last executing test programs: 11m3.118628632s ago: executing program 32 (id=349): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='freezer.parent_freezing\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r2}, 0x10) fchmod(r0, 0x20049549e2a2d659) 8m17.366771983s ago: executing program 3 (id=967): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x804000, 0x0) 8m16.009742603s ago: executing program 3 (id=973): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) close_range(r0, 0xffffffffffffffff, 0x0) 8m15.211542348s ago: executing program 3 (id=978): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r1, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0xfdef) 8m14.670887424s ago: executing program 3 (id=982): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000180)='./file0/file0\x00', 0x0, 0xa95058, 0x0) mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x181097, 0x0) 8m14.231352803s ago: executing program 3 (id=986): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvfrom(r0, &(0x7f0000000080)=""/101, 0x65, 0x120, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 8m13.0824407s ago: executing program 3 (id=989): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0x80000003, 0x1, 0xffffffc0, 0xffff, 0x2, "83843c556dec3a9a90800124b904cfc27929a3", 0xf57, 0x10000}) 8m10.47652871s ago: executing program 33 (id=989): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0x80000003, 0x1, 0xffffffc0, 0xffff, 0x2, "83843c556dec3a9a90800124b904cfc27929a3", 0xf57, 0x10000}) 6m17.523608161s ago: executing program 4 (id=1517): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x10012, &(0x7f0000001e80)=ANY=[@ANYBLOB='codepage=cp775,umask=00000000007777,iocharset=koi8-ru,\x00'/64, @ANYRES32, @ANYRES16], 0x4, 0x33e, &(0x7f00000007c0)="$eJzs3U1P1EAcBvBn2n3pCmIFDIkng5J4IoAHjReIIR49ezBEhCUhrJgoJkpMRM/GeDMx8cjNs9GvoBfjB9AbB+NJL8SDNTOd7s52Z7pdwC2E55e4lnZe/tPOtDMgFkR0bF2b/759aUf+EWUAPoCrgAcgAEoAzmAseLi+0bUgv7klEOcUHWmW1uu2rAF0Di2UX5UwaO6j/yOKoqjaNdWvvsRCxRHmCDZ4QFWPTnU86Htk+zZr27kVt+t4Ma6w2MUuHmGoyHCIiKh4+vnv6afEoJ6/ex4woefhR/X5n2ib3+wWF8eh0Hz+e/HXkZDn55Q6JNd7qxuN+nK8hJNX30tWibayrH0iap3uCuKe5Q8YUy6jFjsVi1dbWW3UJ7dUAc8xqxnJRtXnMpKGKK5oK8A0gHHL2jRDVtuzDag2lGUbZhzxj2TVaF0Af/yB1/bqFj7niEl8El/EggjxBsvN+V8pEvLkqCsVpoZKHP+Uu0TVyjBO1dbKVvinVSVndQ348K7VyprrvAbwZSw2shSRnr+HSZyvKu5cGEb7txXi1k27W6dyjQAloVYNZq6ZZqI/1lyj6bpqK+VGfXLpXsPV6Q+WdUUnXoqbYhw/8R7zxvzfk6kn4B6ZbaNcqJS6Z2S2pzTxLe5TqSg6U6oBfLenkUnK9babXz4vcAdXMPTg8ebaYqNRv1/8RjJU9pj93AHHE3dE3R3lHvm3kQaB3CgDcJZTdh+ybvyNosh6qIR+XIKyaurlt60mb64tCn3P218V8s6ZOjTnTgxgDoDek9wR9lL702auaqvAXNl/y6ut9tg7ZBJVHwZIUlXbIR/VXCOl1rFnu0uuJyf3dheiI6h19TF2q+hgqAhy7iDi9Z+xXplSdx35EWasf6JuhRslTjtWQMPq80S+FVyzWOc8cSDZ6LLmOn8RuJCq0UNS47N0saGOE4fxp5K9/yhDzOMrbvP7/0RERERERERERERERERERERERERER02vv43Q+esE3TeAG8Y/7d05hv/xBhERERERERERERERERERERERERERERHR/hjv/wV89caYiu39v1lvalL8+A0xwUG8/9fP8f5fsdVDK4nI5l8AAAD//xeKXKY=") r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) write$binfmt_elf64(r1, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0xdc, 0x1, 0x3, 0xfffffffffffffff9, 0x3, 0x3e, 0x1001, 0x101, 0x40, 0x2001df, 0x0, 0x3b, 0x38, 0x5f, 0x27, 0x5, 0xff}}, 0x40) close(r1) 6m16.723848737s ago: executing program 4 (id=1523): r0 = io_uring_setup(0x330b, &(0x7f0000000640)={0x0, 0xffffffee, 0x1, 0x103fc, 0x14e}) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) sendmsg$rds(r1, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 6m15.995528784s ago: executing program 4 (id=1526): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x44, r1, 0xd55319eec59dfa33, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x0, 0x67}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'geneve1\x00'}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0xbf56a1c5a516366}, 0x20082050) 6m15.118723s ago: executing program 4 (id=1530): syz_mount_image$iso9660(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nocompress}, {@map_normal}]}, 0x3, 0x54c, &(0x7f0000000540)="$eJzs3M9uG8cZAPBZmXJUFTUKBI0dxYeN04MLNApJ1zKEAAW2q6W0CckldleBfSqCWgqESmmRpEDjmy9uC7QPkWufoKe+UdBjjwmWSzqOLdL/ksiIfz9AmuHutzPfrIgZkOIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhSne63V4Uhvl4/2a8WLpTFqMl5+ft/edbxZJ+Q4ian7C2Fi61hy69+s3pXzS/roSL7aOLYa0p1sKdn77283df7azMr1+S0A9gdZbs8cEnywOj8FX0QyX1/dg7/VbvZuO8KvJRspvFeVXE21tb3Xf2BlU8yIdZdauqs1GcdkJSF2V8Nf1V3NvevhZnm7eK/fHuTjLM5gdvvN3vdrfi9zYnWVJWxfid9zardC8fDvPx7jSmOd3E3GieiO/ndVxnySiOD4+OD649LvcmqPckQf3HBfW7/X6v1+/3tq5vX7/R7XYeOdB9SHgk4qyftJy173D2huczX/8BAACAH69o+h578/p/dfo+fBQG+TDrnnVaAAAAwHdo+p//i00x/TTbpRB5/Q8AAAA/Nn9/7B67avJK9N//hbJcje5Obv4yOkmauOTkXHvduYdbrAed6MKskWmx1Zk9SrPL0ett0Ovz6C9nxeHj8oieIoGNBQmEf4aNNmbjdlvenp9pe1kf5MNsMy2G7/ZCklxYqbOb9V8+PvprmA7/H+PRhSgcHh0fbP7hT8e3p7ncbVq5ezLbQPHIPooluXx2f9/jQyP+om1qtcklmvW73vbbfXD8K+3lK0/R573wRhvzxnpbrn97/GtNn73NRaNfj3423Uz3nCO/Fy63MZevvtUUb109JYv+aVmcnzU+3a33YBbPdC+eIItrS+5FODx6JYTwRFn8ZFEWAGflcNEqdH/9f3jd7TzDXPvN6v7b73F1vxfebGPe3JhOrJ2NU2b07vIZfb7G3j3/rKvbv8OVNubKPHjRGtv0+6/7/bar6nTx/2Jhv9WwHzV/qHOfnfw5vPbp53fePjr58KODjw4+7vevbXV/0+1e74fV6TBmxZJMAXh5ZeWX0Xr9t6gs88nve9vbvaTey+KySN+Py3xnN4vzcZ2V6V4y3s3iSVnURVoMm8oH+U5WxdX+ZFKUdTwoynhSVPnN6Te/xLOvfqmy8OtxnafVZJglVRanxbhO0jreyas0nuz/bphXe1k5vbiaZGk+yNOkzotx3Cn2yzTbjOMqyx4IzHeycZ0P8qY6jidlPkrKW/EHxXB/lMU7WZWW+aQu2gbnfeXjQVGOkjo/FzbP+mYDwAvi08/v/PHD4+ODT56w8v+vWk9z1aO9nj+LoQIAM8tWaQAAAAAAAAAAAAAA4MXwtPv/VFRensrKc7fTeQFGsbAynwROjTnbeQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATvN1AAAA//92jZ2z") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) getdents64(r0, &(0x7f0000000040)=""/225, 0xe1) 6m13.694129397s ago: executing program 4 (id=1537): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000001500)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000170100"], 0x18}], 0x1, 0x0) 6m12.872447538s ago: executing program 4 (id=1543): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_request\x00', r1, 0x0, 0x7f}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 6m11.264035281s ago: executing program 34 (id=1543): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_request\x00', r1, 0x0, 0x7f}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 4m10.693179783s ago: executing program 6 (id=2037): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$xfs(&(0x7f0000000800), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000), 0x1, 0xb95a, &(0x7f0000017a80)="$eJzs3Q1sXWX9wPHTru1W+P9lEY1GJJQNNhBGaTvX8aK0ZWyUQUEmUB1vA8qYDGbYojCIFI0BJWQq8S3EyJuIgfiCM76AYWpgIIGNIAxEBRMZYMK7AdRAzek99669axv6bM/TjH0+yXruObe/s9v7vc+51tC1d/6iriyry0r6s2rXrTz6mebrO3/wzRn3HLr06prXSkc7phR3NxXbvYvttGzwZB357drSobrvrP1Fbb5TO/S8uzQ21rwny95X7HYU2/bS5tKW8ucNVCkOTy3fX1t5GDVfLf2paMw/fHnetHOGnif/xCzLDt7qC91J9XYumF88J9mQbpOKu2u23De4rSv9OeKPWXbE+mzU10flBTUR8sc59bQ1X3h8Ah/DDqO3c0F3Vf+Ool9NsR6bqtfgzqj6dX726S0riqewZuj1aEfT2zn/2Gz0dZz98y/f6B8oXTfrsyxryLJscpZlUya6B9tHZ1dbV37NL+8X2cvrf+pIr4vb/3vlz7Is+//ifeKQ8nsBsGPp7Go7coT13zDW+r/jmI03WP+w4+vu7GrL13rV+p8y1vqfcedRi4tvuttLU29P7BcBAAAAAIxo5SWrz1+yfHnfRW644YYblRsTfWUCYtuy6Cf6kQCppfifExP9NQIAAMDOrrun84VJNcMOTRq6s+eDfYPb2W/0nrf6znnHlbfF3QtHOOWwn/MfGBgYWHvq8rOK3clVPy87pXo4P/+ye5ZcXOw2Vf/8Qf3g0frszHOXLe87OP+rptdnF+c7Lfl5Z9RnX8t3WvOdmfXZrflO2+BOY7Yu3zno7BXLz8kP7Bf4jL27dPf0Z5OGFcuGvRqG9l92T/+vytsxTlk+2+C/AZD3f73lpjuq7isbpX/l/HuP9nPJbB/j63/VVeXtGKfcav1vXDqnZaT7Ru9fOf80/eMa4fo/rFH1db/q+t80wikr878+5evP5P1n/XTD1cWhundy/R9y/unV/QdPXrn+56fap3z9z99b9t2mJ2Mn1N1zxQtjrf+x+9d9qPi02iGzlbO1Ddzymbz/Xdd0PFocqh9n/33GWv81TVtdTxin7p4bBqrW/zj6ZzNHOGWlyf/N616b93/lrYceHnLfePrvW92/edUFn21eecnqWcsuWLK0b2nfhW2tc9pb21vmzp3TPHhJKH3ctidlJ7Jt6z/bpWqmJsv2rczPveyoTXn/P9948s3FoSnj7D9jzPV/5vDHyhDTarOGhuziJatWXdRS+ljebS19LH3aCP3H8f4/vfxNVGOxrcmyD1bm97/8tQPz/rdvevWm4lDDOPvPHKt/w5a/l0DbuP7PqZoZ1v+Bh/puzPuvPODD5xeHxvv+v9+Y67/f+t9W3T1V/4fPdpb3P/H1wzYHju/v+7+4UvRv3Ny+JnD8I/rHlaL/uufbbg0cP0D/uFL0v/ve5tMCxw/UP64U/T93/wGrA8dn6R9Xiv6znpi5e+D4QfrHlaL/Px6bPjtwvFn/uFL0P+Hp868MHD9Y/7hS9P/uSyuuDxxv0T+uFP1/P3D2/YHjrfrHlaL/ri8vfTFwvE3/uFL0X/XUpXsEjs/WP64U/X+78fLDA8c/qn9cKfpvXrfypMDxOfrHlaJ/84bPXxQ43q5/XCn6P//cD38TOD5X/7hS9G969qbvBY4fon9cKfpf+sZP/hU4fqj+caXof8ebtz0SOH6Y/nGl6P/gpl/OCBw/XP+4UvSve/znof+d5sf0jytF/zPuu/u8wPGP6x9Xiv7fWn/n8YHjR4zefyJ/xfi7R4r+A08f/3TgeIf1H1eK/nNeWhj6+2E79Y8rRf8LBhb8OHC8S/+4UvS/+eUjvxI4fqT+caXo/+RTZ1wWOD5P/7hS9H/vxsWLA8eP0j+uFP27153SGjg+X/+4UvTv37Do/YHjC/SPK0X/+c996a+B40frH1eK/muevfI/gePd+seVov+f3rj62sDxY/SPK0X/Pd9cszZwfKH+caXof9amazsDx4/VP64U/W97/NvnBo4fp39cKfq/fN91uwWO9+gfV4r+h6z/fug/tn68/nGl6H/NK5uuCxw/Qf+4UvSf9/YjdwWOf0L/uFL03+vFpx4NHD9R/7hS9H/s70++Gji+SP+4UvT/0UPrJweOf1L/uFL0P/N3fxjp94S8EyfpH1eK/oc9vKE7cPxk/eNK0f/Vvz1wYeD4KfrHlaL/7H/vcUvgeK/+caXo/9bre10ROP4p/eNK0f+Wzbs/Fzj+af3jStF/xfMf2BA4vlj/uFL0n3rvrocGjp+qf1wp+j9x/257Bo6fpn9cKfp/8YlJqwLHT9c/rhT9Fz42eVHg+Bn6AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/YwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLencBrOhb+H39mZYSQSkJjp+zKksqStbTYQmTJLlvIXmiRpYWkSGVfokWhQpaKFJE1lUopLUqSpLLM/zVmRmN8Z5r692s03/f79ZrzbPc8rnN9nus+j3Ofcw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATI82W3ujNQaD4eNvHfa0x0/eZ917lj519bNOWOSal+90zJAHx9272ozjHx49ZhKDJ55stbGPDR23yfATLzpr6NgbQyd+3plGjRoy62DInHlUB2/1T4Y924Qr45509GAwGHL0uD9PGjX2w6p33337P3muaputvs7aYydv3J8nuw0b//D4+5+8Pnzcn1W2HgxW2XIw2dfHtLfhvXc+NK3H8L9gs9XXWW+S/oPxnZ/oPun6bjXp6/ySW3ZbZZqG+w/ZbPW11x/benLr+JxNVztrzBP79eGnDgbDTxsMhp8+GAw/Y1r34D9j9TWWX2PsPn/C7XHVD5vwhiDt34fMv9HmMw0GgxHjvk4MP3PC1wLgf8vqayz/6rD+R054PK3/Ve+edW7rH/73rbf6GssPJnqfP+7ewyb8/31c//cM2+C4aTdiAAAA4F/1+H2XXjH+WN/QwWC+wSTHe58w/vsCQy646qabptlAnxnCcbKn/8zE/5ixnWc8b/RgsMcm03ooTANDpvUAmKb076Z/N/276d9N/276d9O/m/7d9O+mfzf9u+nfTf9ikzn+P9uEy9WP3/hV4zddeMU5N71o0r8/9r4Z/+uj/j/xj19/mLzp9fj/YJch41qObb7LYDB4/eobbrzYYDC4aNM5V1xg8ORjK419bJU5ho0/QcBiT3xceDJPPHriy5mefI4Lnnj+9cacNmzIJIOYyOvWvOygnTd7+KWTXi46+c/jyfNLXLTemjNPiDl0ko0m91qd8PwTPpdJO48f+2Jjx770vrvvtfQ+Bx605C67b7vTDjvtsMfyy62w4nIrLrvSSissveMuu+2wzLiPk5mzcbOy4NTM2chJ5+y+1Sees0k/t8nN2egpz9kTz3jPcZteMmHOhv+Lc7bglOds9C4Txjp6xGCbJ6Zm7H9yoRGDA8beWHaGifYtc43d9hVzDB0Mjv3HJzr22gxPvgaHHLbLf+C8JeMv5x9/uUA8b8nFkztvyWDCeUsmnDBh5XEX+14+YbtJf896/N1Tfd6S/dd4dIHB034v6//Ev/X1/2m9Vhry5ERNOGnI+G3G9frHeSYmTNtqE51nYsV0Lpn/pKeNd/TQJ1/Xabzjfy9uyCTzP6XfixvstOMhC4+PuuK4v/X4vx0l7zvWf+Lj5Nbz6Ekup7TvGPaPq/+4d4cb5p103/HayQ/xKetiwhzNMMlGk9t3HLDtNbtMvG+azL5j/V3G/6LxP/YdY/+zC07Yd4wd+yIjBseOvbHc2BuLjhicO/bG8k/cGDW4auyNpbbbc7fthzzx9eppr4PFhjzlBx7D63btSV63U3F+nFWvGwxWvTZ9XpOfziy9bkdOYbz597kHU/x97iu3nf/CwWAwy/jPa+UJY/93pPEOn/J4w/knBlM6/8TgtJv2O+M/PN4n19kTr7Xxu+nFJvN3nrLOZnvaOjt82EQrY2rf12wfth93fa4nn+30HW68fsIcjZjkef/Z1+gJn0vqP+E938SGHDYYMqW5mdz7sKfMzaxTnpupff+y2Pg3GKOmMDdLPHjo4hPmZuS/ODeLTmZuJn4/PLGRg8Gop87N8MFaY9/RjJ+bRaZmbmb+z7xuZgrbj7u+8JN33bHWIStNmJswF/Hr/4TnX+RfnJsh2zz5ulnoiccWGDoYOXJwwLb77rv3suM+Tri53LiPU16DC03NXM74n5nLucfvdYY+fXKevGvXs8cs/++uwYX+1bkcPRg64f+5d5l0sfzn+P5PN/276d9N/276d9O/m/7d9C82meP/oyd8X/CoIWduNP6bMSOufnj2faf1eKex6fr4//i+Tzn+v+/sD189dPDkY1M8Pjtum2fk8dkVx10cvOyE7SY9Pjj+7qk+PvvQMdduPvjvHJ/9t0xYq1PxfUP7/276d9O/m/7d9O+mf7d/tf+q/0fjYNqw/rvp303/bvp307+b/t30LzaZ4//LTPg5gJv3efTM8QdCR+yz8SqPTOvxTmPT9fH/8X2fcvz/kVU23mfo4MnHpnj8f9w2Hcf/V7nrpCMGz+Dj/xPWquP//BP6d9O/m/7d9O+mfzf9u+nfTf9u+nfTv5v+3fTvpn+xyRz/X23CzwGM2GPBBSf8PMCt9x85bFqPdxqbXo//+/f/e9n/d9O/m/7d9O+mfzf9u+nfTf9u+nfTv5v+3fTvpn83/YuNP/4/mOSfPXyj10UUjv//b5tM/w30j1r6b6h/1NJ/I/2jlv4b6x+19N9E/6il/5v0j1r6b6p/1NJ/M/2jlv6b6x+19H+z/lFL/y30j1r6b6l/1NL/LfpHLf230j9q6b+1/lFL/230j1r6b6t/1NL/rfpHLf230z9q6b+9/lFL/x30j1r676h/1NJ/J/2jlv476x+19N9F/6il/676Ry3936Z/1NJ/N/2jlv676x+19N9D/6il/576Ry3999I/aun/dv2jlv576x+19N9H/6il/776Ry3936F/1NJ/P/2jlv776x+19D9A/6il/4H6Ry39D9I/aul/sP5RS/9D9I9a+r9T/6il/7v0j1r6H6p/1NL/MP2jlv6H6x+19H+3/lFL//foH7X0f6/+UUv/9+kftfQ/Qv+opf/79Y9a+h+pf9TS/yj9o5b+R+sftfQ/Rv+opf8H9I9a+n9Q/6il/4f0j1r6f1j/qKX/sWX9R07ldi39jyvrP7Va+n9E/6il//H6Ry39P6p/1NL/BP2jlv4f0z9q6f9x/aOW/ifqH7X0P0n/qKX/J/SPWvqfrH/U0v+T+kct/T+lf9TS/9P6Ry39T9E/aul/qv5RS//T9I9a+p+uf9TS/wz9o5b+Z+oftfQ/S/+opf/Z+kct/c/RP2rpf67+UUv/z+gftfQ/T/+opf/5+kct/T+rf9TS/3P6Ry39P69/1NL/C/pHLf0v0D9q6f9F/aOW/l/SP2rpf6H+UUv/i/SPWvpfrH/U0v/L+kct/b+if9TS/6v6Ry39L9E/aul/qf5RS//L9I9a+n9N/6il/+X6Ry39r9A/aul/pf5RS/+r9I9a+n9d/6il/zf0j1r6f1P/qKX/1fpHLf2v0T9q6f8t/aOW/tfqH7X0/7b+UUv/7+gftfS/Tv+opf/1+kct/b+rf9TS/wb9o5b+N+oftfT/nv5RS/+b9I9a+t+sf9TS/xb9o5b+t+oftfS/Tf+opf/t+kct/b+vf9TS/w79o5b+P9A/aun/Q/2jlv4/0j9q6X+n/lFL/x/rH7X0/4n+UUv/n+oftfS/S/+opf/P9I9a+v9c/6il/936Ry39f6F/1NL/l/pHLf3v0T9q6f8r/aOW/r/WP2rp/xv9o5b+v9U/aul/r/5RS//f6R+19P+9/lFL//v0j1r6/0H/qKX//fpHLf3/qH/U0v8B/aOW/n/SP2rp/6D+UUv/P+sftfR/SP+opf9f9I9a+j+sf9TS/6/6Ry39/6Z/1NL/7/pHJf1HDfSPSvoPHtU/aun/mP5RS//H9Y9a+o/RPyrpP2Sgf9TSf4j+UUv/ofpHLf2H6R+19B+uf9TSf4T+UUv/kfpHLf1n0D9q6T+j/lFL/1H6Ry39Z9I/aun/LP2jlv4z6x+19J9F/6il/6z6Ry39n61/1NJ/Nv2jlv6z6x+19J9D/6il/3P0j1r6z6l/1NL/ufpHLf2fp3/U0v/5+kct/efSP2rp/wL9o5b+c+sftfR/of5RS/959I9a+s+rf9TSfz79o5b+L9I/auk/Wv+opf/8+kct/RfQP2rpv6D+UUv/hfSPWvovrH/U0n8R/aOW/ovqH7X0X0z/qKX/4vpHLf1frH/U0v8l+kct/ZfQP2rpv6T+UUv/pdr7PzJmnEnubum/dHv/yWjpv4z+UUv/ZfWPWvovp3/U0n95/aOW/i/VP2rp/zL9o5b+K+gftfRfUf+opf9K+kct/VfWP2rp/3L9o5b+q+gftfR/hf5RS/9X6h+19H+V/lFL/1X1j1r6r6Z/1NJ/df2jlv5r6B+19H+1/lFL/zX1j1r6r6V/1NJ/bf2jlv7r6B+19F9X/6il/3r6Ry39X6N/1NL/tfpHLf3X1z9q6f86/aOW/q/XP2rp/wb9o5b+b9Q/aum/gf5RS/8N9Y9a+m+kf9TSf2P9o5b+m+gftfR/k/5RS/9N9Y9a+m+mf9TSf3P9o5b+b9Y/aum/hf5RS/8t9Y9a+r9F/6il/1b6Ry39t9Y/aum/jf5RS/9t9Y9a+r9V/6il/3b6Ry39t9c/aum/g/5RS/8d9Y9a+u+kf9TSf2f9o5b+u+gftfTfVf+opf/b9I9a+u+mf9TSf3f9o5b+e+gftfTfU/+opf9ek+8/6r8yrmeolv5vt/6jlv576x+19N9H/6il/776Ry3936F/1NJ/P/2jlv776x+19D9A/6il/4H6Ry39D9I/aul/sP5RS/9D9I9a+r9T/6il/7v0j1r6H6p/1NL/sLb+U/lTDS39D2/rP5Va+r9b/6il/3v0j1r6v1f/qKX/+/SPWvofoX/U0v/9+kct/Y/UP2rpf5T+UUv/o/WPWvofo3/U0v8D+kct/T+of9TS/0P6Ry39P6x/1NL/WP2jlv7H6R+19P+I/lFL/+P1j1r6f1T/qKX/CfpHLf0/pn/U0v/j+kct/U/UP2rpf5L+UUv/T+gftfQ/Wf+opf8n9Y9a+n9K/6il/6f1j1r6n6J/1NL/VP2jlv6n6R+19D9d/6il/xnN/ccMm+xDLf3PbO4/BS39z9I/aul/tv5RS/9z9I9a+p+rf9TS/zP6Ry39z9M/aul/vv5RS//P6h+19P+c/lFL/8/rH7X0/4L+UUv/C/SPWvp/Uf+opf+X9I9a+l+of9TS/yL9o5b+F+sftfT/sv5RS/+v6B+19P+q/lFL/0v0j1r6X6p/1NL/Mv2jlv5f0z9q6X+5/lFL/yv0j1r6X6l/1NL/Kv2jlv5f1z9q6f8N/aOW/t/UP2rpf7X+UUv/a/SPWvp/S/+opf+1+kct/b+tf9TS/zv6Ry39r9M/aul/vf5RS//v6h+19L9B/6il/436Ry39v6d/1NL/Jv2jlv436x+19L9F/6il/636Ry39b9M/aul/u/5RS//v6x+19L9D/6il/w8Gg8HIaTWmZ7CW/j+0/qOW/j/SP2rpf6f+UUv/H+sftfT/ybj+Y2aYVuN6hmrp/1PrP2rpf5f+UUv/n+kftfT/uf5RS/+79Y9a+v9C/6il/y/1j1r636N/1NL/V/pHLf1/rX/U0v83+kct/X+rf9TS/179o5b+v9M/aun/e/2jlv736R+19P+D/lFL//v1j1r6/1H/qKX/A/pHLf3/pH/U0v9B/aOW/n/WP2rp/5D+UUv/v+gftfR/WP+opf9f9Y9a+v9N/6il/9/1j1r6P6J/1NL/Uf2jlv6P6R+19H9c/6il/xj9o5L+T1zV/+la+g/RP2rpP1T/qKX/MP2jlv7D9Y9a+o/QP2rpP1L/qKX/DPpHLf1n1D9q6T9K/6il/0z6Ry39n6V/1NJ/Zv2jlv6z6B+19J9V/6il/7P1j1r6z6Z/1NJ/dv2jlv5z6B+19H+O/lFL/zn1j1r6P1f/qKX/8/SPWvo/X/+opf9c+kct/V+gf9TSf279o5b+L9Q/auk/j/5RS/959Y9a+s+nf9TS/0X6Ry39R+sftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/hfWPWvovon/U0n9R/aOW/ovpH7X0X1z/qKX/i/WPWvq/RP+opf8S+kct/ZfUP2rpv5T+UUv/pfWPWvovo3/U0n9Z/aOW/svpH7X0X17/qKX/S/WPWvq/TP+opf8K+kct/VfUP2rpv5L+UUv/lfWPWvq/XP+opf8q+kct/V+hf9TS/5X6Ry39X6V/1NJ/Vf2jlv6rTab/HEv/twb2zNTSf3XrP2rpv4b+UUv/V+sftfRfU/+opf9a+kct/dfWP2rpv47+UUv/dfWPWvqvp3/U0v81+kct/V+rf9TSf339o5b+r9M/aun/ev2jlv5v0D9q6f9G/aOW/hvoH7X031D/qKX/RvpHLf031j9q6b+J/lFL/zfpH7X031T/qKX/ZvpHLf031z9q6f9m/aOW/lvoH7X031L/qKX/W/SPWvpvpX/U0n9r/aOW/tvoH7X031b/qKX/W/WPWvpvp3/U0n97/aOW/jvoH7X031H/qKX/TvpHLf131j9q6b+L/lFL/131j1r6v03/qKX/bvpHLf131z9q6b+H/lFL/z31j1r676V/1NL/7fpHLf331j9q6b+P/lFL/331j1r6v0P/qKX/fvpHLf331z9q6X+A/lFL/wP1j1r6H6R/1NL/YP2jlv6H6B+19H+n/lFL/3fpH7X0P1T/qKX/YfpHLf0P1z9q6f9u/aOW/u/RP2rp/179o5b+79M/aul/hP5RS//36x+19D9S/6il/1H6Ry39j9Y/aul/jP5RS/8P6B+19P+g/lFL/w/pH7X0/7D+UUv/Y/WPWvofp3/U0v8j+kct/Y/XP2rp/1H9o5b+J+gftfT/mP5RS/+Pl/U/bCq3a+l/Yln/qdXS/yT9o5b+n9A/aul/sv5RS/9P6h+19P+U/lFL/0/rH7X0P0X/qKX/qfpHLf1P0z9q6X+6/lFL/zP0j1r6n6l/1NL/LP2jlv5n6x+19D9H/6il/7n6Ry39P6N/1NL/PP2jlv7n6x+19P+s/lFL/8/pH7X0/7z+UUv/L+gftfS/QP+opf8X9Y9a+n9J/6il/4X6Ry39L9I/aul/sf5RS/8v6x+19P+K/lFL/6/qH7X0v0T/qKX/pfpHLf0v0z9q6f81/aOW/pfrH7X0v0L/qKX/lfpHLf2v0v8p5ht/2dL/6/pHLf2/oX/U0v+b+kct/a/WP2rpf43+UUv/b+kftfS/Vv+opf+39Y9a+n9H/6il/3X6Ry39r9c/aun/Xf2jlv436B+19L9R/6il//f0j1r636R/1NL/Zv2j6bj/xLmH3qJ/NB33f8r6v1X/qKX/bfpHLf1v1z9q6f99/aOW/nfoH7X0/4H+UUv/H+oftfT/kf5RS/879Y9a+v9Y/6il/0/0j1r6/1T/qKX/XfpHLf1/pn/U0v/n+kct/e/WP2rp/wv9o5b+v9Q/aul/j/5RS/9f6R+19P+1/lFL/9/oH7X0/63+UUv/e/WPWvr/Tv+opf/v9Y9a+t+nf9TS/w/6Ry3979c/aun/R/2jlv4P6B+19P+T/lFL/wf1j1r6/1n/qKX/Q/pHLf3/on/U0v/hsv7Dp3K7lv5/Les/tVr6/03/qKX/3/WPWvo/on/U0v9R/aOW/o/pH7X0f1z/qKX/GP2jkv7DBvpHLf2H6B+19B+qf9TSf5j+UUv/4fpHLf1H6B+19B+pf9TSfwb9o5b+M+oftfQfpX/U0n8m/aOW/s/SP2rpP7P+UUv/WfSPWvrPqn/U0v/Z+kct/WfTP2rpP7v+UUv/OfSPWvo/R/+opf+c+kct/Z+rf9TS/3n6Ry39n69/1NJ/Lv2jlv4v0D9q6T+3/lFL/xfqH7X0n0f/qKX/vPpHLf3n0z9q6f8i/aOW/qP1j1r6z69/1NJ/Af2jlv4L6h+19F9I/6il/8L6Ry39F9E/aum/qP5RS//F9I9a+i+uf9TS/8X6Ry39X6J/1NJ/Cf2jlv5L6h+19F9K/6il/9L6Ry39l9E/aum/rP5RS//l9I9a+i+vf9TS/6X6Ry39X6Z/1NJ/Bf2jlv4r6h+19F+pt/8MU3qwpf/Kvf2nqKX/y/WPWvqvon/U0v8V+kct/V+pf9TS/1X6Ry39V9U/aum/mv5RS//V9Y9a+q+hf9TS/9X6Ry3919Q/aum/lv5RS/+19Y9a+q+jf9TSf139o5b+6+kftfR/jf5RS//X6h+19F9f/6il/+v0j1r6v17/qKX/G/SPWvq/Uf+opf8G+kct/TfUP2rpv5H+UUv/jfWPWvpvon/U0v9N+kct/TfVP2rpv5n+0bj+Mw6m9/6b6x+1rP836x+19N9C/6il/5b6Ry3936J/1NJ/K/2jlv5b6x+19N9G/6il/7b6Ry3936p/1NJ/O/2jlv7b6x+19N9B/6il/476Ry39d9I/aum/s/5RS/9d9I9a+u+qf9TS/236Ry39d9M/aum/u/5RS/899I9a+u+pf9TSfy/9o5b+b39K/1P+++N6hmrpv7f1H7X030f/qKX/vvpHLf3foX/U0n8//aOW/vvrH7X0P0D/qKX/gfpHLf0P0j9q6X+w/lFL/0P0j1r6v1P/qKX/u/SPWvofqn/U0v8w/aOW/ofrH7X0f7f+UUv/9+gftfR/r/5RS//36R+19D9C/wnGjJnoRkv/9+sftfQ/Uv+opf9R+kct/Y/WP2rpf4z+UUv/D+gftfT/oP5RS/8P6R+19P+w/lFL/2P1j1r6H6d/1NL/I/pHLf2P1z9q6f9R/aOW/ifoH7X0/5j+UUv/j+sftfQ/Uf+opf9J+kct/T+hf9TS/2T9o5b+n9Q/aun/Kf2jlv6f1j9q6X+K/lFL/1P1j1r6n6Z/1NL/dP2jlv5n6B+19D9T/6il/1n6Ry39z9Y/aul/jv5RS/9z9Y9a+n9G/6il/3n6Ry39z9c/aun/Wf2jlv6f0z9q6f95/aOW/l/QP2rpf4H+UUv/L+oftfT/kv5RS/8L9Y9a+l+kf9TS/2L9o5b+X9Y/aun/Ff2jlv5f1T9q6X+J/lFL/0v1j1r6X6Z/ND33X+0f9w77mv7R9Nx/4vV/uf5RS/8r9I9a+l+pf9TS/yr9o5b+X9c/aun/Df2jlv7f1D9q6X+1/lFL/2v0j1r6f0v/qKX/tfpHLf2/rX/U0v87+kct/a/TP2rpf73+UUv/7+oftfS/Qf+opf+N+kct/b+nf9TS/yb9o5b+N+sftfS/Rf+opf+t+kct/W/TP2rpf7v+UUv/7+sftfS/Q/+opf8P9I9a+v9Q/6il/4+e7D9s2ozrGaql/53Wf9TS/8f6Ry39f6J/1NL/p/pHLf3v0j9q6f8z/aOW/j/XP2rpf7f+UUv/X+gftfT/pf5RS/979I9a+v9K/6il/6/1j1r6/0b/qKX/b/WPWvrfq3/U0v93+kct/X+vf9TS/z79o5b+f9A/aul/v/5RS/8/6h+19H9A/6il/5/0j1r6P6h/1NL/z/pHLf0f0j9q6f8X/aOW/g/rH7X0/6v+UUv/v+kftfT/u/5RS/9H9I9a+j+qf9TS/zH9o5b+j+sftfQfo39U0n/4QP+opf8Q/aOW/kP/af/O8wJO7/1Hjrs6fJj1H03v/ccbPlz/qKX/CP2jlv4j9Y9a+s+gf9TSf0b9o5b+o/SPWvrPpH/U0v9Z+kct/WfWP2rpP4v+UUv/WfWPWvo/W/+opf9s+kct/WfXP2rpP4f+UUv/5+gftfSfU/+opf9z9Y9a+j9P/6il//P1j1r6z6V/1NL/BfpHLf3n1j9q6f9C/aOW/vPoH7X0n1f/qKX/fPpHLf1fpH/U0n+0/lFL//n1j1r6L6B/1NJ/Qf2jlv4L6R+19F9Y/6il/yL6Ry39F9U/aum/mP5RS//F9Y9a+r9Y/6il/0v0j1r6L6F/1NJ/Sf2jlv5L6R+19F9a/6il/zL6Ry39l9U/aum/nP5RS//l9Y+m4/6jJrp3+Ev1j6bj/k9Z/y/TP2rpv4L+UUv/FfWPWvqvpH/U0n9l/aOW/i+v6T/jv7R1S/9Vavr/a1r6v0L/qKX/K/WPWvq/Sv+opf+q+kct/VfTP2rpv7r+UUv/NfSPWvq/Wv+opf+a+kct/dfSP2rpv7b+UUv/dfSPWvqvq3/U0n89/aOW/q/RP2rp/1r9o5b+6+sftfR/nf5RS//X6x+19H+D/lFL/zfqH7X030D/qKX/hvpHLf030j9q6b+x/lFL/030j1r6v0n/qKX/pvpHLf030z9q6b+5/lFL/zfrH7X030L/qKX/lvpHLf3fon/U0n8r/aOW/lvrH7X030b/qKX/tvpHLf3fqn/U0n87/aOW/tvrH7X030H/qKX/jvpHY/ufP2r677+T/lHL+t9Z/6il/y76Ry39d9U/aun/Nv2jlv676R+19N9d/6il/x76Ry3999Q/aum/l/5RS/+36x+19N9b/6il/z76Ry3999U/aun/Dv2jlv776R+19N9f/6il/wH6Ry39D9Q/aul/kP5RS/+D9Y9a+h+if9TS/536Ry3936V/1NL/UP2jlv6H6R+19D9c/6il/7v1j1r6v0f/qKX/e/WPWvq/T/+opf8R+kct/d+vf9TS/0j9o5b+R+kftfQ/Wv+opf8x+kct/T+gf9TS/4P6Ry39P6R/1NL/w/pHLf2P1T9q6X+c/lFL/4/oH7X0P17/qKX/R/WPWvqfoH/U0v9j+kct/T+uf9TS/0T9o5b+J+kftfT/hP5RS/+T9Y9a+n9S/6il/6f0j1r6f1r/qKX/KfpHLf1P1T9q6X+a/lFL/9P1j1r6n6F/1NL/TP2jlv5n6R+19D9b/6il/zn6Ry39z9U/aun/Gf2j6bn/jP+4d/h5+kfTc/+J1//5T+8/4r86rmeolv6ftf6jlv6f0z9q6f95/aOW/l/QP2rpf4H+UUv/L+oftfT/kv5RS/8L9Y9a+l+kf9TS/2L9o5b+X9Y/aun/Ff2jlv5f1T9q6X+J/lFL/0v1j1r6X6Z/1NL/a/pHLf0v1z9q6X+F/lFL/yv1j1r6X6V/1NL/6/pHLf2/oX/U0v+b+kct/a/WP2rpf43+UUv/b+kftfS/Vv+opf+39Y9a+n9H/6il/3X6Ry39r9c/aun/Xf2jlv436B+19L9R/6il//f0j1r636R/1NL/Zv2jlv636B+19L+1rv/tY6Zmq5b+t9X1nzot/W/XP2rp/339o5b+d+gftfT/gf5RS/8f6h+19P+R/lFL/zv1j1r6/1j/qKX/T/SPWvr/VP+opf9d+kct/X+mf9TS/+f6Ry3979Y/aun/C/2jlv6/1D9q6X+P/lFL/1/pH7X0/7X+UUv/3+gftfT/rf5RS/979Y9a+v9O/6il/+/1j1r636d/1NL/D1PoP+y/Ma5nqJb+91v/UUv/P+oftfR/QP+opf+f9I9a+j+of9TS/8/6Ry39H9I/aun/F/2jlv4P6x+19P+r/lFL/7/pH7X0/7v+UUv/R/SPWvo/qn/U0v8x/aOW/o/rH7X0H6N/VNJ/xED/qKX/EP2jlv5D9Y9a+g/TP2rpP1z/qKX/CP2jlv4j9Y9a+s+gf9TSf0b9o5b+o/SPWvrPpH/U0v9Z+kct/WfWP3qy/xZDBoPpuP8s+kct639W/aOW/s/WP2rpP5v+UUv/2fWPWvrPoX/U0v85+kct/efUP2rp/1z9o5b+z9M/aun/fP2jlv5z6R+19H+B/lFL/7n1j1r6v1D/qKX/PPpHLf3n1T9q6T+f/lFL/xfpH7X0H61/1NJ/fv2jlv4L6B+19F9Q/6il/0L6Ry39F9Y/aum/iP5RS/9F9Y9a+i+mf9TSf3H9o5b+L9Y/aun/Ev2jlv5L6B+19F9S/6il/1L6Ry39l9Y/aum/jP7RdNl/+LirE/dfVv9ouuw//urE/ZfTP2rpv7z+UUv/l+oftfR/mf5RS/8V9I9a+q+of9TSfyX9o5b+K+sftfR/uf5RS/9V9I9a+r9C/6il/yv1j1r6v0r/qKX/qvpHLf1X0z9q6b+6/lFL/zX0j1r6v1r/qKX/mvpHLf3X0j9q6b+2/lFL/3X0j1r6r6t/1NJ/Pf2jlv6v0T9q6f9a/aOW/uvrH7X0f53+UUv/1+sftfR/g/5RS/836h+19N9A/2hs/9sGg8H03n9D/aOW9b+R/lFL/431j1r6b6J/1NL/TfpHLf031T9q6b9Za/+ZpvxwS//NW/v/Ey3936x/1NJ/C/2jlv5b6h+19H+L/lFL/630j1r6b61/1NJ/G/2jlv7b6h+19H+r/lFL/+30j1r6b69/1NJ/B/2jlv476h+19N9J/6il/876Ry39d9E/aum/q/5RS/+36R+19N9N/6il/+76Ry3999A/aum/p/5RS/+99I9a+r9d/6il/976Ry3999E/aum/r/5RS/936B+19N9P/6il//76Ry39D9A/aul/oP5RS/+D9I9a+h+sf9TS/xD9o5b+79Q/aun/Lv2jlv6H6h+19D9M/6il/+H6Ry39361/1NL/PfpHLf3fq3/U0v99+kct/Y/QP2rp/379o5b+R+oftfQ/Sv+opf/R+kct/Y/RP2rp/wH9o5b+H9Q/aun/If2jlv4f1j9q6X+s/lFL/+P0j1r6f0T/qKX/8fpHLf0/qn/U0v8E/aOW/h/TP2rp/3H9o5b+J+oftfQ/Sf+opf8n9I9a+p+sf9TS/5P6Ry39P6V/1NL/0/pHLf1P0T9q6X+q/lFL/9P0j1r6n65/1NL/DP2jlv5n6h+19D9L/6il/9n6Ry39z9E/aul/rv5RS//P6B+19D9P/6il//lV/dc9amq3bOn/2ar+U6+l/+f0j1r6f17/qKX/F/SPWvpfoH/U0v+L+kct/b+kf9TS/0L9o5b+F+kftfS/WP+opf+X9Y9a+n9F/6il/1f1j1r6X6J/1NL/Uv2jlv6X6R+19P+a/lFL/8v1j1r6X6F/1NL/Sv2jlv5X6R+19P+6/lFL/2/oH7X0/6b+UUv/q/WPWvpfo3/U0v9b+kct/a/VP2rp/239o5b+39E/aul/nf5RS//r9Y9a+n9X/6il/w36Ry39b9Q/aun/Pf2jlv436R+19L9Z/6il/y36Ry39b9U/aul/m/5RS//b9Y9a+n9f/6il/x36Ry39f6B/1NL/h/pHLf1/pH/U0v9O/aOW/j/WP2rp/xP9o5b+P9U/aul/l/5RS/+f6R+19P+5/lFL/7v1j1r6/0L/qKX/L/WPWvrfo3/U0v9X+kct/X+tf9TS/zf6Ry39f6t/1NL/Xv2jlv6/0z9q6f97/aOW/vfpH7X0/4P+UUv/+/WPWvr/Uf+opf8D+kct/f+kf9TS/0H9o5b+f9Y/aun/kP5RS/+/6B+19H9Y/6il/1/1j1r6/03/qKX/3/WPWvo/on/U0v9R/aOW/o/pH7X0f1z/qKX/GP2jkv4jB/pHLf2H6B+19B+qf9TSf5j+UUv/4fpHLf1H6B+19B+pf9TSfwb9o5b+M+oftfQfpX/U0n8m/aOW/s/SP2rpP7P+UUv/WfSPWvrPqn/U0v/Z+kct/WfTP2rpP7v+UUv/OfSPWvo/R/+opf+c+kct/Z+rf9TS/3n6Ry39n69/1NJ/Lv2jlv4v0D9q6T+3/lFL/xfqH7X0n0f/qKX/vPpHLf3n0z9q6f8i/aOW/qP1j1r6z69/1NJ/Af2jlv4L6h+19F9I/6il/8L6Ry39F9E/aum/qP5RS//F9I9a+i+uf9TS/8X6Ry39X6J/1NJ/Cf2jlv5L6h+19F9K/6il/9L6Ry39l9E/aum/rP7RdNp/nsEk/ZfTP5pO+z9h4v7L6x+19H+p/lFL/5fpH7X0X0H/qKX/ivpHLf1X0j9q6b+y/lFL/5frH7X0X0X/qKX/K/SPWvq/Uv+opf+r9I9a+q+qf9TSfzX9o5b+q+sftfRfQ/+opf+r9Y9a+q+pf9TSfy39o5b+a+sftfRfR/+opf+6+kct/dfTP2rp/xr9o5b+r9U/aum/vv5RS//X6R+19H+9/lFL/zfoH7X0f6P+UUv/DfSPWvpvqH/U0n8j/aOW/hvrH7X030T/qKX/m/SPWvpvqn/U0n8z/aOW/pvrH7X0f7P+UUv/LfSPWvpvqX/U0v8t+kct/bfSP2rpv7X+UUv/bfSPWvpvq3/U0v+t+kct/bfTP2rpv73+UUv/HfSPWvrvqH/U0n8n/aOW/jvrH7X030X/qKX/rvpHLf3fpn/U0n83/aOW/rvrH7X030P/qKX/nvpHLf330j9q6f92/aOW/nvrH7X030f/qKX/vvpHLf3foX/U0n8//aOW/vvrH7X0P0D/qKX/gfpHLf0P0j9q6X+w/lFL/0P0j1r6v1P/qKX/u/SPWvofqn/U0v8w/aOW/ofrH7X0f7f+UUv/9+gftfR/r/5RS//36R+19D9C/6il//v1j1r6H6l/1NL/KP2jlv5H6x+19D9G/6il/wf0j1r6f1D/qKX/h/SPWvp/WP+opf+x+kct/Y/TP2rp/xH9o5b+x+sftfT/qP5RS/8T9I9a+n9M/6il/8f1j1r6n6h/1NL/JP2jlv6f0D9q6X+y/lFL/0/qH7X0/5T+UUv/T+sftfQ/Rf+opf+p+kct/U/TP2rpf7r+UUv/M/SPWvqfqX/U0v8s/aOW/mfrH7X0P0f/qKX/ufpHLf0/o3/U0v88/aOW/ufrH7X0/6z+UUv/z+kftfT/vP5RS/8v6B+19L9A/6il/xf1j1r6f0n/qKX/hfpHLf0v0j9q6X+x/lFL/y/rH7X0/4r+UUv/r+oftfS/RP+opf+l+kct/S/TP2rp/zX9o5b+l+sftfS/Qv+opf+V+kct/a/SP2rp/3X9o5b+39A/aun/Tf2jlv5X6x+19L9G/6il/7f0j1r6X6t/1NL/2/pHLf2/o3/U0v86/aOW/tfrH7X0/67+UUv/G/SPWvrfqH/U0v97+kct/W/SP2rpf7P+UUv/W/SPWvrfqn/U0v82/aOW/rfrH7X0/77+UUv/O/SPWvr/QP+opf8P9Y9a+v9I/6il/536Ry39f6x/1NL/J/pHLf1/qn/U0v8u/aOW/j/TP2rp/3P9o5b+d+sftfT/hf5RS/9f6h+19L9H/6il/6/0j1r6/1r/qKX/b/SPWvr/Vv+opf+9+kct/X+nf9TS//f6Ry3979M/aun/B/2jlv736x+19P+j/lFL/wf0j1r6/0n/qKX/g/pHLf3/rH/U0v8h/aOW/n/RP2rp/7D+UUv/v+oftfT/m/5RS/+/6x+19H9E/6il/6P6Ry39H9M/aun/uP5RS/8x+kcl/WcY6B+19B+if9TSf6j+UUv/YfpHLf2H6x+19B+hf9TSf6T+UUv/GfSPWvrPqH/U0n+U/lFL/5n0j1r6P0v/qKX/zPpHLf1n0T9q6T+r/lFL/2frH7X0n03/qKX/7PpHLf3n0D9q6f8c/aOW/nPqH7X0f67+UUv/5+kftfR/vv5RS/+59I9a+r9A/6il/9z6Ry39X6h/1NJ/Hv2jlv7z6h+19J9P/6il/4v0j1r6j9Y/auk/v/5RS/8F9I9a+i+of9TSfyH9o5b+C+sftfRfRP+opf+i+kct/RfTP2rpv7j+UUv/F+sftfR/if5RS/8l9I9a+i+pf9TSfyn9o5b+S+sftfRfRv+opf+y+kct/ZfTP2rpv7z+UUv/l+oftfR/mf5RS/8V9I9a+q84Ff0fmPX/cmDPTC39V7L+o5b+K+sftfR/uf5RS/9V9I9a+r9C/6il/yv1j1r6v0r/qKX/qvpHLf1X0z9q6b+6/lFL/zX0j1r6v1r/qKX/mvpHLf3X0j9q6b+2/lFL/3X0j1r6r6t/1NJ/Pf2jlv6v0T9q6f9a/aOW/uvrH7X0f53+UUv/1+sftfR/g/5RS/836h+19N9A/6il/4b6Ry39N9I/aum/sf5RS/9N9I9a+r9J/6il/6b6Ry39N9M/aum/uf5RS/836x+19N9C/6il/5b6Ry3936J/1NJ/K/2jlv5b6x+19N9G/6il/7b6Ry3936p/1NJ/O/2jlv7b6x+19N9B/6il/476Ry39d9I/aum/s/5RS/9d+vqPmJqNWvrv2td/qrT0f5v+UUv/3fSPWvrvrn/U0n8P/aOW/nvqH7X030v/qKX/2/WPWvrvrX/U0n8f/aOW/vvqH7X0f4f+UUv//fSPWvrvr3/U0v8A/aOW/gfqH7X0P0j/qKX/wfpHLf0P0T9q6f9O/aOW/u/SP2rpf6j+UUv/w/SPWvofrn/U0v/d+kct/d+jf9TS/736Ry3936d/1NL/CP2jlv7v1z9q6X+k/lFL/6P0j1r6H61/1NL/GP2jlv4f0D9q6f9B/aOW/h/SP2rp/2H9o5b+x+oftfQ/Tv+opf9H9I9a+h+vf9TS/6P6Ry39T9A/aun/Mf2jlv4f1z9q6X+i/lFL/5P0j1r6f0L/qKX/yfpHLf0/qX/U0v9T+kct/T+tf9TS/xT9o5b+p+oftfQ/Tf+opf/p+kct/c/QP2rpf6b+UUv/s/SPWvqfrX/U0v8c/aOW/ufqH7X0/4z+UUv/8/SPWvqfr3/U0v+z+kct/T+nf9TS//P6Ry39v6B/1NL/Av2jlv5f1D9q6f8l/aOW/hfqH7X0v0j/qKX/xfpHLf2/rH/U0v8r+kct/b+qf9TS/xL9o5b+l+oftfS/TP+opf/X9I9a+l+uf9TS/wr9o5b+V+oftfS/Sv+opf/X9Y9a+n9D/6il/zf1j1r6X61/1NL/Gv2jlv7f0j9q6X+t/lFL/2/rH7X0/47+UUv/6/SPWvpfr3/U0v+7+kct/W/QP2rpf6P+UUv/7+kftfS/Sf+opf/N+kct/W/RP2rpf6v+UUv/2/SPWvrfrn/U0v/7+kct/e/QP2rp/wP9o5b+P9Q/aun/I/2jlv536h+19P+x/lFL/5/oH7X0/6n+UUv/u/SPWvr/TP+opf/P9Y9a+t+tf9TS/xf6Ry39f6l/1NL/Hv2jlv6/0j9q6f9r/aOW/r/RP2rp/1v9o5b+9+oftfT/nf5RS//f6x+19L9P/6il/x/0j1r6369/1NL/j/pHLf0f0D9q6f8n/aOW/g/qH7X0/7P+UUv/h/SPWvr/Rf+opf/D+kct/f+qf9TS/2/6Ry39/65/1NL/Ef2jlv6P6h+19H9M/6il/+P6Ry39x+gflfSfcaB/1NJ/iP5RS/+h+kct/YfpH7X0H65/1NJ/hP5RS/+R+kct/WfQP2rpP6P+UUv/UfpHLf1n0j9q6f8s/aOW/jPrH7X0n0X/qKX/rPpHLf2frX/U0n82/aOW/rPrH7X0n0P/qKX/c/SPWvrPqX/U0v+5+kct/Z+nf9TS//n6Ry3959I/aun/Av2jlv5z6x+19H+h/lFL/3n0j1r6z6t/1NJ/Pv2jlv4v0j9q6T9a/6il//z6Ry39F9A/aum/oP5RS/+F9I9a+i+sf9TSfxH9o5b+i+oftfRfTP+opf/i+kct/V+sf9TS/yX6Ry39l9A/aum/pP5RS/+l9I9a+i+tf9TSfxn9o5b+y+oftfRfTv+opf/y+kct/V8a+//Pf7b/31r6v8z6j1r6r6B/1NJ/Rf2jlv4r6R+19F9Z/6il/8v1j1r6r6J/1NL/FfpHLf1fqX/U0v9V+kct/VfVP2rpv5r+UUv/1fWPWvqvoX/U0v/V+kct/dfUP2rpv5b+UUv/tfWPWvqvo3/U0n9d/aOW/uvpH7X0f43+UUv/1+oftfRfX/+opf/r9I9a+r9e/6il/xv0j1r6v1H/qKX/BvpHLf031D9q6b+R/lFL/431j1r6b6J/1NL/TfpHLf031T9q6b+Z/lFL/831j1r6v1n/qKX/FvpHLf231D9q6f8W/aOW/lvpH7X031r/qKX/NvpHLf231T9q6f9W/aOW/tvpH7X0317/qKX/DvpHLf131D9q6b+T/lFL/531j1r676J/1NJ/V/2jlv5v0z9q6b+b/lFL/931j1r676F/1NJ/T/2jlv576R+19H+7/lFL/731j1r676N/1NJ/X/2jlv7v0D9q6b+f/lFL//31j1r6H6B/1NL/QP2jlv4H6R+19D9Y/6il/yH6Ry3936l/1NL/XfpHLf0P1T9q6X+Y/lFL/8P1j1r6v1v/qKX/e/SPWvq/V/+opf/79I9a+h+hf9TS//36Ry39j9Q/aul/lP5RS/+j9Y9a+h+jf9TS/wP6Ry39P6h/1NL/Q/pHLf0/rH/U0v9Y/aOW/sfpH7X0/4j+UUv/45/Wf4b/7rieoVr6f9T6j1r6n6B/1NL/Y/pHLf0/rn/U0v9E/aOW/ifpH7X0/4T+UUv/k/WPWvp/Uv+opf+n9I9a+n9a/6il/yn6Ry39T9U/aul/mv5RS//T9Y9a+p+h/yTGzUZL/zP1j1r6n6V/1NL/bP2jlv7n6B+19D9X/6il/2f0j1r6n6d/1NL/fP2jlv6f1T9q6f85/aOW/p/XP2rp/wX9o5b+F+gftfT/ov5RS/8v6R+19L9Q/6il/0X6Ry39L9Y/aun/Zf2jlv5f0T9q6f9V/aOW/pfoH7X0v1T/qKX/ZfpHLf2/pn/U0v9y/aOW/lfoH7X0v1L/qKX/VfpHLf2/rn/U0v8b+kct/b+pf9TS/2r9o5b+1+gftfT/lv5RS/9r9Y9a+n9b/6il/3f0j1r6X6d/1NL/ev2jlv7f1T9q6X+D/lFL/xv1j1r6f0//qKX/TfpHLf1v1j9q6X+L/lFL/1v1j1r636Z/1NL/dv2jlv7f1z9q6X+H/lFL/x/oH7X0/6H+UUv/H+kftfS/U/+opf+P9Y9a+v9E/6il/0/1j1r636V/1NL/Z/pHLf1/rn/U0v9u/aOW/r/QP2rp/0v9o5b+9+gftfT/lf5RS/9f6x+19P+N/lFL/9/qH7X0v1f/qKX/7/SPWvr/Xv+opf99+kct/f+gf9TS/379o5b+f9Q/aun/gP5RS/8/6R+19H9Q/6il/5/1j1r6P6R/1NL/L/pHLf0f1j9q6f9X/aOW/n/TP2rp/3f9o5b+j+gftfR/VP+opf9j+kct/R/XP2rpP0b/qKT/qIH+UUv/IfpHLf2H6h+19B+mf9TSf7j+UUv/EfpHLf1H6h+19J9B/6il/4z6Ry39R+kftfSfSf+opf+z9I9a+s+sf9TSfxb9o5b+s+oftfR/tv5RS//Z9I9a+s+uf9TSfw79o5b+z9E/auk/p/5RS//n6h+19H+e/lFL/+frH7X0n0v/qKX/C/SPWvrPrX/U0v+F+kct/efRP2rpP6/+UUv/+fSPWvq/SP+opf9o/aOW/vPrH7X0X0D/qKX/gvpHLf0X0j9q6b+w/lFL/0X0j1r6L6p/1NJ/Mf2jlv6L6x+19H+x/lFL/5foH7X0X0L/qKX/kvpHLf2X0j9q6b+0/tF01x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG4KAAD//xgWBuA=") ioprio_set$pid(0x2, 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x26bcaeb15148fbba) sendfile(r0, r0, 0x0, 0x800000009) 4m8.066880102s ago: executing program 6 (id=2051): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = syz_io_uring_setup(0xc97, &(0x7f00000000c0)={0x0, 0x6015, 0x800, 0x1, 0x302}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x4}) io_uring_enter(r1, 0x4002109, 0x6355, 0x0, 0x0, 0x0) 4m4.593402882s ago: executing program 6 (id=2069): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f00000006c0)=[{{&(0x7f0000000300)=@ieee802154={0x24, @short}, 0x0, &(0x7f0000000400)=[{&(0x7f00000005c0)=""/212}], 0x0, &(0x7f00000003c0)=""/37, 0x2e}, 0x4}, {{0x0, 0x0, 0x0, 0x56}, 0x9}, {{&(0x7f00000001c0)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000280)=""/56}, {&(0x7f0000000240)=""/35}, {&(0x7f0000000780)=""/176}, {&(0x7f0000000840)=""/178, 0xffffffffffffffdd}, {&(0x7f0000000900)=""/195}], 0x0, &(0x7f0000000100)=""/15}, 0xfffffffc}], 0x1, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000180)=0x80000001, 0x4) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x66, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 4m3.520847353s ago: executing program 6 (id=2078): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRES64], 0x1, 0x2cb, &(0x7f00000014c0)="$eJzs3T9rJGUcB/DfJLuzm7PYLaxEcEALq+Nyrc0GyYGYSklxWmjw7kB2F+EOAkZxsbK1sbQXBMHON2Ej+AIEX4CdVxw8MrMz2Tlv/2TBvfO4z6dInszz+z5/ZpdNQtgnH786Hd8p4t7XX/4R/X4We6MYxcMshrEXjZRSioXRtwEAPM8ephR/pbkrRkblhywi+rtdGgCwI1t///9550sCAHbs/dsfvHt0cnL8XlH049b0m/PT8jf78vO8/+hefBqTuBs3YhCP5n8L6NbZsn0rpTTrFKVhvDGdnZ+WyelHv9Y1R81EhzGI4WWs+mmjyr9zcnxYzLXys3Id16r5f7g9Kue/GYN4+TL8WP7mknyc5vHm6631X49B/PZJfBaTuFMtYpH/6rAo3k7f/f3Fh+Xyynw2Oz/tVXULaf/pPCIAAAAAAAAAAAAAAAAAAAAAALwIrtdn5/SiOr+nvFSfv7P/qPyiG0Vj+Pj5PPN81gzUOh+oNEvxfUq9TsTJ8Y2iKFJduMh34pVOdJ7NrgEAAAAAAAAAAAAAAAAAAOD/5cHnF+OzyeTu/SWN369FrOha0cgiYhRx+bb+Dan9VV2j1pXX4mJ81ls9YKtrr26umTT2m5osYu12otNtRh5udRO2bxysWvOPP207YH9zTbecK8t2t52LcfPsGp9lsbSmF82VfvOY/tKuyWPzTquR81U1afPTr9XIl3YNtt57/lLVmK2piWzdwt76c37n6ivZv3eRV3d1abzbOo1jzR276naefK3IOhEHkf/Hr0AAAAAAAAAAAAAAAAAAAEBj8abfJ7oONkT3Um9nywIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp2rx//+3aMzq8BWK87j/4BlvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBfAPwEAAP//kV5Pbg==") creat(&(0x7f0000000100)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100) preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) 4m2.85335866s ago: executing program 6 (id=2082): rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x7, &(0x7f0000000080)={0x0, 0x0, 0x4}) r2 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffe]}, 0x8) read(r2, &(0x7f0000000740)=""/384, 0x200008c0) 4m2.506550389s ago: executing program 6 (id=2086): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x1}, 0x8) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='J', 0x1}], 0x1, 0x0, 0x0, 0x2804c044}, 0x0) sendmmsg$inet(r0, &(0x7f0000003d80)=[{{&(0x7f0000000180)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f0000000200)=[{&(0x7f00000003c0)="d6", 0x1}], 0x1}}], 0x1, 0x4048841) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000008fc0)={0x0, 0x4, 0x9}, 0x8) 4m0.647409506s ago: executing program 35 (id=2086): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x1}, 0x8) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='J', 0x1}], 0x1, 0x0, 0x0, 0x2804c044}, 0x0) sendmmsg$inet(r0, &(0x7f0000003d80)=[{{&(0x7f0000000180)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f0000000200)=[{&(0x7f00000003c0)="d6", 0x1}], 0x1}}], 0x1, 0x4048841) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000008fc0)={0x0, 0x4, 0x9}, 0x8) 3m10.858284258s ago: executing program 5 (id=2361): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$tun(r1, &(0x7f0000000340)=ANY=[], 0x141) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)='O', 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000100)=0x22, 0x4) 3m9.879994306s ago: executing program 5 (id=2365): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x58}}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0xa5) sendto(r0, &(0x7f0000000140)='A', 0xfffff, 0x40008c1, 0x0, 0x0) 3m8.873201453s ago: executing program 5 (id=2368): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 3m7.371472504s ago: executing program 5 (id=2377): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRESHEX], 0x1, 0x2cb, &(0x7f00000014c0)="$eJzs3T9rJGUcB/DfJLuzm7PYLaxEcEALq+Nyrc0GyYGYSklxWmjw7kB2F+EOAkZxsbK1sbQXBMHON2Ej+AIEX4CdVxw8MrMz2Tlv/2TBvfO4z6dInszz+z5/ZpdNQtgnH786Hd8p4t7XX/4R/X4We6MYxcMshrEXjZRSioXRtwEAPM8ephR/pbkrRkblhywi+rtdGgCwI1t///9550sCAHbs/dsfvHt0cnL8XlH049b0m/PT8jf78vO8/+hefBqTuBs3YhCP5n8L6NbZsn0rpTTrFKVhvDGdnZ+WyelHv9Y1R81EhzGI4WWs+mmjyr9zcnxYzLXys3Id16r5f7g9Kue/GYN4+TL8WP7mknyc5vHm6631X49B/PZJfBaTuFMtYpH/6rAo3k7f/f3Fh+Xyynw2Oz/tVXULaf/pPCIAAAAAAAAAAAAAAAAAAAAAALwIrtdn5/SiOr+nvFSfv7P/qPyiG0Vj+Pj5PPN81gzUOh+oNEvxfUq9TsTJ8Y2iKFJduMh34pVOdJ7NrgEAAAAAAAAAAAAAAAAAAOD/5cHnF+OzyeTu/SWN369FrOha0cgiYhRx+bb+Dan9VV2j1pXX4mJ81ls9YKtrr26umTT2m5osYu12otNtRh5udRO2bxysWvOPP207YH9zTbecK8t2t52LcfPsGp9lsbSmF82VfvOY/tKuyWPzTquR81U1afPTr9XIl3YNtt57/lLVmK2piWzdwt76c37n6ivZv3eRV3d1abzbOo1jzR276naefK3IOhEHkf/Hr0AAAAAAAAAAAAAAAAAAAEBj8abfJ7oONkT3Um9nywIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp2rx//+3aMzq8BWK87j/4BlvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBfAPwEAAP//kV5Pbg==") r0 = syz_clone(0x9908500, 0x0, 0xfffffffffffffd16, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r0, &(0x7f00000002c0)='pagemap\x00') 3m6.275989607s ago: executing program 5 (id=2382): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x2, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f00000003c0)={0x0, 0x12, 0x1, 'T'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, &(0x7f0000000100)={0x40, 0x12, 0x1, "ec"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x2, 0x88, 0x0, 0x0) 3m5.400041452s ago: executing program 5 (id=2390): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mprotect(&(0x7f00005ae000/0x1000)=nil, 0x1000, 0x3) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040040) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r0, 0x2000, 0x0) 3m4.228816237s ago: executing program 36 (id=2390): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mprotect(&(0x7f00005ae000/0x1000)=nil, 0x1000, 0x3) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040040) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r0, 0x2000, 0x0) 2m16.435627447s ago: executing program 9 (id=2592): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wg2\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x40044}, 0x20008000) 2m15.784961862s ago: executing program 9 (id=2597): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) pipe2(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write$FUSE_INIT(r1, &(0x7f0000000340)={0x50}, 0x50) vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x119f00}], 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2m15.286970426s ago: executing program 9 (id=2600): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000012c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x9, &(0x7f0000001380)={0x0, 0x3938700}, 0x1, 0x1, 0x1}) io_uring_enter(r0, 0x4866, 0x0, 0xb, 0x0, 0x0) 2m14.588239598s ago: executing program 9 (id=2603): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000400)=ANY=[@ANYBLOB="666c7573682c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d312c756e695f786c6174653d302c7379735f696d6d757461626c652c6e66733d7374616c655f72772c646d61736b3d30303030304390303030303030303030303030303230312c73686f72746e616d653d6d697865642c71756965742c757466383d302c00"], 0x0, 0x29f, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=") mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x100) 2m13.963260791s ago: executing program 9 (id=2606): r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)) ioperm(0x7, 0x6, 0x10000) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mkdir(&(0x7f0000000100)='./control\x00', 0xa0) mount$afs(&(0x7f0000000080)=@cell={0x25, 'syz1:', 'syz1', '.readonly'}, &(0x7f00000000c0)='./control\x00', &(0x7f0000000000), 0x200000, 0x0) 2m13.303522002s ago: executing program 9 (id=2609): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000180)="f7790066baa00066b86b42460f22c7d466ba420000b8e20066ef0f29902cbb0000c4e2b1ba8c88d90000006666f6440f386b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x4b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m10.649754938s ago: executing program 37 (id=2609): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000180)="f7790066baa00066b86b42460f22c7d466ba420000b8e20066ef0f29902cbb0000c4e2b1ba8c88d90000006666f6440f386b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x4b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17.588128931s ago: executing program 1 (id=3097): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) syz_mount_image$f2fs(&(0x7f0000010600), &(0x7f0000010640)='./bus\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002afdae3565781009f76e97b48ab97bfb17214266c0e5b7032d7a3d77ba65f6179d16cef7c34648024212402e69cc86c8fce5989be545ce26a9c4f5f2165f36561402b40d94de59edbb0507bf01e3ece0fd57e13bef384234e823d81383eac1c0afb4464b4d16006b7691ea638989f6f567a2817567b9c1606c0a15f5a0dbce62f473cd22efb03bcddff402dacf8c1372a5e8ff5bc5b6a5015037cf1236a6167a302d5d082a447099b4ee2bc4"], 0x1, 0x10600, &(0x7f0000020cc0)="$eJzs3D1vW1UYB/DHCX2llAr1hQHElRBSItVWnb4IFlSgFSDaqqIwMIFju5Zb2zeK3cR0YYEBiYmFL8EEn4EFdlZY2FhAYqso8r0niEAlIHHjQH4/6eZ/7vG5j8+xvBzf6AawZx3Lfvm5EkfjUETMR8SRiKJdSUfhYhlPRsQzqWsuHZXU/3vH/og4HBFHJ8XLmpX00lO/3vv+i2+uPP3xd59++8FnP92YzYqB3eC5iOivlO31fpl5p8xbqb+x1i2yf24tZflC/3Y6z8tcby8XFdYbG+MaRZ7tlOPzlTvDSd7sNZqT7HRvFv0rg/INh2udjTrFBbcaq8V5q71cZHeYF9m5W85rnPLucFTWaaV67xflYzTayLK/PW6X61m5XWRzMEr9Zd281R5Pci1lerto5r1WMY/lLX/Mu96V7uDOOFtrrw67+SA7X6s/X6tfqNZX81Z71D5XbfRbF85lC53eZFh11G70L3byvNNr15p5fzFb6DSb1Xo9W7jUXu42Blm9XjtbO1M9v5hap7NXr72d9VrZwiRf7g7ujLq9YXYzX83KKxazpdrZFxazZ+vZjavXs+tvXr589fpb715659pLV19/JQ36y7SyhaUzS0vV+pnqUn1xqys/fb+0V9dfGle2dz17nO8PwL+2lf3/nP0/sE32//b/saf3/9Yf9v9sl+8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCe9cO+L18rGsfK80dT/2Op64mIOBURJyPiRETcf4D52L+p5vGIqKT2g8bv+9McvqpEUWFyzYF0HI6Ii+m49/jD/hQAAADg/+vzrz/8KGJ+0iz+vDjrCbGT0o82B6dVr/jJ55FpVTteFBtPqdqJjZJTcTIi9h37cUrVTkXE3JH3plTtH5nfFAf/EJUy5nZyNgAAwM7YvBOY2u4NAACAXeeTWU+A2Sju16b/xU/3gg+UkW4IHto4e2MGswMAAACmoTLrCQAAAAAPXbH///vn/817/h8AAAD8h5XP/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA3du7mNnEgigP4A9YL+6VFKz5a4bTaIweK2BJyTAFJN7lRQyREHeSWEiKIsCdSHHGI5DFO0O8nmRlb8Nczt+exBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoE0PxXp5t725bZqzPzST524AAACAU3bFellOxtX5j3T9V7r0JyLmETGLiGlEnOrdB/G1ljmJiF6an/p+8aaG+4gy4fibYTq+R8S/dDz9bvtfAAAAgMu13SxWEYPjtPz423VBnFN6aDPKlVc+8vmSK21Shl1nSpu+RGYxi4hi/JgpbR4R/Z//M6W9y6A2jF4NvWron7MaAADgPOqdQLbuDQAAgA/nqusC6Ea5XpvexU9rwcNqSAuC32pnAAAAwCfU67oAAAAAoHVl/2//PwAAALhs1f5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtGlXrJfbzWLVNGd/aCbP3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLM/LykYwkAQBvt/qncK3v9WSoNudeWuCgIfM4QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCuv4+R9xqexJvl22vh1PJL8u2pMXTXmrhtLL4zb57bnfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCzPy8nAAIxGAbjW3ta7L8mL8oPevYmCDMgfCQEWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBvuvur/okhsVfVmGliyrhV1ZxVYskqseYgseWgvf3tOD94EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMUOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX2590mYiCMwuj1AAInBFACucWjBhIiBCXwkJAsuQYKoCESIlKLRtgWdiXvON7MG+w5yf2CCeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OCsd744StKkzFlSHj4v/4+TnKR8jeP96ZTN9+pvONvm88/vY82LPF21Sdo0S5wDALC4bt4pzvP+0b9dJ9Pe1L2te1e3exn61/1+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA27NzPSxRvHAfwZ1d3v1+7dekQBWVBQtT6A3EVL0WBBf0D3hbdRFpL1ENKEHaRLkGX7l261M1Tp/6DTl0iCuq+QUEEQRi7O2OPqbFedlZ6veCZ+TgMM88zB+E9n1EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOoL4ezqd1LoRwvPd33fD2y72Zvfb1+8dG0/Ho5PPF+JqNSxRCCDfna9XBDq6lm50Nw839h88PB+Jn+Od5y6trtyq1WnVJoVAotosMfmkBAHBoFZLRyPUfC5tTjWO5yRC2nu7M/+eiOrSZ/7eeDLyO7xXn/6GOrbC7pfl/+vrGxN/yf2llYbG0vLp2YX6hMledq94eGhsfGxwpjw6PlZrvU0reqgAAALC/YjLi/J+f3N3/PxLVoc38/+rlten4Xj3y/y5p/r/c3/+svf5/BpMEAAD4Rxw99e1rbo/juWIx3K2srCwNtbbbPw+3thlM9cD+S0ac/3sms54VAAAA0An19dyO/v9sVIc2+//vv185EV+zJ4TQl/T/L87cqc12bjldK+3/T1yq3Mj67/8zWD4AAAAd0peMuP9faH7/nz+dnpMPIQycadXJvwFsK///fDD+Jr5X/P3/SOeW2JXy5dbzSPP/xrsX8/vl/+a55RB6yxlNFgAAgEPv/2Q08v+nwubU0o/HV4u+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/s2DFKM0EUB/BJNvm+RjEgiKWFNhaigmAVsBAkHsJCFASPEBAPoOBZLLyDSOqk9AApvIHMZEfCNirIrobfDyb/R9hk3840eQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE9Nj8JGrov40pvV7fK98dvwPOakkumzN2sHccW6VW/bf856mc+T06fx3B62DpvrCQAAgMVT5Pk+hPDafTyJ2e6n+X8rXxNn/uHyrM7zfHXuz5ln/7iWHoqzjxv1ZvfphhAur64vdmt7wt9tM+ynHLxs38/vYfW6lS98VyedT/qHpkjH1h7crk67addbd6PR8b9U/v/5pwAAvmsnZ1nk30cx95psDICF1SlXmJv/i36zPQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU4T0AAP//F6aahA==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 11.79082109s ago: executing program 1 (id=3109): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000000), 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000080000000000000000000a1400000010"], 0x28}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000005c0)={&(0x7f0000000180)={0x1d, r1}, 0x10, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="04000000000000000000010000000000", @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x38}, 0x2}, 0x0) 7.197755594s ago: executing program 8 (id=3130): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.651258726s ago: executing program 8 (id=3131): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f00000011c0)={0x3, 0x100, 0x0, 0x5, 0x590f, 0x2}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000009c40)=@nat={'nat\x00', 0x19, 0x2, 0x120c, [0x200000000000, 0x0, 0x0, 0x200000000030, 0x200000000060], 0x0, 0x0, &(0x7f0000000000)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{0x5, 0x2, 0x8808, 'lo\x00', 'sit0\x00', 'pim6reg1\x00', 'xfrm0\x00', @local, [0xff, 0x0, 0x0, 0x0, 0xff], @remote, [0x0, 0x0, 0xff, 0x0, 0xff], 0x6e, 0x6e, 0xa6, [], [], @arpreply={'arpreply\x00', 0x10, {{@broadcast, 0xfffffffffffffffe}}}}, {0x11, 0x0, 0x22eb, 'macvlan1\x00', 'pim6reg\x00', 'geneve0\x00', 'ip_vti0\x00', @random="9d80e7bdd241", [0xff, 0x0, 0xff, 0x1fe, 0x0, 0xff], @broadcast, [0x0, 0xff, 0x0, 0xff, 0xff, 0xff], 0x109e, 0x109e, 0x10d6, [@among={{'among\x00', 0x0, 0x820}, {{@offset=0xc, @offset=0x414, 0x1, {[0x29a4, 0x8, 0x5, 0x7, 0xead, 0x7, 0x9, 0x51c, 0xe, 0x8001, 0x4, 0xdc3f, 0x9, 0x80000000, 0xf1, 0x3, 0xf7a59117, 0x8001, 0x8, 0x38cef356, 0x88be5ef, 0x80000000, 0xc, 0x7, 0x60000, 0x4, 0x2, 0x8, 0x28f4f5a1, 0xbcbd, 0xfff, 0x80, 0x4, 0xfffffffa, 0x4, 0x0, 0x401, 0x73af, 0x4, 0xfffffff8, 0xffffe023, 0x0, 0x4, 0x1, 0xca84, 0xb, 0x4be, 0x2, 0x2c8, 0x3, 0x2, 0x26f, 0x2, 0x9, 0x3, 0x1667, 0x7, 0x10000, 0x6, 0x0, 0x3, 0x3, 0x1, 0x2, 0x101, 0x5, 0x80000, 0x9, 0x23, 0x8, 0x6, 0x3, 0x455c5d5d, 0x4, 0x5, 0x7612, 0xffffffff, 