326.284:8136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.583495][   T28] audit: type=1326 audit(1750927326.284:8137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.607067][   T28] audit: type=1326 audit(1750927326.284:8138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.630673][   T28] audit: type=1326 audit(1750927326.284:8139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.631332][T20970] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1255.654434][   T28] audit: type=1326 audit(1750927326.284:8140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1255.685122][   T28] audit: type=1326 audit(1750927326.284:8141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.5622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa75038e929 code=0x7ffc0000
[ 1256.085306][T12262] syz-executor: attempt to access beyond end of device
[ 1256.085306][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1256.086058][T20970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1256.131791][T20970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1256.144232][T20970] usb 2-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1256.153363][T20970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1256.173332][T20970] usb 2-1: config 0 descriptor??
[ 1256.189197][T21401] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5629'.
[ 1256.306539][T21395] loop5: detected capacity change from 0 to 40427
[ 1256.326180][T21395] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1256.332973][T21395] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1256.370361][T21399] loop3: detected capacity change from 0 to 40427
[ 1256.387850][T21395] F2FS-fs (loop5): invalid crc value
[ 1256.396480][T21399] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1256.426793][T21395] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1256.457678][T21399] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1256.497663][T21399] F2FS-fs (loop3): invalid crc value
[ 1256.505304][T21395] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1256.512510][T21395] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1256.513865][T21399] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1256.572264][T21399] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1256.579486][T21399] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1256.627191][T20970] logitech-djreceiver 0003:046D:C534.0057: item fetching failed at offset 2/5
[ 1256.643215][T20970] logitech-djreceiver 0003:046D:C534.0057: logi_dj_probe: parse failed
[ 1256.895196][T20970] logitech-djreceiver: probe of 0003:046D:C534.0057 failed with error -22
[ 1256.922792][T20970] usb 2-1: USB disconnect, device number 55
[ 1256.933249][T20631] syz-executor: attempt to access beyond end of device
[ 1256.933249][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1257.106456][ T3984] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1257.192032][T21421] loop5: detected capacity change from 0 to 40427
[ 1257.205132][T21421] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1257.211786][T21421] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1257.230909][T21421] F2FS-fs (loop5): invalid crc value
[ 1257.237687][T21421] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1257.240507][T21425] loop4: detected capacity change from 0 to 40427
[ 1257.260151][T21425] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1257.266988][T21425] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1257.276020][T21421] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1257.281686][T21425] F2FS-fs (loop4): invalid crc value
[ 1257.284200][T21421] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1257.289780][T21425] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1257.312504][ T3984] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1257.324924][ T3984] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1257.332812][T21425] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1257.336549][ T3984] usb 4-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1257.342060][T21425] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1257.399788][ T3984] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1257.408061][ T3984] usb 4-1: Product: syz
[ 1257.412236][ T3984] usb 4-1: Manufacturer: syz
[ 1257.427077][ T3984] usb 4-1: SerialNumber: syz
[ 1257.645215][T21439] netlink: 'syz.1.5633': attribute type 6 has an invalid length.
[ 1257.652995][T21399] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1257.946627][T20631] syz-executor: attempt to access beyond end of device
[ 1257.946627][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1258.021583][T20394] syz-executor: attempt to access beyond end of device
[ 1258.021583][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1258.305990][T21399] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1258.421310][T20970] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1258.527619][ T3984] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1258.534089][ T3984] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1258.541602][ T3984] cdc_ncm 4-1:1.0: setting rx_max = 2048
[ 1258.614820][T20970] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1258.624795][T20970] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1258.634552][T20970] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1258.649321][T20970] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1258.659493][T21458] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5639'.
[ 1258.659540][T20970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1258.676625][T20970] usb 5-1: Product: syz
[ 1258.681404][T20970] usb 5-1: Manufacturer: syz
[ 1258.686643][T20970] usb 5-1: SerialNumber: syz
[ 1258.691150][T21458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5639'.
[ 1258.701640][T21458] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56323 sclass=netlink_route_socket pid=21458 comm=syz.1.5639
[ 1258.750109][ T3984] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1258.776992][ T3984] usb 4-1: USB disconnect, device number 68
[ 1258.783922][ T3984] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[ 1258.913059][T20970] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 38 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1258.930624][T20970] usb 5-1: USB disconnect, device number 38
[ 1258.946418][T20970] usblp0: removed
[ 1259.016556][T21460] loop5: detected capacity change from 0 to 40427
[ 1259.025671][T21460] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1259.032119][T21460] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1259.041160][T21460] F2FS-fs (loop5): invalid crc value
[ 1259.047823][T21460] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1259.075439][T21460] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1259.082508][T21460] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1259.362440][T18588] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1259.371723][T18588] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[ 1259.434719][T21468] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5641'.
[ 1259.473072][T21470] netlink: 'syz.4.5642': attribute type 7 has an invalid length.
[ 1259.480953][T21470] netlink: 'syz.4.5642': attribute type 8 has an invalid length.
[ 1259.494020][T21470] 9pnet_fd: Insufficient options for proto=fd
[ 1259.562802][T21477] netlink: 'syz.2.5645': attribute type 7 has an invalid length.
[ 1259.576339][T21477] netlink: 'syz.2.5645': attribute type 8 has an invalid length.
[ 1259.782897][T21480] loop2: detected capacity change from 0 to 40427
[ 1259.792876][T21480] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1259.799300][T21480] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1259.839373][T20970] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1259.848674][T20631] syz-executor: attempt to access beyond end of device
[ 1259.848674][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1259.849538][T21480] F2FS-fs (loop2): invalid crc value
[ 1259.971684][T21480] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1260.035602][T21480] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1260.044890][T21480] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1260.053599][T20970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1260.069945][T20970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1260.102506][T20970] usb 2-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1260.122524][T20970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1260.167602][T20970] usb 2-1: config 0 descriptor??
[ 1260.188560][T21486] loop5: detected capacity change from 0 to 40427
[ 1260.204055][T21486] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1260.219394][T21486] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1260.229468][T21486] F2FS-fs (loop5): invalid crc value
[ 1260.236194][T21486] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1260.267985][T21486] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1260.275122][T21486] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1260.380445][T21499] loop3: detected capacity change from 0 to 256
[ 1261.188229][T12262] syz-executor: attempt to access beyond end of device
[ 1261.188229][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1261.205067][T20970] logitech-djreceiver 0003:046D:C534.0058: item fetching failed at offset 2/5
[ 1261.214635][T20970] logitech-djreceiver 0003:046D:C534.0058: logi_dj_probe: parse failed
[ 1261.215359][T20631] syz-executor: attempt to access beyond end of device
[ 1261.215359][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1261.223051][T20970] logitech-djreceiver: probe of 0003:046D:C534.0058 failed with error -22
[ 1261.311751][T21507] netlink: 'syz.3.5655': attribute type 7 has an invalid length.
[ 1261.350739][T21507] netlink: 'syz.3.5655': attribute type 8 has an invalid length.
[ 1261.360277][T21507] 9pnet_fd: Insufficient options for proto=fd
[ 1261.410296][T21509] device syzkaller0 entered promiscuous mode
[ 1261.428152][  T385] usb 2-1: USB disconnect, device number 56
[ 1261.459218][T21505] loop4: detected capacity change from 0 to 40427
[ 1261.476984][T21505] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1261.487919][T21505] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1261.497052][T21505] F2FS-fs (loop4): invalid crc value
[ 1261.512059][T21505] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1261.545594][T21505] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1261.552657][T21505] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1261.724798][ T3984] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 1261.921675][ T3984] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1261.931411][ T3984] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1261.941233][ T3984] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1261.955523][ T3984] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1261.964613][ T3984] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1261.972721][ T3984] usb 4-1: Product: syz
[ 1261.976890][ T3984] usb 4-1: Manufacturer: syz
[ 1261.981583][ T3984] usb 4-1: SerialNumber: syz
[ 1262.219995][T20394] syz-executor: attempt to access beyond end of device
[ 1262.219995][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1262.316976][ T3984] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 69 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1262.447534][ T3984] usb 4-1: USB disconnect, device number 69
[ 1262.512423][ T3984] usblp0: removed
[ 1263.103819][  T385] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1263.142011][T20970] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[ 1263.151889][T21536] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5662'.
[ 1263.183275][T21533] loop4: detected capacity change from 0 to 40427
[ 1263.193003][T21533] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1263.199498][T21533] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1263.212107][T21533] F2FS-fs (loop4): invalid crc value
[ 1263.220210][T21533] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1263.263516][T21533] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1263.275239][T21533] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1263.297324][  T385] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1263.350834][T20970] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1263.363849][  T385] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1263.365786][T20970] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1263.374155][  T385] usb 3-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1263.389547][T20970] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1263.392380][  T385] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1263.406813][T20970] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1263.413952][  T385] usb 3-1: config 0 descriptor??
[ 1263.427453][T20970] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1263.435719][T20970] usb 6-1: Product: syz
[ 1263.439879][T20970] usb 6-1: Manufacturer: syz
[ 1263.444469][T20970] usb 6-1: SerialNumber: syz
[ 1263.672038][T20970] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 56 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1263.858634][  T385] logitech-djreceiver 0003:046D:C534.0059: item fetching failed at offset 2/5
[ 1263.867832][  T385] logitech-djreceiver 0003:046D:C534.0059: logi_dj_probe: parse failed
[ 1263.937913][T20394] syz-executor: attempt to access beyond end of device
[ 1263.937913][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1263.944238][  T385] logitech-djreceiver: probe of 0003:046D:C534.0059 failed with error -22
[ 1263.963555][T21523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1263.973020][T21523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1264.004708][T21523] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5657'.
[ 1264.062138][T21548] netlink: 'syz.4.5664': attribute type 7 has an invalid length.
[ 1264.085441][T21548] netlink: 'syz.4.5664': attribute type 8 has an invalid length.
