last executing test programs:

5m47.679484179s ago: executing program 2 (id=344):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$ITER_CREATE(0xb, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x6)
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000001080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x21408, 0x0, 0x3, 0x0, &(0x7f0000006380))
mount(0x0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000004c0)='smb3\x00', 0x0, 0x0)

5m46.476290557s ago: executing program 2 (id=348):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
ioctl$FBIOPUT_CON2FBMAP(0xffffffffffffffff, 0x4610, 0x0)
ioctl$FBIOPUT_CON2FBMAP(0xffffffffffffffff, 0x4610, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)

5m38.695722227s ago: executing program 2 (id=357):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000b00)={[{@quota}, {@init_itable}]}, 0x1, 0x24e, &(0x7f0000000340)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwVgo2Z6NwIMchIqhwImKj3AkxwS5rZWOhlYVKKpsgdkZLSRNsFMEqaorYCBosDBZarOxOImuyEsmuO5L5fGAyM5n35veGne/bbWY3QGOdT3IxSSvJfJJOkmK0wd3Vcn5/d3Vu82rS7z/5SzFsV+1XDvqdS9JL8nCSjbLIy+1kef3Znd+2Hr/vraXOvR+uPzM304vct7uz/cTeB5ff/OTSg8tfffPT5SIX0/3bdU1fMeZ/7SK55b8o9j9RtOseAf/Gldc//naQ+1uT3DPMfydlqhfv7cUbNjp54P1/6vvOz1/fPsuxAtPX73cG74G9PtA4ZZJuinIhSbVdlgsL1Wf471pny1euL742/9L1pWsv1j1TAdPSTbYf++zMp+cO5f/HVpV/4PQa5P+pK2vfD7b3WnWPBpiJO6rVIP/zz6/cH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHU6xzsNEbe1j+obnkH5pL/qG5RvMPADRL/0zdTyADdal7/gEAAAAAAAAAAAAAAAAAAI5andu8erDMquYX7yW7jyZpj6vfGv4ecXLj8O/ZX4tBs78UVbeJPHfXhCeY0Ec1P3190w/11v/yznrrr1xLem8kudBuH73/iv377+RuPuZ454UJC4x46N3j2xSH9h95enr1T+KPtXrrX9pKPh/MPxfGzT9lbhuux88/3dGvWD6hV3+f8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMzJ8BAAD//2Dqbpo=")
openat(0xffffffffffffff9c, &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x42, 0x2)
symlink(&(0x7f0000000b00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.stat\x00', 0x275a, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

5m33.995079722s ago: executing program 2 (id=370):
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_XRUN(0xffffffffffffffff, 0xc0984124, 0x1000000000000)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)

5m31.841788945s ago: executing program 2 (id=377):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
socket(0x2b, 0x80801, 0x1)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x9, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0xd33638f234726102, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

5m29.116276015s ago: executing program 2 (id=385):
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
writev(r0, 0x0, 0x0)
mount$fuseblk(0x0, 0x0, &(0x7f0000000380), 0x8, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2711, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x48, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'Q.931\x00'}}]}, 0x48}}, 0x0)

5m14.078463803s ago: executing program 32 (id=385):
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
writev(r0, 0x0, 0x0)
mount$fuseblk(0x0, 0x0, &(0x7f0000000380), 0x8, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2711, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x48, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'Q.931\x00'}}]}, 0x48}}, 0x0)