0xcb47, 0x0, 0x2, 0xc2b, 0xab, 0x80000001, 0x80000001, 0x1, 0x8, 0x3f, 0x2, 0x1, 0x6, 0x8, 0x7, 0xa08e, 0x2, 0x7fff, 0x7ef, 0x9, 0xfffffffc, 0x8, 0x610, 0x9, 0x2, 0x2, 0x1, 0x6, 0x9, 0x7f, 0x7, 0xffffffff, 0x800, 0x3, 0x7, 0x7, 0x0, 0xffff, 0x5, 0x237c, 0x7, 0x8, 0xb, 0x3, 0x7ff, 0x50000000, 0x800, 0x0, 0x1, 0x401, 0x7fff, 0x3, 0x8c, 0x8001, 0x8, 0xb45f, 0x4e0, 0xf62, 0x9, 0x2, 0xb7, 0x9, 0x7ff, 0xfffffffb, 0xfff, 0x8, 0x6, 0x2, 0x81, 0x1, 0x100, 0x2, 0x8, 0x3, 0x35, 0x7, 0x5, 0x2, 0x200, 0x7, 0x0, 0x0, 0x6, 0x12c7, 0x3, 0x10000, 0x3, 0x0, 0x92, 0x0, 0x3, 0x4, 0x7, 0x4, 0x401, 0x1, 0xf, 0xfffffffc, 0x9, 0x3, 0x3, 0x5cb0, 0x200, 0x8, 0xffffff7f, 0x314df75, 0x6, 0x4, 0x7, 0x31, 0x80000000, 0x10001, 0x0, 0x3, 0x8000, 0x0, 0x7, 0x65c, 0x1, 0x1, 0x18df, 0x6, 0x3, 0x5, 0x5, 0x1, 0x8, 0x4, 0x67a, 0x1, 0x401, 0x9, 0x10000, 0x80000000, 0x4, 0x8, 0x0, 0x7, 0x800, 0x799e, 0x6b, 0x7, 0x9, 0x77c, 0x4, 0x3, 0x3d, 0x400, 0x9, 0x2, 0xffff, 0x1, 0x6, 0x200, 0x7fff, 0x4, 0x200, 0x7ff, 0x9, 0x100, 0x3, 0xfaf4, 0x0, 0x8, 0x8000, 0x5, 0x103f, 0x4, 0x8, 0x1, 0x3, 0x1, 0x81, 0x401, 0xd, 0xce000, 0x0, 0x1, 0x5, 0x1]}, {[0x4, 0xa51, 0x7, 0x0, 0xfffffff8, 0x2, 0x80000000, 0x3, 0x45e, 0x7ff, 0x40, 0x7ff, 0x792aaffd, 0x5, 0x10, 0x3, 0x7, 0x4, 0x3, 0x80000000, 0x7, 0x7, 0x3, 0x67, 0xffff, 0x7f, 0x7, 0xf4e, 0xcc, 0x1, 0x2, 0x1, 0x4, 0x10000, 0x7, 0x9, 0x9, 0x1, 0x80000000, 0x100, 0xe, 0x1, 0xffff, 0x8, 0xb, 0x800, 0x0, 0x32, 0x7, 0x7f, 0x9, 0x777c, 0x5, 0x0, 0x8, 0x8, 0x5, 0x5, 0x1, 0xe7, 0x7f, 0x5, 0x9, 0x722c, 0x6, 0x1ff, 0x800, 0x10, 0x7297, 0x1, 0x34, 0x3, 0x1, 0x1, 0x40, 0xfffffffa, 0x1, 0x4, 0x80000001, 0x7e50, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x5, 0x6b, 0xfffffff1, 0x4, 0x3, 0x0, 0x6, 0x7, 0xfffffffd, 0x0, 0x2, 0x2, 0x3, 0x9, 0x6, 0x0, 0x9, 0x1, 0x3, 0x80, 0x100, 0xfffffff9, 0xfff, 0x3, 0x0, 0xab, 0x4, 0xe, 0x2, 0x8000, 0x2, 0xfff, 0x6, 0xffffffff, 0x2, 0x400, 0x9, 0x7, 0x800, 0x8, 0x80000001, 0x0, 0x1ff, 0x4, 0x5, 0x9, 0x5, 0x4, 0x8380e5f, 0x0, 0x1, 0x3, 0xac48, 0x10000, 0x2, 0x2, 0x2, 0x4, 0x4, 0x941, 0x9, 0x2, 0xdd, 0x7, 0x3, 0x1, 0xef41, 0xff, 0x79e6, 0x711f, 0x897a, 0x4, 0x1, 0x1, 0x8, 0x9, 0x5, 0xfffffff8, 0xfffffff4, 0x7, 0x3, 0x8, 0x1, 0x77de, 0x8, 0x5, 0x8, 0x3, 0x2, 0x8, 0x80000000, 0x90, 0x9, 0x5, 0x3, 0x4, 0xfffffffd, 0xa9, 0x32c8, 0x7, 0x10001, 0x4, 0x8, 0x7, 0x5, 0xf8c9, 0x9, 0x4, 0x7, 0x8, 0x8, 0x10, 0x40, 0xb, 0x6, 0x9, 0x80000000, 0xffff0001, 0xfffeffff, 0x3, 0x0, 0x9, 0x5, 0x4, 0x0, 0x7, 0x10, 0x16, 0x8, 0x2, 0x9, 0x0, 0x180, 0xfffffff9, 0xc1e9, 0x6, 0x8001, 0x5e6, 0x9, 0x8728, 0x8, 0xcd, 0x3, 0x9, 0x6, 0x9, 0x0, 0x9, 0xa, 0x2f9be110, 0x6, 0x8, 0x0, 0x3, 0x3e, 0x9, 0x8, 0x401, 0x4, 0xb0, 0x1, 0x4, 0x3, 0xfffffffe, 0x9, 0x0, 0x7, 0xf0fa, 0x8b, 0xa, 0x6]}}}}, @u32={{'u32\x00', 0x0, 0x7c0}, {{[{[{0x1, 0x1}, {0xf, 0x1}, {0x6413a464}, {0x58, 0x3}, {0x8, 0x1}, {0x0, 0x1}, {0x4}, {0x1db2}, {}, {0x6, 0x3}, {0x1}], [{0x5, 0x1}, {0x1, 0x3}, {0xd4d, 0x6}, {0x1, 0x10}, {0x80000000, 0x4}, {0x6, 0xcea1}, {0x1, 0x1}, {0xca, 0xf}, {0x9, 0x764}, {0x492f1f5a, 0x1000}, {0x14f, 0x6}], 0x1, 0x1}, {[{0xbc8, 0x3}, {0x8, 0x3}, {0x0, 0x2}, {0x79, 0x1}, {0xdac, 0x2}, {0x6, 0x3}, {0x7fff, 0x1}, {0x10001, 0x2}, {0x5, 0x1}, {0x4d7d3255, 0x1}, {0x3, 0x2}], [{0x0, 0x8}, {0x8, 0x800}, {0xe}, {0x4, 0x8}, {0x0, 0x4}, {0x7, 0xfffffffb}, {0xdd54, 0x3}, {0x85, 0x10001}, {0xa00c, 0x6}, {0xfffffffc, 0x7}, {0x4, 0x6}], 0x0, 0x1}, {[{0x3, 0x2}, {}, {0x7fffffff}, {0x200}, {0xb, 0x1}, {0x4e8}, {0x9, 0x1}, {0x2}, {0x857a}, {0x6, 0x1}, {0x1, 0x2}], [{0xfffffc01, 0x5}, {0x1, 0xfffffff9}, {0x4, 0x25bd}, {0x90, 0x1ff}, {0x3, 0x9}, {0x698a, 0xb}, {0x1a4, 0xffff}, {0x9c28, 0x14a}, {0x1e000000, 0xb}, {0x5, 0x4}, {0x4, 0x3}], 0x3, 0x5}, {[{0x1, 0x2}, {0x26, 0x3}, {0xb5}, {0x0, 0x3}, {0x8, 0x2}, {0x2, 0x3}, {0x7}, {0xfffffff0, 0x3}, {0x3, 0x3}, {0x8, 0x3}, {0x80}], [{0xb, 0x3}, {0x9, 0x98}, {}, {0x9, 0x5}, {0x6, 0x45b0a520}, {0x7fffffff, 0x9}, {0xfffffff2, 0x6}, {0x7, 0x4}, {0x80000001, 0x3d8}, {0xeb8, 0x9}, {0x24000000, 0x1ff}], 0x6, 0x4}, {[{0xb, 0x1}, {0x1ba34aa4, 0x3}, {0x2, 0x1}, {0x1, 0x3}, {0xdde}, {0x4}, {0x2, 0x3}, {0x3}, {0x3, 0xcb897f6f95ce38dd}, {0x6}, {0x401, 0x3}], [{0x4, 0x8000}, {0x800, 0x4}, {}, {0xf, 0x4}, {0xffff7fff, 0x4}, {0x8, 0x6}, {0x7, 0x2}, {0x2}, {0x5, 0x40}, {0x7, 0x7fffffff}, {0x6, 0x7}], 0x8}, {[{0xa, 0x3}, {0xfff, 0x3}, {0x200, 0x1}, {0x80000001, 0x3}, {0x6}, {0x7e, 0x1}, {0x3, 0x1}, {0xfffffffc, 0x1}, {0x7f, 0x3}, {0xce, 0x1}, {0xffffffff, 0x3}], [{0xffffffff, 0x5c}, {0x1, 0x2}, {0x9, 0x7}, {0x2c, 0x6c492ba}, {0x7, 0xe}, {0xffffffff, 0x4}, {0x6, 0xc}, {0x80000000, 0x3}, {0x7, 0x7f}, {0x1, 0x80000001}, {0x9, 0x3}], 0xa, 0x5}, {[{0x0, 0x2}, {0xab, 0x1}, {0x6fe6, 0x1}, {0x1}, {0x5}, {0x4}, {0xb9, 0x1}, {0x9}, {0xe, 0x2}, {0x4}], [{0x9, 0x3bcb}, {0xb3, 0x101}, {0x40, 0x3f4}, {0x2, 0x7f}, {0x16b, 0x355}, {0x4, 0x101}, {0xfff, 0x1}, {0x5, 0x1000}, {0x1000}, {0xfc, 0x9}, {0x8, 0xca83}], 0x0, 0x4}, {[{0x4}, {0x2, 0x1}, {0x2, 0x2}, {0x7}, {0x4}, {0x7}, {0x7f}, {0x7, 0x2}, {0x9, 0x2}, {0x8, 0x1}, {0x5, 0x1}], [{0x7}, {0x4, 0x7}, {0x9, 0x800}, {0xc2e, 0x800}, {0x86, 0xd}, {0xc, 0x400}, {0x100, 0xfffffffe}, {0x1, 0x7}, {0x7a}, {0x3, 0x7fffffff}, {0x7f, 0x8}], 0x1, 0x5}, {[{0xfffffffb, 0x1}, {0x0, 0x2}, {0x57}, {0x7, 0x3}, {0x1, 0x1}, {0x6f5, 0x3}, {0x3b, 0x1}, {0x8, 0x1}, {0x0, 0x2}, {0x5, 0x2}, {0x1}], [{0x400, 0x8}, {0xfff, 0x736}, {0xffff, 0x5}, {0x0, 0x9}, {0xfffffffe, 0x2b56}, {0x0, 0x8e55}, {0xb8b4}, {0x7fffffff, 0x2}, {0xd605, 0x6}, {0x2c, 0xfffffff3}, {0x5, 0x7a}], 0xa, 0x9}, {[{}, {0x2, 0x2}, {}, {0x0, 0x2}, {0x9308}, {0x2, 0x2}, {0x52}, {0xe}, {0x8}, {0x18ce, 0x1}, {0x0, 0x3}], [{0x6, 0x9}, {0x9, 0x6}, {0x3ff, 0x10}, {0x6, 0x4}, {0x5, 0x7fffffff}, {0x53, 0x7fffffff}, {0x45fe, 0x1}, {0xd1, 0x2}, {0xc210, 0x94e4}, {0x3, 0x8}, {0x5, 0xf3}], 0x9, 0x7}, {[{0x6, 0x1}, {0x9}, {0x6, 0x3}, {0x6, 0x1}, {0x2, 0x3}, {0x2}, {0x5, 0x3}, {0x6, 0x1}, {0x6}, {0x8, 0x2}, {0xef, 0x2}], [{0x3ff, 0x80}, {0x1, 0x9}, {0xf, 0x6}, {0x9, 0x1e5}, {0xc88, 0x61a}, {0x9, 0x10001}, {0xfe, 0x9}, {0x4, 0x4672}, {0xfffffff9, 0x7fffffff}, {0x1, 0x7ff}, {0x1afd8057, 0x7fff}], 0x5, 0xa}], 0x2, 0x1}}}], [], @snat={'snat\x00', 0x10, {{@random="c3bfa282957e", 0xfffffffffffffffe}}}}]}]}, 0x1284) 5.332194933s ago: executing program 2 (id=3138): r0 = add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000004c0)=ANY=[@ANYRES16=r1, @ANYRES8=r0, @ANYRESDEC=r2, @ANYRESOCT=r2, @ANYBLOB="761304d6ae8d3d1d231b915f43cd66566f826c59cbb4185132628db6aca424496a4bfed23403c13cd6fec66baedc54f4319547a76a2fea6bbb840dbb0c0c06df715f35256f800c637ab1fd5cfd9eb53d3194c45db86189fcb2cc94d57b551af94728d15a9273b92dbfdb925deb00ed97c2016a302b0bdb1cde8ad19d7f5c5441ab61af7f611f5ed97b3e143208d3ca2b04d36a2fff025f2ec74d7b283b6658d658d229be8cad791ce98813b8d9ac73f3ed9a3b338d48ba4756ae1d8645a00e4040a6cec859590d9f99aa7562410177d91f249d99034737e3", @ANYBLOB="0bc7ef849ea570e45f27cb673f91f3b981d8c25596bffb802cd30f33c760bed229a1514e1ecc2faec88c053380126f92b931b4c759fdb98668101d9d4e43bb62dce791a368288e3c2a116cdc5b48989a988699dc93664415211b91f5ae677f5600b1010c9fb5740e50ddd1df186fd33bf177b9a89b6c3716ee52c72de49e4af218f6bfcf33ccb81501e7518f790143fad4e288add844b0ec89bc09fca8e3110ff5ec17889cc55651f82d0081474a9ecbc56785d391b61756860d3cc6dab276c13f2b31649bd3fb6090520fd01f602b74"], 0x1df) write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 5.056070056s ago: executing program 1 (id=3140): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0xa, 0x43, 0x0, 0x2d6c00000000000, 0x405, 0x0, 0xb3, 0x4, 0xb1d, 0x4000000000000008, 0x20010000000000, 0x81, 0x3, 0x8, 0xe5, 0x812], 0x3000, 0x3877c2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.960223324s ago: executing program 0 (id=3141): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x5) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000180)='u', 0x1}], 0x1000000000000162) 4.432589432s ago: executing program 0 (id=3143): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4e071, 0xffffffffffffffff, 0x80000000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 4.335660188s ago: executing program 2 (id=3144): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = landlock_create_ruleset(&(0x7f0000002080)={0x2144, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknod(&(0x7f0000000140)='./file1/file3\x00', 0xc000, 0x9) renameat2(0xffffffffffffff9c, &(0x7f0000002200)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 4.21182841s ago: executing program 1 (id=3146): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='task_newtask\x00', r1, 0x0, 0xfffffffffffffffc}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 3.844301984s ago: executing program 7 (id=3147): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="180000000000000000000000000000008500000008000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001780)=""/4096}, 0x20) 3.741622894s ago: executing program 0 (id=3148): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x9) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1241, 0x5015, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x0, 0x40}}}}}]}}]}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000640)={0x24, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0022050000002a950da1b0bc7ee1e13fd623053bbb9de01223dbbbf3b965ac8a655e923bb7b8f90cadc1071de90acb674f96750314bc1c6dba9bf5307624bc40067c987272d338bb75ed53aeaf83013a2a032bcf6147fcbd84bfa852a2bc318ca211de8e0144c3e9d614421c1b4ab6a09b08209f196f6a2ffa4a4a7f2ab890c53cfa529190"], 0x0}, 0x0) 3.626505288s ago: executing program 2 (id=3149): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) unshare(0x20400) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r1, &(0x7f0000000300)={0xa, 0x2, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffd}, 0x1c) 3.528167582s ago: executing program 1 (id=3150): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r2, 0xf000, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}]) fcntl$setpipe(r0, 0x407, 0x9602) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 3.41985304s ago: executing program 7 (id=3151): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRESDEC, @ANYRES32, @ANYRES32], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 3.321164763s ago: executing program 8 (id=3152): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) 3.048261357s ago: executing program 7 (id=3153): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.351330122s ago: executing program 2 (id=3154): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x400, 0x0, 0x0, 0xfffffffe, 0x3}) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) 1.898384392s ago: executing program 7 (id=3155): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x1000}, 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2000}, 0x4) 1.724117058s ago: executing program 8 (id=3156): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000580)={0x1fe, 0x1, 0x0, 0x2000, &(0x7f00004ef000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"]) 1.487986217s ago: executing program 2 (id=3157): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x66, 0x0, 0xfd, 0x11, 0x0, @rand_addr=0x64010102, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x63, 0x0, &(0x7f0000000000)="ff", 0x0, 0x149d, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) 1.487678917s ago: executing program 0 (id=3158): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000009c0)="ad56b6c5820fae9d6dcd3292ea54c7be8bbdadbb1632ea5704cae881ef915d374c90c200", 0x24) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000005f80)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)="ab219ff417490221c2d955b8fcc2ed4d", 0x10}], 0x1, 0x0, 0x0, 0x800}], 0x1, 0x80) recvmsg$qrtr(r1, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000700)=""/192, 0xc0}], 0x1, 0x0, 0x0, 0x10000}, 0x38, 0x2) 1.473689011s ago: executing program 7 (id=3159): munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000f80), 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x4) fcntl$setstatus(r0, 0x4, 0x6000) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x17, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0x2000}]) 991.870114ms ago: executing program 8 (id=3160): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r1, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=@newlink={0x4c, 0x10, 0x401, 0x70bd28, 0x3, {0x0, 0x0, 0x0, r1, 0x0, 0x1c05}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0xa4cc6}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x12) 529.412649ms ago: executing program 0 (id=3161): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) fsync(r0) 504.606956ms ago: executing program 7 (id=3162): poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000380)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x4e24, 0x5, @local, 0x6}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000d00)='\t', 0x1}], 0x1}}], 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x4, 0x2, 0xffff, 0x8, 0x80000001}, 0x14) 364.166416ms ago: executing program 8 (id=3163): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) 184.542093ms ago: executing program 1 (id=3164): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r2, 0xfffffffffffffffe, 0x29) 17.941796ms ago: executing program 0 (id=3165): mkdirat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018, r0}, './file1\x00'}) 0s ago: executing program 2 (id=3166): syz_clone3(&(0x7f0000000000)={0x14e002000, 0x0, 0x0, 0x0, {0x10}, 0x0, 0x0, 0x0, 0x0}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x8, r0) process_vm_readv(r0, &(0x7f0000000940)=[{&(0x7f0000000000)=""/63, 0x3f}], 0x1, &(0x7f0000000c40)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x0) kernel console output (not intermixed with test programs): c-816d-cd80a5b93e5d [ 719.209729][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 719.216834][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 719.422743][T11737] loop2: detected capacity change from 0 to 128 [ 719.545255][T11737] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 719.553835][T11737] FAT-fs (loop2): Filesystem has been set read-only [ 719.554055][ T30] audit: type=1800 audit(1760954708.914:101): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1973" name="file2" dev="loop2" ino=1048691 res=0 errno=0 [ 719.560864][T11737] syz.2.1973: attempt to access beyond end of device [ 719.560864][T11737] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 719.561132][T11737] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 719.604804][T11737] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 719.649985][T11737] syz.2.1973: attempt to access beyond end of device [ 719.649985][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 719.668474][T11735] loop5: detected capacity change from 0 to 4096 [ 719.683194][T11737] syz.2.1973: attempt to access beyond end of device [ 719.683194][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 719.709648][T11735] EXT4-fs: Ignoring removed nomblk_io_submit option [ 719.729639][T11737] syz.2.1973: attempt to access beyond end of device [ 719.729639][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 719.758094][T11735] EXT4-fs (loop5): Test dummy encryption mode enabled [ 719.781871][T11737] syz.2.1973: attempt to access beyond end of device [ 719.781871][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 719.808257][T11735] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 719.821024][T11735] System zones: 0-5 [ 719.844546][T11735] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 719.899212][T11737] syz.2.1973: attempt to access beyond end of device [ 719.899212][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 719.958446][T11737] syz.2.1973: attempt to access beyond end of device [ 719.958446][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 720.006021][T11737] syz.2.1973: attempt to access beyond end of device [ 720.006021][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 720.051129][T11737] syz.2.1973: attempt to access beyond end of device [ 720.051129][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 720.107498][T11737] syz.2.1973: attempt to access beyond end of device [ 720.107498][T11737] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 720.171433][T11735] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 720.395505][ T6926] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 720.884593][T11768] loop7: detected capacity change from 0 to 16 [ 720.909326][T11765] Invalid ELF header magic: != ELF [ 720.920916][T11768] erofs (device loop7): mounted with root inode @ nid 36. [ 721.959709][T11781] Process accounting resumed [ 722.167322][T11778] loop7: detected capacity change from 0 to 32768 [ 722.205206][T11778] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 722.300188][T11436] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 722.331722][T11778] XFS (loop7): Ending clean mount [ 722.345308][T11778] XFS (loop7): Quotacheck needed: Please wait. [ 722.381433][T11778] XFS (loop7): Quotacheck: Done. [ 722.507246][T10393] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 722.519642][T11436] usb 7-1: Using ep0 maxpacket: 16 [ 722.552434][T11436] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 722.565696][T11436] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 722.621681][T11436] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 722.631128][T11436] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.639537][T11436] usb 7-1: Product: syz [ 722.644372][T11436] usb 7-1: Manufacturer: syz [ 722.649202][T11436] usb 7-1: SerialNumber: syz [ 722.734707][T11436] usb 7-1: config 0 descriptor?? [ 722.793693][T11436] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 722.803429][T11436] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class) [ 723.207504][T11804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1996'. [ 723.529105][T11436] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 723.560212][T11436] em28xx 7-1:0.0: Config register raw data: 0x32 [ 723.567002][T11436] em28xx 7-1:0.0: I2S Audio (3 sample rate(s)) [ 723.573412][T11436] em28xx 7-1:0.0: No AC97 audio processor [ 724.012653][T11436] usb 7-1: USB disconnect, device number 6 [ 725.149806][T11826] loop2: detected capacity change from 0 to 64 [ 725.301329][T11830] netlink: 'syz.6.2005': attribute type 10 has an invalid length. [ 725.310896][T11830] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.321016][T11830] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.350464][T11830] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.358331][T11830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.367433][T11830] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.375268][T11830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.400480][T11830] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 725.591602][T11814] loop5: detected capacity change from 0 to 65536 [ 725.736604][T11814] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 725.880367][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 726.234167][T11843] input: syz1 as /devices/virtual/input/input18 [ 726.327381][T11845] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 726.775566][T11839] loop7: detected capacity change from 0 to 40427 [ 726.787166][T11839] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12 [ 726.795385][T11839] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 726.814071][T11839] F2FS-fs (loop7): invalid crc value [ 726.877802][T11814] XFS (loop5): Ending clean mount [ 726.954544][ T6926] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 727.209581][T11839] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 727.228026][T11839] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 727.235637][T11839] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 727.253753][T11858] loop2: detected capacity change from 0 to 128 [ 727.306990][ T30] audit: type=1800 audit(1760954717.064:102): pid=11858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2014" name="file2" dev="loop2" ino=1048692 res=0 errno=0 [ 727.340067][T11858] bio_check_eod: 37 callbacks suppressed [ 727.340152][T11858] syz.2.2014: attempt to access beyond end of device [ 727.340152][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.362866][T11858] buffer_io_error: 11 callbacks suppressed [ 727.362975][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 727.447820][T11858] syz.2.2014: attempt to access beyond end of device [ 727.447820][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.461958][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 727.480458][T11858] syz.2.2014: attempt to access beyond end of device [ 727.480458][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.494084][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 727.548482][T11858] syz.2.2014: attempt to access beyond end of device [ 727.548482][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.562541][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 727.626786][T11858] syz.2.2014: attempt to access beyond end of device [ 727.626786][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.641081][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 727.693539][T11858] syz.2.2014: attempt to access beyond end of device [ 727.693539][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.710688][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 727.747529][T11858] syz.2.2014: attempt to access beyond end of device [ 727.747529][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.762084][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 