[ 1264.144254][T20970] usb 3-1: USB disconnect, device number 73
[ 1264.236585][  T759] usb 6-1: USB disconnect, device number 56
[ 1264.244518][  T759] usblp0: removed
[ 1264.865880][T21564] loop3: detected capacity change from 0 to 40427
[ 1264.875401][T21564] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1264.881789][T21564] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1264.890775][T21564] F2FS-fs (loop3): invalid crc value
[ 1264.897522][T21564] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1264.925951][T21564] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1264.934558][T21564] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1265.322624][T21578] 9pnet_fd: Insufficient options for proto=fd
[ 1265.332077][T21570] loop5: detected capacity change from 0 to 40427
[ 1265.348409][T21570] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1265.354861][T21570] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1265.373661][T21570] F2FS-fs (loop5): invalid crc value
[ 1265.385195][T21570] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1265.417913][T21570] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1265.425059][T21570] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1265.448367][T21574] loop2: detected capacity change from 0 to 40427
[ 1265.456894][T21574] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1265.463384][T21574] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1265.486141][T21574] F2FS-fs (loop2): invalid crc value
[ 1265.493907][T21574] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1265.530275][T21574] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1265.537367][T21574] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1265.648161][  T385] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1265.712602][T12507] syz-executor: attempt to access beyond end of device
[ 1265.712602][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1265.852422][  T385] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1265.862183][  T385] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1265.871861][  T385] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1265.886518][T20631] syz-executor: attempt to access beyond end of device
[ 1265.886518][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1265.894515][  T385] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1265.909561][  T385] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1265.935855][  T385] usb 2-1: Product: syz
[ 1265.940234][  T385] usb 2-1: Manufacturer: syz
[ 1265.944947][  T385] usb 2-1: SerialNumber: syz
[ 1265.951633][T12262] syz-executor: attempt to access beyond end of device
[ 1265.951633][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1266.063752][T21598] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5676'.
[ 1266.111196][T21602] netlink: 'syz.3.5678': attribute type 7 has an invalid length.
[ 1266.128388][T21602] netlink: 'syz.3.5678': attribute type 8 has an invalid length.
[ 1266.142062][T21602] 9pnet_fd: Insufficient options for proto=fd
[ 1266.198962][  T385] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 57 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1266.349303][T21615] loop2: detected capacity change from 0 to 256
[ 1266.429267][T21578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1266.437824][T21578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1266.447799][T21578] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5673'.
[ 1266.492762][T20970] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1266.750665][  T759] usb 2-1: USB disconnect, device number 57
[ 1266.774849][  T759] usblp0: removed
[ 1266.857318][T20970] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1266.871432][T20970] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1266.891346][T20970] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1266.919204][T20970] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1266.937114][T20970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1266.958405][T20970] usb 4-1: Product: syz
[ 1266.971246][T20970] usb 4-1: Manufacturer: syz
[ 1266.979215][T20970] usb 4-1: SerialNumber: syz
[ 1266.984862][T21621] loop5: detected capacity change from 0 to 1024
[ 1267.000013][T21619] loop4: detected capacity change from 0 to 40427
[ 1267.000377][T21621] EXT4-fs: Ignoring removed i_version option
[ 1267.007142][T21619] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1267.019334][T21619] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1267.034567][T21619] F2FS-fs (loop4): invalid crc value
[ 1267.040257][T21621] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[ 1267.059710][T21619] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1267.089595][T20631] EXT4-fs (loop5): unmounting filesystem.
[ 1267.090792][T21619] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1267.102508][T21619] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1267.213640][T20970] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 70 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1267.386969][T21632] loop2: detected capacity change from 0 to 40427
[ 1267.401870][T21632] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1267.415056][T21632] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1267.423368][  T759] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[ 1267.427098][T21608] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1267.432614][T21632] F2FS-fs (loop2): invalid crc value
[ 1267.446433][T21608] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1267.457595][T21608] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5680'.
[ 1267.467360][T21632] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1267.515504][T21632] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1267.523044][T21632] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1267.637652][  T759] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1267.652890][  T759] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1267.666000][  T759] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1267.685593][  T759] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1267.692191][T21644] netlink: 'syz.1.5690': attribute type 7 has an invalid length.
[ 1267.700564][  T759] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1267.721375][  T759] usb 6-1: Product: syz
[ 1267.731754][  T759] usb 6-1: Manufacturer: syz
[ 1267.733919][T21644] netlink: 'syz.1.5690': attribute type 8 has an invalid length.
[ 1267.736791][  T759] usb 6-1: SerialNumber: syz
[ 1267.749015][T20394] syz-executor: attempt to access beyond end of device
[ 1267.749015][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1267.770294][T20970] usb 4-1: USB disconnect, device number 70
[ 1267.770649][T21644] 9pnet_fd: Insufficient options for proto=fd
[ 1267.783551][T20970] usblp0: removed
[ 1267.884926][T21649] loop4: detected capacity change from 0 to 2048
[ 1267.901193][T21649] SELinux: security_context_str_to_sid (root) failed with errno=-22
[ 1267.991857][  T759] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 57 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1268.004340][  T759] usb 6-1: USB disconnect, device number 57
[ 1268.011194][  T759] usblp0: removed
[ 1268.096367][  T385] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1268.207159][T12262] syz-executor: attempt to access beyond end of device
[ 1268.207159][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1268.289939][  T385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1268.304181][  T385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1268.310792][T21659] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5695'.
[ 1268.314237][  T385] usb 2-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1268.333262][  T385] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1268.346199][  T385] usb 2-1: config 0 descriptor??
[ 1268.532598][T21662] loop3: detected capacity change from 0 to 40427
[ 1268.558896][T21662] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1268.574917][T21662] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1268.614381][T21662] F2FS-fs (loop3): invalid crc value
[ 1268.627367][T21668] loop5: detected capacity change from 0 to 256
[ 1268.634681][T21662] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1268.685547][T21662] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1268.692618][T21662] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1269.382492][  T385] logitech-djreceiver 0003:046D:C534.005A: item fetching failed at offset 2/5
[ 1269.394071][  T385] logitech-djreceiver 0003:046D:C534.005A: logi_dj_probe: parse failed
[ 1269.407222][  T385] logitech-djreceiver: probe of 0003:046D:C534.005A failed with error -22
[ 1269.418101][  T385] usb 2-1: USB disconnect, device number 58
[ 1269.760305][T21683] netlink: 'syz.4.5703': attribute type 7 has an invalid length.
[ 1269.768186][T21683] netlink: 'syz.4.5703': attribute type 8 has an invalid length.
[ 1269.777815][T21683] 9pnet_fd: Insufficient options for proto=fd
[ 1269.796377][T12507] syz-executor: attempt to access beyond end of device
[ 1269.796377][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1270.255814][  T759] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1270.384227][  T385] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1270.449364][  T759] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1270.461301][  T759] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1270.471029][  T759] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1270.488945][  T759] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1270.498074][  T759] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1270.506268][  T759] usb 5-1: Product: syz
[ 1270.510455][  T759] usb 5-1: Manufacturer: syz
[ 1270.515089][  T759] usb 5-1: SerialNumber: syz
[ 1270.555171][T20970] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1270.577611][  T385] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1270.587444][  T385] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1270.597143][  T385] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1270.650335][  T385] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1270.671745][  T385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1270.680165][  T385] usb 4-1: Product: syz
[ 1270.684337][  T385] usb 4-1: Manufacturer: syz
[ 1270.688922][  T385] usb 4-1: SerialNumber: syz
[ 1270.741044][  T759] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 39 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1270.754960][T20970] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1270.765158][  T759] usb 5-1: USB disconnect, device number 39
[ 1270.771095][T20970] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1270.781058][T20970] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1270.794101][  T759] usblp0: removed
[ 1270.801165][T20970] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1270.810220][T20970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1270.818345][T20970] usb 3-1: Product: syz
[ 1270.822729][T20970] usb 3-1: Manufacturer: syz
[ 1270.827303][T20970] usb 3-1: SerialNumber: syz
[ 1270.911487][  T385] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 71 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1270.925543][  T385] usb 4-1: USB disconnect, device number 71
[ 1270.932145][  T385] usblp0: removed
[ 1270.950757][  T885] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[ 1271.047853][T20970] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 74 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1271.154864][  T885] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1271.165805][  T885] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1271.174833][  T885] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1271.195367][  T885] usb 6-1: config 0 descriptor??
[ 1271.223938][T21702] netlink: 'syz.1.5709': attribute type 7 has an invalid length.
[ 1271.231751][T21702] netlink: 'syz.1.5709': attribute type 8 has an invalid length.
[ 1271.264149][T21694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1271.273272][T21694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1271.281974][T21694] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5706'.
[ 1271.328456][T21706] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5711'.
[ 1271.545548][  T385] usb 3-1: USB disconnect, device number 74
[ 1271.571297][  T385] usblp0: removed
[ 1271.710692][  T885] usbhid 6-1:0.0: can't add hid device: -71
[ 1271.716680][  T885] usbhid: probe of 6-1:0.0 failed with error -71
[ 1271.727188][  T885] usb 6-1: USB disconnect, device number 58
[ 1272.030463][T20970] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1272.224242][T20970] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1272.237697][T21716] loop4: detected capacity change from 0 to 2048
[ 1272.238866][T20970] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1272.253835][T20970] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1272.270725][T21716] SELinux: security_context_str_to_sid (root) failed with errno=-22
[ 1272.287990][T20970] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1272.300839][T20970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1272.309258][T20970] usb 4-1: Product: syz
[ 1272.321351][T20970] usb 4-1: Manufacturer: syz
[ 1272.329364][T20970] usb 4-1: SerialNumber: syz
[ 1272.440453][T21720] loop2: detected capacity change from 0 to 40427
[ 1272.458139][T21720] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1272.464515][T21720] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1272.477757][T21720] F2FS-fs (loop2): invalid crc value
[ 1272.484588][T21720] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1272.491452][T21722] loop5: detected capacity change from 0 to 40427
[ 1272.502175][  T385] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1272.513232][T21722] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1272.519703][T21722] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1272.528904][T21720] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1272.536121][T21720] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1272.543843][T21722] F2FS-fs (loop5): invalid crc value
[ 1272.557898][T20970] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 72 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1272.573246][T20970] usb 4-1: USB disconnect, device number 72
[ 1272.579364][T21722] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1272.597048][T20970] usblp0: removed
[ 1272.624285][T21722] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1272.631456][T21722] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1272.639868][ T3984] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1272.729861][  T385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1272.741766][  T385] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1272.750880][  T385] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1272.763952][  T385] usb 2-1: config 0 descriptor??
