last executing test programs:

19.426219144s ago: executing program 2 (id=246):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000080)={{0xb8, 0xc, 0xb3, 0x7}, 'syz0\x00', 0x3a})
ioctl$UI_DEV_CREATE(r0, 0x5501)

19.219537878s ago: executing program 2 (id=248):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
kcmp(r0, r1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)

19.030924521s ago: executing program 2 (id=251):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0xbfa35000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

17.804364031s ago: executing program 2 (id=258):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x0, &(0x7f0000000140), 0xc1, 0x7c1, &(0x7f0000000f80)="$eJzs3ctrW1caAPDvyq/YyYw9MDCTWRkGZgwh8jjjSWZgFhlmMQw0EGjXTYysmNSyFSw5xMaQhFLoptCWLgrtJus+0l23fWzb/6KLkpC2jmlKF63Kla9sOZYcO7WkgH8/uL7n3IfP+XTu40j3IAVwZI2nf3IRJyPi9SRiNFueRMRAPdUfcX5zu0fra4V0SqJWe/7bpL7NxvpaIZr2SR3PMn+MiM9eiTiVSxcc21FuZWV1fqZUKi5l+cnqwrXJysrq6asLM3PFueLi2anp6TPn/nHu7OHF+v2Xqyfuv/G/v354/seX/3D3tc+TOB8nsnXNcRyW8RjPXpOB9CXc4b+HXViPJb2uAE8lPTX7Ns/yOBmj0VdPtTHczZoBAJ1yMyJqAMARk7j/A8AR0/gcYGN9rdCYevuJRHc9+M/mo8mN7Nnmo634+7Nndsfqz0FHNpIdT0aSiBg7hPLHI+Ldj198P52iQ88hAVq5dTsiLo+N777+J7vGLBzU3/ZaWRuqz8YfW+z6B93zSdr/+eeO/t/WKI9G/yda9H+GWpy7T+PJ53/u3iEU01ba//t309i27f5frrHJWF+W+029zzeQXLlaKqbXtt9GxEQMDKX5qfqmrUdBTTz86WG78pv7f9+9+dJ7afnpfHuL3L3+oZ37zM5UZ35t3A0Pbkf8qb9V/MlW+ydt+r8X91nG///16jvt1qXxp/E2pt3xd1btTsRfWrb/dlsme45PnKwfDpONg6KFj756e6Rd+dvtP1Sfp+U33gt0Q9r+I3vHP5Y0j9esHLyML+6MftpuXfPx3zr+1sf/YPJCPT2YLbsxU60uTUUMJs/tXn5me99GvrF9Gv/En1uf/+2O/1w2NvbyVm5v/fe/+SD7Vy3jr7vVLv7OSuOfPVD775GoZfs8turuo/m+duXvr/2n66mJbMl+rn9PqGkj8eTGAwAAAAAAAAAAAAAAAAAAAAAAAIBDkIuIE5Hk8lvpXC6f3/wN79/HSK5UrlRPXSkvL85G/beyx2Ig1/iqy9Gm70Odyr4Pv5E/81j+7xHxu4h4a2i4ns8XyqXZXgcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJnjO3///2Y6y+c313091OvaAQAdc6zXFQAAus79HwCOnv3d/3/O5sMdrQsA0B0Hfv9fSzpTEQCga/Z9/7/c2XoAAN3j+T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddvHChXSq/bC+Vkjzs9dXlufL10/PFivz+YXlQr5QXrqWnyuX50rFfKG80PYf3dqclcrla9OxuHxjslqsVCcrK6uXFsrLi9VLVxdm5oqXigNdiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9q+ysjo/UyoVlyT2TAz3pvTBZyH2Von+6HKhuYjoYBG1vs3z4dl4efuj9wdA81ViuEdXJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBn3y8BAAD//zdDIAY=")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000040)='./bus\x00', 0x165142, 0x110)
fallocate(r0, 0x10, 0x0, 0x2000)

17.563654995s ago: executing program 2 (id=260):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@local, @in6=@local, 0x0, 0x3, 0x4e20, 0x0, 0x2}, {0x0, 0x15000000000000, 0x0, 0x2, 0x8001, 0xffffffffffffffff, 0x0, 0xd3d}, {0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0xa, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x1}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

16.562697151s ago: executing program 2 (id=271):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000900)={'syz1\x00', {0x8000}, 0x12, [0xff03, 0x6, 0x0, 0x0, 0x1, 0x420000, 0x0, 0x10000, 0x4, 0x0, 0x0, 0xfffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0xffffffff, 0x100000, 0x6, 0x0, 0x2, 0xffffffff, 0x0, 0x3, 0x0, 0x20, 0x3, 0x200, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20007, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x7, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0x1, 0x0, 0x0, 0xdffffffc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x20000000, 0x40000000, 0x0, 0x800000, 0x7fffffff, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x7, 0x8, 0x0, 0xfffffffc, 0x9, 0x8c, 0x0, 0x0, 0x5, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c1b, 0x80, 0x0, 0x0, 0x8000], [0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa79d, 0xfffffffd, 0x0, 0x0, 0xc, 0x0, 0x3, 0x0, 0x0, 0x10000, 0x3, 0x8000000, 0x520, 0xffffffff, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffc, 0xaf, 0x10001, 0x9, 0x1, 0x0, 0x3, 0xfffffffe, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000005, 0x0, 0x5, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8], [0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0xe17, 0xe, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x2, 0x8000001, 0x1, 0x7fff, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x5, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x3, 0x3, 0xfffffffd, 0x53591b27, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0x7, 0xd86, 0x0, 0x10000, 0x80000000, 0x1000000]}, 0x45c)

16.223503537s ago: executing program 32 (id=271):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000900)={'syz1\x00', {0x8000}, 0x12, [0xff03, 0x6, 0x0, 0x0, 0x1, 0x420000, 0x0, 0x10000, 0x4, 0x0, 0x0, 0xfffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0xffffffff, 0x100000, 0x6, 0x0, 0x2, 0xffffffff, 0x0, 0x3, 0x0, 0x20, 0x3, 0x200, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20007, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x7, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0x1, 0x0, 0x0, 0xdffffffc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x20000000, 0x40000000, 0x0, 0x800000, 0x7fffffff, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x7, 0x8, 0x0, 0xfffffffc, 0x9, 0x8c, 0x0, 0x0, 0x5, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c1b, 0x80, 0x0, 0x0, 0x8000], [0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa79d, 0xfffffffd, 0x0, 0x0, 0xc, 0x0, 0x3, 0x0, 0x0, 0x10000, 0x3, 0x8000000, 0x520, 0xffffffff, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffc, 0xaf, 0x10001, 0x9, 0x1, 0x0, 0x3, 0xfffffffe, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000005, 0x0, 0x5, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8], [0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0xe17, 0xe, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x2, 0x8000001, 0x1, 0x7fff, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x5, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x3, 0x3, 0xfffffffd, 0x53591b27, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0x7, 0xd86, 0x0, 0x10000, 0x80000000, 0x1000000]}, 0x45c)

4.547416777s ago: executing program 3 (id=335):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=@getae={0x40, 0x1f, 0x319, 0x0, 0x0, {{@in=@empty}, @in6=@mcast2}}, 0x40}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0xf0, 0x65, 0x2, 0x70bd27, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, {0xf, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xb4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x78, 0x1, [@m_connmark={0x74, 0x15, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7f, 0x8, 0x1, 0xfffffff7, 0x9}, 0x1ca}}]}, {0x25, 0x6, "726786f34dc39a3b098ea66afe225634df06865f963558e69516e656d1b4d3ec4c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_OPS={{0x6, 0x4, 0x2}, {0x14, 0x5, [{0x1, 0xc3, 0x5, 0x8}, {0x8, 0x9e, 0x0, 0x6}]}}]}}]}, 0xf0}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

4.408395199s ago: executing program 3 (id=336):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000380)=0x7d)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000003c0)=0x7e)

4.366888049s ago: executing program 4 (id=337):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x103042, 0x5d9f61795f7ff7ff)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r1, 0x0, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0)

4.246367841s ago: executing program 3 (id=339):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c636865636b706f696e743d64697361626c652c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313236322c61636c2c6e6f61636c2c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c636f6d70726573735f63616368652c6661756c745f747970653d30303030303030303030303030303030303030342c008d73b6efef8bf6f516d60904182d07bca0e749cc80891d95a64e7017e017d72450a7d42539b57fb9c48865a0e2adbf3b690b6e666283ce3274281626e6b683df1e10a4b3b952294895df65e4a6b94f5c5a650e35a010e04bce2a92891fec6ae51521e10eeb1224f2905d434d7558325f47edf48ce3a8ad4664164f"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000080)=@file={0x1, './bus\x00'}, 0x6e)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x6004, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)

2.848925794s ago: executing program 4 (id=343):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'})
ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

2.47633433s ago: executing program 3 (id=347):
unshare(0x22020600)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)

2.393659531s ago: executing program 0 (id=349):
r0 = add_key$keyring(&(0x7f0000000640), &(0x7f0000000680)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
pipe2$watch_queue(&(0x7f00000006c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x100000009c)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x4c)

2.267596643s ago: executing program 0 (id=351):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000000008000480040003800800084000000000080008400000000734000f8008000240000000050800024000000b8608000340000047510800034000000003080001"], 0xdc}}, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x800, 0x0)

2.104433556s ago: executing program 0 (id=352):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc)

2.046728087s ago: executing program 0 (id=353):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file1\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x444a, &(0x7f0000004480)="$eJzs3b1PHGcaAPB3BnwGfx32ufBJJ91KZ+k+hcDV3WHpMMbGYHOOnNhFmvUCa5tkYS1YohQuSGcpVaQUUQorkdJRWUhp0jh/QpqUTm0pKdJEimSFaHdnMTPsmg3ZhWD9fsXOzvv5wLMzvGNp/caJyr355dz8cq6wmCvP3lk+l3unXFpZKIZ4jzSd/9DezU97uvE5edmYn3cscpq5fvHy67fOhfDl3NfPNjY2NkJVb2hqeMv7H75/MLv12BBn+lTHbTLUoeYz7MabIYTT2+Kq6gkh9IUQohDChaRsLDn2hxCOJ3W3Hrx/O9ehaB4/LZ7PP59+uD5ydmrt0Xqzn70uCuHj0h//dXfh27/0jHzzj9YjfnG0Q6EBAAAAAAAAAAAAAAAAAHAATNy4fvO1oeHwJAq9a9H27+tOJMcW34/t3eiYP78szL+f6NyPDAAAAAAAAAAAAAAAAAAAAL85L77/n4tONfn+/3hyHG3Rf+N/3Y+R7pn8//XxS0PDyf7v0bb6fydF313oCSeb7Pue3f/9QqZ/8/3ft8+zW434GvMOhCgeTJ3H8eBgCJ8mG7+fiY7EpfJy5Z93yiuLcx0L48BK57++e38qO8mG/m3mPx7LjN9i//8O+sO2T1P1/HbnPmKvtHT+e1q2++y9qK3r/2Km317kn91L57+3Vta/tcFo/QZQzf8HvTvnfzwzfrfyfyKEkIuqseZSd4DqGqZa3mq9Qlo6/4dqZalbZ/KLbHX9/5jJ/6XM+Pt1/1/N/iGiqXT+f1cr60u1OFx7reU/3vn6v5wZfz/yX41/tV640d25D750/uu5Dr2pJrXfZLv3/4nM+C3zf/jXxX0zTuI8EaU+AWtRvbzF/1dHRjr/fdvqXzz/xW2t/65k+u/V819j3sbzX+P2/7eo/vxHc+n897ds1+71P5np1+37/2ht/cdupfN/pFaWXjsP1F7bzf9UZvxu5b/2VNLXyP+L+8lPh+vln1j/tSWd/6P1wnhri9Xaa239F+28/r+aGX8/1n/V+Ffj7s76qkjn/1jLdtX8f9XG3/9rmX7dz38IQ/6tb9fS+T/esl3t+u/bOf/Tm+/qY3U7/3/t5uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8BYchwIUTyYOo/jwcEQLibnZ8KRaKYwl58plWffXg5hPCnPhVPR3VJ5plDKzy+W54r5QqlUng3hUlJ/OvRFy6VyJb9QuH95c6z+6F6xsFSZKRYqIYSJpPxP4XhjrJn5ykLhfgjhymbd7+Py0v17hcX83PzSf4eGhobC5GYMJ6Piu5XiYqU+e702hKnNvgPRluBq1Vc3YzkWvVVeWVoslGrl17b0KZVnC6UtfaaTug/DyaiytLI4W6gU86Xy3cZ8+2k0OY5P3njjxrXhbfW3o/pxbG/DAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAXejLyn49CCL31sziEMNp4EzVr//hp8Xz++fTD9ZGzU2uP1p+1agcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DM7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2KVj1ASCKAzAbyZFki7HSLUkXdoNgZAU2SB4Aj2Gh9GjeAnvYGFhayGC7KKuu7CNVt/XPJifmfdgHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw3yPqvH/23tEiqf9Y8Ryulqf5791nX9233+4w4zczs9f9XX6w3SVf9RHmzIf0912NomO2li09qS9T5d9nnvn6tu3vvmavi+RchERZZ2/ppyLYthbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcGAHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AsAAAAACDM3zqKvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BUAAP//hkEdVg==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='ro\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

1.618223394s ago: executing program 4 (id=354):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000640)={[{@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@noblock_validity}, {@stripe={'stripe', 0x3d, 0x80}}, {@noblock_validity}, {@debug}]}, 0x3, 0x451, &(0x7f00000006c0)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]})
chdir(&(0x7f00000000c0)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x82400, 0x184)
getdents(r0, &(0x7f00000001c0)=""/109, 0x6d)

1.492420316s ago: executing program 1 (id=355):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x486, 0x0, 0x8df1}]})