727.824495][T11858] syz.2.2014: attempt to access beyond end of device [ 727.824495][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 727.838414][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 728.062679][T11858] syz.2.2014: attempt to access beyond end of device [ 728.062679][T11858] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 728.076394][T11858] Buffer I/O error on dev loop2, logical block 2078, async page read [ 730.202487][T11891] loop7: detected capacity change from 0 to 512 [ 730.357108][T11891] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 730.370363][T11891] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 730.559335][T11891] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #2: comm syz.7.2027: corrupted inode contents [ 730.589567][T11891] EXT4-fs error (device loop7): ext4_dirty_inode:6517: inode #2: comm syz.7.2027: mark_inode_dirty error [ 730.617204][T11891] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #2: comm syz.7.2027: corrupted inode contents [ 730.668778][T11891] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #2: comm syz.7.2027: mark_inode_dirty error [ 730.772398][T11891] EXT4-fs error (device loop7): ext4_lookup:1784: inode #19: comm syz.7.2027: 'bus' linked to parent dir [ 730.792006][T11910] loop6: detected capacity change from 0 to 16 [ 730.828248][T11442] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 730.859035][T11910] erofs (device loop6): mounted with root inode @ nid 36. [ 730.907612][ T5796] Bluetooth: hci4: command 0x0406 tx timeout [ 731.009680][T10393] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 731.019351][T11442] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 731.019523][T11442] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 731.019755][T11442] usb 3-1: New USB device found, idVendor=056a, idProduct=00ed, bcdDevice= 0.00 [ 731.019903][T11442] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 731.026503][T11442] usb 3-1: config 0 descriptor?? [ 731.220729][T11901] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 731.227108][T11901] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 731.275666][T11901] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 731.282087][T11901] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 731.409113][T11901] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 731.415595][T11901] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 732.280924][T11442] usb 3-1: USB disconnect, device number 15 [ 733.050765][T11915] loop6: detected capacity change from 0 to 65536 [ 733.095053][T11915] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 733.648043][T11915] XFS (loop6): Ending clean mount [ 733.724713][ T30] audit: type=1800 audit(1760954723.807:103): pid=11915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2037" name="file1" dev="loop6" ino=38 res=0 errno=0 [ 733.805987][ T8857] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 734.903080][T11960] netlink: 830 bytes leftover after parsing attributes in process `syz.5.2054'. [ 735.349523][T11965] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2056'. [ 737.928430][T12011] loop5: detected capacity change from 0 to 128 [ 737.977361][T12011] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 738.052557][T12011] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 738.132332][ T30] audit: type=1800 audit(1760954728.439:104): pid=12011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2075" name="file1" dev="loop5" ino=104 res=0 errno=0 [ 738.561100][T12018] loop6: detected capacity change from 0 to 256 [ 738.600808][T12018] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 738.655863][T12018] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 738.848735][T12020] input: syz0 as /devices/virtual/input/input19 [ 739.045172][ T8857] FAT-fs (loop6): error, corrupted directory (invalid entries) [ 739.053510][ T8857] FAT-fs (loop6): Filesystem has been set read-only [ 739.096181][ T8857] FAT-fs (loop6): error, corrupted directory (invalid entries) [ 739.313723][T10449] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.454016][T10449] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.645474][T10449] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.779014][T10449] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.206005][T10449] bridge_slave_1: left allmulticast mode [ 740.212483][T10449] bridge_slave_1: left promiscuous mode [ 740.219587][T10449] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.252126][T10449] bridge_slave_0: left allmulticast mode [ 740.258572][T10449] bridge_slave_0: left promiscuous mode [ 740.265187][T10449] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.782962][T10449] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 740.934566][T10449] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 740.979976][T10449] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 741.015229][T10449] bond0 (unregistering): Released all slaves [ 741.423699][T10449] hsr_slave_0: left promiscuous mode [ 741.468689][T10449] hsr_slave_1: left promiscuous mode [ 741.480420][T10449] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 741.488188][T10449] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 741.515749][T10449] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 741.523680][T10449] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 741.618878][T10449] veth1_macvtap: left promiscuous mode [ 741.624695][T10449] veth0_macvtap: left promiscuous mode [ 741.631201][T10449] veth1_vlan: left promiscuous mode [ 741.636803][T10449] veth0_vlan: left promiscuous mode [ 741.675560][T11465] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 742.213869][T12050] input: syz1 as /devices/virtual/input/input20 [ 742.340473][T11465] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 742.352722][T11465] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 742.363109][T11465] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.400455][ T5796] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 742.430230][T11465] usb 6-1: config 0 descriptor?? [ 742.454343][ T5796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 742.457029][T12042] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 742.495657][ T5796] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 742.585594][ T5796] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 742.673902][ T5796] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 742.839830][ T5797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 742.869446][ T5797] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 742.871697][T10449] team0 (unregistering): Port device team_slave_1 removed [ 742.880337][ T5797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 742.902608][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 742.914823][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 742.960158][T10449] team0 (unregistering): Port device team_slave_0 removed [ 743.185129][T11465] kone 0003:1E7D:2CED.0011: unknown main item tag 0x0 [ 743.192347][T11465] kone 0003:1E7D:2CED.0011: item fetching failed at offset 3/5 [ 743.272989][T11465] kone 0003:1E7D:2CED.0011: parse failed [ 743.279631][T11465] kone 0003:1E7D:2CED.0011: probe with driver kone failed with error -22 [ 743.433614][T12062] loop2: detected capacity change from 0 to 128 [ 743.474202][ T5860] usb 6-1: USB disconnect, device number 10 [ 743.499419][T12062] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 743.571875][T12062] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 744.173413][T12052] chnl_net:caif_netlink_parms(): no params data found [ 744.845923][ T5796] Bluetooth: hci3: command tx timeout [ 745.506918][T12052] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.516046][T12052] bridge0: port 1(bridge_slave_0) entered disabled state [ 745.524076][T12052] bridge_slave_0: entered allmulticast mode [ 745.533976][T12052] bridge_slave_0: entered promiscuous mode [ 745.672739][T12052] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.680746][T12052] bridge0: port 2(bridge_slave_1) entered disabled state [ 745.688927][T12052] bridge_slave_1: entered allmulticast mode [ 745.699241][T12052] bridge_slave_1: entered promiscuous mode [ 746.226299][T12052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 746.252990][T12052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 746.510070][T12052] team0: Port device team_slave_0 added [ 746.537047][T12052] team0: Port device team_slave_1 added [ 746.675650][T12052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 746.683533][T12052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 746.709952][T12052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 746.826586][ T5796] Bluetooth: hci3: command tx timeout [ 746.844656][T12052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 746.851930][T12052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 746.882968][T12052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 747.162249][T12052] hsr_slave_0: entered promiscuous mode [ 747.172909][T12052] hsr_slave_1: entered promiscuous mode [ 747.183636][T12052] debugfs: 'hsr0' already exists in 'hsr' [ 747.189846][T12052] Cannot create hsr debugfs directory [ 748.441611][T12052] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 748.515675][T12052] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 748.589346][T12052] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 748.633433][T12052] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 748.816512][ T5796] Bluetooth: hci3: command tx timeout [ 748.824976][T12127] loop2: detected capacity change from 0 to 256 [ 748.928276][T12127] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 749.484024][T12052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 749.642368][T12052] 8021q: adding VLAN 0 to HW filter on device team0 [ 749.720332][T10473] bridge0: port 1(bridge_slave_0) entered blocking state [ 749.728004][T10473] bridge0: port 1(bridge_slave_0) entered forwarding state [ 749.753281][T12136] loop2: detected capacity change from 0 to 512 [ 749.814194][T10473] bridge0: port 2(bridge_slave_1) entered blocking state [ 749.821979][T10473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 749.922545][T12136] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 749.935820][T12136] ext4 filesystem being mounted at /453/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 750.796961][ T5796] Bluetooth: hci3: command tx timeout [ 751.150452][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 751.730592][T11443] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 751.921611][T11443] usb 1-1: Using ep0 maxpacket: 16 [ 751.957475][T11443] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 751.972367][T11443] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 751.983738][T11443] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 751.993802][T11443] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 752.004120][T11443] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 752.195570][T12052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 752.206957][T11443] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 752.217302][T11443] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 752.225763][T11443] usb 1-1: Manufacturer: syz [ 752.239731][T11443] usb 1-1: config 0 descriptor?? [ 752.582604][T12180] loop5: detected capacity change from 0 to 64 [ 752.674691][T11443] rc_core: IR keymap rc-hauppauge not found [ 752.680945][T11443] Registered IR keymap rc-empty [ 752.687604][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.711781][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.740562][T11443] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 752.755666][T11443] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input21 [ 752.784808][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.809041][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.837322][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.879713][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.903506][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.929443][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.949889][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 752.978823][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 753.005846][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 753.034287][T11443] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 753.060533][T11443] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 753.070271][T11443] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 753.136091][T11465] usb 1-1: USB disconnect, device number 14 [ 753.840665][T12052] veth0_vlan: entered promiscuous mode [ 753.932372][T12052] veth1_vlan: entered promiscuous mode [ 754.114357][T12052] veth0_macvtap: entered promiscuous mode [ 754.155689][T12052] veth1_macvtap: entered promiscuous mode [ 754.276746][T12052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 754.323210][T12201] loop5: detected capacity change from 0 to 256 [ 754.333144][T12052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 754.386373][T12201] exFAT-fs (loop5): bogus sectors bits per cluster : 193 [ 754.393790][T12201] exFAT-fs (loop5): failed to read boot sector [ 754.401021][T12201] exFAT-fs (loop5): failed to recognize exfat type [ 754.428576][T10469] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.447256][T10469] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.459726][T10469] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.484335][T10469] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.662299][T11443] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 754.843990][T11443] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 754.854644][T11443] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.893508][T11443] usb 1-1: config 0 descriptor?? [ 755.142565][T11443] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 755.394570][T11443] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 755.401853][T11443] [drm] Initialized udl on minor 2 [ 755.547368][ T30] audit: type=1326 audit(1760954746.714:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 755.571247][ T30] audit: type=1326 audit(1760954746.756:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=145 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 755.594462][ T30] audit: type=1326 audit(1760954746.756:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 755.618378][ T30] audit: type=1326 audit(1760954746.756:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8acc38ebcb code=0x7ffc0000 [ 755.641228][ T30] audit: type=1326 audit(1760954746.756:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8acc38ebcb code=0x7ffc0000 [ 755.664272][ T30] audit: type=1326 audit(1760954746.767:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8acc3c1885 code=0x7ffc0000 [ 755.780627][T11443] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 755.790148][T11443] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 755.803721][ T5860] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 755.815578][ T5860] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 755.824282][ T5860] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 755.832396][T11443] usb 1-1: USB disconnect, device number 15 [ 755.857543][ T30] audit: type=1326 audit(1760954746.966:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 755.880777][ T30] audit: type=1326 audit(1760954746.987:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.0.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 756.643123][T12234] loop5: detected capacity change from 0 to 2048 [ 756.683356][T12234] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 756.766477][T12238] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 756.826370][T12234] NILFS error (device loop5): nilfs_lookup: deleted inode referenced: 12 [ 756.865310][T12234] Remounting filesystem read-only [ 757.500247][T12249] netlink: 'syz.5.2162': attribute type 12 has an invalid length. [ 757.513942][T12251] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2164'. [ 758.065667][T12261] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 758.082366][T12261] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 758.627620][T12275] loop7: detected capacity change from 0 to 128 [ 758.658231][T12275] vxfs: unsupported VxFS version (2066843062) [ 758.738100][T11436] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 758.953253][T11436] usb 6-1: Using ep0 maxpacket: 32 [ 758.981054][T11436] usb 6-1: config 0 has an invalid interface number: 182 but max is 0 [ 758.990626][T11436] usb 6-1: config 0 has no interface number 0 [ 758.997167][T11436] usb 6-1: config 0 interface 182 has no altsetting 0 [ 759.049732][T11436] usb 6-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db [ 759.059387][T11436] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.067776][T11436] usb 6-1: Product: syz [ 759.072559][T11436] usb 6-1: Manufacturer: syz [ 759.077382][T11436] usb 6-1: SerialNumber: syz [ 759.137578][T11436] usb 6-1: config 0 descriptor?? [ 759.158554][T11436] hub 6-1:0.182: bad descriptor, ignoring hub [ 759.164906][T11436] hub 6-1:0.182: probe with driver hub failed with error -5 [ 759.306724][ T3651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.315102][ T3651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 759.469712][T10473] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.479059][T10473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 759.482885][T11436] kaweth 6-1:0.182: Firmware present in device. [ 759.660993][T11436] kaweth 6-1:0.182: Statistics collection: 0 [ 759.667240][T11436] kaweth 6-1:0.182: Multicast filter limit: 0 [ 759.673734][T11436] kaweth 6-1:0.182: MTU: 0 [ 759.679941][T11436] kaweth 6-1:0.182: Read MAC address 00:00:00:00:00:00 [ 760.092035][T12292] loop7: detected capacity change from 0 to 512 [ 760.170035][T12292] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 760.183448][T12292] ext4 filesystem being mounted at /115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 760.302929][T11436] kaweth 6-1:0.182: kaweth interface created at eth17 [ 760.332261][T12292] EXT4-fs (loop7): shut down requested (2) [ 760.414133][T10393] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 760.599120][ T5860] usb 6-1: USB disconnect, device number 11 [ 760.873503][T12308] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2183'. [ 760.951760][ T3651] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 760.972505][ T3651] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 760.994500][T12308] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2183'. [ 761.023021][ T3651] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 761.175777][ T3651] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 761.270186][T12311] loop7: detected capacity change from 0 to 512 [ 761.382185][T12311] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.2184: inode has both inline data and extents flags [ 761.460364][T12311] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.2184: couldn't read orphan inode 15 (err -117) [ 761.531196][T12311] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 761.609618][T12321] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2188'. [ 761.849210][T10393] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 763.360872][T12334] loop5: detected capacity change from 0 to 32768 [ 763.528973][T12334] (syz.5.2194,12334,1):ocfs2_slot_map_physical_size:223 ERROR: Slot map file is too small! (size 0, needed 8) [ 765.150739][T12357] overlay: filesystem on ./file0 not supported as upperdir [ 766.127718][T12373] loop2: detected capacity change from 0 to 128 [ 766.206104][T12377] ip6gretap0: entered promiscuous mode [ 766.323998][T12379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2210'. [ 766.383118][T12379] vxlan1: entered promiscuous mode [ 766.409645][T12381] loop7: detected capacity change from 0 to 128 [ 766.430680][T12381] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 766.462605][T12381] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 767.246436][T12395] netlink: 'syz.2.2216': attribute type 1 has an invalid length. [ 767.326998][T12395] bond2: entered promiscuous mode [ 767.333698][T12395] 8021q: adding VLAN 0 to HW filter on device bond2 [ 767.395182][T12399] bond2: (slave bridge1): making interface the new active one [ 767.403381][T12399] bridge1: entered promiscuous mode [ 767.416063][T12399] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 767.533864][T12404] netlink: 128124 bytes leftover after parsing attributes in process `syz.8.2220'. [ 767.565106][T12404] loop8: detected capacity change from 0 to 128 [ 767.626975][T12404] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 767.658952][T12404] ext4 filesystem being mounted at /11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 768.183798][T12052] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 768.194760][T12411] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2223'. [ 769.022943][T12425] loop5: detected capacity change from 0 to 128 [ 769.324748][T12430] syz.5.2228: attempt to access beyond end of device [ 769.324748][T12430] loop5: rw=1, sector=145, nr_sectors = 16 limit=128 [ 769.340028][T12430] syz.5.2228: attempt to access beyond end of device [ 769.340028][T12430] loop5: rw=1, sector=169, nr_sectors = 8 limit=128 [ 769.354265][T12430] syz.5.2228: attempt to access beyond end