[ 1272.994607][ T3984] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1273.010369][ T3984] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1273.021085][ T3984] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1273.030885][ T3984] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1273.039626][  T385] usbhid 2-1:0.0: can't add hid device: -71
[ 1273.045854][  T385] usbhid: probe of 2-1:0.0 failed with error -71
[ 1273.080499][ T3984] usb 5-1: config 0 descriptor??
[ 1273.131826][  T385] usb 2-1: USB disconnect, device number 59
[ 1273.227668][T12262] syz-executor: attempt to access beyond end of device
[ 1273.227668][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1273.257987][T20631] syz-executor: attempt to access beyond end of device
[ 1273.257987][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1273.343639][T21738] netlink: 'syz.3.5721': attribute type 7 has an invalid length.
[ 1273.357564][T21738] netlink: 'syz.3.5721': attribute type 8 has an invalid length.
[ 1273.526195][ T3984] logitech-djreceiver 0003:046D:C534.005B: item fetching failed at offset 2/5
[ 1273.536283][ T3984] logitech-djreceiver 0003:046D:C534.005B: logi_dj_probe: parse failed
[ 1273.563301][T21749] loop3: detected capacity change from 0 to 512
[ 1273.571535][T21749] EXT4-fs: Ignoring removed nobh option
[ 1273.582286][ T3984] logitech-djreceiver: probe of 0003:046D:C534.005B failed with error -22
[ 1273.756789][ T3984] usb 5-1: USB disconnect, device number 40
[ 1273.796892][T21749] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1274.391146][T12507] EXT4-fs (loop3): unmounting filesystem.
[ 1274.458483][T21759] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5725'.
[ 1274.542666][T21761] loop5: detected capacity change from 0 to 1024
[ 1274.586146][T21761] EXT4-fs: Ignoring removed i_version option
[ 1274.641263][T21761] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[ 1274.690340][T21757] loop4: detected capacity change from 0 to 40427
[ 1274.703171][T21757] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1274.711345][T21757] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1274.724726][T21757] F2FS-fs (loop4): invalid crc value
[ 1274.777608][T21757] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1274.803656][T21770] 9pnet_fd: Insufficient options for proto=fd
[ 1274.813712][T20631] EXT4-fs (loop5): unmounting filesystem.
[ 1274.961669][T21757] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1274.998487][T21757] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1275.085774][T21779] 9pnet_fd: Insufficient options for proto=fd
[ 1275.154271][ T3984] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1275.346291][ T3984] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1275.369505][ T3984] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1275.403215][ T3984] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1275.430341][ T3984] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1275.456623][ T3984] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1275.480987][ T3984] usb 3-1: Product: syz
[ 1275.493514][ T3984] usb 3-1: Manufacturer: syz
[ 1275.502215][T20970] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[ 1275.505871][ T3984] usb 3-1: SerialNumber: syz
[ 1275.600097][T20394] syz-executor: attempt to access beyond end of device
[ 1275.600097][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1275.615921][T21786] loop3: detected capacity change from 0 to 40427
[ 1275.633194][T21786] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1275.639558][T21786] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1275.660223][T21786] F2FS-fs (loop3): invalid crc value
[ 1275.667550][T21786] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1275.707135][T21791] device syzkaller0 entered promiscuous mode
[ 1275.709220][T21786] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1275.719813][T20970] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1275.720367][T21786] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1275.729958][T20970] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1275.739286][ T3984] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 75 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1275.747267][T20970] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1275.784514][T20970] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1275.793658][T20970] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1275.801812][T20970] usb 6-1: Product: syz
[ 1275.806039][T20970] usb 6-1: Manufacturer: syz
[ 1275.810675][T20970] usb 6-1: SerialNumber: syz
[ 1276.083599][T21770] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1276.092833][T21770] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1276.149302][T21770] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5727'.
[ 1276.193611][T20970] usblp 6-1:1.0: usblp1: USB Unidirectional printer dev 59 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1276.353531][T12507] syz-executor: attempt to access beyond end of device
[ 1276.353531][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1276.410602][T21779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1276.419459][T21779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1276.431613][T21779] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5729'.
[ 1276.440986][ T3984] usb 3-1: USB disconnect, device number 75
[ 1276.450288][ T3984] usblp0: removed
[ 1276.676295][ T3984] usb 6-1: USB disconnect, device number 59
[ 1276.709693][ T3984] usblp1: removed
[ 1276.793888][T21801] loop3: detected capacity change from 0 to 40427
[ 1276.802639][T21801] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1276.809181][T21801] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1276.818234][T21801] F2FS-fs (loop3): invalid crc value
[ 1276.824974][T21801] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1276.846265][T21801] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1276.853944][T21801] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1277.357956][  T385] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1277.383162][T21809] device syzkaller0 entered promiscuous mode
[ 1277.538139][T12507] syz-executor: attempt to access beyond end of device
[ 1277.538139][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1277.569508][  T385] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1277.587665][  T385] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1277.619180][  T385] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1277.629931][  T385] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1277.671123][  T385] usb 5-1: config 0 descriptor??
[ 1277.697504][T21825] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5741'.
[ 1277.838660][T21820] loop3: detected capacity change from 0 to 40427
[ 1277.849398][T21820] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1277.858911][T21820] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1278.012446][T21820] F2FS-fs (loop3): invalid crc value
[ 1278.034947][T21820] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1278.099168][T21820] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1278.108219][T21820] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1278.114305][  T385] logitech-djreceiver 0003:046D:C534.005C: item fetching failed at offset 2/5
[ 1278.128578][  T385] logitech-djreceiver 0003:046D:C534.005C: logi_dj_probe: parse failed
[ 1278.137092][  T385] logitech-djreceiver: probe of 0003:046D:C534.005C failed with error -22
[ 1278.876873][T20970] usb 5-1: USB disconnect, device number 41
[ 1278.940157][T21843] overlayfs: missing 'lowerdir'
[ 1278.946655][T21839] netlink: 'syz.1.5744': attribute type 7 has an invalid length.
[ 1278.956461][T21839] netlink: 'syz.1.5744': attribute type 8 has an invalid length.
[ 1279.018357][T12507] syz-executor: attempt to access beyond end of device
[ 1279.018357][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1279.411850][T21849] loop3: detected capacity change from 0 to 40427
[ 1279.431732][T21849] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1279.455052][T21849] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1279.476311][T21849] F2FS-fs (loop3): invalid crc value
[ 1279.508996][T21849] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1279.578277][T21849] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1279.592206][T21849] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1279.723357][T21853] loop4: detected capacity change from 0 to 40427
[ 1279.730625][T21853] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1279.737027][T21853] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1279.845842][  T385] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1279.928615][T21853] F2FS-fs (loop4): invalid crc value
[ 1279.981196][T21853] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1280.017435][T21853] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1280.024545][T21853] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1280.082319][  T385] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1280.099134][  T385] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1280.127334][T21864] loop2: detected capacity change from 0 to 40427
[ 1280.137117][T21864] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1280.143667][T21864] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1280.152446][T12507] syz-executor: attempt to access beyond end of device
[ 1280.152446][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1280.152824][T21864] F2FS-fs (loop2): invalid crc value
[ 1280.168485][  T385] usb 2-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1280.187377][  T385] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1280.199680][  T385] usb 2-1: Product: syz
[ 1280.203867][  T385] usb 2-1: Manufacturer: syz
[ 1280.208463][  T385] usb 2-1: SerialNumber: syz
[ 1280.221707][T21864] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1280.258159][T21864] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1280.265299][T21864] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1280.478155][T21873] loop3: detected capacity change from 0 to 40427
[ 1280.498942][T21873] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1280.511856][T21873] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1280.511928][T21845] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1280.521054][T21873] F2FS-fs (loop3): invalid crc value
[ 1280.537566][T21873] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1280.567157][T21873] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1280.574335][T21873] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1280.794820][T20394] syz-executor: attempt to access beyond end of device
[ 1280.794820][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1280.897171][T12262] syz-executor: attempt to access beyond end of device
[ 1280.897171][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1281.026655][  T385] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[ 1281.032778][  T385] cdc_ncm 2-1:1.0: bind() failure
[ 1281.038688][  T385] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 1281.045510][  T385] cdc_ncm 2-1:1.1: bind() failure
[ 1281.135662][T21886] loop2: detected capacity change from 0 to 40427
[ 1281.145096][T21886] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1281.152464][T21886] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1281.161556][T21886] F2FS-fs (loop2): invalid crc value
[ 1281.168396][T21886] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1281.190525][T21886] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1281.197754][T21886] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1281.272930][T12507] syz-executor: attempt to access beyond end of device
[ 1281.272930][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1281.466326][T21893] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5754'.
[ 1281.581422][T21898] loop3: detected capacity change from 0 to 2048
[ 1281.589187][T21898] SELinux: security_context_str_to_sid (root) failed with errno=-22
[ 1281.609147][T21900] netlink: 'syz.3.5756': attribute type 7 has an invalid length.
[ 1281.617032][T21900] netlink: 'syz.3.5756': attribute type 8 has an invalid length.