1.2801043s ago: executing program 3 (id=356):
syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[], 0x2, 0x6276, &(0x7f0000003680)="$eJzs3c1vHGcdB/Df7JtfStOoh6pECLlteCmleS0hUKDtAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFBQogjJ/6AHrhy4w8gUoIE6qmD1n4eZzxde+2k3ln7+XwkZ+Y3z4z3mXx3vLueGT8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQPf/Dj81VEXP1VWnAy4nPRj+hFLI3rlYhYWjmZ1x9ExPOx2RzPRcRwIaLKjc9EvBYRH52IePDw7up40YV99uP7f/nnH37y1I/+8efh2f/99Xb/9d3Wu3Pnt//9273H318AAAAoUV3XdZU+5p9Kn+97XXcKAJiJ/PpfJ3m5eu7q9Tnrj1qtVquPYN1UT3avWUTEenOb8XsGp+MB4IhZj4+77gIdkn/RBhHxVNedAOZa1XUHOBQPHt5drVK+VfP1YGWrPV8LsiP/9Wr7/o7dptO0rzGZ1fNrI/rx7C79WZpRH+ZJzr/Xzv/qVvsorXfY+c/KbvmPtm59Kk7Ov9/Ov+X45N+bmH+pcv6DA+Xflz8AAAAAAMyx/Pv/kx2f/1148l3Zl73O/67MqA8AAAAAAAAA8Fl70vH/tlXG/wMAAIB5Nf6sPva7E4+WNa/1H8XO5VeqiKdb6wOFSTfLLHfdDwAAAAAAAAAAAAAoyWDrGt4rVcQwIp5eXq7revzV1K4P6km3P+pK338oWdc/5AEAYMtHJ1r38lcRixFxJf2tv+Hy8nJdLy4t18v10kJ+PztaWKyXGp9r83S8bGG0jzfEg1E9/maLje2apn1entbe/n7jxxrV/X10bDY6DBwAImLr1eiBV6Rjpq6fia7f5XA0OP6PH8c/+9H18xQAAAA4fHVd11X6c96n0jn/XtedAgBmIr/+t88LqNVqtVqtPn51Uz3ZvWYREevNbcbvGQzHDwBHzHp83HUX6JD8izaIiOe77gQw16quO8ChePDw7mqV8q2arwdpfPd8LciO/Nerze3y9pOm07SvMZnV82sj+vHsLv15bkZ9mCc5/147/6tb7aO03mHnPyu75T/ez5Md9KdrOf9+O/+W45N/b2L+pcr5Dw6Uf1/+AAAAAAAwx/Lv/0/O1fnf0ePuzlR7nf9dObRHBQAAAAAAAIDD9eDh3dV832s+//+FCeu5//N4yvlX8i9Szr/Xyv+rrfX6jfn7bz3K/z8P767+8fa/P5+n+81/Ic9U6ZlVpWdElR6pGqTpk+zdp20M+6PxIw2rXn+Qrvmph+/E9bgRa3Fux7q99P/xqP38jvZxT4eb7XV/q/3CjvbBdnve/uKO9mG60qleyu1nYjV+Hjfi7c32cdvClP1fnNJeT2nP+fcd/0XK+Q8aX+P8l1N71ZqO3f+w96njvjmd9DhvXv/ib84d/u5MtRH97X1rGu/fix30Z/P/5KlR/PLW2s0zd67dvn3zfKTJjqUXIk0+Yzn/Yfra/vn/0lZ7/rnfPF7vfzg6cP7zYiMGu+b/UmN+vL8vz7hvXcj5j9JXzv/t1D75+D9A/r0/zWxf9mOv4/+VDvoDAAAAAAAAAAAAAAAAe6nrevMW0Tcj4lK6/6erezMBgNnKr/91kpfPqu7P+PHU6iNeV3PWn5nWn9Tz1R+1+ijWTfVkbzSLiPh7c5vxe4ZfT/pmAMA8+yQi/tV1J+iM/AuW/97feHq6684AM3Xr/Q9+eu3GjbWbt7ruCQAAAAAAAADwuPL4nyuN8Z9P13V9r7XejvFf34qVJx3/dZBntgcY3WWg6v7B92kvG71Rv9cYbvyF2G387+H23F7jfw+mPN5wSvtoSvvClPbFKe0Tb/RoyPm/0Bjv/HREnGoNv/7Y47/Omb3Gf22PeV+CnP+LjefzOP+vtNZr5l///ijn39uR/9nb7/3i7K33P3j1+nvX3l17d+1nF8+fP3fx0qXLly+ffef6jbVzW/922OPDlfPPY1+7DrQsOf+cufzLkvP/UqrlX5ac/5dTLf+y5Pzz+z35lyXnnz/7yL8sOf+XUy3/suT8v5Zq+Zcl5/9KquVflpz/11Mt/7Lk/F9NtfzLkvM/k2r5lyXnfzbV+8x/6bD7xWzk/PMZLsd/WXL++coG+Zcl538h1fIvS87/YqrlX5ac/2upln9Zcv7fSLX8y5Lzv5Rq+Zcl5//NVMu/LDn/y6mWf1ly/t9KtfzLkvP/dqrlX5ac/+upln9Zcv7fSbX8y5Lz/26q5V+WnP/3Ui3/suT830i1/Mvy6O//mzFjxkye6fonEwAAAAAAAAAAAADQNovLibveRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCnt3FyPXWd4B/Mx+eeNAYiCkTmrCxjHGOJvs+iP+oHUx4bPhqySEQj+wXe/aLPgLr10CjWpHgRIJo6KKtuGiLSDU5qbCqrigFaBcoFaVKkF7QW8QFSoXURVQQKrUVsBWM+d9352ZnZ3Z9Y7XZ875/ST78c6cmfedM++c2WfX/zkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANLv7DbOfqmVZVqvV8gs2ZdmL6vWmiU2NS157Y+cHAAAArN3PG3+/cGu64PAKbtS0zT/d9e2vLiwsLGTvG/7T0c8tLKQrJrJsdEOWNa6Lrv7g/bXmbYIns/HaUNPXQz2GH+5x/UiP60d7XD/W4/oNPa4f73H9kh2wxE1ZLd3ZtsY/N+W7NLstG21ct63DrZ6sbRiq77t026zWuM3C6IlsLjuVzWbTLdvn29Ya23/97vpYb83iWENNY22pr5CfPH48zqEW9vG2lrEW7zP60euziZ/+5PHjf33h+Ts61Z67oeX+8nnu2Fqf5yfCJflca9mGtE/iPIea5rmlw3My3DLPWuN29X+3z/OFFc5zeHGa66r9OR/Phhr//k5jP43Usg77aUu47H/uybLs8uK027dZMlY2lG1suWRo8fkZz1dk/T7qS+ml2Uj3dbpQa1mnd69gndbrzLbWddr+mojP/93hdiPLzKH5afrRE2NNz/vPFq5lnUb1R73ca6V9Dfb7tVKUNRjXxXcaD/qpjmtwW3j8j29ffg12XDsd1mB63E1rcGuvNTg0NtyYc3oSao3bLK7BXS3bDzdGqjXqc9u7r8GpC6fPTc1/7OP3zZ0+dnL25OyZPbt2Te/Zt+/AgQNTJ+ZOzU7nf1/j3i6+jdlQeg1sDfsuvgZe3bZt81Jd+OLYkuPvtb4Ox7u8Dje1bdvv1+FI+4Orrc8Lcumazl8b76nv9PErQ9kyr7HG87Nz7a/D9LibXocjTa/Dju8pHV6HIyt4Hda3ObdzZd+zjDT96TSH5d8L1rYGNzWtwfbvR9rXYL+/HynKGhwP6+J7O5d/L9gS5vvU5Gq/HxlesgbTww3Hnvol6fv98QON0mld3lm/4uax7OL87Pn7Hzt24cL5XVko6+JlTWulfb1ubHpM2ZL1OrTq9Xp47q6n7uxw+aawr8bvq/81vuxzVd9m7/3dn6vGu1vn/dly6e4slD4L+3Nhwzrtz07v5vX9OZZln//WEw9/4/HPv2HZ/VnvNz8xtfbvxVNf2nT8HV3m+Bv7/l/k46W7enJ4dCR//Q6nvTPacjxufapGGseuWmPsF6ZWdjweDX/W+3h8W5fj8ea2bft9PB5tf3DxeFzr9dOOtWl/PsfDOjk13f14XN9m8+7VrsmRrsfje0Kthf3/mtAppL6oae0st27TWCMjo+FxjcQRWtfpnpbtR0NvVh/rmd3Xtk533JPf13B6dIvWa51OtG3b73Wafva13Dqt9frp27Vpfz7Hw7q4bU/3dVrf5tm9az923hT/2XTsHOu1BkeHx+pzHk2LsHG8zxZuimvw/ux4djY7lc00rh1rrKdaY6zJB1a2BsfCn/U+Vm7usgZ3tG3b7zWY3seWW3u1kaUPvg/an8/xsC6efqD7Gqxv88b9/f3edUe4JG3T9L1r+8/XlvuZ151tu+l6rZWRMM9v7e/+s9n6NqcOrLbP7L6f7g2X3NxhP7W/fpd7Tc1k67OfNod5Pn9g+f1Un099m88dXOF6Opxl2aWPPNj4eW/4/crfXfzuV1t+79LpdzqXPvLgj1984h9XM38ABt8v8rIxf69r+s3USn7/DwAAAAyE2PcPhZro/wEAAKA0Yt8f/1d4ov8HAACA0oh9/0ioSUX6/81vfH7uF5eylMxfCOL1aTc8lG8XM67T4euJhUX1yx/88ux//8OllY09lGXZzx76g47bb34ozis3EeZ59U2tly/x1ftWNPbRRy+lcZvz618I9x8fz0qXQacI7nSWZV+/9TONcSbef6VRn33oaKM+fPmpJ+vbvHAw/zre/rmX5dv/RQj/Hj5xrOX2z4X98MNQp9/WeX/E233lymu27H/v4njxdrWttzQe9tMfyO83fk7OZ5/Mt4/7ebn5f+PTz3ylvv1jr+o8/0tDnef/TLjfL4f6v6/It29+Dupfx9t9Msw/jhdvd/+Xvtlx/lc/lW9/7s35dkdDjePvCF9ve/Pzc83767HasZbHlb0l3y6OP/3dP25cH+8v3n/7/MePXGnZH+3r49l/y+9nqm37eHkcJ/r7tvHr99O8PuP4z/zR0Zb93Gv8qw8/94r6/baPf2/bduc+srMx/uL9tX5i019+8jMdx4vzOfy351oez+F3h9dxGP/pD4T1GK7/v6v5/bV/usLRd7cef+L2X9h0qeXxRG/9aT7+1dedbNQN4zdtvPlFL77l8ivr+y7LvrMhv79e45/8q7Mt8//i7fn+iNfHjH77+MuJ45//6OSZs/MX52bSXn381sZn57w9n0+c763h2Nr+9ZGzFz44e35iemI6yybK+xF61+xLof44L5e7b72w5Ai689HwfN7551/fuP1fPx0v//f35JdfeVv+vvXqsN1nw+WbwvO3uvGXevru2xuv79qzYYYLSz8veC22bPuvAyvaMDz+9u8L4no/9/IPNvZD/brG+0Z8Xa9x/t+fye/na2G/LoRPZt56++J4zdvHz0a48kj+el/z/guHufi8/k14vt/xw/z+47zi4/1++D7mm5tbj3dxfXzt0lD7/Tc+xeNyOJ5kl/Pr41Zxf1954faO04ufQ5JdvqPx9Z+k+7ljVQ9zOfMfm586NXfm4mNTF2bnL0zNf+zjR06fvXjmwpHGZ3ke+VCv2y8enzY2jk8zs/v2Zo2j1dm8XGc3ev7nHj0+s396+8zsiWMXT1x49Nzs+ZPH5+ePz87Mbz924sTsR3vdfm7m0K7dB/fs3z15cm7m0IGDB/ccnJw7c7Y+jXxSPeyb/vDkmfNHGjeZP7T34K4HHtg7PXn67Mzsof3T05MXe92+8d40Wb/170+enz117MLc6dnJ+bmPzx7adXDfvt09Pw3w9LkT8xNT5y+embo4P3t+Kn8sExcaF9ff+3rdnnKa/4/8+9l2tfyD+LJ33bsvfT5r3ZefWPau8k3aPkD0+fBZNP/8knMHVvJ17PtHQ00q0v8DAABAFcS+fyzURP8PAAAApRH7/g2hJvp/AAAAKI3Y94+HmlSk/y9d/n/zpRWNL/8v/9+8v+T/K5b/f6Ro+f/8eCH/3x9rzd/L/wfy//L/8v8Dk/9fCG9I8v8UUdHy/7HvvynLKtn/AwAAQBXEvn9jqIn+HwAAAEoj9v03h5ro/wEAAKA0Yt//olCTivT/8v/y//L/8v/y/53Hl/8fTPL/3cn/9yD/P5VVK/9/uZ/zd/5/+X+WKlr+P/b9Lw41qUj/DwAAAFUQ+/5bQk30/wAAAFAase+/NdRE/w8AAAClEfv+TaEmFen/5f/l/+X/5f/l/zuPL/8/mOT/u5P/70H+3/n/5f/l/+mrouX/Y9//klCTivT/AAAAUAWx739pqIn+HwAAAIpn5NpuFvv+l4WaLOn/r3EAAAAA4IaLff9tWVsQvCK//5f/l/8vfv5/Q7pO/l/+Pytk/n84k/8vDvn/7uT/e5D/l/+X/5f/p6+Klv9v9P3ZePbyUJOK9P8AAABQBbHvvz3URP8PAAAApRH7/l8KNdH/AwAAQGnEvn9zqElF+n/5f/n/G53/H22bu/P/L95O/j9X/Py/8/8Xifx/d/L/Pcj/y//L/8v/01dFy//Hvv+OUJOK9P8AAABQBbHvvzPURP8PAAAApRH7/l8ONdH/AwAAQGnEvn9LqElF+n/5/4Ln/2NytMT5/97n/5f/l/+X/5f/Xzn5/+7k/3uQ/5f/l/+X/6evipb/j33/K0JNKtL/AwAAQBXEvv+uUBP9PwAAAJRG7PtfGWqi/wcAAIDSiH3/RKhJRfp/+f+C5//zHPxYmc//L/8v/y//L//fT/L/3cn/9xAOcz/Kskz+X/5f/l/+n7UrWv4/9v13h5pUpP8HAACAKoh9/9ZQE/0/AAAAlEbs++8JNdH/AwAAQGnEvn9bqElF+n/5/4HI/2fy//L/8v/y//L/KyP/3538fw/O/y//L/8v/09fFS3/H/v+V4WaVKT/BwAAgCqIff/2UBP9PwAAAJRG7PtfHWqi/wcAAIDSiH3/jlCTivT/8v/y//L/8v/y/53Hl/8fTPL/3cn/9yD/L/8v/y//T18VLf8f+/7XhJpUpP8HAACAKoh9/85QE/0/AAAAlEbs++8NNdH/AwAAQGnEvn8y1KQi/b/8v/y//L/8v/x/5/Hl/weT/H938v89yP/L/8v/y//TV0XL/8e+/75Qk4r0/wAAAFAFse+/P9RE/w8AAAClEfv+qVAT/T8AAACURuz7p0NNKtL/y//