of device [ 769.354265][T12430] loop5: rw=1, sector=185, nr_sectors = 8 limit=128 [ 769.368144][T12430] syz.5.2228: attempt to access beyond end of device [ 769.368144][T12430] loop5: rw=1, sector=201, nr_sectors = 8 limit=128 [ 769.382081][T12430] syz.5.2228: attempt to access beyond end of device [ 769.382081][T12430] loop5: rw=1, sector=217, nr_sectors = 8 limit=128 [ 769.395862][T12430] syz.5.2228: attempt to access beyond end of device [ 769.395862][T12430] loop5: rw=1, sector=233, nr_sectors = 8 limit=128 [ 769.409792][T12430] syz.5.2228: attempt to access beyond end of device [ 769.409792][T12430] loop5: rw=1, sector=249, nr_sectors = 8 limit=128 [ 769.423994][T12430] syz.5.2228: attempt to access beyond end of device [ 769.423994][T12430] loop5: rw=1, sector=265, nr_sectors = 8 limit=128 [ 769.438766][T12430] syz.5.2228: attempt to access beyond end of device [ 769.438766][T12430] loop5: rw=1, sector=281, nr_sectors = 8 limit=128 [ 769.452852][T12430] syz.5.2228: attempt to access beyond end of device [ 769.452852][T12430] loop5: rw=1, sector=297, nr_sectors = 8 limit=128 [ 770.145836][T12433] loop2: detected capacity change from 0 to 4096 [ 770.257581][T11436] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 770.274239][T12433] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 770.284127][T12433] ntfs3(loop2): Failed to load $Extend (-22). [ 770.290625][T12433] ntfs3(loop2): Failed to initialize $Extend. [ 770.373670][T12441] netlink: 'syz.5.2235': attribute type 1 has an invalid length. [ 770.438475][T11436] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 770.449053][T12441] 8021q: adding VLAN 0 to HW filter on device bond1 [ 770.450414][T11436] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 770.468489][T11436] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 770.478705][T11436] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 770.492280][T11436] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 770.503539][T11436] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 770.515146][ T5852] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 770.538904][T11436] usb 1-1: config 0 descriptor?? [ 770.586481][T12441] bond1: (slave geneve2): making interface the new active one [ 770.603003][T12441] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 770.657338][T12433] ntfs3(loop2): ino=1e, mi_enum_attr [ 770.696098][ T5852] usb 9-1: Using ep0 maxpacket: 16 [ 770.710462][ T5852] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 770.721116][ T5852] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 770.756775][ T5852] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 770.766488][ T5852] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.775402][ T5852] usb 9-1: Product: syz [ 770.779964][ T5852] usb 9-1: Manufacturer: syz [ 770.784886][ T5852] usb 9-1: SerialNumber: syz [ 771.021175][T11436] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 771.070181][ T5852] usb 9-1: 0:2 : does not exist [ 771.102894][ T5852] usb 9-1: 5:0: failed to get current value for ch 0 (-22) [ 771.173901][ T5852] usb 9-1: USB disconnect, device number 2 [ 771.371895][T12451] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2239'. [ 771.424455][T12451] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2239'. [ 771.796747][T12454] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 771.819099][T12448] loop5: detected capacity change from 0 to 8192 [ 771.881153][T12448] loop5: p1 p2 p4[EZD] [ 771.897761][T12448] loop5: p2 start 4326912 is beyond EOD, truncated [ 771.905051][T12448] loop5: p4 start 16779772 is beyond EOD, truncated [ 773.001371][ T5860] usb 1-1: USB disconnect, device number 16 [ 774.669085][T12487] loop7: detected capacity change from 0 to 32768 [ 774.728067][T12487] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 774.785241][T12483] loop8: detected capacity change from 0 to 40427 [ 774.805230][T12483] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12 [ 774.812741][T12496] xt_hashlimit: max too large, truncated to 1048576 [ 774.813469][T12483] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 774.849826][T12483] F2FS-fs (loop8): invalid crc value [ 775.112716][T12487] XFS (loop7): Ending clean mount [ 775.160584][T12483] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 775.207068][T12483] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 775.215086][T12483] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 775.342066][T10393] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 775.792200][T12509] loop5: detected capacity change from 0 to 2048 [ 775.881047][T12509] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 777.733724][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 777.734018][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 778.072358][T12533] loop2: detected capacity change from 0 to 32768 [ 778.083682][T12533] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2268 (12533) [ 778.109255][T12533] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 778.109525][T12533] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 778.217856][ T3651] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x1335c47d3f94e85552e31a8ecc9dd4db4dece1445f3fbef1d5b0b5e8324c15d5 found 0x23f676c30e6ba828620fcb6652778eb5a2d5fc5d8b7f171bb8c62a4856087177 level 0 [ 778.218298][T12533] BTRFS warning (device loop2): couldn't read tree root [ 778.239105][T12533] BTRFS error (device loop2): open_ctree failed: -5 [ 779.046564][T12561] loop5: detected capacity change from 0 to 2048 [ 779.104658][T12561] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 779.191418][T12561] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 779.815970][T12579] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2282'. [ 781.085235][T12603] loop2: detected capacity change from 0 to 7 [ 781.143276][T12603] Dev loop2: unable to read RDB block 7 [ 781.149790][T12603] loop2: unable to read partition table [ 781.205672][T12603] loop2: partition table beyond EOD, truncated [ 781.213623][T12603] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 781.410523][T12596] loop8: detected capacity change from 0 to 32768 [ 781.554159][T12596] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 781.743108][T12052] ocfs2: Unmounting device (7,8) on (node local) [ 782.992280][ T30] audit: type=1326 audit(1760954775.545:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 782.997483][T11443] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 783.018781][ T30] audit: type=1326 audit(1760954775.556:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 783.181821][T11443] usb 6-1: Using ep0 maxpacket: 32 [ 783.243293][T11443] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.255443][T11443] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 783.265776][T11443] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 783.276161][T11443] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.437486][T11443] usb 6-1: config 0 descriptor?? [ 783.489415][ T30] audit: type=1326 audit(1760954775.692:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8acc3c1885 code=0x7ffc0000 [ 783.513273][ T30] audit: type=1326 audit(1760954775.703:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 783.536732][ T30] audit: type=1326 audit(1760954775.703:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 783.559939][ T30] audit: type=1326 audit(1760954775.923:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12632 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 783.583950][ T30] audit: type=1326 audit(1760954775.934:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 783.607346][ T30] audit: type=1326 audit(1760954775.934:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 783.630801][ T30] audit: type=1326 audit(1760954775.934:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8acc38efc9 code=0x7ffc0000 [ 783.654029][ T30] audit: type=1326 audit(1760954776.070:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12628 comm="syz.0.2303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8acc32b099 code=0x7ffc0000 [ 783.745627][T12638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2304'. [ 784.085471][T11443] savu 0003:1E7D:2D5A.0013: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 784.260672][T11443] usb 6-1: USB disconnect, device number 12 [ 785.821817][T12677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2323'. [ 785.832028][T12677] netlink: 'syz.0.2323': attribute type 30 has an invalid length. [ 785.973466][T12677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2323'. [ 785.983048][T12677] netlink: 'syz.0.2323': attribute type 30 has an invalid length. [ 787.067604][T12698] loop8: detected capacity change from 0 to 128 [ 787.497121][T12698] bio_check_eod: 38 callbacks suppressed [ 787.497208][T12698] syz.8.2333: attempt to access beyond end of device [ 787.497208][T12698] loop8: rw=2049, sector=153, nr_sectors = 8 limit=128 [ 787.555345][T12698] syz.8.2333: attempt to access beyond end of device [ 787.555345][T12698] loop8: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 787.643526][T12698] syz.8.2333: attempt to access beyond end of device [ 787.643526][T12698] loop8: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 787.716894][T12698] syz.8.2333: attempt to access beyond end of device [ 787.716894][T12698] loop8: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 787.801028][T12698] syz.8.2333: attempt to access beyond end of device [ 787.801028][T12698] loop8: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 787.862371][T12698] syz.8.2333: attempt to access beyond end of device [ 787.862371][T12698] loop8: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 787.904822][T12698] syz.8.2333: attempt to access beyond end of device [ 787.904822][T12698] loop8: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 787.937365][T12698] syz.8.2333: attempt to access beyond end of device [ 787.937365][T12698] loop8: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 787.986879][T11443] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 788.021969][T12698] syz.8.2333: attempt to access beyond end of device [ 788.021969][T12698] loop8: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 788.042417][T12698] syz.8.2333: attempt to access beyond end of device [ 788.042417][T12698] loop8: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 788.175097][T11443] usb 3-1: New USB device found, idVendor=2a39, idProduct=3fa0, bcdDevice=63.01 [ 788.185078][T11443] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.193652][T11443] usb 3-1: Product: syz [ 788.198219][T11443] usb 3-1: Manufacturer: syz [ 788.203035][T11443] usb 3-1: SerialNumber: syz [ 788.263106][T11443] usb 3-1: config 0 descriptor?? [ 788.707597][T11443] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 788.751950][T11443] usb 3-1: USB disconnect, device number 16 [ 789.093964][T12727] syz.7.2344(12727): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 789.660585][T12739] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2348'. [ 789.748584][T12739] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2348'. [ 790.132706][T12748] loop8: detected capacity change from 0 to 128 [ 790.225576][T12748] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 790.243977][T12748] ext4 filesystem being mounted at /34/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 790.673586][T12052] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 793.086919][T12778] loop7: detected capacity change from 0 to 4096 [ 793.278180][T12787] loop8: detected capacity change from 0 to 16 [ 793.292398][T12787] erofs (device loop8): mounted with root inode @ nid 36. [ 793.482643][T12790] geneve2: entered promiscuous mode [ 793.494843][T10473] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.546664][ T3679] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.565706][ T3679] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.600857][ T3679] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.645464][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 793.645540][ T30] audit: type=1800 audit(1760954786.741:124): pid=12778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2364" name="file1" dev="loop7" ino=33 res=0 errno=0 [ 794.536685][T12800] loop7: detected capacity change from 0 to 2048 [ 794.565576][T12800] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found [ 794.573461][T12800] UDF-fs: Scanning with blocksize 512 failed [ 794.631295][T12800] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 794.757268][T12804] loop8: detected capacity change from 0 to 2048 [ 794.779133][T12807] loop5: detected capacity change from 0 to 256 [ 794.813806][T12807] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 794.855428][T12804] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 794.925482][T12807] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 795.044442][T12812] coredump: 865(syz.5.2377): Core dump to core aborted: cannot preserve file permissions [ 795.569794][ T6926] FAT-fs (loop5): error, corrupted directory (invalid entries) [ 795.577958][ T6926] FAT-fs (loop5): Filesystem has been set read-only [ 795.596489][ T6926] FAT-fs (loop5): error, corrupted directory (invalid entries) [ 795.914095][T12818] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2381'. [ 796.510743][T12827] loop7: detected capacity change from 0 to 512 [ 796.547790][T12827] EXT4-fs: Ignoring removed nobh option [ 796.568763][T12830] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 796.665605][T12827] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 796.758023][T12827] EXT4-fs (loop7): 1 truncate cleaned up [ 796.766484][T12827] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 797.342549][T10393] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 798.363268][ T5797] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 798.373789][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 798.385371][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 798.423073][ T5797] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 799.387656][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 800.173392][T12852] chnl_net:caif_netlink_parms(): no params data found [ 801.363870][ T5797] Bluetooth: hci0: command tx timeout [ 801.566090][T12852] bridge0: port 1(bridge_slave_0) entered blocking state [ 801.574039][T12852] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.582250][T12852] bridge_slave_0: entered allmulticast mode [ 801.594765][T12852] bridge_slave_0: entered promiscuous mode [ 801.626938][T12891] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2410'. [ 801.660232][T12852] bridge0: port 2(bridge_slave_1) entered blocking state [ 801.668350][T12852] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.676216][T12852] bridge_slave_1: entered allmulticast mode [ 801.687396][T12852] bridge_slave_1: entered promiscuous mode [ 802.128295][T12852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 802.220166][T12852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 802.520134][T12852] team0: Port device team_slave_0 added [ 802.611465][T12852] team0: Port device team_slave_1 added [ 802.917695][T12852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 802.925268][T12852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 802.952266][T12852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 803.195423][T12852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 803.202795][T12852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 803.229511][T12852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 803.363798][ T5797] Bluetooth: hci0: command tx timeout [ 803.416007][T12909] overlayfs: failed to resolve './file0': -2 [ 803.859757][T12852] hsr_slave_0: entered promiscuous mode [ 803.870644][T12852] hsr_slave_1: entered promiscuous mode [ 803.880309][T12852] debugfs: 'hsr0' already exists in 'hsr' [ 803.886566][T12852] Cannot create hsr debugfs directory [ 804.455869][T12920] loop8: detected capacity change from 0 to 512 [ 804.630483][T12920] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 804.850458][ T30] audit: type=1800 audit(1760954798.494:125): pid=12920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2423" name="file1" dev="loop8" ino=15 res=0 errno=0 [ 805.011542][T12929] EXT4-fs error (device loop8): ext4_validate_block_bitmap:423: comm syz.8.2423: bg 0: bad block bitmap checksum [ 805.091125][T12852] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 805.141112][T12852] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 805.213112][T12852] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 805.283064][T12852] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 805.330373][ T5797] Bluetooth: hci0: command tx timeout [ 805.417257][T12052] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 806.165818][T12852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 806.281597][T12852] 8021q: adding VLAN 0 to HW filter on device team0 [ 806.358727][T10454] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.366369][T10454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 806.498845][T10454] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.506532][T10454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 806.782960][T12852] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 807.304806][ T5797] Bluetooth: hci0: command tx timeout [ 807.411609][T12951] loop8: detected capacity change from 0 to 512 [ 807.422574][T12951] EXT4-fs: Ignoring removed i_version option [ 807.474778][T12951] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 807.823599][T12052] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 808.274801][T12852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 810.142525][T11436] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 810.236409][T12852] veth0_vlan: entered promiscuous mode [ 810.287242][T12852] veth1_vlan: entered promiscuous mode [ 810.388621][T11436] usb 9-1: config 0 has no interfaces? [ 810.407926][T11436] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 810.417598][T11436] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 810.426031][T11436] usb 9-1: Product: syz [ 810.431567][T11436] usb 9-1: Manufacturer: syz [ 810.436466][T11436] usb 9-1: SerialNumber: syz [ 810.468254][T11436] usb 9-1: config 0 descriptor?? [ 810.550106][T12852] veth0_macvtap: entered promiscuous mode [ 810.592140][T12852] veth1_macvtap: entered promiscuous mode [ 810.670793][T12852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 810.712107][T12852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 810.829858][ T3651] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.895371][ T3651] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.957668][ T3651] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.013825][ T3651] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.184063][ T5860] usb 9-1: USB disconnect, device number 3 [ 813.651969][T13037] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2461'. [ 814.159488][T13041] netlink: 'syz.0.2463': attribute type 2 has an invalid length. [ 814.167842][T13041] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2463'. [ 815.834645][T10454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 815.845286][T10454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 816.078394][T10469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 816.086974][T10469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 817.286130][T13081] Bluetooth: MGMT ver 1.23 [ 819.751974][T13107] loop8: detected capacity change from 0 to 512 [ 819.789271][T13107] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 819.829175][T13107] EXT4-fs (loop8): invalid journal inode [ 819.837540][T13107] EXT4-fs (loop8): can't get journal size [ 819.902931][T13107] EXT4-fs (loop8): 1 truncate cleaned up [ 819.911116][T13107] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 820.095328][T13107] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 820.153653][T13111] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 820.191490][T13112] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 820.454073][T12052] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 820.749430][T13121] loop8: detected capacity change from 0 to 1024 [ 820.830274][T13121] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 821.272206][T12052] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 821.642935][T13134] netlink: 'syz.8.2497': attribute type 4 has an invalid length. [ 821.795707][T13134] netlink: 'syz.8.2497': attribute type 4 has an invalid length. [ 821.850053][T13136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2498'. [ 823.185774][T13155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2506'. [ 823.195452][T13155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 823.668785][T13155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 824.190537][T13151] loop8: detected capacity change from 0 to 65536 [ 824.280853][T13151] XFS (loop8): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 824.413052][T13151] XFS (loop8): Ending clean mount [ 824.427409][T13151] XFS (loop8): Quotacheck needed: Please wait. [ 824.476887][T13151] XFS (loop8): Quotacheck: Done. [ 824.606730][T12052] XFS (loop8): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 825.340251][T13174] syz_tun: entered promiscuous mode [ 825.350645][T13174] team0: Port device syz_tun added [ 827.464253][T13192] loop8: detected