[ 1281.896806][T12262] syz-executor: attempt to access beyond end of device
[ 1281.896806][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1282.080868][T21906] loop3: detected capacity change from 0 to 40427
[ 1282.088066][T21906] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1282.095899][T21906] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1282.104933][T21906] F2FS-fs (loop3): invalid crc value
[ 1282.308747][T21906] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1282.342429][T21906] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1282.351926][T21916] loop5: detected capacity change from 0 to 1024
[ 1282.352461][T21906] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1282.359778][T21916] EXT4-fs: Ignoring removed i_version option
[ 1282.394224][T21916] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[ 1282.458780][T20631] EXT4-fs (loop5): unmounting filesystem.
[ 1282.567754][T21921] loop5: detected capacity change from 0 to 40427
[ 1282.574905][T21921] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1282.581287][T21921] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1282.590962][T21921] F2FS-fs (loop5): invalid crc value
[ 1282.597836][T21921] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1282.614847][  T294] usb 2-1: USB disconnect, device number 60
[ 1282.633944][T21921] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1282.641546][T21921] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1282.796008][  T385] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1283.179257][T21931] loop2: detected capacity change from 0 to 40427
[ 1283.181920][  T385] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1283.194141][T21931] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1283.196866][  T385] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1283.210145][T21931] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1283.242865][T21931] F2FS-fs (loop2): invalid crc value
[ 1283.248719][  T385] usb 4-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1283.258766][  T385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1283.267262][  T385] usb 4-1: Product: syz
[ 1283.271797][  T385] usb 4-1: Manufacturer: syz
[ 1283.283755][  T385] usb 4-1: SerialNumber: syz
[ 1283.382486][T21931] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1283.407720][T20631] syz-executor: attempt to access beyond end of device
[ 1283.407720][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1283.415436][T21931] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1283.428782][T21931] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1283.529310][T21906] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1283.635428][T21942] device syzkaller0 entered promiscuous mode
[ 1283.839831][T21946] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5766'.
[ 1283.911536][T21948] netlink: 'syz.1.5767': attribute type 7 has an invalid length.
[ 1283.919418][T21948] netlink: 'syz.1.5767': attribute type 8 has an invalid length.
[ 1283.958437][T12262] syz-executor: attempt to access beyond end of device
[ 1283.958437][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1284.016578][T21950] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1284.025928][T21950] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1284.032002][  T385] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[ 1284.040323][  T385] cdc_ncm 4-1:1.0: bind() failure
[ 1284.046986][  T385] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1284.054193][  T385] cdc_ncm 4-1:1.1: bind() failure
[ 1284.127167][T21956] overlayfs: missing 'lowerdir'
[ 1284.172672][T21954] loop2: detected capacity change from 0 to 40427
[ 1284.189868][T21958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5771'.
[ 1284.208828][T21958] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5771'.
[ 1284.219527][T21958] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56323 sclass=netlink_route_socket pid=21958 comm=syz.1.5771
[ 1284.232637][   T28] kauditd_printk_skb: 54 callbacks suppressed
[ 1284.232655][   T28] audit: type=1326 audit(1750927353.177:8196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.243443][T21954] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1284.269118][T21954] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1284.269866][   T28] audit: type=1326 audit(1750927353.177:8197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.289714][T21954] F2FS-fs (loop2): invalid crc value
[ 1284.303159][   T28] audit: type=1326 audit(1750927353.177:8198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.308002][T21954] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1284.329925][   T28] audit: type=1326 audit(1750927353.177:8199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.361990][T21954] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1284.364529][   T28] audit: type=1326 audit(1750927353.177:8200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.371285][T21954] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1284.394891][   T28] audit: type=1326 audit(1750927353.177:8201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.499631][   T28] audit: type=1326 audit(1750927353.177:8202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.523491][   T28] audit: type=1326 audit(1750927353.177:8203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.546930][   T28] audit: type=1326 audit(1750927353.177:8204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.570826][   T28] audit: type=1326 audit(1750927353.186:8205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21957 comm="syz.1.5771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4847b8e929 code=0x7ffc0000
[ 1284.861159][T21966] loop5: detected capacity change from 0 to 40427
[ 1284.872297][T21966] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[ 1284.880572][T21966] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[ 1284.889558][T21966] F2FS-fs (loop5): invalid crc value
[ 1284.897659][T21966] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1284.946962][T12262] syz-executor: attempt to access beyond end of device
[ 1284.946962][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1284.977078][T21966] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[ 1284.989112][T21966] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1285.543394][T20970] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[ 1285.611616][  T385] usb 4-1: USB disconnect, device number 73
[ 1285.620430][T12507] syz-executor: attempt to access beyond end of device
[ 1285.620430][T12507] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1285.635234][ T7882] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1285.646321][ T7882] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[ 1285.736904][T20970] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1285.753399][T20970] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1285.772286][T20970] usb 6-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1285.789597][T20970] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1285.808525][T20970] usb 6-1: Product: syz
[ 1285.817279][T20970] usb 6-1: Manufacturer: syz
[ 1285.827442][T20970] usb 6-1: SerialNumber: syz
[ 1285.861152][T21989] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5778'.
[ 1285.942377][T21991] netlink: 'syz.1.5779': attribute type 7 has an invalid length.
[ 1285.950229][T21991] netlink: 'syz.1.5779': attribute type 8 has an invalid length.
[ 1285.956610][T21985] loop3: detected capacity change from 0 to 40427
[ 1285.974782][T21985] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1285.988066][T21985] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1286.000726][T21991] 9pnet: Could not find request transport: fd0x0000000000000007
[ 1286.006398][T21985] F2FS-fs (loop3): invalid crc value
[ 1286.010307][T21993] loop2: detected capacity change from 0 to 256
[ 1286.032625][T21985] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1286.056700][T21966] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1286.084498][T21985] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1286.091820][T21985] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1286.133071][T21998] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1286.142648][T21998] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1286.688272][T22008] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5782'.
[ 1286.728537][T12507] syz-executor: attempt to access beyond end of device
[ 1286.728537][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1286.942519][T21966] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1287.113750][T22012] loop3: detected capacity change from 0 to 40427
[ 1287.140683][T22012] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1287.148927][T22012] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1287.159168][T22012] F2FS-fs (loop3): invalid crc value
[ 1287.166573][T22014] loop2: detected capacity change from 0 to 40427
[ 1287.176074][T22014] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1287.183204][T20970] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1287.190920][T22012] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1287.202951][T20970] cdc_ncm 6-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1287.210430][T20970] cdc_ncm 6-1:1.0: setting rx_max = 2048
[ 1287.216388][T22014] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1287.231049][T22014] F2FS-fs (loop2): invalid crc value
[ 1287.247978][T22012] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1287.258876][T22014] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1287.260488][T22012] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1287.316283][T22014] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1287.323495][T22014] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1287.486223][T20970] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1287.523340][T20970] usb 6-1: USB disconnect, device number 60
[ 1287.791885][T12507] syz-executor: attempt to access beyond end of device
[ 1287.791885][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1287.868236][T20970] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP)
[ 1287.888591][T22028] netlink: 'syz.4.5786': attribute type 7 has an invalid length.
[ 1287.907263][T22028] netlink: 'syz.4.5786': attribute type 8 has an invalid length.
[ 1287.915309][T12262] syz-executor: attempt to access beyond end of device
[ 1287.915309][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1287.989876][T22034] loop4: detected capacity change from 0 to 1024
[ 1288.034627][T22034] EXT4-fs: Ignoring removed i_version option
[ 1288.060332][T22041] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5790'.
[ 1288.081627][T22034] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1288.214316][T22043] loop3: detected capacity change from 0 to 40427
[ 1288.217734][T20394] EXT4-fs (loop4): unmounting filesystem.
[ 1288.231639][T22043] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1288.238098][T22043] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1288.254293][T22043] F2FS-fs (loop3): invalid crc value
[ 1288.275252][T22059] netlink: 'syz.4.5791': attribute type 7 has an invalid length.
[ 1288.283447][T22059] netlink: 'syz.4.5791': attribute type 8 has an invalid length.
[ 1288.291641][T22043] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1288.306176][T22059] 9pnet: Could not find request transport: fd0x0000000000000007
[ 1288.325774][T20631] syz-executor: attempt to access beyond end of device
[ 1288.325774][T20631] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1288.356744][T22043] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1288.360469][T22065] device syzkaller0 entered promiscuous mode
[ 1288.370539][ T7908] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1288.374631][T22043] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1288.398419][ T7908] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[ 1288.449252][  T385] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1288.554886][T22070] loop4: detected capacity change from 0 to 40427
[ 1288.573299][T22070] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1288.590385][T22070] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1288.720462][  T385] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1288.760761][  T385] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1288.847741][  T385] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1288.866952][T22070] F2FS-fs (loop4): invalid crc value
[ 1288.876873][  T385] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1288.892606][  T385] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1288.907480][T22070] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1288.908209][  T385] usb 3-1: Product: syz
[ 1288.991637][  T385] usb 3-1: Manufacturer: syz
[ 1288.996269][  T385] usb 3-1: SerialNumber: syz
[ 1289.008764][T12507] syz-executor: attempt to access beyond end of device
[ 1289.008764][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1289.012053][T22070] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1289.030163][T22070] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1289.120446][T22091] loop5: detected capacity change from 0 to 512
[ 1289.129213][T22091] EXT4-fs: Ignoring removed nobh option
[ 1289.244357][  T385] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 76 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1289.421054][T22091] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[ 1289.565709][  T385] usb 3-1: USB disconnect, device number 76
[ 1289.748230][  T385] usblp0: removed
[ 1289.943299][T20631] EXT4-fs (loop5): unmounting filesystem.
[ 1289.998169][T22098] overlayfs: missing 'lowerdir'
[ 1290.542042][T22104] loop2: detected capacity change from 0 to 40427
[ 1290.551919][T22104] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1290.558418][T22104] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1290.567590][T22104] F2FS-fs (loop2): invalid crc value
[ 1290.795385][T22104] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1290.849985][T22104] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1290.860587][T22104] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1290.990926][T20394] syz-executor: attempt to access beyond end of device
[ 1290.990926][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1291.011903][T22117] loop3: detected capacity change from 0 to 1024
[ 1291.022496][T22117] EXT4-fs: Ignoring removed i_version option
[ 1291.031018][T22117] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1291.477797][T12507] EXT4-fs (loop3): unmounting filesystem.