L/8v/y/+vKv//ysX7lf/Pyf8Xi/x/d/L/Pcj/y//f8Pz/qPw/pVK0/H/s+3eFmqTGb+waHiUAAABQJLHv3x1qUpHf/wMAAEAVxL5/T6iJ/h8AAABKI/b9e0NNKtL/y//L/8v/y/87/3/n8eX/B5P8f3f9z//Hhyj/L/8v/+/8//L/LFW0/H/s+x8INalI/w8AAABVEPv+faEm+n8AAAAojdj37w810f8DAABAacS+/0CoSUX6f/l/+X/5f/l/+f/O48v/Dyb5/+6c/7+H4uX/X9d88/XM/9fHkv+X/5f/Z/Ue+cPmr4qW/499/8FQk4r0/wAAAFAFse9/baiJ/h8AAABKI/b9vxJq0r3/33B9ZwUAAAD0U+z7fzXUpCK//5f/l/+X/5f/l//vPL78/2CS/+9O/r+H4uX/Wzj/f7HnL/8v/89SRcv/x77/UKhJRfp/AAAAqILY9/9aqIn+HwAAAEoj9v2vCzXR/wMAAEBpxL7/cKhBpzh3Kcn/y/8PZv5/XP5f/r90+f+xeL/y/2si/9+d/H8P8v/y//L/8v/0VdHy/7Hvf32oid//AwAAQGnEvv/BUBP9PwAAAJRG7PvfEGqi/wcAAIDSiH3/G0NNKtL/y//L/w9m/t/5/zP5/9Ll/53/vz/k/7uT/+9B/l/+X/5f/p++Klr+P/b9bwo1qUj/DwAAAFUQ+/43h5ro/wEAAKA0Yt//llAT/T8AAACURuz73xpqUpH+X/5f/v9G5v9zl+X/5f8b5P/l//tB/r87+f8e5P/l/+X/5f/pq6Ll/2Pf/+uhJhXp/wEAAKAKYt//UKiJ/h8AAABKI/b9bws10f8DAABAacS+/+2hJhXp/+X/5f+d/1/+X/6/8/jy/4NJ/r+7Acv///yWcLn8f07+v9jzX23+f6Tt6+uS///Bcvn/hQ3tt5f/53ooWv4/9v3vCDWpSP8PAAAAVRD7/neGmuj/AQAAoDRi3/+uUJOm/r+v//EOAAAAWHex7/+NUJOK/P5f/r8+j8X0svy//H/jAvl/+X/5/4El/9/dgOX/nf+/jfx/sefv/P/y/yxVtPx/7PvfHWpSkf4fAAAAqiD2/Q+Hmuj/AQAAoDRi3/9IqIn+HwAAAEoj9v3vCTWpSP8v/+/8//L/8v/y/53Hl/8fTPL/3cn/9yD/L/9ftPz/f8r/M9iKlv+Pff+joSYV6f8BAACgCmLf/95QE/0/AAAAlEbs+38z1ET/DwAAAKUR+/73hZpUpP+X/x+U/P/EgOb/n5D/v475/7tuybeT/5f/Z5H8f3fy/z3I/8v/Fy3/7/z/DLii5f9j3//+UJOV9//jK94SAAAAuI5Glr0m9v2/FWpSkd//AwAAQBXEvv+3Q030/wAAAFAase//nVCTivT/8v+Dkv93/v9M/t/5/9sej/y//H8n65f/j0ce+X/5/2Ll/zet6gG3utH5+bW60fOvbv4/f2eU/6eTouX/Y9//u6EmFen/AQAAoApi3/+BUBP9PwAAAAyETv8nu13s+4+Emuj/AQAAoDRi33801KQi/b/8v/y//H9B8/9/tvVfvvftdx7dJf8v/y//vyrrev7/+ovf+f/l/wuW/1+LG52fX6/515Y5NZj8v/P/039Fy//Hvv9YqElF+n8AAACogtj3/16oif4fAAAASiP2/cdDTfT/AAAAUBqx758JNalI/y//L/8v/1/Q/P8An/8/7g/5/1Z9y//Hg678f0frmv9/72JOXP5/tfn/sY6Xyv/L/w/y/OX/5f9Zqmj5/9j3z4aaVKT/BwAAgCoIff/QibwuXqH/BwAAgNKIff/JUBP9PwAAAJRG7Ps/GGpSkf5f/l/+X/5f/t/5/zuP3y3/Xxtx/v+ikv/vrjj5/87k/+X/B3n+8v/y/yxVtPx/7PvnQk0q0v8DAABAFcS+/0OhJvp/AAAAKI3Y93841ET/DwAAAKUR+/5ToSYV6f/l/+X/5f/l/+X/O49f2PP/y/93Jf/fnfx/D/L/8v/y//L//8/enXxZWtd3HL8FDV19yCK7LLLJOVnmT2AR1sk+WWSTRXJOTs4JRFFxpnEeUVScFcVZwQEEERXnCZxQnEFFxXnECVFPe6j6fr9dw1P3VlXf6vs8v9/rteCbrlB9r31a6E9Xv31YqrH1/7n7/y9u6WT/AwAAQA9y918ct9j/AAAA0Izc/ZfELfY/AAAANCN3///HLZ3sf/2//r/Z/v+f9f97vb7+X//fMv3/fPr/BfT/+n/9v/6fpRpb/5+7/2FxSyf7HwAAAHqQu//hcYv9DwAAAM3I3X9p3GL/AwAAQDNy9z8ibulk/+/o/9dmffb/mfHq/1vq/z3/f8/X1/+fQf9/rv5/7M5u/3/FQ//k0//r//X/Qf+/r/7/+F6fr/+nRWPr/3P3PzJu6WT/AwAAQA9y9z8qbrH/AQAAoBm5+y+LW+x/AAAAaEbu/kfHLZ3s/+U9///Exscn2v8X/b/+f+MD+n/9/179/7HT39b/j5Pn/8/XU/9/6V0XXHz/zX9/y0FeX/+v//f8f/0/yzW2/j93/2Pilk72PwAAAPQgd/9j4xb7HwAAAJqRu/9xcYv9DwAAAM3I3f/4uKWT/b+8/n/Sz/8v+n/9/8YH9P/6/736/3/z/P+x0//P11P/f5jX1//r//X/+n+Wa9X9f37H+e3c/U+IWzrZ/wAAANCD3P1PjFvsfwAAAGhG7v7L4xb7HwAAAJqRu/9k3NLJ/tf/H33//xf9v/4/rv5f/6//P3r6//n0/wvo//X/+n/9P0u16v5/57dz918Rt3Sy/wEAAKAHufufFLfY/wAAANCM3P1PjlvsfwAAAGhG7v6nxC2d7H/9v+f/6//1//r/4dfX/0+T/n8+/f8C+v8z7efP0/9PsP+PX0jp/zkKB+z/H5zzj+2l9P+5+58at3Sy/wEAAKAHufufFrfY/wAAANCM3P1Pj1vsfwAAAGhG7v5nxC2d7H/9v/5f/6//P3T/v/un3gb9/zD9/9mh/59vNP3/2rHBD+v/J9//e/7/FPv/oP/nKIzt+f+5+58Zt3Sy/wEAAKAHufufFbfM2f8H/s18AAAAYKVy9z87bvH1fwAAAJi8rM5y9z8nbulk/+v/9f/6f/2/5/8Pv/68/v+WLe9P/z8u+v/5RtP/70H/r/+f8vvX/+v/2W1s/X/u/ufGLZ3sfwAAAOhB7v4r4xb7HwAAAJqRu/95cYv9DwAAAM3I3f/8uKWT/T/c/5/+/+v/90f/v/396/+Hf34sq//P71H/P7f/v8jz//uk/5/v7Pf/x/X/279//f8RWvX7b7z/P7Ho8/X/DBlb/5+7/6q4pZP9DwAAAD3I3f+CuMX+BwAAgGbk7n9h3GL/AwAAQDNy978obulk/6/4+f9XnL/X+9L/b9D/6/89/3+cz/+fnfX+/5j+f5/0//N5/v8C+n/9v/7f8/9ZqrH1/7n7r45bOtn/AAAA0IOrH5ht7P4Xz2b2PwAAAEzR1j87sPMPlIbc/S+JW+x/AAAAaEbu/pfGLZ3s/xX3/0f1/P/zFr22/l//v/XHS/+v/x96/XH1/57/v1/6//n0/wvo/4+inz/WWP9/zV6fP4b+/3L9PyOzrf+/7fTHV9X/5+5/WdzSyf4HAACAHuTuf3ncYv8DAABAM3L3vyJusf8BAACgGbn7Xxm3dLL/j7z/P7H3ax9h/7+Q/l//v/XHS/+v/x96ff3/NOn/59P/L6D/9/x/z//X/7NU2/r/LVbV/+fuf1Xc0sn+BwAAgB7k7n913GL/AwAAQDNy918Tt9j/AAAA0Izc/a+JWzrZ/40+/38h/b/+f+uPl/5f/z/0+vr/adL/z6f/X0D/r//X/y/u/3f+izro/xkytv4/d/9r45ZO9j8AAAD0IHf/tXGL/Q8AAADNyN3/urjF/gcAAIBm5O5/fdzSyf7X/x9t/58f1//r/2cH6f/jE/T/m/T/+v+DmFr/v/O/P4fu19eG/k202x79/x3/c/Jft39E/6//1//r/z3/nyUYRf9/6vSvLnP3vyFu6WT/AwAAQA9y978xbrH/AQAAoBm5+98Ut9j/AAAA0Izc/W+OWw64//92qe/q7NH/e/6//n+E/X/Q/2/S/+v/D2Jq/f9Onv+v/9f/T/f96//1/+w2iv5/y7dz978lbvH1fwAAAGhG7v63xi32PwAAADQjd//b4hb7HwAAAJqRu/+6uKWT/a//1//r//X/+v/h1z9s/78+G6b/Pzv0//Pp/xfQ/+v/9f/6f5ZqbP1/7v7r45ZO9j8AAAD0IHf/2+MW+x8AAACakbv/HXGL/Q8AAABTkunYoNz974xbOtn/+n/9v/5f/6//H359z/+fpon2//WPwan2/+dOqf+/Yc4bGOr/Tx3X/+v/9f/6fw5pbP1/7v53xS2d7H8AAADoQe7+G+IW+x8AAACakbv/xrjF/gcAAIBm5O5/d9zSyf7X/+v/9f/6f/3/8Ovr/6dpov1/mWr/7/n/+v+Z/l//r/9nwNj6/9z9N8Utnex/AAAA6EHu/pvjFvsfAAAAmpG7/z1xi/0PAAAAzcjdf0vc0sn+1//r//X/+n/9//Dr6/+n6ej6/9nq+v/7zjnod7Mn/f8C+n/9v/5f/89Sja3/z93/3rilk/0PAAAAPcjdf2vcYv8DAABAM3L3vy9usf8BAACgGbn73x+3dLL/9f/6/2n2/1etD71//b/+f6b/757n/8+n/19A/6//1//r/1mqsfX/ufs/ELd0sv8BAACgB7n7b4tb7H8AAABoRu7+D8Yt9j8AAAA0I3f/h+KWTva//l//v73/n82m0f97/v9M/99C/78+0/8vnf5/vv31/xfp//X/bfX/58wa6v9P7Pn5+n/GaGz9f+7+D8ctnex/AAAA6EHu/o/ELfY/AAAANGDzz87k7v9o3GL/AwAAwJgdO8jfnLv/Y3FLJ/t/+v3/8R2fqP+fzWZ3X9b88//1/zP9fwv9f/2o6v+XR/8/n+f/L6D/b7P/9/x//T8rM7b+P3f/x+OWTvY/AAAA9CB3/yfiFvsfAAAAmpG7/5Nxi/0PAAAAzcjd/6m4pZP9P/3+f+cn6v9nZ/T8f/3/xgf0//p//f9k6f/n0/8voP9f2M+v7fHrnpn+X/+v/2fA2Pr/3P2fjls62f8AAADQg9z9t8ct9j8AAAA0I3f/HXGL/Q8AAADNyN3/mbilk/2v/9f/6/+n2f+v6//1//r/QWPp/y+88F/u1P/r/1vs/+fR/+v/9f/sNLb+P3f/Z+OWTvY/AAAA9CB3/+fiFvsfAAAAmpG7//Nxi/0PAAAAzcjd/4W4pZP9v7v/P2+2WahuGur/o1HT/2+h/9/+/vX/wz8/PP9f/6//P3pj6f89//9w71//r/+f8vs/UP//D7s/X/9Pi8bW/+fuvzNu6WT/AwAAQA9y938xbrH/AQAAoBm5+78Ut9j/AAAA0Izc/XfFLZ3sf8//1//r//X/+v/h19f/T5P+fz79/wL6f/2/5/9f8l/n6v9ZnrH1/7n7vxy3bAy/f/ybQ/7HBAAAAEYkd/9X4pZOvv4PAAAAPcjd/9W4xf4HAACAZuTu/1rc0sn+1//r//X/+n/9//Dr6/+nSf8/n/5/gX76//WhD666nz9Tq37/zfT/nv/PEo2t/8/d//W4pZP9DwAAAD3I3f+NuMX+BwAAgGbk7v9m3GL/AwAAQDNy998dt3Sy//X/+v/2+///1P/veH39v/6/Zfr//Df6MP3/Av30/4NW3c9P/f3r//X/7Da2/j93/z1xSyf7HwAAAHqQu/9bcYv9DwAAAM3I3f/tuMX+BwAAgGbk7v9O3NLJ/tf/99X/r8167P89/1//r//vyXT6/2uPDX3U8//1//r/6b5//b/+n93G1v/n7r937ViX+x8AAACm6t//6X/v2e/fe+/GX9dn341b7H8AAABoRu7+78Ut9j8AAAA0I3f/9+OWTva//r+v/r/P5//r//X/+v+eTKf/H6b/1//r/6f7/vX/+n92G1v/n7v/vrhly/Ab/B/oAQAAACYjd/8P4pZOvv4PAAAAPcjd/8O4Zdf+P7XPP9UOAAAAjE3u/h/FLZ18/V//P/L+f3ZE/X/8ffr/Tfp//f/Q6+v/p6m1/v/4bFT9/6k1/b/+fw79v/5f/89OY+v/c/ffetOsy/0PAAAAjdr2Owo/3vjr+uwncYv9DwAAAM3I3f/TuMX+BwAAgGbk7v9Z3NLJ/tf/j7z/P9Tz/0/U/+X5/533/1euD76+/l//37LW+n/P/9/8uP5/k/5/3O9f/6//Z7cD9P8bg/So+//c/T+PWzrZ/wAAANCD3P2/iFvsfwAAAGhG7v5fxi32PwAAADQjd/+v4pZO9r/+fwX9/1XHZ7Mj7f/38fx//X8f/f8er99O//93F5y8/T/++8br9f+cdjb7//y5oP/X/6+g/78ufv7p/0f0/vX/+n92G9vz/3P3/zpu6WT/AwAAQA9y998ft9j/AAAA0Izc/b+JW+x/AAAAaEbu/t/GLZ3sf/1/i8//n2b/nz/WK+j/T06v/8+muPf+3/P/9f+7ef7/fPr/BabT/2982/P/x/X+9f/6f3YbW/+fu/93cUsn+x8AAAB6kLv/93FL7v+1A//WPQAAADAyufv/ELf4+j8AAAA0I3f/A3FLJ/tf/6//H0v/nzz///Tnef7/Jv2//v8g9P/z6f8X0P/r//X/+n+Wamz9f+7+P8Ytnex/AAAA6EHu/gfjFvsfAAAAmpG7/09xi/0PAAAAzcjd/+e4pZP9r//X/+v/9f/6/+HX1/9Pk/5/Pv3/Q87f+w3o//X/+n/9P0s1tv4/d/9fAwAA//+9M2Fu")
r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x90)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