capacity change from 0 to 512 [ 827.537641][T13192] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 827.638827][T13192] EXT4-fs (loop8): 1 truncate cleaned up [ 827.647115][T13192] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 827.831764][T13192] syz.8.2509 (pid 13192) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 828.093323][T12052] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 829.566067][T13206] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 830.663333][T13224] loop2: detected capacity change from 0 to 64 [ 832.274176][T13230] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2533'. [ 832.283694][T13230] netlink: 23 bytes leftover after parsing attributes in process `syz.0.2533'. [ 832.623756][T13235] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 833.577852][T13251] netlink: 'syz.7.2543': attribute type 1 has an invalid length. [ 833.733821][T13254] bond1: (slave bridge1): making interface the new active one [ 833.748082][T13254] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 834.805123][T13270] syzkaller1: entered promiscuous mode [ 834.811216][T13270] syzkaller1: entered allmulticast mode [ 836.203355][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 836.210258][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 837.633922][T13297] netlink: 'syz.8.2561': attribute type 7 has an invalid length. [ 837.677986][ T3679] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 837.748820][ T3679] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 837.834745][ T3679] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 837.887206][ T3679] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 837.912997][T13297] netlink: 'syz.8.2561': attribute type 7 has an invalid length. [ 838.792328][T13295] loop2: detected capacity change from 0 to 65536 [ 838.842433][T13295] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 838.992479][ T5860] IPVS: starting estimator thread 0... [ 839.104189][T13295] XFS (loop2): Ending clean mount [ 839.105167][T13319] IPVS: using max 192 ests per chain, 9600 per kthread [ 839.159777][T13295] XFS (loop2): Quotacheck needed: Please wait. [ 839.203506][T13295] XFS (loop2): Quotacheck: Done. [ 839.434005][ T5795] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 840.933193][T13344] loop9: detected capacity change from 0 to 512 [ 841.033748][T13344] EXT4-fs (loop9): too many log groups per flexible block group [ 841.042560][T13344] EXT4-fs (loop9): failed to initialize mballoc (-12) [ 841.058627][T13344] EXT4-fs (loop9): mount failed [ 841.124133][ T5852] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 841.304591][ T5852] usb 9-1: Using ep0 maxpacket: 16 [ 841.336330][ T5852] usb 9-1: config 4 has an invalid interface number: 51 but max is 0 [ 841.345041][ T5852] usb 9-1: config 4 has no interface number 0 [ 841.351901][ T5852] usb 9-1: config 4 interface 51 has no altsetting 0 [ 841.401023][ T5852] usb 9-1: New USB device found, idVendor=0409, idProduct=0063, bcdDevice=83.4b [ 841.410795][ T5852] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.419212][ T5852] usb 9-1: Product: syz [ 841.427994][ T5852] usb 9-1: Manufacturer: syz [ 841.432822][ T5852] usb 9-1: SerialNumber: syz [ 841.461954][ T5852] upd78f0730 9-1:4.51: upd78f0730 converter detected [ 841.474935][ T5852] usb 9-1: upd78f0730 converter now attached to ttyUSB0 [ 841.689695][T11436] usb 9-1: USB disconnect, device number 4 [ 841.703096][T11436] upd78f0730 ttyUSB0: upd78f0730 converter now disconnected from ttyUSB0 [ 841.713236][T11436] upd78f0730 9-1:4.51: device disconnected [ 841.789610][ T5852] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 841.975915][ T5852] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 841.985857][ T5852] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.994369][ T5852] usb 10-1: Product: syz [ 841.998923][ T5852] usb 10-1: Manufacturer: syz [ 842.003814][ T5852] usb 10-1: SerialNumber: syz [ 842.080299][ T5852] usb 10-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 842.193943][T11436] usb 10-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 842.269997][T13356] netlink: 45 bytes leftover after parsing attributes in process `syz.7.2582'. [ 842.536703][T13351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 842.546573][T13351] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 842.898568][ T5852] usb 10-1: USB disconnect, device number 2 [ 843.201282][T11436] ath9k_htc 10-1:1.0: ath9k_htc: Target is unresponsive [ 843.209703][T11436] ath9k_htc: Failed to initialize the device [ 843.320540][ T5852] usb 10-1: ath9k_htc: USB layer deinitialized [ 845.988645][T13383] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2594'. [ 847.483216][T11436] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 847.523568][T13408] loop9: detected capacity change from 0 to 128 [ 847.553336][T13408] vfat: Bad value for 'dmask' [ 847.730550][T11436] usb 9-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 847.740173][T11436] usb 9-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 847.748604][T11436] usb 9-1: Product: syz [ 847.753452][T11436] usb 9-1: Manufacturer: syz [ 847.758266][T11436] usb 9-1: SerialNumber: syz [ 847.799756][T11436] usb 9-1: config 0 descriptor?? [ 847.812502][T11436] ch341 9-1:0.0: ch341-uart converter detected [ 848.576903][ T3679] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 848.838639][ T3679] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 848.865002][T11436] usb 9-1: ch341-uart converter now attached to ttyUSB0 [ 848.971460][ T3679] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.060447][T11436] usb 9-1: USB disconnect, device number 5 [ 849.112340][T11436] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 849.124649][T11436] ch341 9-1:0.0: device disconnected [ 849.163473][ T3679] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.457966][ T3679] bridge_slave_1: left allmulticast mode [ 849.464227][ T3679] bridge_slave_1: left promiscuous mode [ 849.470974][ T3679] bridge0: port 2(bridge_slave_1) entered disabled state [ 849.526271][ T3679] bridge_slave_0: left allmulticast mode [ 849.532458][ T3679] bridge_slave_0: left promiscuous mode [ 849.539517][ T3679] bridge0: port 1(bridge_slave_0) entered disabled state [ 850.238270][ T3679] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 850.274892][ T3679] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 850.298124][ T3679] bond0 (unregistering): Released all slaves [ 850.719413][ T3679] hsr_slave_0: left promiscuous mode [ 850.741272][ T3679] hsr_slave_1: left promiscuous mode [ 850.749976][ T3679] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 850.757566][ T3679] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 850.808434][ T3679] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 850.816174][ T3679] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 850.873834][ T3679] veth1_macvtap: left promiscuous mode [ 850.879604][ T3679] veth0_macvtap: left promiscuous mode [ 850.887307][ T3679] veth1_vlan: left promiscuous mode [ 850.893088][ T3679] veth0_vlan: left promiscuous mode [ 852.156789][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 852.167861][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 852.232251][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 852.254089][ T5796] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 852.266821][ T5796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 852.399384][ T3679] team0 (unregistering): Port device team_slave_1 removed [ 852.428834][ T3679] team0 (unregistering): Port device team_slave_0 removed [ 853.622062][T13429] chnl_net:caif_netlink_parms(): no params data found [ 854.301899][ T5797] Bluetooth: hci0: command tx timeout [ 855.817394][T13429] bridge0: port 1(bridge_slave_0) entered blocking state [ 855.826213][T13429] bridge0: port 1(bridge_slave_0) entered disabled state [ 855.834170][T13429] bridge_slave_0: entered allmulticast mode [ 855.844192][T13429] bridge_slave_0: entered promiscuous mode [ 855.861443][T13429] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.871271][T13429] bridge0: port 2(bridge_slave_1) entered disabled state [ 855.879119][T13429] bridge_slave_1: entered allmulticast mode [ 855.889175][T13429] bridge_slave_1: entered promiscuous mode [ 856.102523][T13429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 856.173788][T13429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 856.281813][ T5797] Bluetooth: hci0: command tx timeout [ 856.363792][ T30] audit: type=1326 audit(1760954852.616:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.440002][ T30] audit: type=1326 audit(1760954852.648:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.463542][ T30] audit: type=1326 audit(1760954852.658:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.486440][ T30] audit: type=1326 audit(1760954852.669:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.510361][ T30] audit: type=1326 audit(1760954852.669:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.533618][ T30] audit: type=1326 audit(1760954852.669:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.556633][ T30] audit: type=1326 audit(1760954852.679:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.579767][ T30] audit: type=1326 audit(1760954852.679:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.603472][ T30] audit: type=1326 audit(1760954852.679:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.626720][ T30] audit: type=1326 audit(1760954852.679:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13469 comm="syz.8.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ff638efc9 code=0x7ffc0000 [ 856.734849][T13429] team0: Port device team_slave_0 added [ 856.787758][T13429] team0: Port device team_slave_1 added [ 856.967224][T13429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 856.974381][T13429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 857.001868][T13429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 857.051052][T13474] Bluetooth: MGMT ver 1.23 [ 857.077289][T13429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 857.084942][T13429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 857.112802][T13429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 857.361604][T13429] hsr_slave_0: entered promiscuous mode [ 857.374336][T13429] hsr_slave_1: entered promiscuous mode [ 857.383355][T13429] debugfs: 'hsr0' already exists in 'hsr' [ 857.389366][T13429] Cannot create hsr debugfs directory [ 858.261887][ T5797] Bluetooth: hci0: command tx timeout [ 858.495341][T13497] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2639'. [ 859.404304][T13429] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 859.486137][T13429] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 859.624167][T13429] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 859.742457][T13429] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 860.204200][ T5852] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 860.263997][ T5797] Bluetooth: hci0: command tx timeout [ 860.503232][ T5852] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 860.514803][ T5852] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 860.525033][ T5852] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 860.534430][ T5852] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.619296][T13510] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 860.641875][ T5852] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 860.803366][ T5852] kernel read not supported for file /dsp (pid: 5852 comm: kworker/0:4) [ 860.837238][ T5852] usb 9-1: USB disconnect, device number 6 [ 861.289003][T13429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 861.385500][T13429] 8021q: adding VLAN 0 to HW filter on device team0 [ 861.444297][T10454] bridge0: port 1(bridge_slave_0) entered blocking state [ 861.452185][T10454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 861.552969][T10454] bridge0: port 2(bridge_slave_1) entered blocking state [ 861.560626][T10454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 861.879151][T13429] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 862.526927][ T5096] Bluetooth: hci3: command 0x0406 tx timeout [ 862.776080][T13540] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 863.776556][T13429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 864.160003][T13429] veth0_vlan: entered promiscuous mode [ 864.263491][T13429] veth1_vlan: entered promiscuous mode [ 865.041280][T13558] input: syz0 as /devices/virtual/input/input24 [ 865.159695][T13554] loop2: detected capacity change from 0 to 32768 [ 865.217383][T13554] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 865.227768][T13554] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 865.292634][T13561] input: syz0 as /devices/virtual/input/input25 [ 865.345804][T13429] veth0_macvtap: entered promiscuous mode [ 865.409254][T13429] veth1_macvtap: entered promiscuous mode [ 865.551387][T13554] XFS (loop2): Ending clean mount [ 865.566291][T13554] XFS (loop2): Quotacheck needed: Please wait. [ 865.674944][T13429] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 865.713759][T13554] XFS (loop2): Quotacheck: Done. [ 865.762962][T13429] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 865.857423][T10449] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.912705][T10449] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.983249][T10449] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.024160][T10449] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.040731][ T5795] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 868.285007][ T5852] usb 1-1: new low-speed USB device number 17 using dummy_hcd [ 868.537768][ T5852] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 868.547862][ T5852] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 868.556949][ T5852] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 868.566173][ T5852] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 868.577410][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 868.589679][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 135, setting to 8 [ 868.601284][ T5852] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 868.640752][T13605] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.703238][ T5096] Bluetooth: hci0: command 0x0405 tx timeout [ 868.737917][ T5852] usb 1-1: string descriptor 0 read error: -22 [ 868.745270][ T5852] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 868.754843][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 868.769038][ T5852] usb 1-1: config 0 descriptor?? [ 868.783147][T13597] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 868.794822][ T5852] hub 1-1:0.0: bad descriptor, ignoring hub [ 868.801137][ T5852] hub 1-1:0.0: probe with driver hub failed with error -5 [ 868.818005][ T5852] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input26 [ 868.838099][ C0] usb_acecad 1-1:0.0: can't resubmit intr, dummy_hcd.0-1/input0, status -1 [ 868.870472][T13605] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.028087][T13605] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.126714][ T5860] usb 1-1: USB disconnect, device number 17 [ 869.203548][T13605] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.506087][T10454] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 869.538828][T10473] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 869.557508][T10473] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 869.588093][T10473] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 871.198264][ T3651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 871.206576][ T3651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 871.352093][T10473] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 871.360154][T10473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 871.567792][T13640] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2688'. [ 872.030691][T13649] serio: Serial port ptm0 [ 873.007892][T13661] netlink: 'syz.8.2696': attribute type 8 has an invalid length. [ 873.016327][T13661] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2696'. [ 873.042502][T13661] bond0: entered promiscuous mode [ 873.048088][T13661] bond_slave_0: entered promiscuous mode [ 873.055059][T13661] bond_slave_1: entered promiscuous mode [ 873.074127][T13661] veth1_to_hsr: entered promiscuous mode [ 873.083497][T13661] team0: entered promiscuous mode [ 873.088971][T13661] team_slave_0: entered promiscuous mode [ 873.096232][T13661] team_slave_1: entered promiscuous mode [ 873.109892][T13661] debugfs: 'hsr1' already exists in 'hsr' [ 873.116044][T13661] Cannot create hsr debugfs directory [ 873.121594][T13661] hsr1: entered promiscuous mode [ 873.160895][T13662] bond0: option lp_interval: invalid value (0) [ 873.170341][T13662] bond0: option lp_interval: allowed values 1 - 2147483647 [ 873.339817][T13663] loop2: detected capacity change from 0 to 128 [ 873.563196][T13657] loop1: detected capacity change from 0 to 40427 [ 873.582635][T13657] F2FS-fs (loop1): build fault injection rate: 14 [ 873.585859][T13663] bio_check_eod: 2 callbacks suppressed [ 873.585957][T13663] syz.2.2695: attempt to access beyond end of device [ 873.585957][T13663] loop2: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 873.591034][T13657] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 873.697724][T13663] syz.2.2695: attempt to access beyond end of device [ 873.697724][T13663] loop2: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 873.712292][T13663] Buffer I/O error on dev loop2, logical block 79, lost async page write [ 873.721721][T13663] syz.2.2695: attempt to access beyond end of device [ 873.721721][T13663] loop2: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 873.735769][T13663] Buffer I/O error on dev loop2, logical block 80, lost async page write [ 873.746956][T13657] F2FS-fs (loop1): invalid crc value [ 873.824326][ C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of bio_endio+0xeb4/0x1010 [ 873.856568][ C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of bio_endio+0xeb4/0x1010 [ 874.148802][T13657] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 874.158233][T13657] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 874.174947][T13657] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 874.232441][T13657] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 874.253411][T13657] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_get_inode_folio+0x40/0x50 [ 874.266002][T13657] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0] [ 874.372776][T13429] syz-executor: attempt to access beyond end of device [ 874.372776][T13429] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 874.388751][T13429] CPU: 1 UID: 0 PID: 13429 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 874.388911][T13429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 874.389002][T13429] Call Trace: [ 874.389055][T13429] [ 874.389111][T13429] __dump_stack+0x26/0x30 [ 874.389308][T13429] dump_stack_lvl+0x1df/0x270 [ 874.389490][T13429] dump_stack+0x1e/0x25 [ 874.389662][T13429] f2fs_handle_critical_error+0xa6f/0xc20 [ 874.389851][T13429] f2fs_stop_checkpoint+0x65/0x80 [ 874.390007][T13429] f2fs_write_end_io+0x101c/0x1bc0 [ 874.390221][T13429] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 874.390377][T13429] bio_endio+0xeb4/0x1010 [ 874.390546][T13429] submit_bio_noacct+0x2009/0x2930 [ 874.390769][T13429] submit_bio+0x57c/0x630 [ 874.390943][T13429] f2fs_submit_write_bio+0x92/0x250 [ 874.391167][T13429] __submit_merged_bio+0x16f/0x6a0 [ 874.391373][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 874.391555][T13429] __submit_merged_write_cond+0x458/0x9a0 [ 874.391790][T13429] f2fs_write_data_pages+0x4bb2/0x5480 [ 874.392085][T13429] ? tracing_mark_raw_write+0x100/0x5d0 [ 874.392290][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 874.392468][T13429] ? free_unref_folios+0x29ad/0x2a20 [ 874.392651][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 874.392863][T13429] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 874.393091][T13429] ? kmsan_get_metadata+0xfb/0x160 [ 874.393257][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 874.393421][T13429] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 874.393578][T13429] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 874.393734][T13429] do_writepages+0x3f2/0x860 [ 874.393918][T13429] ? _raw_spin_unlock+0x30/0x50 [ 874.394091][T13429] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 874.394293][T13429] filemap_fdatawrite+0x207/0x260 [ 874.394589][T13429] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 874.394797][T13429] f2fs_write_checkpoint+0x10a4/0x3730 [ 874.395121][T13429] kill_f2fs_super+0x31b/0x990 [ 874.395341][T13429] ? __pfx_kill_f2fs_super+0x10/0x10 [ 874.395512][T13429] deactivate_locked_super+0xcb/0x3c0 [ 874.395727][T13429] deactivate_super+0x12f/0x140 [ 874.395925][T13429] cleanup_mnt+0x6fb/0x780 [ 874.396079][T13429] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 874.396320][T13429] ? __pfx___cleanup_mnt+0x10/0x10 [ 874.396484][T13429] __cleanup_mnt+0x22/0x30 [ 874.396634][T13429] task_work_run+0x209/0x2b0 [ 874.396805][T13429] exit_to_user_mode_loop+0x2d1/0x370 [ 874.396978][T13429] do_syscall_64+0x1e3/0xfa0 [ 874.397183][T13429] ? irqentry_exit+0x16/0x60 [ 874.397370][T13429] ? clear_bhb_loop+0x40/0x90 [ 874.397532][T13429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.397696][T13429] RIP: 