[ 1291.544657][T12262] syz-executor: attempt to access beyond end of device
[ 1291.544657][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1291.560979][T22125] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5803'.
[ 1291.747642][T22123] loop4: detected capacity change from 0 to 40427
[ 1291.759219][T22130] device syzkaller0 entered promiscuous mode
[ 1291.766012][T22123] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1291.774980][T22123] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1291.794918][T22123] F2FS-fs (loop4): invalid crc value
[ 1291.833792][T22123] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1291.951795][T22128] loop2: detected capacity change from 0 to 40427
[ 1291.961175][T22123] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1291.968236][T22123] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1291.975831][T22128] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1291.982461][T22128] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1291.992124][T22128] F2FS-fs (loop2): invalid crc value
[ 1292.448197][T22128] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1292.478132][T22128] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1292.485241][T22128] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1292.513914][  T385] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1292.776171][T20394] syz-executor: attempt to access beyond end of device
[ 1292.776171][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1292.792654][T22146] netlink: 'syz.1.5807': attribute type 7 has an invalid length.
[ 1292.800603][T22146] netlink: 'syz.1.5807': attribute type 8 has an invalid length.
[ 1292.956323][  T385] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1292.967309][  T385] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1292.976408][  T385] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1292.985561][  T385] usb 4-1: config 0 descriptor??
[ 1293.218802][  T385] usbhid 4-1:0.0: can't add hid device: -71
[ 1293.235844][  T385] usbhid: probe of 4-1:0.0 failed with error -71
[ 1293.256594][  T385] usb 4-1: USB disconnect, device number 74
[ 1293.389139][T12262] syz-executor: attempt to access beyond end of device
[ 1293.389139][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1293.468946][T22158] loop5: detected capacity change from 0 to 40427
[ 1293.480653][T22158] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1293.490510][T22158] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1293.519887][T22158] F2FS-fs (loop5): invalid crc value
[ 1293.551500][T22158] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1293.604642][T22158] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1293.614804][T22158] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1293.714272][T22161] loop2: detected capacity change from 0 to 40427
[ 1293.721472][T22161] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1293.727922][T22161] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1293.736954][T22161] F2FS-fs (loop2): invalid crc value
[ 1293.786645][T22161] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1293.818490][T22172] 9pnet_fd: Insufficient options for proto=fd
[ 1293.847100][T22161] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1293.854409][T22161] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1293.994648][T22179] 9pnet_fd: Insufficient options for proto=fd
[ 1294.283691][T20631] syz-executor: attempt to access beyond end of device
[ 1294.283691][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1294.341823][  T385] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1294.352516][T20970] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 1294.388714][T22181] loop4: detected capacity change from 0 to 40427
[ 1294.393787][T22185] device syzkaller0 entered promiscuous mode
[ 1294.399025][T22181] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1294.408055][T22181] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1294.429772][T22181] F2FS-fs (loop4): invalid crc value
[ 1294.458048][T22181] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1294.469474][T12262] syz-executor: attempt to access beyond end of device
[ 1294.469474][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1294.501717][T22181] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1294.516640][T22181] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1294.546049][T20970] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1294.567373][  T385] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1294.568371][T20970] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1294.586953][  T385] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1294.587024][T20970] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1294.621927][T20970] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1294.641096][T20970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1294.651823][  T385] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1294.660332][T20970] usb 4-1: Product: syz
[ 1294.676832][T20970] usb 4-1: Manufacturer: syz
[ 1294.678394][  T385] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1294.681458][T20970] usb 4-1: SerialNumber: syz
[ 1294.690589][  T385] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1294.703330][  T385] usb 2-1: Product: syz
[ 1294.708185][  T385] usb 2-1: Manufacturer: syz
[ 1294.712885][  T385] usb 2-1: SerialNumber: syz
[ 1295.070597][T22191] loop5: detected capacity change from 0 to 40427
[ 1295.077658][T20970] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 75 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1295.092454][T22191] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1295.098842][T22191] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1295.108027][T22191] F2FS-fs (loop5): invalid crc value
[ 1295.114796][T22191] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1295.141249][T22191] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1295.149363][T22191] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1295.208639][T20394] syz-executor: attempt to access beyond end of device
[ 1295.208639][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1295.283162][T22172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1295.300760][  T385] usblp 2-1:1.0: usblp1: USB Unidirectional printer dev 61 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1295.312008][T22172] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1295.326058][T22172] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5813'.
[ 1295.903357][  T385] usb 4-1: USB disconnect, device number 75
[ 1295.922253][T22179] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5815'.
[ 1295.935744][T20631] syz-executor: attempt to access beyond end of device
[ 1295.935744][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1295.979832][T22211] loop4: detected capacity change from 0 to 512
[ 1295.987992][T22211] EXT4-fs: Ignoring removed nobh option
[ 1296.067323][T22211] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1296.113763][  T385] usblp0: removed
[ 1296.559789][  T385] usb 2-1: USB disconnect, device number 61
[ 1296.581018][  T385] usblp1: removed
[ 1296.592427][T20394] EXT4-fs (loop4): unmounting filesystem.
[ 1296.857489][T22208] loop2: detected capacity change from 0 to 40427
[ 1296.876324][T22208] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1296.890221][T22208] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1296.899786][T22208] F2FS-fs (loop2): invalid crc value
[ 1296.927474][T22208] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1297.001881][T22224] loop4: detected capacity change from 0 to 40427
[ 1297.024786][T22224] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1297.046243][T22224] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1297.049257][T22208] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1297.060222][T22224] F2FS-fs (loop4): invalid crc value
[ 1297.061658][T22208] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1297.068794][T22224] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1297.113662][T22224] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1297.120808][T22224] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1297.414408][T22244] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5827'.
[ 1297.484842][T12262] syz-executor: attempt to access beyond end of device
[ 1297.484842][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1297.532221][T22250] netlink: 'syz.3.5831': attribute type 6 has an invalid length.
[ 1297.570373][  T385] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1297.640657][T22255] 9pnet_fd: Insufficient options for proto=fd
[ 1297.741377][T20970] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1297.742733][T22252] loop3: detected capacity change from 0 to 40427
[ 1297.756163][T22252] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1297.762671][T22252] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1297.772170][T22252] F2FS-fs (loop3): invalid crc value
[ 1297.778710][  T385] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1297.782439][T22252] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1297.789825][  T385] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1297.815563][  T385] usb 5-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1297.816029][T22252] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1297.824704][  T385] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1297.831927][T22252] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1297.841066][  T385] usb 5-1: Product: syz
[ 1297.851572][  T385] usb 5-1: Manufacturer: syz
[ 1297.867609][  T385] usb 5-1: SerialNumber: syz
[ 1297.933818][  T294] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1297.945607][T20970] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1297.955400][T20970] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1297.965055][T20970] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1298.128531][  T294] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1298.150579][T22262] loop5: detected capacity change from 0 to 40427
[ 1298.157204][  T294] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1298.180851][T22224] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1298.181151][T22262] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1298.194465][  T294] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1298.194478][T20970] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1298.196036][  T294] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1298.207286][T22262] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1298.208157][T22262] F2FS-fs (loop5): invalid crc value
[ 1298.220266][  T294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1298.225476][T20970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1298.233910][  T294] usb 3-1: Product: syz
[ 1298.239462][T20970] usb 2-1: Product: syz
[ 1298.247228][  T294] usb 3-1: Manufacturer: syz
[ 1298.255328][T20970] usb 2-1: Manufacturer: syz
[ 1298.259625][  T294] usb 3-1: SerialNumber: syz
[ 1298.263726][T20970] usb 2-1: SerialNumber: syz
[ 1298.276506][T22262] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1298.309864][T22262] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1298.317012][T22262] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1298.474722][T12507] syz-executor: attempt to access beyond end of device
[ 1298.474722][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1298.498167][  T294] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 77 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1298.498908][T20970] usblp 2-1:1.0: usblp1: USB Unidirectional printer dev 62 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1298.550967][T20970] usb 2-1: USB disconnect, device number 62
[ 1298.562156][T20970] usblp1: removed
[ 1298.643552][  T385] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[ 1298.649623][  T385] cdc_ncm 5-1:1.0: bind() failure
[ 1298.656254][  T385] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1298.663268][  T385] cdc_ncm 5-1:1.1: bind() failure
[ 1298.780075][T22274] loop3: detected capacity change from 0 to 512
[ 1298.789948][T22274] EXT4-fs: Ignoring removed nobh option
[ 1298.945226][T22274] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1299.625933][T22280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1299.626565][T12507] EXT4-fs (loop3): unmounting filesystem.
[ 1299.644585][T22280] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1299.654300][T22255] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5829'.
[ 1299.936044][T20631] syz-executor: attempt to access beyond end of device
[ 1299.936044][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1300.196896][  T385] usb 3-1: USB disconnect, device number 77
[ 1300.258805][  T385] usblp0: removed
[ 1300.398142][T22300] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5841'.
[ 1300.489060][T22298] loop3: detected capacity change from 0 to 40427
[ 1300.505426][T22298] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1300.518668][T22298] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1300.527770][T22298] F2FS-fs (loop3): invalid crc value
[ 1300.534619][T22298] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1300.557860][T22298] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1300.564984][T22298] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1301.021140][T22317] loop2: detected capacity change from 0 to 512
[ 1301.029486][T22317] EXT4-fs: Ignoring removed nobh option
[ 1301.201663][T22317] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1301.542356][  T385] usb 5-1: USB disconnect, device number 42
[ 1301.669735][T20394] syz-executor: attempt to access beyond end of device
[ 1301.669735][T20394] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1301.981659][ T7908] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1302.032201][ T7908] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[ 1302.041796][T12262] EXT4-fs (loop2): unmounting filesystem.