1.25902196s ago: executing program 4 (id=357):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000340)={0x0, 0x0, 0x0, r2, 0xfbfbfbfb})

1.020397874s ago: executing program 4 (id=358):
io_setup(0x2278, &(0x7f0000000180)=<r0=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10)
io_submit(r0, 0x2, &(0x7f0000000140)=[&(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x0, r1, &(0x7f0000000540)='\"', 0x1, 0x0, 0x0, 0x2}, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x7, 0x2, r1, 0x0, 0x0, 0x100000}])
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.009502604s ago: executing program 1 (id=359):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x20800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1})

752.310118ms ago: executing program 0 (id=360):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="662700000000000024001280090001007866726d0000000014000280040003"], 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x0, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

696.403599ms ago: executing program 1 (id=361):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
sendmmsg$unix(r0, &(0x7f0000000c40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x5c}, 0x6e, 0x0}}], 0x1, 0x0)

469.353963ms ago: executing program 1 (id=362):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x200, 0x0, 0x0, 0x0, 0x0, 0x0})

270.430436ms ago: executing program 0 (id=363):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x24, r1, 0x200, 0x70bd2b, 0x0, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0)

212.360867ms ago: executing program 3 (id=364):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x4}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@bridge_setlink={0x20, 0x13, 0x100, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, 0x0, 0x4, 0x2220}}, 0x20}, 0x1, 0x0, 0x0, 0x800c880}, 0x4000040)

211.848127ms ago: executing program 1 (id=365):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x9]}, 0x8, 0x80800)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_setup(0x5, &(0x7f0000000b80)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
signalfd4(r0, &(0x7f0000000140)={[0x72]}, 0x8, 0x0)

353.34µs ago: executing program 1 (id=366):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000280)={0x3f, 0x0, [{0x3, 0x5, 0x0, 0x0, @adapter={0x5, 0x7fffffffffffffff, 0x8000000000000001, 0x80, 0x3}}]})