0033:0x7f1828f902f7 [ 874.397807][T13429] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 874.397939][T13429] RSP: 002b:00007fff31dbfe78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 874.398081][T13429] RAX: 0000000000000000 RBX: 00007f1829011d7d RCX: 00007f1828f902f7 [ 874.398188][T13429] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff31dbff30 [ 874.398285][T13429] RBP: 00007fff31dbff30 R08: 0000000000000000 R09: 0000000000000000 [ 874.398379][T13429] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff31dc0fc0 [ 874.398477][T13429] R13: 00007f1829011d7d R14: 00000000000d9174 R15: 00007fff31dc1000 [ 874.398619][T13429] [ 874.737101][T13429] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 878.729136][T13715] Invalid ELF header magic: != ELF [ 881.902759][ T5860] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 881.907138][T13753] netlink: 'syz.0.2731': attribute type 6 has an invalid length. [ 882.012546][T13755] loop1: detected capacity change from 0 to 16 [ 882.067026][T13755] erofs (device loop1): mounted with root inode @ nid 36. [ 882.090374][ T5860] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 882.155874][ T5860] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 882.166052][ T5860] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 882.174690][ T5860] usb 9-1: Product: syz [ 882.179254][ T5860] usb 9-1: Manufacturer: syz [ 882.184066][ T5860] usb 9-1: SerialNumber: syz [ 882.229060][ T5096] erofs (device loop1): failed to decompress -26 in[46, 0] out[9000] [ 882.247034][T13755] erofs (device loop1): failed to decompress -26 in[46, 4050] out[4096] [ 882.256209][T13755] erofs (device loop1): read error -117 @ 0 of nid 89 [ 883.316895][ T5860] cdc_ncm 9-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 883.324252][ T5860] cdc_ncm 9-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 883.332084][ T5860] cdc_ncm 9-1:1.0: setting rx_max = 2048 [ 883.564057][ T5860] cdc_ncm 9-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.8-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 883.611025][ T5860] usb 9-1: USB disconnect, device number 7 [ 883.621483][ T5860] cdc_ncm 9-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.8-1, CDC NCM (NO ZLP) [ 884.291818][T13778] loop1: detected capacity change from 0 to 1024 [ 886.873008][T13821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2758'. [ 889.124396][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 889.124481][ T30] audit: type=1326 audit(1760954887.024:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13840 comm="syz.0.2767" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8acc38efc9 code=0x0 [ 889.201323][T13836] loop1: detected capacity change from 0 to 4096 [ 889.708270][ T30] audit: type=1800 audit(1760954887.633:139): pid=13836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2765" name="file1" dev="loop1" ino=33 res=0 errno=0 [ 890.828658][T13851] loop8: detected capacity change from 0 to 32768 [ 890.902898][T13851] (syz.8.2770,13851,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 890.928700][T13851] (syz.8.2770,13851,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 891.062344][T13851] JBD2: Ignoring recovery information on journal [ 891.162575][T13851] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 891.183215][T13856] netlink: 'syz.0.2771': attribute type 3 has an invalid length. [ 891.191406][T13856] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2771'. [ 891.366161][T13851] overlayfs: upper fs does not support tmpfile. [ 891.380682][T13851] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 891.392971][T13851] overlayfs: upper fs missing required features. [ 891.810693][T12052] ocfs2: Unmounting device (7,8) on (node local) [ 891.860140][T13869] pim6reg1: entered promiscuous mode [ 891.866491][T13869] pim6reg1: entered allmulticast mode [ 892.040485][ T5852] kernel write not supported for file bpf-prog (pid: 5852 comm: kworker/0:4) [ 894.731378][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 894.738825][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 895.074451][T13893] loop8: detected capacity change from 0 to 256 [ 895.107778][T13893] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 895.119011][T13893] exFAT-fs (loop8): Medium has reported failures. Some data may be lost. [ 895.319176][T13893] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 895.345879][T13893] exFAT-fs (loop8): failed to load alloc-bitmap [ 895.352460][T13893] exFAT-fs (loop8): failed to recognize exfat type [ 897.528936][T13908] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 900.971975][T13950] loop2: detected capacity change from 0 to 40427 [ 901.020917][T13950] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 901.028989][T13950] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 901.056022][T13950] F2FS-fs (loop2): invalid crc value [ 901.350165][T13965] loop8: detected capacity change from 0 to 512 [ 901.403416][T13950] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 901.418458][T13950] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 901.426153][T13950] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 901.433862][T13965] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 901.503360][T13965] EXT4-fs (loop8): 1 orphan inode deleted [ 901.509633][T13965] EXT4-fs (loop8): 1 truncate cleaned up [ 901.517879][T13965] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 901.621416][T13965] EXT4-fs (loop8): shut down requested (0) [ 901.686644][T13976] EXT4-fs error (device loop8): ext4_search_dir:1474: inode #12: block 7: comm syz.8.2815: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 901.709599][T13976] EXT4-fs (loop8): Remounting filesystem read-only [ 901.902245][T12052] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 902.772855][T13991] loop1: detected capacity change from 0 to 128 [ 903.997901][T14009] netlink: 'syz.0.2831': attribute type 39 has an invalid length. [ 904.024534][T14009] bridge0: port 1(bridge_slave_0) entered disabled state [ 904.154143][T14009] bridge_slave_0 (unregistering): left allmulticast mode [ 904.161433][T14009] bridge_slave_0 (unregistering): left promiscuous mode [ 904.172350][T14009] bridge0: port 1(bridge_slave_0) entered disabled state [ 904.573776][T14013] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 904.973312][T14019] loop1: detected capacity change from 0 to 512 [ 905.034706][T14019] EXT4-fs: Ignoring removed orlov option [ 905.066949][T14019] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 905.191678][T14019] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2836: bg 0: block 248: padding at end of block bitmap is not set [ 905.243123][T14027] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 905.285066][T14019] Quota error (device loop1): write_blk: dquota write failed [ 905.294476][T14019] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 905.305208][T14019] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.2836: Failed to acquire dquot type 1 [ 905.394223][T14019] EXT4-fs (loop1): 1 truncate cleaned up [ 905.402699][T14019] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 905.415987][T14019] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 905.580182][ T5860] IPVS: starting estimator thread 0... [ 905.696264][T14033] IPVS: using max 192 ests per chain, 9600 per kthread [ 905.964814][T13429] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 906.219151][T14042] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2845'. [ 906.690891][T14048] netlink: 'syz.8.2846': attribute type 3 has an invalid length. [ 907.049132][ T5860] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 907.238207][ T5860] usb 3-1: Using ep0 maxpacket: 32 [ 907.279938][ T5860] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 907.290729][ T5860] usb 3-1: config 0 has no interface number 0 [ 907.340172][ T5860] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 907.353246][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 907.361728][ T5860] usb 3-1: Product: syz [ 907.366086][ T5860] usb 3-1: Manufacturer: syz [ 907.371118][ T5860] usb 3-1: SerialNumber: syz [ 907.441224][ T5860] usb 3-1: config 0 descriptor?? [ 907.459524][ T5860] smsc95xx v2.0.0 [ 907.750858][T14066] netlink: 'syz.8.2854': attribute type 1 has an invalid length. [ 907.759114][T14066] netlink: 'syz.8.2854': attribute type 2 has an invalid length. [ 908.323634][ T5860] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 908.334869][ T5860] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 908.816832][ T5860] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 908.829382][ T5860] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 908.950885][ T5860] usb 3-1: USB disconnect, device number 17 [ 912.607790][T14106] loop1: detected capacity change from 0 to 65536 [ 912.664180][T14106] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 912.837813][T14106] XFS (loop1): Ending clean mount [ 912.852416][T14106] XFS (loop1): Quotacheck needed: Please wait. [ 912.877454][T14120] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2874'. [ 912.932060][T14106] XFS (loop1): Quotacheck: Done. [ 913.171042][T13429] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 915.939326][T14148] loop8: detected capacity change from 0 to 40427 [ 916.192051][T14148] F2FS-fs (loop8): build fault injection rate: 14 [ 916.198946][T14148] F2FS-fs (loop8): build fault injection type: 0x3bfe8c [ 916.218319][T14148] F2FS-fs (loop8): invalid crc value [ 916.247688][ C0] F2FS-fs (loop8): inject read IO error in f2fs_read_end_io of bio_endio+0xeb4/0x1010 [ 916.276731][ C0] F2FS-fs (loop8): inject read IO error in f2fs_read_end_io of bio_endio+0xeb4/0x1010 [ 916.576532][T14148] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 916.586001][T14148] F2FS-fs (loop8): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 916.674197][T14148] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 916.705823][T14148] F2FS-fs (loop8): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 916.723054][T14148] F2FS-fs (loop8): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x945/0x1e20 [ 916.745617][T14148] F2FS-fs (loop8): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x79e/0x19b0 [ 916.903074][T12052] syz-executor: attempt to access beyond end of device [ 916.903074][T12052] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 916.917963][T12052] CPU: 1 UID: 0 PID: 12052 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 916.918133][T12052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 916.918223][T12052] Call Trace: [ 916.918277][T12052] [ 916.918333][T12052] __dump_stack+0x26/0x30 [ 916.918520][T12052] dump_stack_lvl+0x1df/0x270 [ 916.918710][T12052] dump_stack+0x1e/0x25 [ 916.918871][T12052] f2fs_handle_critical_error+0xa6f/0xc20 [ 916.919069][T12052] f2fs_stop_checkpoint+0x65/0x80 [ 916.919226][T12052] f2fs_write_end_io+0x101c/0x1bc0 [ 916.919434][T12052] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 916.919612][T12052] bio_endio+0xeb4/0x1010 [ 916.919785][T12052] submit_bio_noacct+0x2009/0x2930 [ 916.920018][T12052] submit_bio+0x57c/0x630 [ 916.920200][T12052] f2fs_submit_write_bio+0x92/0x250 [ 916.920414][T12052] __submit_merged_bio+0x16f/0x6a0 [ 916.920631][T12052] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 916.920820][T12052] __submit_merged_write_cond+0x458/0x9a0 [ 916.921060][T12052] f2fs_write_data_pages+0x4bb2/0x5480 [ 916.921364][T12052] ? kmsan_get_metadata+0xfb/0x160 [ 916.921533][T12052] ? folio_batch_move_lru+0x6a6/0x6e0 [ 916.921711][T12052] ? __msan_warning+0x1b/0x30 [ 916.921846][T12052] ? filter_irq_stacks+0x13f/0x190 [ 916.922066][T12052] ? stack_depot_save_flags+0x35/0x7b0 [ 916.922228][T12052] ? lru_gen_add_folio+0xd66/0x1190 [ 916.922424][T12052] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 916.922663][T12052] ? kmsan_get_metadata+0xfb/0x160 [ 916.922824][T12052] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 916.922992][T12052] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 916.923147][T12052] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 916.923304][T12052] do_writepages+0x3f2/0x860 [ 916.923501][T12052] ? _raw_spin_unlock+0x30/0x50 [ 916.923706][T12052] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 916.923894][T12052] filemap_fdatawrite+0x207/0x260 [ 916.924193][T12052] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 916.924401][T12052] f2fs_write_checkpoint+0x10a4/0x3730 [ 916.924736][T12052] kill_f2fs_super+0x31b/0x990 [ 916.924952][T12052] ? __pfx_kill_f2fs_super+0x10/0x10 [ 916.925128][T12052] deactivate_locked_super+0xcb/0x3c0 [ 916.925343][T12052] deactivate_super+0x12f/0x140 [ 916.925543][T12052] cleanup_mnt+0x6fb/0x780 [ 916.925694][T12052] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 916.925941][T12052] ? __pfx___cleanup_mnt+0x10/0x10 [ 916.926105][T12052] __cleanup_mnt+0x22/0x30 [ 916.926256][T12052] task_work_run+0x209/0x2b0 [ 916.926447][T12052] exit_to_user_mode_loop+0x2d1/0x370 [ 916.926625][T12052] do_syscall_64+0x1e3/0xfa0 [ 916.926827][T12052] ? irqentry_exit+0x16/0x60 [ 916.927014][T12052] ? clear_bhb_loop+0x40/0x90 [ 916.927179][T12052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.927342][T12052] RIP: 0033:0x7f7ff63902f7 [ 916.927454][T12052] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 916.927595][T12052] RSP: 002b:00007fff55839648 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 916.927745][T12052] RAX: 0000000000000000 RBX: 00007f7ff6411d7d RCX: 00007f7ff63902f7 [ 916.927847][T12052] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff55839700 [ 916.927941][T12052] RBP: 00007fff55839700 R08: 0000000000000000 R09: 0000000000000000 [ 916.928032][T12052] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff5583a790 [ 916.928133][T12052] R13: 00007f7ff6411d7d R14: 00000000000e3fb2 R15: 00007fff5583a7d0 [ 916.928276][T12052] [ 917.276608][T12052] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 918.360280][T14174] loop1: detected capacity change from 0 to 1024 [ 918.826490][T14178] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2895'. [ 918.836632][T14178] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2895'. [ 918.846019][T14178] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2895'. [ 918.856037][T14178] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2895'. [ 919.189911][T14182] loop2: detected capacity change from 0 to 256 [ 921.841018][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 922.562290][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802de1f400: rx timeout, send abort [ 923.047098][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802de1f400: abort rx timeout. Force session deactivation [ 923.476624][T14213] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2910'. [ 925.886946][T14226] loop2: detected capacity change from 0 to 32768 [ 925.987435][T14226] ea_get: invalid extended attribute [ 925.993082][T14226] ffff88804d5286b0: 04 00 00 00 .... [ 930.583362][ T5852] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 930.646484][T14297] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2945'. [ 931.021093][ T5852] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 931.029397][ T5852] usb 2-1: config 1 has no interface number 0 [ 931.036004][ T5852] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024 [ 931.046397][ T5852] usb 2-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 931.116951][ T5852] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 931.126580][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 931.134804][ T5852] usb 2-1: Product: syz [ 931.139305][ T5852] usb 2-1: Manufacturer: syz [ 931.144122][ T5852] usb 2-1: SerialNumber: syz [ 931.198100][T14294] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 931.216582][T14294] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 931.250321][ T5852] usb 2-1: Expected 3 endpoints, found: 2 [ 931.530087][ T5852] usb 2-1: USB disconnect, device number 6 [ 933.323774][T14325] loop2: detected capacity change from 0 to 16 [ 933.733496][T14320] loop8: detected capacity change from 0 to 40427 [ 933.788843][T14320] F2FS-fs (loop8): build fault injection rate: 14 [ 933.795777][T14320] F2FS-fs (loop8): build fault injection type: 0x3bfe8c [ 933.810091][T14320] F2FS-fs (loop8): invalid crc value [ 934.115343][ C0] F2FS-fs (loop8): inject read IO error in f2fs_read_end_io of bio_endio+0xeb4/0x1010 [ 934.134903][ C1] F2FS-fs (loop8): inject read IO error in f2fs_read_end_io of bio_endio+0xeb4/0x1010 [ 934.538438][T14320] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 934.553590][T14320] F2FS-fs (loop8): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 934.587579][T14320] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 934.633476][T14320] F2FS-fs (loop8): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 934.692302][T14320] F2FS-fs (loop8): inject inconsistent footer in sanity_check_node_footer of f2fs_get_inode_folio+0x40/0x50 [ 934.704711][T14320] F2FS-fs (loop8): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0] [ 934.869418][T12052] syz-executor: attempt to access beyond end of device [ 934.869418][T12052] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 934.887406][T12052] CPU: 1 UID: 0 PID: 12052 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 934.887573][T12052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 934.887659][T12052] Call Trace: [ 934.887725][T12052] [ 934.887778][T12052] __dump_stack+0x26/0x30 [ 934.887960][T12052] dump_stack_lvl+0x1df/0x270 [ 934.888145][T12052] dump_stack+0x1e/0x25 [ 934.888300][T12052] f2fs_handle_critical_error+0xa6f/0xc20 [ 934.888500][T12052] f2fs_stop_checkpoint+0x65/0x80 [ 934.888661][T12052] f2fs_write_end_io+0x101c/0x1bc0 [ 934.888878][T12052] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 934.889031][T12052] bio_endio+0xeb4/0x1010 [ 934.889205][T12052] submit_bio_noacct+0x2009/0x2930 [ 934.889437][T12052] submit_bio+0x57c/0x630 [ 934.889616][T12052] f2fs_submit_write_bio+0x92/0x250 [ 934.889841][T12052] __submit_merged_bio+0x16f/0x6a0 [ 934.890051][T12052] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 934.890237][T12052] __submit_merged_write_cond+0x458/0x9a0 [ 934.890477][T12052] f2fs_write_data_pages+0x4bb2/0x5480 [ 934.890788][T12052] ? kmsan_get_metadata+0xfb/0x160 [ 934.890954][T12052] ? folio_batch_move_lru+0x6a6/0x6e0 [ 934.891135][T12052] ? __msan_warning+0x1b/0x30 [ 934.891272][T12052] ? filter_irq_stacks+0x13f/0x190 [ 934.891491][T12052] ? stack_depot_save_flags+0x35/0x7b0 [ 934.891649][T12052] ? lru_gen_add_folio+0xd66/0x1190 [ 934.891855][T12052] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 934.892084][T12052] ? kmsan_get_metadata+0xfb/0x160 [ 934.892246][T12052] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 934.892414][T12052] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 934.892572][T12052] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 934.892739][T12052] do_writepages+0x3f2/0x860 [ 934.892940][T12052] ? _raw_spin_unlock+0x30/0x50 [ 934.893115][T12052] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 934.893316][T12052] filemap_fdatawrite+0x207/0x260 [ 934.893617][T12052] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 934.893877][T12052] f2fs_write_checkpoint+0x10a4/0x3730 [ 934.894201][T12052] kill_f2fs_super+0x31b/0x990 [ 934.894419][T12052] ? __pfx_kill_f2fs_super+0x10/0x10 [ 934.894593][T12052] deactivate_locked_super+0xcb/0x3c0 [ 934.894819][T12052] deactivate_super+0x12f/0x140 [ 934.895019][T12052] cleanup_mnt+0x6fb/0x780 [ 934.895170][T12052] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 934.895411][T12052] ? __pfx___cleanup_mnt+0x10/0x10 [ 934.895576][T12052] __cleanup_mnt+0x22/0x30 [ 934.895737][T12052] task_work_run+0x209/0x2b0 [ 934.895914][T12052] exit_to_user_mode_loop+0x2d1/0x370 [ 934.896093][T12052] do_syscall_64+0x1e3/0xfa0 [ 934.896295][T12052] ? irqentry_exit+0x16/0x60 [ 934.896485][T12052] ? clear_bhb_loop+0x40/0x90 [ 934.896650][T12052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.896816][T12052] RIP: 0033:0x7f7ff63902f7 [ 934.896931][T12052] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 934.897061][T12052] RSP: 002b:00007fff55839648 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 934.897204][T12052] RAX: 0000000000000000 RBX: 00007f7ff6411d7d RCX: 00007f7ff63902f7 [ 934.897307][T12052] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff55839700 [ 934.897404][T12052] RBP: 00007fff55839700 R08: 0000000000000000 R09: 0000000000000000 [ 934.897496][T12052] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff5583a790 [ 934.897596][T12052] R13: 00007f7ff6411d7d R14: 00000000000e8957 R15: 00007fff5583a7d0 [ 934.897742][T12052] [ 935.245370][T12052] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 935.660870][ T5852] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 936.293704][ T5852] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 936.303592][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 936.311912][ T5852] usb 1-1: Product: syz [ 936.316372][ T5852] usb 1-1: Manufacturer: syz [ 936.321167][ T5852] usb 1-1: SerialNumber: syz [ 936.404084][ T5852] usb 1-1: config 0 descriptor?? [ 936.425345][ T5852] ch341 1-1:0.0: ch341-uart converter detected [ 937.384442][ T5852] usb 1-1: failed to send control message: -71 [ 937.391155][ T5852] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 937.437111][ T5852] usb 1-1: USB disconnect, device number 18 [ 937.446843][ T5852] ch341 1-1:0.0: device disconnected [ 937.507153][T14356] loop2: detected capacity change from 0 to 128 [ 937.567413][T14356] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 937.691781][T14356] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 938.123846][T14363] loop8: detected capacity change from 0 to 256 [ 938.969837][T14379] loop1: detected capacity change from 0 to 128 [ 939.080023][T14379] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2978'. [ 940.470003][ T5860] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 940.673675][ T5860] usb 1-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid wMaxPacketSize 0 [ 940.684217][ T5860] usb 1-1: config 0 interface 0 has no altsetting 0 [ 940.691362][ T5860] usb 1-1: New USB device found, idVendor=048d, idProduct=8595, bcdDevice= 0.00 [ 940.700958][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 940.813264][ T5860] usb 1-1: config 0 descriptor?? [ 941.548308][ T5860] itetech 0003:048D:8595.0014: item fetching failed at offset 5/7 [ 941.624146][ T5860] itetech 0003:048D:8595.0014: probe with driver itetech failed with error -22 [ 941.766532][ T5860] usb 1-1: USB disconnect, device number 19 [ 945.777489][T14467] loop2: detected capacity change from 0 to 40427 [ 945.844573][T14467] F2FS-fs (loop2): build fault injection rate: 25 [ 945.856154][T14467] F2FS-fs (loop2): invalid crc value [ 946.137065][T14479] loop1: detected capacity change from 0 to 256 [ 946.166362][T14467] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 946.177102][T14467] F2FS-fs (loop2): Start checkpoint disabled! [ 946.226704][T14479] exfat: Deprecated parameter 'utf8' [ 946.230515][T14467] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 946.242996][T14467] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 946.368214][T14479] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 946.480556][T10449] kworker/u8:2: attempt to access beyond end of device [ 946.480556][T10449] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 946.497519][T10449] CPU: 1 UID: 0 PID: 10449 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(none) [ 946.497674][T10449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 946.497799][T10449] Workqueue: writeback wb_workfn (flush-7:2) [ 946.497999][T10449] Call Trace: [ 946.498054][T10449] [ 946.498110][T10449] __dump_stack+0x26/0x30 [ 946.498279][T10449] dump_stack_lvl+0x1df/0x270 [ 946.498451][T10449] dump_stack+0x1e/0x25 [ 946.498617][T10449] f2fs_handle_critical_error+0xa6f/0xc20 [ 946.498819][T10449] f2fs_stop_checkpoint+0x65/0x80 [ 946.498970][T10449] f2fs_write_end_io+0x101c/0x1bc0 [ 946.499184][T10449] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 946.499342][T10449] bio_endio+0xeb4/0x1010 [ 946.499512][T10449] submit_bio_noacct+0x2009/0x2930 [ 946.499744][T10449] submit_bio+0x57c/0x630 [ 946.499927][T10449] f2fs_submit_write_bio+0x92/0x250 [ 946.500146][T10449] __submit_merged_bio+0x16f/0x6a0 [ 946.500353][T10449] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 946.500561][T10449] __submit_merged_write_cond+0x458/0x9a0 [ 946.500806][T10449] f2fs_write_data_pages+0x4bb2/0x5480 [ 946.501120][T10449] ? f2fs_balance_fs_bg+0x11e7/0x1240 [ 946.501324][T10449] ? stack_depot_save_flags+0x35/0x7b0 [ 946.501483][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.501645][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.501812][T10449] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 946.502034][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.502196][T10449] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 946.502379][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.502543][T10449] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 946.502711][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.502879][T10449] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 946.503046][T10449] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.503206][T10449] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.503361][T10449] do_writepages+0x3f2/0x860 [ 946.503547][T10449] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 946.503725][T10449] ? queue_io+0x721/0x790 [ 946.503933][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.504115][T10449] __writeback_single_inode+0x101/0x1190 [ 946.504320][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.504500][T10449] writeback_sb_inodes+0xac1/0x1cb0 [ 946.504791][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.505007][T10449] wb_writeback+0x4ce/0xc00 [ 946.505210][T10449] ? queue_io+0x421/0x790 [ 946.505400][T10449] wb_workfn+0x397/0x1910 [ 946.505565][T10449] ? kmsan_get_metadata+0xfb/0x160 [ 946.505757][T10449] ? __pfx_wb_workfn+0x10/0x10 [ 946.505922][T10449] process_scheduled_works+0xb91/0x1d80 [ 946.506182][T10449] worker_thread+0xedf/0x1590 [ 946.506416][T10449] kthread+0xd5c/0xf00 [ 946.506545][T10449] ? __pfx_worker_thread+0x10/0x10 [ 946.506762][T10449] ? __pfx_kthread+0x10/0x10 [ 946.506901][T10449] ret_from_fork+0x1f5/0x4c0 [ 946.507091][T10449] ? __pfx_kthread+0x10/0x10 [ 946.507231][T10449] ret_from_fork_asm+0x1a/0x30 [ 946.507455][T10449] [ 946.799243][T10449] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 947.257172][T14487] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 947.269175][T14487] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 948.298662][ T5860] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 948.478151][ T5860] usb 1-1: Using ep0 maxpacket: 16 [ 948.522260][ T5860] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 948.535903][ T5860] usb 1-1: config 0 interface 0 has no altsetting 0 [ 948.543075][ T5860] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 948.553297][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 948.644890][ T5860] usb 1-1: config 0 descriptor?? [ 949.171509][ T5860] nzxt-smart2 0003:1E71:2009.0015: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 951.494554][T14516] loop2: detected capacity change from 0 to 65536 [ 951.532506][T14516] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 951.838474][T14516] XFS (loop2): Ending clean mount [ 951.868130][T14516] XFS (loop2): Quotacheck needed: Please wait. [ 951.927663][ T5852] usb 1-1: USB disconnect, device number 20 [ 951.988932][T14516] XFS (loop2): Quotacheck: Done. [ 952.167682][ T5795] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 952.490088][T14535] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 953.055205][T14542] netlink: 'syz.7.3041': attribute type 4 has an invalid length. [ 953.235745][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 953.243037][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 954.247077][T14558] loop8: detected capacity change from 0 to 128 [ 954.293801][T14558] FAT-fs (loop8): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 954.599903][T10469] FAT-fs (loop8): error, invalid FAT chain (i_pos 548, last_block 8) [ 954.609132][T10469] FAT-fs (loop8): Filesystem has been set read-only [ 954.616223][T10469] FAT-fs (loop8): error, corrupted file size (i_pos 548, 522) [ 954.975363][T14566] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3052'. [ 955.032815][T14566] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3052'. [ 957.915850][T14597] loop2: detected capacity change from 0 to 40427 [ 957.979165][T14597] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 957.987362][T14597] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 958.028242][T14597] F2FS-fs (loop2): invalid crc value [ 958.371412][T14597] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 958.402204][T14597] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 958.409604][T14597] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 959.082954][T14621] netlink: 'syz.1.3071': attribute type 1 has an invalid length. [ 959.188780][T14621] 8021q: adding VLAN 0 to HW filter on device bond1 [ 960.222993][T14633] loop8: detected capacity change from 0 to 32768 [ 960.371227][T14633] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 960.737603][T14633] XFS (loop8): Ending clean mount [ 960.902030][T12052] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 961.453025][T14656] netem: incorrect ge model size [ 961.458523][T14656] netem: change failed [ 962.939453][ T5797] Bluetooth: hci0: command 0x0405 tx timeout [ 963.340794][T14670] loop1: detected capacity change from 0 to 40427 [ 963.383114][T14670] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 963.394091][T14670] F2FS-fs (loop1): invalid crc value [ 963.743732][T14670] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 963.760734][T14670] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 963.817068][ T30] audit: type=1800 audit(1760955221.464:140): pid=14670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3085" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 963.863240][T14670] syz.1.3085: attempt to access beyond end of device [ 963.863240][T14670] loop1: rw=2049, sector=45096, nr_sectors = 512 limit=40427 [ 964.283867][T13429] syz-executor: attempt to access beyond end of device [ 964.283867][T13429] loop1: rw=2049, sector=45608, nr_sectors = 8 limit=40427 [ 964.300046][T13429] CPU: 1 UID: 0 PID: 13429 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 964.300208][T13429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 964.300298][T13429] Call Trace: [ 964.300350][T13429] [ 964.300406][T13429] __dump_stack+0x26/0x30 [ 964.300586][T13429] dump_stack_lvl+0x1df/0x270 [ 964.300774][T13429] dump_stack+0x1e/0x25 [ 964.300939][T13429] f2fs_handle_critical_error+0xa6f/0xc20 [ 964.301133][T13429] f2fs_stop_checkpoint+0x65/0x80 [ 964.301285][T13429] f2fs_write_end_io+0x101c/0x1bc0 [ 964.301490][T13429] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 964.301647][T13429] bio_endio+0xeb4/0x1010 [ 964.301836][T13429] submit_bio_noacct+0x2009/0x2930 [ 964.302093][T13429] submit_bio+0x57c/0x630 [ 964.302268][T13429] f2fs_submit_write_bio+0x92/0x250 [ 964.302486][T13429] __submit_merged_bio+0x16f/0x6a0 [ 964.302678][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 964.302849][T13429] __submit_merged_write_cond+0x458/0x9a0 [ 964.303068][T13429] f2fs_write_data_pages+0x4bb2/0x5480 [ 964.303350][T13429] ? tracing_mark_raw_write+0x100/0x5d0 [ 964.303536][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 964.303703][T13429] ? free_unref_folios+0x29ad/0x2a20 [ 964.303874][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 964.304072][T13429] ? kmsan_get_metadata+0xfb/0x160 [ 964.304216][T13429] ? kmsan_get_metadata+0xfb/0x160 [ 964.304364][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 964.304520][T13429] ? kmsan_get_metadata+0xfb/0x160 [ 964.304665][T13429] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 964.304819][T13429] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 964.304968][T13429] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 964.305112][T13429] do_writepages+0x3f2/0x860 [ 964.305296][T13429] ? _raw_spin_unlock+0x30/0x50 [ 964.305453][T13429] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 964.305634][T13429] filemap_fdatawrite+0x207/0x260 [ 964.305907][T13429] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 964.306101][T13429] f2fs_write_checkpoint+0x10a4/0x3730 [ 964.306396][T13429] kill_f2fs_super+0x31b/0x990 [ 964.306593][T13429] ? __pfx_kill_f2fs_super+0x10/0x10 [ 964.306753][T13429] deactivate_locked_super+0xcb/0x3c0 [ 964.306958][T13429] deactivate_super+0x12f/0x140 [ 964.307134][T13429] cleanup_mnt+0x6fb/0x780 [ 964.307270][T13429] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 964.307489][T13429] ? __pfx___cleanup_mnt+0x10/0x10 [ 964.307637][T13429] __cleanup_mnt+0x22/0x30 [ 964.307777][T13429] task_work_run+0x209/0x2b0 [ 964.307934][T13429] exit_to_user_mode_loop+0x2d1/0x370 [ 964.308093][T13429] do_syscall_64+0x1e3/0xfa0 [ 964.308273][T13429] ? irqentry_exit+0x16/0x60 [ 964.308439][T13429] ? clear_bhb_loop+0x40/0x90 [ 964.308589][T13429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 964.308733][T13429] RIP: 0033:0x7f1828f902f7 [ 964.308836][T13429] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 964.308965][T13429] RSP: 002b:00007fff31dbfe78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 964.309099][T13429] RAX: 0000000000000000 RBX: 00007f1829011d7d RCX: 00007f1828f902f7 [ 964.309195][T13429] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff31dbff30 [ 964.309280][T13429] RBP: 00007fff31dbff30 R08: 0000000000000000 R09: 0000000000000000 [ 964.309367][T13429] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff31dc0fc0 [ 964.309457][T13429] R13: 00007f1829011d7d R14: 00000000000f0145 R15: 00007fff31dc1000 [ 964.309585][T13429] [ 964.652813][T13429] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 966.659038][T14721] loop8: detected capacity change from 0 to 256 [ 966.933667][T14721] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d) [ 967.348606][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 967.749095][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 968.139042][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 968.434473][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 968.824073][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 969.310214][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 969.594051][T14724] loop1: detected capacity change from 0 to 131072 [ 969.602080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 969.623531][T14724] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 969.631953][T14724] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 969.644328][T14724] F2FS-fs (loop1): invalid crc value [ 969.921256][T14724] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 969.951387][T14724] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 969.958845][T14724] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 970.265729][ T5796] Bluetooth: hci0: command 0x0405 tx timeout [ 971.535554][T14748] fuse: Bad value for 'fd' [ 973.010704][T14761] netlink: 'syz.8.3120': attribute type 30 has an invalid length. [ 974.297283][T14780] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 974.355217][T14780] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 974.681144][T14780] batadv0 (unregistering): left promiscuous mode [ 975.636014][ T5860] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 975.732341][T14794] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3133'. [ 975.794397][T14797] sctp: [Deprecated]: syz.0.3135 (pid 14797) Use of int in maxseg socket option. [ 975.794397][T14797] Use struct sctp_assoc_value instead [ 975.883198][ T5860] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 975.895181][ T5860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 975.906483][ T5860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 975.916735][ T5860] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 975.930811][ T5860] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 975.942056][ T5860] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 976.114065][ T5860] usb 9-1: config 0 descriptor?? [ 976.163542][T14799] netlink: 'syz.0.3136': attribute type 1 has an invalid length. [ 976.250472][T14799] 8021q: adding VLAN 0 to HW filter on device bond1 [ 976.570775][T14805] bond1: (slave geneve2): making interface the new active one [ 976.587103][T14805] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 976.609250][ T5860] plantronics 0003:047F:FFFF.0016: ignoring exceeding usage max [ 976.679047][ T5860] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 978.631400][ T5852] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 978.631760][ T5860] usb 9-1: USB disconnect, device number 8 [ 978.869602][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 978.881476][ T5852] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 978.890851][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 978.958486][ T5852] usb 1-1: config 0 descriptor?? [ 979.417208][ T5852] holtek 0003:1241:5015.0017: unbalanced collection at end of report description [ 979.492951][ T5852] holtek 0003:1241:5015.0017: parse failed [ 979.499373][ T5852] holtek 0003:1241:5015.0017: probe with driver holtek failed with error -22 [ 979.655173][ T5860] usb 1-1: USB disconnect, device number 21 [ 981.137608][T14861] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3160'. [ 981.913525][T14868] ===================================================== [ 981.920843][T14868] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120 [ 981.930748][T14868] _copy_to_user+0xcc/0x120 [ 981.936619][T14868] copy_siginfo_to_user+0x3f/0x140 [ 981.942798][T14868] x64_setup_rt_frame+0x1392/0x2590 [ 981.948231][T14868] arch_do_signal_or_restart+0x5db/0xb90 [ 981.955264][T14868] exit_to_user_mode_loop+0xe7/0x370 [ 981.961933][T14868] do_syscall_64+0x1e3/0xfa0 [ 981.967339][T14868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.973569][T14868] [ 981.975998][T14868] Uninit was stored to memory at: [ 981.981578][T14868] __dequeue_signal+0x4d6/0x970 [ 981.986636][T14868] dequeue_signal+0x1c0/0x840 [ 981.993867][T14868] get_signal+0xbf6/0x2a20 [ 981.999329][T14868] arch_do_signal_or_restart+0x53/0xb90 [ 982.005107][T14868] exit_to_user_mode_loop+0xe7/0x370 [ 982.011623][T14868] do_syscall_64+0x1e3/0xfa0 [ 982.016478][T14868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 982.023268][T14868] [ 982.025689][T14868] Uninit was created at: [ 982.030302][T14868] kmem_cache_free+0x2b0/0x1490 [ 982.035362][T14868] __sigqueue_free+0x23a/0x270 [ 982.040463][T14868] get_signal+0xaa3/0x2a20 [ 982.045202][T14868] arch_do_signal_or_restart+0x53/0xb90 [ 982.051202][T14868] irqentry_exit_to_user_mode+0x5f/0xa0 [ 982.057115][T14868] irqentry_exit+0x16/0x60 [ 982.061769][T14868] exc_page_fault+0x82/0xc0 [ 982.066629][T14868] asm_exc_page_fault+0x2b/0x30 [ 982.071679][T14868] [ 982.074106][T14868] Bytes 12-15 of 48 are uninitialized [ 982.079722][T14868] Memory access of size 48 starts at ffff88806f2ebde0 [ 982.088529][T14868] Data copied to user address 00007f7ff71b5bb0 [ 982.095574][T14868] [ 982.098019][T14868] CPU: 0 UID: 0 PID: 14868 Comm: syz.8.3163 Not tainted syzkaller #0 PREEMPT(none) [ 982.107864][T14868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 982.118194][T14868] ===================================================== [ 982.125344][T14868] Disabling lock debugging due to kernel taint [ 982.132042][T14868] Kernel panic - not syncing: kmsan.panic set ... [ 982.138622][T14868] CPU: 0 UID: 0 PID: 14868 Comm: syz.8.3163 Tainted: G B syzkaller #0 PREEMPT(none) [ 982.149751][T14868] Tainted: [B]=BAD_PAGE [ 982.154001][T14868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 982.164170][T14868] Call Trace: [ 982.167538][T14868] [ 982.170556][T14868] __dump_stack+0x26/0x30 [ 982.175065][T14868] dump_stack_lvl+0x53/0x270 [ 982.179826][T14868] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 982.185850][T14868] dump_stack+0x1e/0x25 [ 982.190206][T14868] vpanic+0x435/0xd30 [ 982.194394][T14868] panic+0x15d/0x160 [ 982.198505][T14868] kmsan_report+0x31c/0x320 [ 982.203191][T14868] ? copy_fpstate_to_sigframe+0x1121/0x13d0 [ 982.209272][T14868] ? kmsan_internal_check_memory+0x16c/0x230 [ 982.215498][T14868] ? kmsan_copy_to_user+0xf1/0x190 [ 982.220761][T14868] ? _copy_to_user+0xcc/0x120 [ 982.225611][T14868] ? copy_siginfo_to_user+0x3f/0x140 [ 982.231047][T14868] ? x64_setup_rt_frame+0x1392/0x2590 [ 982.236600][T14868] ? arch_do_signal_or_restart+0x5db/0xb90 [ 982.242610][T14868] ? exit_to_user_mode_loop+0xe7/0x370 [ 982.248229][T14868] ? do_syscall_64+0x1e3/0xfa0 [ 982.253192][T14868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 982.259437][T14868] ? stack_depot_save_flags+0x35/0x7b0 [ 982.265075][T14868] ? kmsan_get_metadata+0xfb/0x160 [ 982.270366][T14868] ? kmsan_internal_check_memory+0x9c/0x230 [ 982.276503][T14868] ? copy_fpstate_to_sigframe+0x126f/0x13d0 [ 982.282606][T14868] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 982.288625][T14868] ? kmsan_get_metadata+0xfb/0x160 [ 982.293914][T14868] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 982.299915][T14868] kmsan_internal_check_memory+0x16c/0x230 [ 982.305976][T14868] kmsan_copy_to_user+0xf1/0x190 [ 982.311079][T14868] _copy_to_user+0xcc/0x120 [ 982.315762][T14868] copy_siginfo_to_user+0x3f/0x140 [ 982.321046][T14868] x64_setup_rt_frame+0x1392/0x2590 [ 982.326480][T14868] arch_do_signal_or_restart+0x5db/0xb90 [ 982.332360][T14868] exit_to_user_mode_loop+0xe7/0x370 [ 982.337827][T14868] do_syscall_64+0x1e3/0xfa0 [ 982.342622][T14868] ? irqentry_exit+0x16/0x60 [ 982.347403][T14868] ? clear_bhb_loop+0x40/0x90 [ 982.352256][T14868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 982.358350][T14868] RIP: 0033:0x7f7ff638efc9 [ 982.362894][T14868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 982.382696][T14868] RSP: 002b:00007f7ff71b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 982.391288][T14868] RAX: 0000000000000007 RBX: 00007f7ff65e5fa0 RCX: 00007f7ff638efc9 [ 982.399391][T14868] RDX: 0000000000000010 RSI: 0000200000000340 RDI: 0000000000000011 [ 982.407500][T14868] RBP: 00007f7ff6411f91 R08: 0000000000000000 R09: 0000000000000000 [ 982.415589][T14868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 982.423676][T14868] R13: 00007f7ff65e6038 R14: 00007f7ff65e5fa0 R15: 00007fff5583a3b8 [ 982.431828][T14868] [ 982.435282][T14868] Kernel Offset: disabled [ 982.439679][T14868] Rebooting in 86400 seconds..