[ 1302.230452][T12507] syz-executor: attempt to access beyond end of device
[ 1302.230452][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1302.262329][T22325] loop2: detected capacity change from 0 to 512
[ 1302.270767][T22325] EXT4-fs: Ignoring removed nobh option
[ 1302.540339][T22314] loop5: detected capacity change from 0 to 40427
[ 1302.557145][T22325] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1302.700485][T22314] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1302.786873][T22314] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1303.108354][T22314] F2FS-fs (loop5): invalid crc value
[ 1303.121227][T12262] EXT4-fs (loop2): unmounting filesystem.
[ 1303.163841][T22331] 9pnet_fd: Insufficient options for proto=fd
[ 1303.186263][T22314] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1303.235369][T22314] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1303.247086][T22314] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1303.389577][T22333] loop3: detected capacity change from 0 to 40427
[ 1303.401791][T22333] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1303.409705][T22333] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1303.419468][T22333] F2FS-fs (loop3): invalid crc value
[ 1303.434486][T22333] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1303.538538][  T294] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1303.538571][  T385] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1303.571719][T22333] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1303.579847][T22333] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1303.684901][T13498] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1303.761742][T20631] syz-executor: attempt to access beyond end of device
[ 1303.761742][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1303.782795][  T294] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1303.792821][  T385] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1303.803780][  T294] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1303.813433][  T294] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1303.827365][  T385] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1303.839198][  T385] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1303.848273][  T385] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.856966][  T385] usb 5-1: config 0 descriptor??
[ 1303.863448][  T294] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1303.873841][  T294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1303.881985][  T294] usb 3-1: Product: syz
[ 1303.886173][  T294] usb 3-1: Manufacturer: syz
[ 1303.890810][  T294] usb 3-1: SerialNumber: syz
[ 1303.953809][T13498] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1303.964801][T13498] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1303.974223][T22347] loop5: detected capacity change from 0 to 40427
[ 1303.976329][T13498] usb 2-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1303.984587][T22347] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1303.992424][T13498] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1303.997070][T22347] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1304.013534][T13498] usb 2-1: Product: syz
[ 1304.017869][T13498] usb 2-1: Manufacturer: syz
[ 1304.022603][T13498] usb 2-1: SerialNumber: syz
[ 1304.027561][T22347] F2FS-fs (loop5): invalid crc value
[ 1304.035109][T22347] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1304.062377][T22347] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1304.069521][T22347] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1304.101847][T12507] syz-executor: attempt to access beyond end of device
[ 1304.101847][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1304.117910][  T294] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 78 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1304.282666][T22321] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1304.324849][  T385] logitech-djreceiver 0003:046D:C534.005D: item fetching failed at offset 2/5
[ 1304.335230][  T385] logitech-djreceiver 0003:046D:C534.005D: logi_dj_probe: parse failed
[ 1304.343586][  T385] logitech-djreceiver: probe of 0003:046D:C534.005D failed with error -22
[ 1304.689630][  T885] usb 5-1: USB disconnect, device number 43
[ 1304.702941][T22331] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5849'.
[ 1304.795836][T20631] syz-executor: attempt to access beyond end of device
[ 1304.795836][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1304.853649][T22359] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5852'.
[ 1304.911801][T22361] loop5: detected capacity change from 0 to 256
[ 1304.936737][T20970] usb 3-1: USB disconnect, device number 78
[ 1304.942841][T22321] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1304.954529][T20970] usblp0: removed
[ 1305.236205][T13498] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1305.242670][T13498] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1305.250249][T13498] cdc_ncm 2-1:1.0: setting rx_max = 2048
[ 1305.335772][T22365] overlayfs: missing 'lowerdir'
[ 1305.454716][T13498] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1305.471627][T13498] usb 2-1: USB disconnect, device number 63
[ 1305.478753][T13498] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)
[ 1305.518699][T22377] 9pnet_fd: Insufficient options for proto=fd
[ 1305.812825][  T385] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 1305.898341][  T885] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1306.006207][  T385] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1306.015975][  T385] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1306.025627][  T385] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1306.040616][  T385] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1306.050563][  T385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1306.058721][  T385] usb 4-1: Product: syz
[ 1306.062921][  T385] usb 4-1: Manufacturer: syz
[ 1306.067511][  T385] usb 4-1: SerialNumber: syz
[ 1306.091903][  T885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1306.103143][  T885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1306.112950][  T885] usb 3-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1306.122110][  T885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1306.130182][T20970] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[ 1306.138714][  T885] usb 3-1: config 0 descriptor??
[ 1306.295507][  T385] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 76 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1306.349599][T20970] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1306.367371][T20970] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1306.387358][T20970] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1306.398856][T20970] usb 6-1: config 0 descriptor??
[ 1306.511247][T22377] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5856'.
[ 1306.576417][  T885] logitech-djreceiver 0003:046D:C534.005E: item fetching failed at offset 2/5
[ 1306.585946][  T885] logitech-djreceiver 0003:046D:C534.005E: logi_dj_probe: parse failed
[ 1306.595077][  T885] logitech-djreceiver: probe of 0003:046D:C534.005E failed with error -22
[ 1306.625032][T20970] usbhid 6-1:0.0: can't add hid device: -71
[ 1306.634491][T20970] usbhid: probe of 6-1:0.0 failed with error -71
[ 1306.656505][T20970] usb 6-1: USB disconnect, device number 61
[ 1306.760257][  T885] usb 4-1: USB disconnect, device number 76
[ 1306.766687][  T885] usblp0: removed
[ 1307.033073][  T759] usb 3-1: USB disconnect, device number 79
[ 1307.362296][T22423] overlayfs: missing 'lowerdir'
[ 1307.473887][T22425] overlayfs: missing 'lowerdir'
[ 1307.480944][T22429] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5867'.
[ 1307.634352][T22435] device syzkaller0 entered promiscuous mode
[ 1307.931694][T22437] loop4: detected capacity change from 0 to 40427
[ 1307.952136][T22437] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1307.967136][T22437] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1307.976491][T22437] F2FS-fs (loop4): invalid crc value
[ 1307.984259][T22437] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1308.018025][T22437] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1308.025185][T22437] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1308.421364][  T759] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1308.490250][T22450] loop3: detected capacity change from 0 to 40427
[ 1308.506934][T22450] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1308.513339][T22450] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1308.527338][T22450] F2FS-fs (loop3): invalid crc value
[ 1308.534040][T22450] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1308.559836][T22450] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1308.567001][T22450] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1308.614816][  T759] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1308.632234][  T759] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1308.649453][  T759] usb 5-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1308.658697][  T759] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1308.666773][  T759] usb 5-1: Product: syz
[ 1308.672080][  T759] usb 5-1: Manufacturer: syz
[ 1308.676744][  T759] usb 5-1: SerialNumber: syz
[ 1309.427466][T12507] syz-executor: attempt to access beyond end of device
[ 1309.427466][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1309.445676][T22437] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1309.562893][  T885] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1309.588006][T22467] netlink: 'syz.2.5876': attribute type 7 has an invalid length.
[ 1309.595999][T22467] netlink: 'syz.2.5876': attribute type 8 has an invalid length.
[ 1310.090043][  T885] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1310.099837][  T885] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1310.109514][  T885] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1310.123682][  T885] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1310.132789][  T885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1310.140983][  T885] usb 2-1: Product: syz
[ 1310.145176][  T885] usb 2-1: Manufacturer: syz
[ 1310.149876][  T885] usb 2-1: SerialNumber: syz
[ 1310.272521][T22437] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1310.372820][  T885] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 64 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1310.386946][  T885] usb 2-1: USB disconnect, device number 64
[ 1310.393580][  T885] usblp0: removed
[ 1310.494448][  T759] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1310.501167][  T759] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1310.528055][  T759] cdc_ncm 5-1:1.0: setting rx_max = 2048
[ 1310.780062][T13498] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 1310.797613][T22485] overlayfs: missing 'lowerdir'
[ 1310.894359][  T759] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1310.907547][  T759] usb 5-1: USB disconnect, device number 44
[ 1310.913762][  T759] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[ 1310.988042][T13498] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1310.999017][T13498] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1311.009210][T13498] usb 4-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1311.018313][T13498] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1311.026914][T13498] usb 4-1: config 0 descriptor??
[ 1311.080673][T22489] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5882'.
[ 1311.485357][T13498] logitech-djreceiver 0003:046D:C534.005F: item fetching failed at offset 2/5
[ 1311.499708][T20394] syz-executor: attempt to access beyond end of device
[ 1311.499708][T20394] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1311.502016][T13498] logitech-djreceiver 0003:046D:C534.005F: logi_dj_probe: parse failed
[ 1311.514296][T19768] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1311.522050][T13498] logitech-djreceiver: probe of 0003:046D:C534.005F failed with error -22
[ 1311.531337][T19768] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[ 1311.917398][T22504] syz.1.5887[22504] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1311.917491][T22504] syz.1.5887[22504] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1313.826264][T13498] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1313.960512][  T385] usb 4-1: USB disconnect, device number 77
[ 1314.132962][T22512] loop4: detected capacity change from 0 to 40427
[ 1314.140970][T22512] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1314.147416][T22512] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1314.196171][T13498] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1314.234069][T13498] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1314.256814][T22512] F2FS-fs (loop4): invalid crc value
[ 1314.337719][T22512] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1314.359777][T13498] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1314.388322][T22512] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1314.389571][T13498] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1314.395459][T22512] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1314.465277][T13498] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1314.473542][T13498] usb 3-1: Product: syz
[ 1314.477849][T13498] usb 3-1: Manufacturer: syz
[ 1314.482461][T13498] usb 3-1: SerialNumber: syz
[ 1314.669939][T22527] overlayfs: missing 'lowerdir'
[ 1314.724212][T13498] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 80 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1314.768136][T13498] usb 3-1: USB disconnect, device number 80
[ 1314.782871][T13498] usblp0: removed
[ 1314.949778][T20394] syz-executor: attempt to access beyond end of device
[ 1314.949778][T20394] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1314.992301][T22536] 9pnet_fd: Insufficient options for proto=fd
[ 1315.064638][T22539] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5893'.