0s ago: executing program 4 (id=367):
r0 = socket$inet(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @loopback}, 0x10)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x67, 0x49)
listen(r0, 0x2000)
close(r0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.10.14' (ED25519) to the list of known hosts.
[   64.061794][ T5759] cgroup: Unknown subsys name 'net'
[   64.192387][ T5759] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   65.678261][ T5759] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   67.078744][ T5770] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.095484][ T5770] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.124726][ T5770] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.136160][ T5770] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.143900][ T5770] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   67.152569][ T5770] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.259127][ T5770] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   67.270538][ T5770] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   67.279043][ T5770] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   67.299020][ T5774] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   67.308073][ T5774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   67.320268][ T5778] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   67.329360][ T5778] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   67.364077][   T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   67.374178][   T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   67.375395][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   67.384125][   T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   67.395028][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   67.401173][   T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   67.409888][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   67.416246][   T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   67.430179][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   67.455826][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   67.464605][ T5778] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   67.808838][ T5771] chnl_net:caif_netlink_parms(): no params data found
[   67.992709][ T5776] chnl_net:caif_netlink_parms(): no params data found
[   68.016337][ T5768] chnl_net:caif_netlink_parms(): no params data found
[   68.080153][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.092292][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.101362][ T5771] bridge_slave_0: entered allmulticast mode
[   68.109411][ T5771] bridge_slave_0: entered promiscuous mode
[   68.150754][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.159177][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.168726][ T5771] bridge_slave_1: entered allmulticast mode
[   68.177768][ T5771] bridge_slave_1: entered promiscuous mode
[   68.225269][ T5773] chnl_net:caif_netlink_parms(): no params data found
[   68.252092][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.274156][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.283149][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.292777][ T5776] bridge_slave_0: entered allmulticast mode
[   68.301078][ T5776] bridge_slave_0: entered promiscuous mode
[   68.333311][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.358053][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.370003][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.380858][ T5776] bridge_slave_1: entered allmulticast mode
[   68.389662][ T5776] bridge_slave_1: entered promiscuous mode
[   68.454274][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.464697][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.473159][ T5768] bridge_slave_0: entered allmulticast mode
[   68.484453][ T5768] bridge_slave_0: entered promiscuous mode
[   68.506666][ T5771] team0: Port device team_slave_0 added
[   68.518732][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.535995][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.548644][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.559626][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.568385][ T5768] bridge_slave_1: entered allmulticast mode
[   68.576675][ T5768] bridge_slave_1: entered promiscuous mode
[   68.591509][ T5771] team0: Port device team_slave_1 added
[   68.679161][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.687599][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.721905][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.740075][ T5776] team0: Port device team_slave_0 added
[   68.750025][ T5776] team0: Port device team_slave_1 added
[   68.758949][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.773408][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.805886][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.815088][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.849715][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.920221][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.928746][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.937617][ T5773] bridge_slave_0: entered allmulticast mode
[   68.945893][ T5773] bridge_slave_0: entered promiscuous mode
[   68.968313][ T5768] team0: Port device team_slave_0 added
[   68.995696][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.004255][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.014219][ T5773] bridge_slave_1: entered allmulticast mode
[   69.025182][ T5773] bridge_slave_1: entered promiscuous mode
[   69.033777][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.042940][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.076910][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.092892][ T5768] team0: Port device team_slave_1 added
[   69.124960][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.132755][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.163436][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.199422][ T5771] hsr_slave_0: entered promiscuous mode
[   69.206955][ T5771] hsr_slave_1: entered promiscuous mode
[   69.215729][ T5778] Bluetooth: hci0: command tx timeout
[   69.234817][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.242510][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.271301][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.286071][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.294309][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.323702][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.350981][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.365552][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.375541][ T5778] Bluetooth: hci1: command tx timeout
[   69.455586][ T5778] Bluetooth: hci2: command tx timeout
[   69.470578][ T5776] hsr_slave_0: entered promiscuous mode
[   69.478574][ T5776] hsr_slave_1: entered promiscuous mode
[   69.486036][ T5776] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.494992][ T5776] Cannot create hsr debugfs directory
[   69.521057][ T5768] hsr_slave_0: entered promiscuous mode
[   69.527979][ T5768] hsr_slave_1: entered promiscuous mode
[   69.534304][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.535099][ T5778] Bluetooth: hci3: command tx timeout
[   69.543015][ T5768] Cannot create hsr debugfs directory
[   69.560913][ T5773] team0: Port device team_slave_0 added
[   69.571025][ T5773] team0: Port device team_slave_1 added
[   69.651080][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.659683][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.691426][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.706758][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.715250][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.748014][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.865042][ T5773] hsr_slave_0: entered promiscuous mode
[   69.877377][ T5773] hsr_slave_1: entered promiscuous mode
[   69.886039][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.894589][ T5773] Cannot create hsr debugfs directory
[   70.162507][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   70.176507][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   70.202379][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   70.212560][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.297551][ T5776] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   70.311962][ T5776] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   70.323709][ T5776] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   70.343432][ T5776] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   70.435271][ T5768] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   70.477849][ T5768] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   70.510541][ T5768] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   70.534026][ T5773] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   70.546685][ T5773] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   70.557220][ T5768] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   70.574317][ T5773] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   70.586890][ T5773] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   70.698308][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.729273][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.769330][ T5776] 8021q: adding VLAN 0 to HW filter on device team0
[   70.794191][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.805643][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.824100][ T5771] 8021q: adding VLAN 0 to HW filter on device team0
[   70.868637][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.877439][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.891752][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.903056][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.914220][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.921675][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.955731][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.050966][ T5768] 8021q: adding VLAN 0 to HW filter on device team0
[   71.076537][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.102461][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.110859][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.143033][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.150967][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.170494][ T5773] 8021q: adding VLAN 0 to HW filter on device team0
[   71.214365][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.222159][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.232304][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.239520][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.270060][ T5776] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   71.295957][ T5778] Bluetooth: hci0: command tx timeout
[   71.455021][ T5778] Bluetooth: hci1: command tx timeout
[   71.492609][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.534701][ T5778] Bluetooth: hci2: command tx timeout
[   71.614895][ T5778] Bluetooth: hci3: command tx timeout
[   71.646193][ T5771] veth0_vlan: entered promiscuous mode
[   71.683425][ T5771] veth1_vlan: entered promiscuous mode
[   71.702368][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[   71.711240][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[   71.722930][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.762297][ T5771] veth0_macvtap: entered promiscuous mode
[   71.827761][ T5771] veth1_macvtap: entered promiscuous mode
[   71.910965][ T5776] veth0_vlan: entered promiscuous mode
[   71.922887][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.947556][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.960300][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.970341][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.980491][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.989940][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.010158][ T5776] veth1_vlan: entered promiscuous mode
[   72.028632][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.043487][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.173149][ T5776] veth0_macvtap: entered promiscuous mode
[   72.210304][ T5776] veth1_macvtap: entered promiscuous mode
[   72.268724][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.278918][ T5768] veth0_vlan: entered promiscuous mode
[   72.279861][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.304108][ T5768] veth1_vlan: entered promiscuous mode
[   72.321946][ T5773] veth0_vlan: entered promiscuous mode
[   72.331691][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.344418][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.357450][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.368357][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.380085][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.392293][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.428653][ T5776] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.437739][ T5776] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.450111][ T5776] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.459559][ T5776] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.478491][ T3505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.481763][ T5773] veth1_vlan: entered promiscuous mode
[   72.486680][ T3505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.602461][ T5768] veth0_macvtap: entered promiscuous mode
[   72.653601][ T5773] veth0_macvtap: entered promiscuous mode
[   72.687951][ T5768] veth1_macvtap: entered promiscuous mode
[   72.732660][ T5773] veth1_macvtap: entered promiscuous mode
[   72.739569][ T5855] syz.0.1[5855]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   72.817799][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.829203][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.845372][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.862200][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.887670][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.916484][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.926240][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.957814][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.969969][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.983134][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.999150][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.011682][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.072762][ T5768] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.082770][ T5768] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.092816][ T5768] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.103214][ T5768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.128656][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.156983][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.170779][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.183666][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.197460][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.199939][ T5855] loop0: detected capacity change from 0 to 32768
[   73.211634][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.240992][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.256188][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.257636][ T3505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.268163][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.292192][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.304219][ T3505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.306583][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.322511][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.334163][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.366572][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.376109][ T5778] Bluetooth: hci0: command tx timeout
[   73.461952][ T5773] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.494678][ T5773] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.512861][ T5773] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.522325][ T5855] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1
[   73.522325][ T5855] 
[   73.523476][ T5773] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.545322][ T5778] Bluetooth: hci1: command tx timeout
[   73.615490][ T5778] Bluetooth: hci2: command tx timeout
[   73.701773][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.711847][ T5778] Bluetooth: hci3: command tx timeout
[   73.719679][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.806529][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.843858][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.891566][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.918278][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.976315][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.996941][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.142239][ T5865] loop3: detected capacity change from 0 to 2048
[   74.340572][ T5865] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.456639][ T5862] loop2: detected capacity change from 0 to 32768
[   74.526776][ T5865] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   74.565316][ T5862] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   74.695413][ T5862] XFS (loop2): Ending clean mount
[   74.711755][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.791330][ T5862] XFS (loop2): Quotacheck needed: Please wait.
[   74.925520][ T5862] XFS (loop2): Quotacheck: Done.
[   75.083221][ T5776] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   75.149058][ T5879] loop0: detected capacity change from 0 to 32768
[   75.319507][ T5879] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   75.369094][ T3505] (kworker/u4:9,3505,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[   75.456989][ T5778] Bluetooth: hci0: command tx timeout
[   75.560114][ T5890] (syz.0.5,5890,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[   75.574607][   T27] audit: type=1800 audit(1750793025.975:2): pid=5879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5" name="file1" dev="loop0" ino=17058 res=0 errno=0
[   75.594809][ T5890] (syz.0.5,5890,0):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2
[   75.617186][ T5778] Bluetooth: hci1: command tx timeout
[   75.634641][ T5890] (syz.0.5,5890,1):__ocfs2_prepare_orphan_dir:2171 ERROR: status = -2
[   75.644128][ T5890] (syz.0.5,5890,1):ocfs2_prepare_orphan_dir:2213 ERROR: status = -2
[   75.653070][ T5890] (syz.0.5,5890,1):ocfs2_prepare_orphan_dir:2229 ERROR: status = -2
[   75.662824][ T5890] (syz.0.5,5890,1):ocfs2_rename:1466 ERROR: status = -2
[   75.671033][ T5890] (syz.0.5,5890,1):ocfs2_rename:1690 ERROR: status = -2
[   75.695276][ T5778] Bluetooth: hci2: command tx timeout
[   75.776619][ T5898] loop2: detected capacity change from 0 to 1024
[   75.786105][ T5778] Bluetooth: hci3: command tx timeout
[   75.901244][ T5771] ocfs2: Unmounting device (7,0) on (node local)
[   75.951116][ T5887] loop3: detected capacity change from 0 to 40427
[   75.985097][ T5887] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   76.025308][ T5887] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   76.118597][ T5887] F2FS-fs (loop3): Found nat_bits in checkpoint
[   76.138593][   T58] hfsplus: b-tree write err: -5, ino 4
[   76.389699][ T5887] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   76.407940][ T5887] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   77.090719][ T5921] loop8: detected capacity change from 0 to 8
[   77.108482][ T5921] Dev loop8: unable to read RDB block 8
[   77.115614][ T5921]  loop8: unable to read partition table
[   77.121713][ T5921] loop8: partition table beyond EOD, truncated
[   77.129620][ T5921] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[   77.614173][ T5927] syz.3.20 uses obsolete (PF_INET,SOCK_PACKET)
[   77.717233][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   77.764877][ T5805] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   77.835074][ T5931] loop3: detected capacity change from 0 to 2048
[   77.853262][ T5931] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[   77.880036][ T5931] NILFS (loop3): mounting unchecked fs
[   77.888248][ T5761] udevd[5761]: incorrect nilfs2 checksum on /dev/loop3
[   77.933786][ T5931] NILFS (loop3): recovery complete
[   77.950895][ T5933] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   77.952371][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   77.974775][ T5805] usb 3-1: Using ep0 maxpacket: 8
[   77.977208][ T5805] usb 3-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   77.989613][    T9] usb 2-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[   78.009812][ T5805] usb 3-1: config 0 interface 0 has no altsetting 0
[   78.024668][ T5805] usb 3-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[   78.035901][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.055342][ T5805] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.068908][    T9] usb 2-1: config 0 descriptor??
[   78.092872][ T5805] usb 3-1: config 0 descriptor??
[   78.153206][ T5934] NILFS error (device loop3): nilfs_readdir: zero-length directory entry
[   78.173785][ T5934] Remounting filesystem read-only
[   78.245973][ T5768] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[   78.259237][ T5768] NILFS (loop3): discard dirty page: offset=0, ino=2
[   78.269647][ T5768] NILFS (loop3): discard dirty block: blocknr=18, size=1024
[   78.281770][ T5768] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[   78.297788][ T5768] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[   78.310335][ T5768] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[   78.323832][ T5768] NILFS (loop3): discard dirty page: offset=0, ino=6
[   78.331757][ T5768] NILFS (loop3): discard dirty block: blocknr=35, size=1024
[   78.341891][ T5768] NILFS (loop3): discard dirty block: blocknr=36, size=1024
[   78.350204][ T5768] NILFS (loop3): discard dirty block: blocknr=37, size=1024
[   78.359147][ T5768] NILFS (loop3): discard dirty block: blocknr=38, size=1024
[   78.368943][ T5768] NILFS (loop3): discard dirty page: offset=4096, ino=6
[   78.380214][ T5768] NILFS (loop3): discard dirty block: blocknr=39, size=1024
[   78.388519][ T5768] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[   78.398813][ T5768] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[   78.408954][ T5768] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[   78.587139][ T5805] uclogic 0003:5543:0042.0002: No inputs registered, leaving