[ 1315.149297][T22545] loop4: detected capacity change from 0 to 256
[ 1316.034825][  T385] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[ 1316.084213][T22554] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5899'.
[ 1316.275118][T22561] syz.4.5901[22561] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1316.275477][T22561] syz.4.5901[22561] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1316.305604][T22561] loop4: detected capacity change from 0 to 512
[ 1316.325276][T22561] EXT4-fs: Ignoring removed nobh option
[ 1316.368892][  T385] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1316.524944][T22561] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1316.571689][  T385] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1316.708391][  T385] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1316.878360][  T385] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1316.960680][  T385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1317.059311][  T385] usb 4-1: Product: syz
[ 1317.063965][  T385] usb 4-1: Manufacturer: syz
[ 1317.077261][T20394] EXT4-fs (loop4): unmounting filesystem.
[ 1317.101845][  T385] usb 4-1: SerialNumber: syz
[ 1317.339619][  T385] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 78 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1317.581103][T22536] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5895'.
[ 1317.581231][  T759] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[ 1317.602842][  T885] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1317.798120][  T759] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1317.807896][  T885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1317.818788][  T759] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1317.827669][  T385] usb 4-1: USB disconnect, device number 78
[ 1317.828470][  T885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1317.837463][  T385] usblp0: removed
[ 1317.845046][  T759] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1317.860638][  T885] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.04
[ 1317.869763][  T885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1317.878564][  T885] usb 5-1: config 0 descriptor??
[ 1317.884054][  T759] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1317.893800][  T759] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1317.901949][  T759] usb 6-1: Product: syz
[ 1317.906151][  T759] usb 6-1: Manufacturer: syz
[ 1317.910753][  T759] usb 6-1: SerialNumber: syz
[ 1318.074915][T20970] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1318.132826][  T759] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 62 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1318.147924][  T759] usb 6-1: USB disconnect, device number 62
[ 1318.154675][  T759] usblp0: removed
[ 1318.192404][T22579] loop2: detected capacity change from 0 to 1024
[ 1318.199285][T22579] EXT4-fs: Ignoring removed i_version option
[ 1318.211808][T22579] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1318.247506][T12262] EXT4-fs (loop2): unmounting filesystem.
[ 1318.268559][T20970] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1318.282652][T20970] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1318.294263][T20970] usb 2-1: New USB device found, idVendor=0525, idProduct=e4a1, bcdDevice= 0.40
[ 1318.303396][T20970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1318.312639][T20970] usb 2-1: Product: syz
[ 1318.317311][T20970] usb 2-1: Manufacturer: syz
[ 1318.322001][T20970] usb 2-1: SerialNumber: syz
[ 1318.326698][  T885] usbhid 5-1:0.0: can't add hid device: -71
[ 1318.332673][  T885] usbhid: probe of 5-1:0.0 failed with error -71
[ 1318.345165][  T885] usb 5-1: USB disconnect, device number 45
[ 1318.412414][T22584] loop2: detected capacity change from 0 to 40427
[ 1318.427734][T22584] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 1318.444964][T22584] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1318.454132][T22584] F2FS-fs (loop2): invalid crc value
[ 1318.461228][T22584] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1318.493296][T22584] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 1318.500478][T22584] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1318.525652][T22586] loop3: detected capacity change from 0 to 40427
[ 1318.537566][T22586] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1318.554789][T22586] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1318.574843][T22586] F2FS-fs (loop3): invalid crc value
[ 1318.586821][T22574] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[ 1318.589367][T22586] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1318.616783][T22586] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1318.623879][T22586] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1319.058824][T22599] loop5: detected capacity change from 0 to 40427
[ 1319.069211][T22599] F2FS-fs (loop5): Invalid SB checksum offset: 0
[ 1319.075648][T22599] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 1319.089677][T22599] F2FS-fs (loop5): invalid crc value
[ 1319.104802][T22599] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1319.138946][T22599] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[ 1319.146129][T22599] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 1319.254850][T22574] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[ 1319.274617][  T885] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1319.282583][T12262] syz-executor: attempt to access beyond end of device
[ 1319.282583][T12262] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1319.498068][T12507] syz-executor: attempt to access beyond end of device
[ 1319.498068][T12507] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1319.588615][T20970] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1319.595214][T20970] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1319.602694][T20970] cdc_ncm 2-1:1.0: setting rx_max = 2048
[ 1319.663835][T22612] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5914'.
[ 1319.713655][  T885] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1319.723589][  T885] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1319.763231][T20970] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1319.774513][T20631] syz-executor: attempt to access beyond end of device
[ 1319.774513][T20631] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1319.788558][  T885] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1319.806116][T20970] usb 2-1: USB disconnect, device number 65
[ 1319.812980][T20970] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)
[ 1319.824203][  T885] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1319.840478][  T885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1319.852590][  T885] usb 5-1: Product: syz
[ 1319.858211][  T885] usb 5-1: Manufacturer: syz
[ 1319.875458][  T885] usb 5-1: SerialNumber: syz
[ 1319.882709][  T759] ==================================================================
[ 1319.890789][  T759] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130
[ 1319.898611][  T759] Read of size 8 at addr ffff888115872cf0 by task kworker/0:4/759
[ 1319.906418][  T759] 
[ 1319.908736][  T759] CPU: 0 PID: 759 Comm: kworker/0:4 Not tainted 6.1.141-syzkaller-00030-g44c8456c4231 #0
[ 1319.918534][  T759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1319.928596][  T759] Workqueue: usb_hub_wq hub_event
[ 1319.933640][  T759] Call Trace:
[ 1319.936915][  T759]  <TASK>
[ 1319.939847][  T759]  __dump_stack+0x21/0x24
[ 1319.944186][  T759]  dump_stack_lvl+0xee/0x150
[ 1319.948779][  T759]  ? __cfi_dump_stack_lvl+0x8/0x8
[ 1319.953800][  T759]  ? __list_del_entry_valid+0xa6/0x130
[ 1319.959246][  T759]  print_address_description+0x71/0x210
[ 1319.964783][  T759]  print_report+0x4a/0x60
[ 1319.969102][  T759]  kasan_report+0x122/0x150
[ 1319.973594][  T759]  ? __list_del_entry_valid+0xa6/0x130
[ 1319.979040][  T759]  __asan_report_load8_noabort+0x14/0x20
[ 1319.984665][  T759]  __list_del_entry_valid+0xa6/0x130
[ 1319.990034][  T759]  process_one_work+0x4b9/0xc40
[ 1319.994908][  T759]  worker_thread+0xa29/0x11f0
[ 1319.999572][  T759]  ? _raw_spin_lock_irqsave+0xb0/0x110
[ 1320.005054][  T759]  kthread+0x281/0x320
[ 1320.009109][  T759]  ? __cfi_worker_thread+0x10/0x10
[ 1320.014288][  T759]  ? __cfi_kthread+0x10/0x10
[ 1320.018860][  T759]  ret_from_fork+0x1f/0x30
[ 1320.023273][  T759]  </TASK>
[ 1320.026274][  T759] 
[ 1320.028591][  T759] Allocated by task 20970:
[ 1320.032980][  T759]  kasan_set_track+0x4b/0x70
[ 1320.037555][  T759]  kasan_save_alloc_info+0x25/0x30
[ 1320.042654][  T759]  __kasan_kmalloc+0x95/0xb0
[ 1320.047237][  T759]  __kmalloc_node+0xb2/0x1e0
[ 1320.051815][  T759]  kvmalloc_node+0x294/0x480
[ 1320.056391][  T759]  alloc_netdev_mqs+0x8d/0xf90
[ 1320.061140][  T759]  alloc_etherdev_mqs+0x37/0x40
[ 1320.065975][  T759]  usbnet_probe+0x20c/0x2780
[ 1320.070555][  T759]  usb_probe_interface+0x610/0xaf0
[ 1320.075655][  T759]  really_probe+0x2cb/0x960
[ 1320.080146][  T759]  __driver_probe_device+0x198/0x280
[ 1320.085425][  T759]  driver_probe_device+0x54/0x3e0
[ 1320.090614][  T759]  __device_attach_driver+0x2e9/0x4a0
[ 1320.095970][  T759]  bus_for_each_drv+0x183/0x210
[ 1320.100804][  T759]  __device_attach+0x2a2/0x400
[ 1320.105592][  T759]  device_initial_probe+0x1a/0x20
[ 1320.110602][  T759]  bus_probe_device+0xc0/0x1f0
[ 1320.115355][  T759]  device_add+0xb4d/0xef0
[ 1320.119671][  T759]  usb_set_configuration+0x19c2/0x1f10
[ 1320.125119][  T759]  usb_generic_driver_probe+0x91/0x150
[ 1320.130563][  T759]  usb_probe_device+0x159/0x270
[ 1320.135408][  T759]  really_probe+0x2cb/0x960
[ 1320.139907][  T759]  __driver_probe_device+0x198/0x280
[ 1320.145191][  T759]  driver_probe_device+0x54/0x3e0
[ 1320.150205][  T759]  __device_attach_driver+0x2e9/0x4a0
[ 1320.155564][  T759]  bus_for_each_drv+0x183/0x210
[ 1320.160399][  T759]  __device_attach+0x2a2/0x400
[ 1320.165149][  T759]  device_initial_probe+0x1a/0x20
[ 1320.170176][  T759]  bus_probe_device+0xc0/0x1f0
[ 1320.174924][  T759]  device_add+0xb4d/0xef0
[ 1320.179246][  T759]  usb_new_device+0xa70/0x1520
[ 1320.183996][  T759]  hub_event+0x2a5d/0x4680
[ 1320.188411][  T759]  process_one_work+0x71f/0xc40
[ 1320.193247][  T759]  worker_thread+0xa29/0x11f0
[ 1320.197910][  T759]  kthread+0x281/0x320
[ 1320.201966][  T759]  ret_from_fork+0x1f/0x30
[ 1320.206365][  T759] 
[ 1320.208678][  T759] Freed by task 20970:
[ 1320.212753][  T759]  kasan_set_track+0x4b/0x70
[ 1320.217330][  T759]  kasan_save_free_info+0x31/0x50
[ 1320.222337][  T759]  ____kasan_slab_free+0x132/0x180
[ 1320.227430][  T759]  __kasan_slab_free+0x11/0x20
[ 1320.232184][  T759]  slab_free_freelist_hook+0xc2/0x190
[ 1320.237542][  T759]  __kmem_cache_free+0xb7/0x1b0
[ 1320.242379][  T759]  kfree+0x6f/0xf0
[ 1320.246086][  T759]  kvfree+0x35/0x40
[ 1320.249880][  T759]  netdev_freemem+0x3f/0x60
[ 1320.254371][  T759]  netdev_release+0x7f/0xb0
[ 1320.258860][  T759]  device_release+0xa4/0x1d0
[ 1320.263432][  T759]  kobject_put+0x19d/0x280
[ 1320.267830][  T759]  put_device+0x1f/0x30
[ 1320.271979][  T759]  free_netdev+0x392/0x490
[ 1320.276381][  T759]  usbnet_disconnect+0x25a/0x3b0
[ 1320.281308][  T759]  usb_unbind_interface+0x223/0x8d0
[ 1320.286505][  T759]  device_release_driver_internal+0x508/0x820
[ 1320.292563][  T759]  device_release_driver+0x19/0x20
[ 1320.297659][  T759]  bus_remove_device+0x2ee/0x350
[ 1320.302580][  T759]  device_del+0x6a4/0xeb0
[ 1320.306899][  T759]  usb_disable_device+0x3a8/0x750
[ 1320.311918][  T759]  usb_disconnect+0x31e/0x860
[ 1320.316580][  T759]  hub_event+0x1bd5/0x4680
[ 1320.320983][  T759]  process_one_work+0x71f/0xc40
[ 1320.325813][  T759]  worker_thread+0xd2e/0x11f0
[ 1320.330470][  T759]  kthread+0x281/0x320
[ 1320.334523][  T759]  ret_from_fork+0x1f/0x30
[ 1320.338931][  T759] 
[ 1320.341236][  T759] Last potentially related work creation:
[ 1320.346929][  T759]  kasan_save_stack+0x3a/0x60
[ 1320.351600][  T759]  __kasan_record_aux_stack+0xb6/0xc0
[ 1320.356963][  T759]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1320.362754][  T759]  insert_work+0x51/0x300
[ 1320.367071][  T759]  __queue_work+0x9b1/0xd30
[ 1320.371555][  T759]  queue_work_on+0xd2/0x140
[ 1320.376043][  T759]  usbnet_link_change+0x176/0x1a0
[ 1320.381054][  T759]  usbnet_probe+0x1d55/0x2780
[ 1320.385724][  T759]  usb_probe_interface+0x610/0xaf0
[ 1320.390839][  T759]  really_probe+0x2cb/0x960
[ 1320.395337][  T759]  __driver_probe_device+0x198/0x280
[ 1320.400620][  T759]  driver_probe_device+0x54/0x3e0
[ 1320.405630][  T759]  __device_attach_driver+0x2e9/0x4a0
[ 1320.410987][  T759]  bus_for_each_drv+0x183/0x210
[ 1320.415820][  T759]  __device_attach+0x2a2/0x400
[ 1320.420570][  T759]  device_initial_probe+0x1a/0x20
[ 1320.425581][  T759]  bus_probe_device+0xc0/0x1f0
[ 1320.430589][  T759]  device_add+0xb4d/0xef0
[ 1320.434913][  T759]  usb_set_configuration+0x19c2/0x1f10
[ 1320.440367][  T759]  usb_generic_driver_probe+0x91/0x150
[ 1320.445819][  T759]  usb_probe_device+0x159/0x270
[ 1320.450660][  T759]  really_probe+0x2cb/0x960
[ 1320.455150][  T759]  __driver_probe_device+0x198/0x280
[ 1320.460418][  T759]  driver_probe_device+0x54/0x3e0
[ 1320.465516][  T759]  __device_attach_driver+0x2e9/0x4a0
[ 1320.470872][  T759]  bus_for_each_drv+0x183/0x210
[ 1320.475705][  T759]  __device_attach+0x2a2/0x400
[ 1320.480453][  T759]  device_initial_probe+0x1a/0x20
[ 1320.485460][  T759]  bus_probe_device+0xc0/0x1f0
[ 1320.490208][  T759]  device_add+0xb4d/0xef0
[ 1320.494525][  T759]  usb_new_device+0xa70/0x1520
[ 1320.499276][  T759]  hub_event+0x2a5d/0x4680
[ 1320.503682][  T759]  process_one_work+0x71f/0xc40
[ 1320.508516][  T759]  worker_thread+0xa29/0x11f0
[ 1320.513227][  T759]  kthread+0x281/0x320
[ 1320.517280][  T759]  ret_from_fork+0x1f/0x30
[ 1320.521682][  T759] 
[ 1320.523991][  T759] The buggy address belongs to the object at ffff888115872000
[ 1320.523991][  T759]  which belongs to the cache kmalloc-4k of size 4096
[ 1320.538023][  T759] The buggy address is located 3312 bytes inside of
[ 1320.538023][  T759]  4096-byte region [ffff888115872000, ffff888115873000)
[ 1320.551462][  T759] 
[ 1320.553785][  T759] The buggy address belongs to the physical page:
[ 1320.560187][  T759] page:ffffea0004561c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115870
[ 1320.570408][  T759] head:ffffea0004561c00 order:3 compound_mapcount:0 compound_pincount:0
[ 1320.578716][  T759] flags: 0x4000000000010200(slab|head|zone=1)
[ 1320.584797][  T759] raw: 4000000000010200 ffffea000436e000 dead000000000002 ffff888100043380
[ 1320.593367][  T759] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 1320.601927][  T759] page dumped because: kasan: bad access detected
[ 1320.608328][  T759] page_owner tracks the page as allocated
[ 1320.614023][  T759] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 18141, tgid 18140 (syz.3.4784), ts 1075244359798, free_ts 1074854562934
[ 1320.637117][  T759]  post_alloc_hook+0x1f5/0x210
[ 1320.641875][  T759]  prep_new_page+0x1c/0x110
[ 1320.646370][  T759]  get_page_from_freelist+0x2c7b/0x2cf0
[ 1320.651905][  T759]  __alloc_pages+0x19e/0x3a0
[ 1320.656484][  T759]  alloc_slab_page+0x6e/0xf0
[ 1320.661061][  T759]  new_slab+0x98/0x3d0
[ 1320.665123][  T759]  ___slab_alloc+0x6f6/0xb50
[ 1320.669698][  T759]  __slab_alloc+0x5e/0xa0
[ 1320.674026][  T759]  __kmem_cache_alloc_node+0x203/0x2c0
[ 1320.679470][  T759]  __kmalloc_node+0xa1/0x1e0
[ 1320.684044][  T759]  kvmalloc_node+0x294/0x480
[ 1320.688622][  T759]  pfifo_fast_init+0x3af/0x7a0
[ 1320.693375][  T759]  qdisc_create_dflt+0x150/0x3b0
[ 1320.698298][  T759]  mq_init+0x2df/0x670
[ 1320.702381][  T759]  qdisc_create_dflt+0x150/0x3b0
[ 1320.707303][  T759]  dev_activate+0x12d/0x1040
[ 1320.711876][  T759] page last free stack trace:
[ 1320.716623][  T759]  free_unref_page_prepare+0x742/0x750
[ 1320.722065][  T759]  free_unref_page+0x8f/0x530
[ 1320.726732][  T759]  __free_pages+0x67/0x100
[ 1320.731133][  T759]  __free_slab+0xca/0x1a0
[ 1320.735458][  T759]  __unfreeze_partials+0x160/0x190
[ 1320.740556][  T759]  put_cpu_partial+0xa9/0x100
[ 1320.745219][  T759]  __slab_free+0x1c4/0x280
[ 1320.749618][  T759]  ___cache_free+0xbf/0xd0
[ 1320.754017][  T759]  qlist_free_all+0xc6/0x140
[ 1320.758587][  T759]  kasan_quarantine_reduce+0x14a/0x170
[ 1320.764033][  T759]  __kasan_slab_alloc+0x24/0x80
[ 1320.768867][  T759]  slab_post_alloc_hook+0x4f/0x2d0
[ 1320.773977][  T759]  __kmem_cache_alloc_node+0x192/0x2c0
[ 1320.779424][  T759]  kmalloc_trace+0x29/0xb0
[ 1320.783825][  T759]  usb_get_device_descriptor+0x4e/0xd0
[ 1320.789286][  T759]  hub_port_init+0x1a52/0x2880
[ 1320.794057][  T759] 
[ 1320.796362][  T759] Memory state around the buggy address:
[ 1320.801974][  T759]  ffff888115872b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1320.810016][  T759]  ffff888115872c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1320.818058][  T759] >ffff888115872c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1320.826099][  T759]                                                              ^
[ 1320.833880][  T759]  ffff888115872d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1320.841921][  T759]  ffff888115872d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1320.849961][  T759] ==================================================================
[ 1320.858004][  T759] Disabling lock debugging due to kernel taint
[ 1321.025565][  T759] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1321.082714][  T885] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 46 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1321.101584][  T885] usb 5-1: USB disconnect, device number 46
[ 1321.115788][  T885] usblp0: removed
[ 1321.229723][  T759] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1321.240882][  T759] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1321.249926][  T759] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1321.258692][  T759] usb 3-1: config 0 descriptor??
[ 1321.481234][  T759] usbhid 3-1:0.0: can't add hid device: -71
[ 1321.487230][  T759] usbhid: probe of 3-1:0.0 failed with error -71
[ 1321.494420][  T759] usb 3-1: USB disconnect, device number 81