[   78.615891][    T9] dragonrise 0003:0079:0006.0001: hidraw0: USB HID v0.00 Device [HID 0079:0006] on usb-dummy_hcd.1-1/input0
[   78.636329][ T5805] uclogic 0003:5543:0042.0002: hidraw1: USB HID v0.07 Device [HID 5543:0042] on usb-dummy_hcd.2-1/input0
[   78.670325][    T9] dragonrise 0003:0079:0006.0001: no inputs found
[   78.691483][    T9] dragonrise 0003:0079:0006.0001: force feedback init failed
[   78.877806][    T9] usb 3-1: USB disconnect, device number 2
[   78.909386][ T5940] capability: warning: `syz.3.29' uses 32-bit capabilities (legacy support in use)
[   78.956561][   T28] usb 2-1: USB disconnect, device number 2
[   79.151940][ T5949] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   79.504577][  T786] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   79.695619][  T786] usb 4-1: Using ep0 maxpacket: 16
[   79.710840][  T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.733351][  T786] usb 4-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[   79.753015][  T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.775917][  T786] usb 4-1: config 0 descriptor??
[   79.969269][ T5956] loop2: detected capacity change from 0 to 32768
[   80.018730][ T5956] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   80.143840][ T5956] XFS (loop2): Ending clean mount
[   80.145878][ T5960] loop1: detected capacity change from 0 to 32768
[   80.166728][ T5956] XFS (loop2): Quotacheck needed: Please wait.
[   80.233360][  T786] input: HID 041e:3100 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:041E:3100.0003/input/input5
[   80.263795][ T5960] 
[   80.263795][ T5960]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.263795][ T5960] 
[   80.331582][ T5956] XFS (loop2): Quotacheck: Done.
[   80.388204][ T5960] 
[   80.388204][ T5960]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.388204][ T5960] 
[   80.433540][  T786] creative-sb0540 0003:041E:3100.0003: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.3-1/input0
[   80.471336][ T5960] 
[   80.471336][ T5960]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.471336][ T5960] 
[   80.481976][  T786] usb 4-1: USB disconnect, device number 2
[   80.559967][ T5960] 
[   80.559967][ T5960]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.559967][ T5960] 
[   80.644542][   T27] audit: type=1800 audit(1750793031.065:3): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.35" name="file1" dev="loop2" ino=9286 res=0 errno=0
[   80.658427][ T5960] 
[   80.658427][ T5960]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.658427][ T5960] 
[   80.725794][ T5960] 
[   80.725794][ T5960]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.725794][ T5960] 
[   80.744923][   T27] audit: type=1800 audit(1750793031.175:4): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.35" name="file1" dev="loop2" ino=9286 res=0 errno=0
[   80.756132][ T5974] loop0: detected capacity change from 0 to 1024
[   80.783230][ T5974] EXT4-fs: Ignoring removed nobh option
[   80.799234][  T111] 
[   80.799234][  T111]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.799234][  T111] 
[   80.800292][ T5974] EXT4-fs: Ignoring removed oldalloc option
[   80.817716][ T5972] fido_id[5972]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[   80.879851][ T5974] EXT4-fs: Ignoring removed bh option
[   80.915815][ T3505] 
[   80.915815][ T3505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.915815][ T3505] 
[   80.939148][ T3505] 
[   80.939148][ T3505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.939148][ T3505] 
[   80.963631][ T5773] 
[   80.963631][ T5773]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.963631][ T5773] 
[   80.979070][ T5776] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   80.981325][ T5773] 
[   80.981325][ T5773]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   80.981325][ T5773] 
[   81.003003][  T112] 
[   81.003003][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   81.003003][  T112] 
[   81.022923][ T5974] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none.
[   81.353432][ T5981] netlink: 'syz.2.41': attribute type 1 has an invalid length.
[   81.444562][ T5984] netlink: 8 bytes leftover after parsing attributes in process `syz.3.42'.
[   81.468031][ T5984] netlink: 8 bytes leftover after parsing attributes in process `syz.3.42'.
[   81.479205][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[   81.658435][ T5992] loop3: detected capacity change from 0 to 128
[   81.698104][ T5992] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   81.724217][ T5992] ext4 filesystem being mounted at /9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   81.724726][   T28] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   81.917542][ T5992] EXT4-fs error (device loop3): make_indexed_dir:2333: inode #2: block 18: comm syz.3.46: bad entry in directory: rec_len is smaller than minimal - offset=36, inode=128, rec_len=9, size=1000 fake=0
[   81.950965][  T966] cfg80211: failed to load regulatory.db
[   81.981963][   T28] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   82.000184][ T5992] EXT4-fs (loop3): Remounting filesystem read-only
[   82.012599][   T28] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   82.034856][   T28] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   82.084836][   T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.117430][ T5982] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   82.148590][ T5768] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   82.150604][   T28] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[   82.358434][ T6004] loop3: detected capacity change from 0 to 128
[   82.456132][   T28] usb 2-1: USB disconnect, device number 3
[   82.462571][   T27] audit: type=1800 audit(1750793032.885:5): pid=6004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.51" name="file1" dev="loop3" ino=1048592 res=0 errno=0
[   82.468820][ T6002] loop0: detected capacity change from 0 to 8192
[   82.551003][ T6004] FAT-fs (loop3): error, invalid FAT chain (i_pos 548, last_block 8)
[   82.568944][ T6002] =======================================================
[   82.568944][ T6002] WARNING: The mand mount option has been deprecated and
[   82.568944][ T6002]          and is ignored by this kernel. Remove the mand
[   82.568944][ T6002]          option from the mount to silence this warning.
[   82.568944][ T6002] =======================================================
[   82.600524][ T6004] FAT-fs (loop3): Filesystem has been set read-only
[   82.652452][ T6004] FAT-fs (loop3): error, corrupted file size (i_pos 548, 522)
[   82.705605][ T6006] loop2: detected capacity change from 0 to 512
[   82.712993][ T6006] EXT4-fs: Ignoring removed mblk_io_submit option
[   82.770144][ T6006] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   82.824567][ T6006] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   82.836094][ T6006] EXT4-fs (loop2): orphan cleanup on readonly fs
[   82.867940][ T6009] loop3: detected capacity change from 0 to 2048
[   82.875803][ T6009] EXT4-fs: Ignoring removed mblk_io_submit option
[   82.882993][ T6009] EXT4-fs: Ignoring removed i_version option
[   82.933223][ T6009] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.940119][ T6006] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:478: comm syz.2.52: Invalid block bitmap block 0 in block_group 0
[   82.969419][ T6006] EXT4-fs (loop2): Remounting filesystem read-only
[   83.025570][ T6006] Quota error (device loop2): write_blk: dquota write failed
[   83.070318][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.071624][ T6006] Quota error (device loop2): write_blk: dquota write failed
[   83.103230][ T6006] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[   83.165323][ T6006] EXT4-fs (loop2): 1 orphan inode deleted
[   83.206856][ T6006] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   83.379188][ T6006] syz.2.52 (6006) used greatest stack depth: 20688 bytes left
[   83.489361][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.753663][ T6029] loop3: detected capacity change from 0 to 1024
[   83.819475][ T6022] loop0: detected capacity change from 0 to 8192
[   83.906149][   T42] hfsplus: b-tree write err: -5, ino 4
[   84.106579][ T6034] loop3: detected capacity change from 0 to 8
[   84.165671][ T6036] loop1: detected capacity change from 0 to 8
[   84.233860][ T6034] process 'syz.3.63' launched './file1' with NULL argv: empty string added
[   84.356090][ T6038] Zero length message leads to an empty skb
[   84.623619][ T6046] syzkaller1: entered promiscuous mode
[   84.640374][ T6046] syzkaller1: entered allmulticast mode
[   84.794161][ T6050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.70'.
[   84.979237][ T6052] ALSA: mixer_oss: invalid OSS volume ''
[   85.241248][ T6045] loop1: detected capacity change from 0 to 32768
[   85.276652][ T6045] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   85.492319][ T6045] XFS (loop1): Ending clean mount
[   85.553821][ T6045] XFS (loop1): Quotacheck needed: Please wait.
[   85.594170][ T6066] loop3: detected capacity change from 0 to 1024
[   85.629236][ T6066] EXT4-fs: Ignoring removed nobh option
[   85.657527][ T6066] EXT4-fs: Ignoring removed oldalloc option
[   85.659408][ T6045] XFS (loop1): Quotacheck: Done.
[   85.675453][ T6066] EXT4-fs: Ignoring removed bh option
[   85.726948][ T6066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none.
[   85.859208][ T6056] loop0: detected capacity change from 0 to 32768
[   85.894957][ T6056] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[   85.905681][ T6056] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   85.918702][ T5773] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   85.988881][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[   86.067948][ T6056] XFS (loop0): Ending clean mount
[   86.090886][ T6056] XFS (loop0): Quotacheck needed: Please wait.
[   86.161497][ T6081] loop3: detected capacity change from 0 to 8
[   86.172465][ T6056] XFS (loop0): Quotacheck: Done.
[   86.283118][   T27] audit: type=1800 audit(1750793036.705:6): pid=6056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.73" name="file1" dev="loop0" ino=9286 res=0 errno=0
[   86.622094][ T5771] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   86.651499][ T6090] tmpfs: Bad value for 'gid'
[   86.971618][ T6094] loop2: detected capacity change from 0 to 40427
[   86.980007][ T6094] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   86.988713][ T6094] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   87.004142][ T6094] F2FS-fs (loop2): Found nat_bits in checkpoint
[   87.129360][ T6094] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   87.163302][ T6094] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   88.148320][ T6113] ALSA: mixer_oss: invalid OSS volume ''
[   88.160868][ T6110] loop1: detected capacity change from 0 to 512
[   88.178422][ T6110] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.232647][ T6110] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   88.276442][ T6110] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   88.277840][ T6102] loop3: detected capacity change from 0 to 32768
[   88.299254][ T6110] EXT4-fs (loop1): orphan cleanup on readonly fs
[   88.337342][ T6110] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:478: comm syz.1.88: Invalid block bitmap block 0 in block_group 0
[   88.366761][ T6118] loop8: detected capacity change from 0 to 8
[   88.383796][ T6110] EXT4-fs (loop1): Remounting filesystem read-only
[   88.389248][ T6102] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   88.392746][ T6110] Quota error (device loop1): write_blk: dquota write failed
[   88.407068][ T6110] Quota error (device loop1): write_blk: dquota write failed
[   88.420046][ T6118] Dev loop8: unable to read RDB block 8
[   88.421663][ T6110] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[   88.443758][ T6110] EXT4-fs (loop1): 1 orphan inode deleted
[   88.449989][ T6118]  loop8: unable to read partition table
[   88.484335][ T6110] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   88.498511][ T6118] loop8: partition table beyond EOD, truncated
[   88.544010][ T6118] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[   88.655693][ T6102] XFS (loop3): Ending clean mount
[   88.680875][ T6102] XFS (loop3): Quotacheck needed: Please wait.
[   88.689004][ T5773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.807279][ T6102] XFS (loop3): Quotacheck: Done.
[   88.966484][ T5768] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   89.080208][ T6132] loop1: detected capacity change from 0 to 8192
[   89.139172][ T6125] loop2: detected capacity change from 0 to 32768
[   89.180881][ T6125] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[   89.201706][ T6125] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   89.451297][ T6148] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   89.451883][ T6125] XFS (loop2): Ending clean mount
[   89.511117][ T6125] XFS (loop2): Quotacheck needed: Please wait.
[   89.612993][ T6125] XFS (loop2): Quotacheck: Done.
[   89.726165][ T6153] loop1: detected capacity change from 0 to 2048
[   89.732635][   T27] audit: type=1800 audit(1750793040.155:7): pid=6125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.91" name="file1" dev="loop2" ino=9286 res=0 errno=0
[   89.759277][ T6153] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[   89.805164][ T6158] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   89.876439][ T6153] syz.1.100: attempt to access beyond end of device
[   89.876439][ T6153] loop1: rw=0, sector=262216, nr_sectors = 2 limit=2048
[   89.895544][ T6153] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=1)
[   89.971836][ T6153] syz.1.100: attempt to access beyond end of device
[   89.971836][ T6153] loop1: rw=0, sector=262216, nr_sectors = 2 limit=2048
[   90.006301][ T6153] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=1)
[   90.018472][ T5776] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.580182][ T6155] syz.0.101 (6155) used greatest stack depth: 20520 bytes left
[   90.941987][ T6161] loop1: detected capacity change from 0 to 32768
[   90.986534][ T6161] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   91.135687][ T6184] Illegal XDP return value 906929508 on prog  (id 11) dev syz_tun, expect packet loss!
[   91.142709][ T6161] XFS (loop1): Ending clean mount
[   91.165261][ T6161] XFS (loop1): Quotacheck needed: Please wait.
[   91.252007][ T6161] XFS (loop1): Quotacheck: Done.
[   91.347388][ T6170] loop0: detected capacity change from 0 to 32768
[   91.374590][   T27] audit: type=1800 audit(1750793041.795:8): pid=6161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.102" name="file1" dev="loop1" ino=9286 res=0 errno=0
[   91.420161][ T6170] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[   91.433869][ T6170] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   91.447199][   T27] audit: type=1800 audit(1750793041.835:9): pid=6161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.102" name="file1" dev="loop1" ino=9286 res=0 errno=0
[   91.533681][ T5773] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   91.628625][ T6170] XFS (loop0): Ending clean mount
[   91.637781][ T6170] XFS (loop0): Quotacheck needed: Please wait.
[   91.704985][  T786] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 
[   91.755164][  T786] XFS (loop0): Unmount and run xfs_repair
[   91.760966][  T786] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[   91.808866][  T786] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[   91.834644][  T786] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[   91.843891][  T786] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[   91.874008][  T786] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[   91.909617][  T786] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[   91.924552][  T786] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[   91.941745][  T786] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   91.974938][  T786] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   92.005889][ T6201] syzkaller1: entered promiscuous mode
[   92.016730][ T3505] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x10 len 8 error 74
[   92.033976][ T6199] loop3: detected capacity change from 0 to 8192
[   92.034774][ T6201] syzkaller1: entered allmulticast mode
[   92.055738][ T6203] loop2: detected capacity change from 0 to 2048
[   92.101316][ T6170] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[   92.137567][ T6203] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.238373][ T6203] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[   92.302653][ T6170] XFS (loop0): User initiated shutdown received.
[   92.318636][ T6203] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28
[   92.354855][ T6203] EXT4-fs (loop2): This should not happen!! Data will be lost
[   92.354855][ T6203] 
[   92.380856][ T6170] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:497).  Shutting down filesystem.
[   92.391211][ T6203] EXT4-fs (loop2): Total free blocks count 0
[   92.403454][ T6203] EXT4-fs (loop2): Free/Dirty block details
[   92.410184][ T6203] EXT4-fs (loop2): free_blocks=2415919504
[   92.417667][ T6203] EXT4-fs (loop2): dirty_blocks=80
[   92.424097][ T6203] EXT4-fs (loop2): Block reservation details
[   92.431219][ T6203] EXT4-fs (loop2): i_reserved_data_blocks=5
[   92.442316][ T6170] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[   92.538624][ T5771] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   92.546044][ T2990] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   93.527941][ T6218] loop2: detected capacity change from 0 to 32768
[   93.581208][ T6218] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.121 (6218)
[   93.684161][ T6218] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   93.688860][ T6219] loop3: detected capacity change from 0 to 32768
[   93.709394][ T6221] loop1: detected capacity change from 0 to 32768
[   93.714749][ T6218] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[   93.734722][ T6218] BTRFS info (device loop2): force clearing of disk cache
[   93.769254][ T6218] BTRFS info (device loop2): enabling auto defrag
[   93.790813][ T6219] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   93.810260][ T6221] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   93.817409][ T6218] BTRFS info (device loop2): max_inline at 0
[   93.823260][ T6223] loop0: detected capacity change from 0 to 32768
[   93.847918][ T6218] BTRFS info (device loop2): enabling disk space caching
[   93.856876][ T6223] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.117 (6223)
[   93.872969][ T6218] BTRFS info (device loop2): disk space caching is enabled
[   93.962815][ T6223] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   93.991679][ T6223] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   94.020404][ T6223] BTRFS info (device loop0): setting nodatacow, compression disabled
[   94.041269][ T6223] BTRFS info (device loop0): max_inline at 0
[   94.055700][ T6223] BTRFS info (device loop0): enabling disk space caching
[   94.094055][ T6223] BTRFS info (device loop0): turning off barriers
[   94.096908][ T6219] XFS (loop3): Ending clean mount
[   94.110185][ T6223] BTRFS info (device loop0): turning on flush-on-commit
[   94.120799][ T6223] BTRFS info (device loop0): doing ref verification
[   94.130465][ T6219] XFS (loop3): Quotacheck needed: Please wait.
[   94.130731][ T6221] XFS (loop1): Ending clean mount
[   94.146530][ T6223] BTRFS info (device loop0): force clearing of disk cache
[   94.155318][ T6223] BTRFS info (device loop0): enabling ssd optimizations
[   94.163933][ T6223] BTRFS info (device loop0): max_inline at 4096
[   94.172009][ T6223] BTRFS info (device loop0): disk space caching is enabled
[   94.190963][ T6221] XFS (loop1): Quotacheck needed: Please wait.
[   94.250776][ T6218] BTRFS info (device loop2): enabling ssd optimizations
[   94.275263][ T6219] XFS (loop3): Quotacheck: Done.
[   94.316520][ T6221] XFS (loop1): Quotacheck: Done.
[   94.324824][ T6218] BTRFS info (device loop2): rebuilding free space tree
[   94.388963][ T6223] BTRFS info (device loop0): auto enabling async discard
[   94.459295][ T6223] BTRFS info (device loop0): rebuilding free space tree
[   94.550070][   T27] audit: type=1800 audit(1750793044.965:10): pid=6219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.119" name="file1" dev="loop3" ino=9286 res=0 errno=0
[   94.550467][ T6223] BTRFS info (device loop0): disabling free space tree
[   94.599239][ T6218] BTRFS info (device loop2): disabling free space tree
[   94.601900][ T5773] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   94.618259][   T27] audit: type=1800 audit(1750793045.045:11): pid=6219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.119" name="file1" dev="loop3" ino=9286 res=0 errno=0
[   94.642227][ T6218] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   94.653817][ T6218] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   94.664726][ T6223] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   94.664785][ T6223] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   94.759991][ T5768] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   95.213395][   T58] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[   95.260543][ T5771] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   95.355097][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   95.520366][ T5776] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   95.574568][    T9] usb 2-1: Using ep0 maxpacket: 8
[   95.604897][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   95.623067][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[   95.632553][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.654193][    T9] usb 2-1: config 0 descriptor??
[   95.666148][    T9] gspca_main: vc032x-2.14.0 probing 046d:0892
[   95.714571][  T786] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   95.934883][  T786] usb 4-1: Using ep0 maxpacket: 32
[   95.941805][  T786] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[   95.960679][  T786] usb 4-1: config 0 has no interface number 0
[   95.971079][  T786] usb 4-1: config 0 interface 12 has no altsetting 0
[   96.005567][  T786] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[   96.041837][  T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.064911][  T786] usb 4-1: Product: syz
[   96.084207][  T786] usb 4-1: Manufacturer: syz
[   96.107523][  T786] usb 4-1: SerialNumber: syz
[   96.139945][  T786] usb 4-1: config 0 descriptor??
[   96.701651][    T9] gspca_vc032x: reg_r err -71
[   96.715219][    T9] vc032x: probe of 2-1:0.0 failed with error -71
[   96.764328][ T6303] netlink: 164 bytes leftover after parsing attributes in process `syz.0.134'.
[   96.766086][    T9] usb 2-1: USB disconnect, device number 4
[   97.170782][  T786] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[   97.180543][  T786] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[   97.191402][  T786] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[   97.206743][  T786] f81534: probe of 4-1:0.12 failed with error -71
[   97.252490][  T786] usb 4-1: USB disconnect, device number 3
[   97.329405][ T6316] loop2: detected capacity change from 0 to 128
[   97.380300][ T6316] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[   97.444436][ T6316] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   97.466763][ T6320] capability: warning: `syz.0.142' uses deprecated v2 capabilities in a way that may be insecure
[   98.051822][ T6337] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   98.071276][ T6337] overlayfs: overlapping lowerdir path
[   98.544749][ T6352] loop3: detected capacity change from 0 to 1024
[   98.624992][ T6352] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.672432][ T6361] loop1: detected capacity change from 0 to 512
[   98.758569][ T6361] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.792845][ T6361] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   98.886573][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.012437][ T5773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.157734][ T6375] loop3: detected capacity change from 0 to 128
[   99.181087][ T6375] EXT4-fs: Ignoring removed nomblk_io_submit option
[   99.236540][ T6375] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[   99.331596][ T6375] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   99.619166][ T5768] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   99.643059][ T6396] input: syz1 as /devices/virtual/input/input6
[   99.709726][ T6396] input: failed to attach handler leds to device input6, error: -6
[   99.994736][ T6408] input: syz0 as /devices/virtual/input/input7
[  100.021647][ T6408] input: failed to attach handler leds to device input7, error: -6
[  100.131421][ T5941] udevd[5941]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  100.257568][ T6410] loop3: detected capacity change from 0 to 4096
[  100.396708][ T6410] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  100.501585][ T6398] loop0: detected capacity change from 0 to 32768
[  100.615923][ T6398] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  100.817716][ T6424] loop2: detected capacity change from 0 to 1024
[  100.822538][ T6406] loop1: detected capacity change from 0 to 40427
[  100.903534][ T5768] ntfs3: loop3: ino=9, ntfs_sync_fs failed, -22.
[  100.913965][ T6424] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.943231][ T6398] XFS (loop0): Ending clean mount
[  100.981593][ T6431] warning: `syz.3.180' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  100.982458][ T6398] XFS (loop0): Quotacheck needed: Please wait.
[  101.013239][ T6424] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.059262][ T6406] F2FS-fs (loop1): Found nat_bits in checkpoint
[  101.179021][ T6398] XFS (loop0): Quotacheck: Done.
[  101.275849][ T6406] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  101.305529][ T3505] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 8)
[  101.368615][ T5771] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  101.378486][ T3505] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 8 with error 117
[  101.415483][ T3505] EXT4-fs (loop2): This should not happen!! Data will be lost
[  101.415483][ T3505] 
[  101.453170][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.660406][ T6406] syz.1.174: attempt to access beyond end of device
[  101.660406][ T6406] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  101.720579][ T6406] syz.1.174: attempt to access beyond end of device
[  101.720579][ T6406] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  101.894364][ T5773] syz-executor: attempt to access beyond end of device
[  101.894364][ T5773] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  101.916766][ T5773] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  102.098826][ T6441] loop3: detected capacity change from 0 to 32768
[  102.135225][ T6441] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  102.184151][  T786] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  102.207216][ T6441] XFS (loop3): Ending clean mount
[  102.306431][    T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  102.363884][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  102.410169][  T786] usb 3-1: Using ep0 maxpacket: 8
[  102.479804][  T786] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  102.507239][  T786] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  102.518328][  T786] usb 3-1: Product: syz
[  102.524073][  T786] usb 3-1: Manufacturer: syz
[  102.530568][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  102.530985][  T786] usb 3-1: SerialNumber: syz
[  102.565046][    T9] usb 1-1: no configurations
[  102.570273][    T9] usb 1-1: can't read configurations, error -22
[  102.571991][  T786] usb 3-1: config 0 descriptor??
[  102.607158][  T786] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  102.821408][ T6457] loop1: detected capacity change from 0 to 32768
[  102.836716][ T6457] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.188 (6457)
[  102.862722][ T6457] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  102.889732][ T6457] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  102.901910][ T6457] BTRFS info (device loop1): enabling disk space caching
[  102.913839][ T6457] BTRFS info (device loop1): doing ref verification
[  102.924119][ T6457] BTRFS info (device loop1): use zlib compression, level 3
[  102.933939][ T6457] BTRFS info (device loop1): force clearing of disk cache
[  102.941775][ T6457] BTRFS info (device loop1): setting nodatacow, compression disabled
[  102.953656][ T6457] BTRFS info (device loop1): doing ref verification
[  102.960688][ T6457] BTRFS info (device loop1): disk space caching is enabled
[  103.007143][ T6457] BTRFS info (device loop1): enabling ssd optimizations
[  103.013210][  T786] gspca_zc3xx: reg_r err -71
[  103.014782][ T6457] BTRFS info (device loop1): auto enabling async discard
[  103.019529][  T786] gspca_zc3xx: probe of 3-1:0.0 failed with error -71
[  103.047367][ T6457] BTRFS info (device loop1): rebuilding free space tree
[  103.112123][  T786] usb 3-1: USB disconnect, device number 3
[  103.128100][ T6457] BTRFS info (device loop1): disabling free space tree
[  103.177551][ T6457] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  103.209878][ T6457] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  103.581466][ T5773] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  104.246631][ T6495] batadv_slave_1: entered promiscuous mode
[  104.267038][ T6497] loop0: detected capacity change from 0 to 256
[  104.267375][ T6494] batadv_slave_1: left promiscuous mode
[  104.335361][ T6497] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001034b, chksum : 0x6322ccb6, utbl_chksum : 0xe619d30d)
[  104.435030][  T786] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  104.630483][  T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.663058][  T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.699340][  T786] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  104.712718][  T786] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  104.723568][  T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.758348][  T786] usb 2-1: config 0 descriptor??
[  105.091827][ T6523] netlink: 56 bytes leftover after parsing attributes in process `syz.2.208'.
[  105.198922][  T786] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xe
[  105.217605][  T786] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  105.237623][  T786] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  105.251657][ T6528] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  105.276409][  T786] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  105.571755][  T786] usb 2-1: USB disconnect, device number 5
[  105.761904][ T6541] smc: net device bond0 applied user defined pnetid SYZ2
[  106.040076][ T6537] loop2: detected capacity change from 0 to 32768
[  106.090288][ T6537] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  106.148811][  T786] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  106.281685][ T6537] XFS (loop2): Ending clean mount
[  106.311312][ T6537] XFS (loop2): Quotacheck needed: Please wait.
[  106.357181][  T786] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.386970][  T786] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  106.407533][  T786] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  106.424867][  T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  106.433475][ T6537] XFS (loop2): Quotacheck: Done.
[  106.461453][  T786] usb 4-1: SerialNumber: syz
[  106.640718][ T5776] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  106.709349][  T786] usb 4-1: 0:2 : does not exist
[  106.791169][ T6558] loop0: detected capacity change from 0 to 32768
[  106.850058][  T786] usb 4-1: USB disconnect, device number 4
[  106.919493][ T5942] udevd[5942]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  106.926541][ T6558] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  106.945953][ T6560] loop1: detected capacity change from 0 to 32768
[  107.075988][ T6560] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  107.094177][ T6558] XFS (loop0): Ending clean mount
[  107.111025][ T6560] XFS (loop1): Mounting V5 filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a in no-recovery mode. Filesystem will be inconsistent.
[  107.149400][ T6558] XFS (loop0): Quotacheck needed: Please wait.
[  107.266218][ T6558] XFS (loop0): Quotacheck: Done.
[  107.273772][ T5773] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  107.552615][ T5771] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  108.030746][ T6594] loop3: detected capacity change from 0 to 128
[  108.116320][ T6594] FAT-fs (loop3): error, invalid access to FAT (entry 0x0fffff00)
[  108.141613][ T6596] loop0: detected capacity change from 0 to 4096
[  108.148664][ T6594] FAT-fs (loop3): Filesystem has been set read-only
[  108.197674][ T6599] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  108.469283][ T6607] loop3: detected capacity change from 0 to 512
[  108.506262][ T6607] EXT4-fs: Ignoring removed bh option
[  108.541722][ T6607] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  108.591634][ T6609] loop0: detected capacity change from 0 to 1024
[  108.610018][ T6607] EXT4-fs (loop3): 1 truncate cleaned up
[  108.636355][ T6607] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.670485][ T6613] loop2: detected capacity change from 0 to 1024
[  108.699081][ T6613] EXT4-fs: Ignoring removed oldalloc option
[  108.718065][ T6609] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.734890][ T6613] EXT4-fs: Ignoring removed orlov option
[  108.776042][ T6613] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  108.824037][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.877440][ T6613] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.891378][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.065693][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.226727][ T6630] loop3: detected capacity change from 0 to 128
[  109.439336][ T6636] input: syz0 as /devices/virtual/input/input8
[  111.031761][ T6666] loop2: detected capacity change from 0 to 2048
[  111.073757][ T6666] EXT4-fs (loop2): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.185656][ T5776] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11
[  111.200730][ T5776] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11
[  111.312057][ T5776] EXT4-fs (loop2): unmounting filesystem 00000800-0000-0000-0000-000000000000.
[  111.407167][   T27] audit: type=1326 audit(1750793061.835:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.1.261" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc252b8e929 code=0x0
[  111.619734][ T6683] netlink: 64 bytes leftover after parsing attributes in process `syz.3.264'.
[  111.711665][ T6685] mmap: syz.0.265 (6685) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  111.973224][ T3505] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.123926][ T3505] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.184661][  T786] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  112.268411][ T3505] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.368900][ T3505] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.399668][  T786] usb 1-1: Using ep0 maxpacket: 32
[  112.419257][  T786] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  112.431502][  T786] usb 1-1: config 0 has no interface number 0
[  112.444592][ T5861] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  112.462187][  T786] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  112.486723][  T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.504990][  T786] usb 1-1: Product: syz
[  112.512735][  T786] usb 1-1: Manufacturer: syz
[  112.525240][  T786] usb 1-1: SerialNumber: syz
[  112.537181][  T786] usb 1-1: config 0 descriptor??
[  112.560714][  T786] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  112.627604][ T5861] usb 4-1: config 1 interface 0 altsetting 253 bulk endpoint 0x3 has invalid maxpacket 1023
[  112.661460][ T5861] usb 4-1: config 1 interface 0 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  112.694711][ T5861] usb 4-1: config 1 interface 0 has no altsetting 0
[  112.706364][ T5861] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  112.725231][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  112.755837][ T5861] usb 4-1: SerialNumber: syz
[  112.787971][ T6695] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  112.840928][  T786] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  112.879733][  T786] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  112.999796][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  113.094373][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[  113.204661][    T9] usb 2-1: Using ep0 maxpacket: 32
[  113.236914][    T9] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  113.253867][ T5861] cdc_ether: probe of 4-1:1.0 failed with error -71
[  113.264695][    T9] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  113.300729][ T5861] usb 4-1: USB disconnect, device number 5
[  113.306632][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  113.311686][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  113.334576][  T786] usb 1-1: USB disconnect, device number 4
[  113.341285][    T9] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  113.395788][    T9] usb 2-1: Product: syz
[  113.399680][  T786] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  113.413103][    T9] usb 2-1: Manufacturer: syz
[  113.460496][ T5774] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  113.467465][    T9] hub 2-1:4.0: USB hub found
[  113.473398][ T5774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  113.485337][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  113.506382][ T5774] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  113.516509][  T786] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  113.530153][ T5774] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  113.539447][ T5774] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  113.550677][  T786] quatech2 1-1:0.51: device disconnected
[  113.675262][    T9] hub 2-1:4.0: 2 ports detected
[  114.016139][ T6718] loop3: detected capacity change from 0 to 2048
[  114.075625][ T6718] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  114.115845][ T6723] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  114.297673][    T9] usb 2-1: USB disconnect, device number 6
[  114.391490][ T6708] chnl_net:caif_netlink_parms(): no params data found
[  114.617266][ T6735] loop3: detected capacity change from 0 to 64
[  114.656252][ T5861] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  114.856930][ T5861] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.879341][ T5861] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  114.899045][ T5861] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  114.913410][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  114.943342][ T5861] usb 1-1: SerialNumber: syz
[  115.122579][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.163043][ T6708] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.172940][ T5861] usb 1-1: 0:2 : does not exist
[  115.183648][ T6708] bridge_slave_0: entered allmulticast mode
[  115.210622][ T6708] bridge_slave_0: entered promiscuous mode
[  115.221111][ T5861] usb 1-1: USB disconnect, device number 5
[  115.349183][ T5941] udevd[5941]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  115.424334][ T3505] hsr_slave_0: left promiscuous mode
[  115.441403][ T3505] hsr_slave_1: left promiscuous mode
[  115.463728][ T3505] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.475320][ T3505] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.490954][ T3505] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.504557][ T3505] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.515368][ T3505] bridge_slave_1: left allmulticast mode
[  115.521859][ T3505] bridge_slave_1: left promiscuous mode
[  115.551361][ T3505] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.582740][ T3505] bridge_slave_0: left allmulticast mode
[  115.610329][ T6756] loop3: detected capacity change from 0 to 128
[  115.622616][ T3505] bridge_slave_0: left promiscuous mode
[  115.625011][ T5774] Bluetooth: hci3: command tx timeout
[  115.630798][ T3505] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.718919][   T27] audit: type=1800 audit(1750793066.145:13): pid=6756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.283" name="file2" dev="loop3" ino=1048606 res=0 errno=0
[  115.725597][ T6756] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  115.761669][ T6756] FAT-fs (loop3): Filesystem has been set read-only
[  115.772202][ T3505] veth1_macvtap: left promiscuous mode
[  115.797348][ T6756] syz.3.283: attempt to access beyond end of device
[  115.797348][ T6756] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  115.799813][ T3505] veth0_macvtap: left promiscuous mode
[  115.825812][ T6756] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  115.840984][ T6756] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  115.871041][ T3505] veth1_vlan: left promiscuous mode
[  115.885031][ T3505] veth0_vlan: left promiscuous mode
[  115.885972][ T6756] syz.3.283: attempt to access beyond end of device
[  115.885972][ T6756] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  115.935249][ T6756] syz.3.283: attempt to access beyond end of device
[  115.935249][ T6756] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  116.924656][ T5805] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  116.982010][ T3505] team0 (unregistering): Port device team_slave_1 removed
[  117.067213][ T3505] team0 (unregistering): Port device team_slave_0 removed
[  117.113201][ T5805] usb 1-1: Using ep0 maxpacket: 8
[  117.152445][ T5805] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  117.168161][ T3505] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  117.179540][ T5805] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  117.188040][ T6785] loop1: detected capacity change from 0 to 512
[  117.203329][ T5805] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  117.213405][ T6785] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  117.232921][ T5805] usb 1-1: Product: syz
[  117.243203][ T5805] usb 1-1: Manufacturer: syz
[  117.264698][ T5805] usb 1-1: SerialNumber: syz
[  117.273996][ T6785] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters
[  117.295091][ T6785] Quota error (device loop1): write_blk: dquota write failed
[  117.302706][ T6785] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  117.333289][ T6785] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.297: Failed to acquire dquot type 0
[  117.352191][ T6785] EXT4-fs (loop1): 1 truncate cleaned up
[  117.357807][ T3505] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  117.361119][ T6785] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.446222][ T6785] EXT4-fs error (device loop1): __ext4_remount:6741: comm syz.1.297: Abort forced by user
[  117.463704][ T6785] EXT4-fs (loop1): Remounting filesystem read-only
[  117.472328][ T6785] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  117.488211][ T6785] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  117.511866][ T5805] usb 1-1: palm_os_3_probe - error -71 getting connection information
[  117.521328][ T5805] visor: probe of 1-1:1.0 failed with error -71
[  117.538879][ T5805] usb 1-1: USB disconnect, device number 6
[  117.573809][ T5773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.704627][ T5774] Bluetooth: hci3: command tx timeout
[  118.248650][ T6794] loop1: detected capacity change from 0 to 32768
[  118.273063][ T6794] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.300 (6794)
[  118.332447][ T6794] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  118.347435][ T6794] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  118.380633][ T6794] BTRFS info (device loop1): turning off barriers
[  118.388295][ T6794] BTRFS info (device loop1): setting nodatasum
[  118.406011][ T6794] BTRFS info (device loop1): enabling auto defrag
[  118.424959][ T6794] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  118.454761][ T6794] BTRFS info (device loop1): use zstd compression, level 3
[  118.462750][ T6794] BTRFS info (device loop1): using free space tree
[  118.500043][ T3505] bond0 (unregistering): Released all slaves
[  118.563484][ T6794] BTRFS info (device loop1): auto enabling async discard
[  118.662857][ T6708] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.674617][ T6708] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.683076][ T6708] bridge_slave_1: entered allmulticast mode
[  118.706127][ T6708] bridge_slave_1: entered promiscuous mode
[  118.779238][ T5773] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  118.801485][ T6796] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  118.833894][ T6796] batadv_slave_1: entered promiscuous mode
[  118.980037][ T6708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.057612][ T6708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.365525][ T6823] loop1: detected capacity change from 0 to 1024
[  119.373217][ T6708] team0: Port device team_slave_0 added
[  119.423149][ T6708] team0: Port device team_slave_1 added
[  119.460768][ T6823] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.660696][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.688857][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.740959][ T6832] loop3: detected capacity change from 0 to 512
[  119.740993][ T6708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.778754][ T5774] Bluetooth: hci3: command tx timeout
[  119.786469][ T6832] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  119.829989][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.835658][ T5773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.838268][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.875896][ T6708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.915092][ T6832] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.309: casefold flag without casefold feature
[  119.983641][ T6832] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.309: couldn't read orphan inode 15 (err -117)
[  120.046752][ T6832] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.182785][ T6708] hsr_slave_0: entered promiscuous mode
[  120.202537][ T6708] hsr_slave_1: entered promiscuous mode
[  120.225777][ T6708] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.245184][ T6708] Cannot create hsr debugfs directory
[  120.472464][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.897579][ T6708] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  120.924055][ T6708] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  120.955950][ T6708] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  120.978594][ T6708] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  121.100746][ T6842] loop1: detected capacity change from 0 to 32768
[  121.149247][ T6842] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.245063][ T6854] loop3: detected capacity change from 0 to 32768
[  121.255874][ T6854] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.318 (6854)
[  121.289867][ T6854] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  121.300564][ T6854] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  121.310095][ T6854] BTRFS info (device loop3): force clearing of disk cache
[  121.317942][ T6854] BTRFS info (device loop3): enabling auto defrag
[  121.325213][ T6854] BTRFS info (device loop3): max_inline at 0
[  121.331756][ T6854] BTRFS info (device loop3): enabling disk space caching
[  121.338944][ T6854] BTRFS info (device loop3): disk space caching is enabled
[  121.401000][ T6842] XFS (loop1): Ending clean mount
[  121.409326][ T6854] BTRFS info (device loop3): enabling ssd optimizations
[  121.430488][ T6854] BTRFS info (device loop3): rebuilding free space tree
[  121.463370][ T6842] XFS (loop1): Quotacheck needed: Please wait.
[  121.495455][ T6708] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.567771][ T6854] BTRFS info (device loop3): disabling free space tree
[  121.597849][ T6708] 8021q: adding VLAN 0 to HW filter on device team0
[  121.615193][ T6854] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  121.628907][ T6842] XFS (loop1): Quotacheck: Done.
[  121.651291][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.659051][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.677313][ T6854] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  121.706524][ T5773] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.722875][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.730581][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.859293][ T5774] Bluetooth: hci3: command tx timeout
[  121.910852][ T6708] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  122.036408][ T6854] BTRFS warning (device loop3): failed to trim 2 block group(s), last error -512
[  122.275746][ T6854] BTRFS warning (device loop3): failed to trim 1 device(s), last error -512
[  122.340236][ T5768] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  122.398345][ T6708] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.558208][ T6915] loop0: detected capacity change from 0 to 512
[  122.610318][ T6915] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.326: casefold flag without casefold feature
[  122.636280][ T6915] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.326: couldn't read orphan inode 15 (err -117)
[  122.650443][ T6915] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.752559][ T6915] EXT4-fs (loop0): shut down requested (0)
[  122.963544][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.094881][ T6708] veth0_vlan: entered promiscuous mode
[  123.128366][ T6708] veth1_vlan: entered promiscuous mode
[  123.212592][ T6926] loop0: detected capacity change from 0 to 1024
[  123.223089][ T6708] veth0_macvtap: entered promiscuous mode
[  123.262735][ T6708] veth1_macvtap: entered promiscuous mode
[  123.275350][ T6926] EXT4-fs: Ignoring removed oldalloc option
[  123.303366][ T6926] EXT4-fs: Ignoring removed orlov option
[  123.313420][ T6708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.335311][ T6708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.349000][ T6926] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  123.359724][ T6708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.378450][ T6708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.391951][ T6708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.409690][ T6708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.423116][ T6708] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.425458][ T6926] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.435828][ T6708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.454420][ T6708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.464864][ T6708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.475965][ T6708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.487706][ T6708] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.516426][ T6708] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.568017][ T6708] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.602392][ T6708] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.606870][ T6926] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4036: comm syz.0.327: Allocating blocks 305-513 which overlap fs metadata
[  123.611778][ T6708] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.730147][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.791150][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.814881][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.850731][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.861804][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.890075][ T6932] netlink: 8 bytes leftover after parsing attributes in process `syz.3.330'.
[  124.164760][  T786] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  124.366426][  T786] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  124.402779][  T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.454032][  T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.471099][  T786] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  124.520511][  T786] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  124.540311][  T786] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  124.568765][  T786] usb 1-1: Manufacturer: syz
[  124.587798][  T786] usb 1-1: config 0 descriptor??
[  125.021088][  T786] appleir 0003:05AC:8243.0005: unknown main item tag 0x0
[  125.035468][  T786] appleir 0003:05AC:8243.0005: No inputs registered, leaving
[  125.070257][  T786] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  125.076971][ T6954] loop1: detected capacity change from 0 to 32768
[  125.176253][ T6954] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  125.255518][ T6954] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  125.319707][ T6952] loop4: detected capacity change from 0 to 40427
[  125.339436][ T6952] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  125.364568][ T6952] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  125.390571][  T786] usb 1-1: USB disconnect, device number 7
[  125.407575][ T6952] F2FS-fs (loop4): invalid crc value
[  125.433558][ T5773] ocfs2: Unmounting device (7,1) on (node local)
[  125.480592][ T6952] F2FS-fs (loop4): Found nat_bits in checkpoint
[  125.628785][ T6956] loop3: detected capacity change from 0 to 40427
[  125.687079][ T6956] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff
[  125.693616][ T6952] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  125.738678][ T6952] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  125.746502][ T6956] F2FS-fs (loop3): Image doesn't support compression
[  125.753276][ T6956] F2FS-fs (loop3): Image doesn't support compression
[  125.798722][ T6956] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x4
[  125.825760][ T6956] F2FS-fs (loop3): invalid crc value
[  125.861073][ T6956] F2FS-fs (loop3): Found nat_bits in checkpoint
[  126.069539][ T6956] F2FS-fs (loop3): Start checkpoint disabled!
[  126.120387][ T6956] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  126.382088][   T58] kworker/u4:4: attempt to access beyond end of device
[  126.382088][   T58] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  126.461443][   T58] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  126.515757][   T58] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  126.522901][   T58] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  126.555544][ T6987] netlink: 88 bytes leftover after parsing attributes in process `syz.0.351'.
[  126.565061][ T6987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.351'.
[  126.921701][ T6985] loop1: detected capacity change from 0 to 16384
[  126.941686][ T6993] input: syz1 as /devices/virtual/input/input9
[  126.949359][ T6985] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  126.960584][ T6985] UDF-fs: Scanning with blocksize 512 failed
[  126.989747][ T6985] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  127.009598][ T6985] UDF-fs: Scanning with blocksize 1024 failed
[  127.039417][ T6985] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  127.057376][ T6985] UDF-fs: Scanning with blocksize 2048 failed
[  127.083180][ T6985] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  127.114169][    C0] operation not supported error, dev loop1, sector 0 op 0x9:(WRITE_ZEROES) flags 0x8000800 phys_seg 0 prio class 2
[  127.267671][ T6995] loop4: detected capacity change from 0 to 512
[  127.294393][ T6995] EXT4-fs: quotafile must be on filesystem root
[  127.781045][ T6991] loop0: detected capacity change from 0 to 32768
[  127.817921][ T6991] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  127.856815][ T6991] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  128.081380][ T5771] ocfs2: Unmounting device (7,0) on (node local)
[  128.155868][ T7003] loop3: detected capacity change from 0 to 32768
[  128.239359][ T7003] 
[  128.239359][ T7003]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.239359][ T7003] 
[  128.261391][ T7016] netlink: 12 bytes leftover after parsing attributes in process `syz.0.360'.
[  128.282194][ T7016] xfrm1: entered promiscuous mode
[  128.314951][ T7016] xfrm1: entered allmulticast mode
[  128.405374][ T7003] non-latin1 character 0x3ff found in JFS file name
[  128.428479][ T7003] mount with iocharset=utf8 to access
[  128.499197][ T3505] 
[  128.499197][ T3505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.499197][ T3505] 
[  128.571691][ T3505] 
[  128.571691][ T3505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.571691][ T3505] 
[  128.597854][  T111] 
[  128.597854][  T111]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.597854][  T111] 
[  128.626333][ T3505] 
[  128.626333][ T3505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.626333][ T3505] 
[  128.654147][ T7025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.363'.
[  128.664604][ T3505] 
[  128.664604][ T3505]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.664604][ T3505] 
[  128.664918][ T5768] 
[  128.664918][ T5768]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.664918][ T5768] 
[  128.679115][  T112] 
[  128.679115][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.679115][  T112] 
[  128.705072][ T5768] 
[  128.705072][ T5768]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.705072][ T5768] 
[  128.782568][  T112] ==================================================================
[  128.790859][  T112] BUG: KASAN: slab-use-after-free in txEnd+0x32d/0x520
[  128.797746][  T112] Write of size 8 at addr ffff88807f6ae040 by task jfsCommit/112
[  128.805637][  T112] 
[  128.808062][  T112] CPU: 1 PID: 112 Comm: jfsCommit Not tainted 6.6.94-syzkaller #0
[  128.815858][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  128.826107][  T112] Call Trace:
[  128.829382][  T112]  <TASK>
[  128.832317][  T112]  dump_stack_lvl+0x16c/0x230
[  128.837194][  T112]  ? __lock_acquire+0x7c80/0x7c80
[  128.842321][  T112]  ? show_regs_print_info+0x20/0x20
[  128.847618][  T112]  ? load_image+0x3b0/0x3b0
[  128.852251][  T112]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  128.857897][  T112]  ? __virt_addr_valid+0x18c/0x540
[  128.863095][  T112]  ? __virt_addr_valid+0x469/0x540
[  128.868868][  T112]  print_report+0xac/0x230
[  128.873303][  T112]  ? txEnd+0x32d/0x520
[  128.877475][  T112]  kasan_report+0x117/0x150
[  128.882047][  T112]  ? txEnd+0x32d/0x520
[  128.886116][  T112]  kasan_check_range+0x288/0x290
[  128.891337][  T112]  txEnd+0x32d/0x520
[  128.895238][  T112]  jfs_lazycommit+0x5a6/0xa60
[  128.899940][  T112]  ? txFreelock+0x5a0/0x5a0
[  128.904437][  T112]  ? do_task_dead+0xd0/0xd0
[  128.908942][  T112]  ? __kthread_parkme+0x7a/0x1c0
[  128.914143][  T112]  kthread+0x2fa/0x390
[  128.918330][  T112]  ? txFreelock+0x5a0/0x5a0
[  128.922824][  T112]  ? kthread_blkcg+0xd0/0xd0
[  128.927406][  T112]  ret_from_fork+0x48/0x80
[  128.931875][  T112]  ? kthread_blkcg+0xd0/0xd0
[  128.936541][  T112]  ret_from_fork_asm+0x11/0x20
[  128.941304][  T112]  </TASK>
[  128.944323][  T112] 
[  128.946655][  T112] Allocated by task 7003:
[  128.950981][  T112]  kasan_set_track+0x4e/0x70
[  128.955568][  T112]  __kasan_kmalloc+0x8f/0xa0
[  128.960326][  T112]  lmLogOpen+0x2df/0xfb0
[  128.964751][  T112]  jfs_mount_rw+0xea/0x670
[  128.969267][  T112]  jfs_fill_super+0x592/0xac0
[  128.973937][  T112]  mount_bdev+0x22b/0x2d0
[  128.978257][  T112]  legacy_get_tree+0xea/0x180
[  128.983494][  T112]  vfs_get_tree+0x8c/0x280
[  128.987916][  T112]  do_new_mount+0x24b/0xa40
[  128.992595][  T112]  __se_sys_mount+0x2da/0x3c0
[  128.997366][  T112]  do_syscall_64+0x55/0xb0
[  129.001898][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  129.007803][  T112] 
[  129.010118][  T112] Freed by task 5768:
[  129.014097][  T112]  kasan_set_track+0x4e/0x70
[  129.018789][  T112]  kasan_save_free_info+0x2e/0x50
[  129.023993][  T112]  ____kasan_slab_free+0x126/0x1e0
[  129.029201][  T112]  slab_free_freelist_hook+0x130/0x1b0
[  129.034677][  T112]  __kmem_cache_free+0xba/0x1f0
[  129.039623][  T112]  lmLogClose+0x297/0x520
[  129.043945][  T112]  jfs_umount+0x2ef/0x3c0
[  129.048392][  T112]  jfs_put_super+0x8c/0x190
[  129.053178][  T112]  generic_shutdown_super+0x134/0x2b0
[  129.058557][  T112]  kill_block_super+0x44/0x90
[  129.063237][  T112]  deactivate_locked_super+0x97/0x100
[  129.068953][  T112]  cleanup_mnt+0x429/0x4c0
[  129.073381][  T112]  task_work_run+0x1ce/0x250
[  129.077988][  T112]  exit_to_user_mode_loop+0xe6/0x110
[  129.083269][  T112]  exit_to_user_mode_prepare+0xb1/0x140
[  129.088992][  T112]  syscall_exit_to_user_mode+0x1a/0x50
[  129.094539][  T112]  do_syscall_64+0x61/0xb0
[  129.099048][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  129.105157][  T112] 
[  129.107656][  T112] Last potentially related work creation:
[  129.113463][  T112]  kasan_save_stack+0x3e/0x60
[  129.118686][  T112]  __kasan_record_aux_stack+0xaf/0xc0
[  129.124255][  T112]  kvfree_call_rcu+0xee/0x780
[  129.128968][  T112]  neigh_remove_one+0x5f1/0x700
[  129.133923][  T112]  ___neigh_create+0x467/0x2440
[  129.138796][  T112]  ip6_finish_output2+0x159e/0x1650
[  129.144014][  T112]  ip6_fragment+0x13c5/0x1f90
[  129.148700][  T112]  ip6_finish_output+0x5b4/0xaf0
[  129.153632][  T112]  ip6_xmit+0x10a7/0x1830
[  129.158038][  T112]  sctp_v6_xmit+0x9e3/0x1230
[  129.162622][  T112]  sctp_packet_transmit+0x2488/0x2a30
[  129.167986][  T112]  sctp_packet_singleton+0x234/0x330
[  129.173270][  T112]  sctp_outq_flush+0x4f1/0x3100
[  129.178123][  T112]  sctp_do_sm+0x52d6/0x59a0
[  129.182618][  T112]  sctp_primitive_ASSOCIATE+0x95/0xc0
[  129.187980][  T112]  __sctp_connect+0x92f/0xd20
[  129.192652][  T112]  sctp_getsockopt_connectx3+0x2c7/0x440
[  129.198369][  T112]  sctp_getsockopt+0x986/0xb60
[  129.203138][  T112]  do_sock_getsockopt+0x38d/0x660
[  129.208169][  T112]  __x64_sys_getsockopt+0x1d6/0x280
[  129.213555][  T112]  do_syscall_64+0x55/0xb0
[  129.217972][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  129.223954][  T112] 
[  129.226265][  T112] The buggy address belongs to the object at ffff88807f6ae000
[  129.226265][  T112]  which belongs to the cache kmalloc-1k of size 1024
[  129.240350][  T112] The buggy address is located 64 bytes inside of
[  129.240350][  T112]  freed 1024-byte region [ffff88807f6ae000, ffff88807f6ae400)
[  129.254306][  T112] 
[  129.256620][  T112] The buggy address belongs to the physical page:
[  129.263056][  T112] page:ffffea0001fdaa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f6a8
[  129.273301][  T112] head:ffffea0001fdaa00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  129.282339][  T112] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  129.290841][  T112] page_type: 0xffffffff()
[  129.295167][  T112] raw: 00fff00000000840 ffff888017841dc0 0000000000000000 dead000000000001
[  129.303750][  T112] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  129.312323][  T112] page dumped because: kasan: bad access detected
[  129.318825][  T112] page_owner tracks the page as allocated
[  129.324522][  T112] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5768, tgid 5768 (syz-executor), ts 70840613438, free_ts 70779886551
[  129.345804][  T112]  post_alloc_hook+0x1cd/0x210
[  129.350657][  T112]  get_page_from_freelist+0x195c/0x19f0
[  129.356373][  T112]  __alloc_pages+0x1e3/0x460
[  129.361042][  T112]  alloc_slab_page+0x5d/0x170
[  129.365710][  T112]  new_slab+0x87/0x2e0
[  129.369778][  T112]  ___slab_alloc+0xc6d/0x12f0
[  129.374564][  T112]  __kmem_cache_alloc_node+0x1a2/0x260
[  129.380012][  T112]  __kmalloc_node_track_caller+0xa2/0x230
[  129.385732][  T112]  kmalloc_reserve+0x117/0x260
[  129.390488][  T112]  __alloc_skb+0x138/0x2c0
[  129.394888][  T112]  inet6_rt_notify+0xb4/0x240
[  129.399553][  T112]  fib6_add+0x1d9a/0x3d20
[  129.403874][  T112]  ip6_route_add+0x8a/0x130
[  129.408369][  T112]  addrconf_add_linklocal+0x45c/0x6b0
[  129.413731][  T112]  addrconf_addr_gen+0x4ac/0x5a0
[  129.418656][  T112]  addrconf_init_auto_addrs+0x719/0xb40
[  129.424199][  T112] page last free stack trace:
[  129.428868][  T112]  free_unref_page_prepare+0x7ce/0x8e0
[  129.434339][  T112]  free_unref_page+0x32/0x2e0
[  129.439024][  T112]  __slab_free+0x35e/0x410
[  129.443434][  T112]  qlist_free_all+0x75/0xe0
[  129.448070][  T112]  kasan_quarantine_reduce+0x143/0x160
[  129.453965][  T112]  __kasan_slab_alloc+0x22/0x80
[  129.460053][  T112]  slab_post_alloc_hook+0x6e/0x4d0
[  129.465792][  T112]  kmem_cache_alloc_node+0x150/0x330
[  129.471277][  T112]  __alloc_skb+0x108/0x2c0
[  129.475795][  T112]  netlink_sendmsg+0x65b/0xbe0
[  129.480818][  T112]  __sys_sendto+0x46a/0x620
[  129.485899][  T112]  __x64_sys_sendto+0xde/0xf0
[  129.491291][  T112]  do_syscall_64+0x55/0xb0
[  129.496439][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  129.503229][  T112] 
[  129.505764][  T112] Memory state around the buggy address:
[  129.512462][  T112]  ffff88807f6adf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  129.521765][  T112]  ffff88807f6adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  129.530879][  T112] >ffff88807f6ae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.539931][  T112]                                            ^
[  129.546369][  T112]  ffff88807f6ae080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.554628][  T112]  ffff88807f6ae100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.562794][  T112] ==================================================================
[  129.600338][  T112] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  129.607579][  T112] CPU: 0 PID: 112 Comm: jfsCommit Not tainted 6.6.94-syzkaller #0
[  129.615486][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  129.625560][  T112] Call Trace:
[  129.628858][  T112]  <TASK>
[  129.631970][  T112]  dump_stack_lvl+0x16c/0x230
[  129.636779][  T112]  ? show_regs_print_info+0x20/0x20
[  129.642118][  T112]  ? load_image+0x3b0/0x3b0
[  129.647091][  T112]  panic+0x2c0/0x710
[  129.651115][  T112]  ? bpf_jit_dump+0xd0/0xd0
[  129.655825][  T112]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  129.662504][  T112]  ? _raw_spin_unlock+0x40/0x40
[  129.667631][  T112]  ? print_memory_metadata+0x314/0x400
[  129.673430][  T112]  ? txEnd+0x32d/0x520
[  129.677681][  T112]  check_panic_on_warn+0x84/0xa0
[  129.683308][  T112]  ? txEnd+0x32d/0x520
[  129.687376][  T112]  end_report+0x6f/0x140
[  129.691637][  T112]  kasan_report+0x128/0x150
[  129.696460][  T112]  ? txEnd+0x32d/0x520
[  129.700528][  T112]  kasan_check_range+0x288/0x290
[  129.706006][  T112]  txEnd+0x32d/0x520
[  129.710081][  T112]  jfs_lazycommit+0x5a6/0xa60
[  129.714758][  T112]  ? txFreelock+0x5a0/0x5a0
[  129.719381][  T112]  ? do_task_dead+0xd0/0xd0
[  129.723991][  T112]  ? __kthread_parkme+0x7a/0x1c0
[  129.729078][  T112]  kthread+0x2fa/0x390
[  129.733158][  T112]  ? txFreelock+0x5a0/0x5a0
[  129.737921][  T112]  ? kthread_blkcg+0xd0/0xd0
[  129.742672][  T112]  ret_from_fork+0x48/0x80
[  129.747427][  T112]  ? kthread_blkcg+0xd0/0xd0
[  129.752034][  T112]  ret_from_fork_asm+0x11/0x20
[  129.756890][  T112]  </TASK>
[  129.760506][  T112] Kernel Offset: disabled
[  129.764841][  T112] Rebooting in 86400 seconds..