7.452130373s ago: executing program 4 (id=1448):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x4000, &(0x7f0000000380)={[{@coherency_buffered}, {@heartbeat_none}, {@coherency_full}, {@err_cont}, {@data_writeback}, {@localflocks}, {@localflocks}, {@dir_resv_level}]}, 0x9, 0x4430, &(0x7f00000088c0)="$eJzs3c9PXNUeAPBzL/QV+to+6OuiL3nJm+Q1MVFDoCuVJlJKS6HFmmob42Y6wLRFB6aBwbjoAndNXJm4MC4aTdyxali4rX+CG5d13agLNyYmjZiZuQNzL4yMhAFbP58Fl3t+D997z5y7uJw4Ubkzt5SbW8oVFnLlmVtLZ3IflEvL88UQ75Nt+z+0f/3Tnk5cJwd97f2dXT1/8a0bZ0L4Zva7J+vr6+uhqjskotBsqOn3X36+N9N8bIhDWrXd0FHvhhBObhlXVVcI4Z2v65/iXJI2mhx7QwjHkk94497HN3N7NJqHj4tn80+n7q8Nn55cfbDW+rNHIXxe+s/Lt+d//H/X8Pcv7lH3AAAAAAAAAAAAAAAAAAA848avXb3+5uBQeBSF7tVo6/u648mx1fux63vmf53/sAAAAAAAAAAAAAAAAAAAAPAXtfn+fy46sc37/2PJcaRF/fXXOz9GOmfijatjFwaHkv3foy35ryRJP53rCv3b7Pue3f/9XKb+9vu/b+1ntxrja/TbF6J4IHUexwMDIXyZbPx+KjoSl8pLlZdulZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+//9/b7maquc39+4Se66l49/VstxXH0Vtxf98pt5+xJ/dS8e/u5bW21xgpD4BVOP/SffO8R/LtN+p+B8PIeSi6lhzqRmguoapprdar5CWjv+hWlpq6kz+kK3u/18z8b+Qaf+g5v+V7BcR20rH/x+1tJ5Uic37vz/e+f6/mGn/IOJfHf+K7/+2pON/uJ7YnSpS+0u2O/+PZ9pvHf8/WGy04XqcjPN4lLoCVqN6eqv/V0daOv49W/I3n//ittZ/lzL19+v5r9Fv4/mvMf3/ENWf/9heOv69Lcu1e/9PZOp1ev4fqa3/2K10/I/U0tJr577az3bjP5lpv1Pxr61Kehrx35xPfjtcT//C+q8t6fj/s54YN5dYqf2srf+indf/lzPtH8T6rzr+lbizvT4vmuPfFY62LFeN/7dtfP9fydTrfPxDGLTW37X0/X+sZbna/d+zc/ynMvU6Hf8XOtk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDNgNDn2hSgeSJ3H8cBACOeT81PhSDRdmM1Pl8oz7y+FMJak58KJ6HapPF0o5ecWyrPFfKFUKs+EcCHJPxl6oqVSuZKfL9y9uNFWb3SnWFisTBcLlRDCeJL+33Cs0db0XGW+cDeEcGkj719xefHuncJCfnZu8bXBwcHBMLExhv6o+GGluFCp917PDWFyo25f1DS4WvbljbEcjd4rLy8uFEq19CtNdUrlmUKpqc5Ukvdp6I8qi8sLM4VKMV8q3270d5BGkuPYxLW3r10Z2pJ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8SY+GX/0shNBdP4tDCCONX6Ltyj98XDybfzp1f2349OTqg7UnrcoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhl45RGgiiMAC/GQu18xhWy25nu6KIFq4InkCP4WH0KF7CO6RIkTZFCCSzEDa7sE1SfV/zYH5m3oN5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDxP793HW91EpLjaXEb8ff0vDvOXUn/ux+9fnGFGTuf5tXt4rJvy7+kovytHyzbv0vXq+zNGau93sCfDfdrr+1xPzjW1b1Pz9X1vIuUqItqS36acq2reWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADxwIAAAAAwvyto+jbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgVAAD//xCzHts=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0xe8)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0)

6.835115234s ago: executing program 1 (id=1450):
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x55a8, &(0x7f00000014c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64asumCJWPBPEEisWPIbWMASdogFiB1SkWcm0KQNtI3jqO3zSDNn5vj1mXdGlqUzYzmAZ9ZC+sdvSZyIIxExFxHHk8i3k3KJuBNxsRj7QkScjIjKPUtS5v9OHIyIoxFxYlK8qJmUL31xenzq/K9v//7t94cOHPvymx/29cSBffViRPRXi+3b/SJmnSLeKPONcTeP/XPjMq5uqdHPivzt9kpe4XZjc1wjj2c7xfhs9dZwEq/3Gs1J7HSv5/nVQXHA4bizWWfyhvRGYy3fb7VX8tgdZnnsbBTHXd8ovts2hqOiTqus90lePkajzVjk2+vt4nxWb+axORiV+aJu1mqvT+K4jOXhopn1Wvk8Vh7zIj8B3ukObq2n4/basJsN0vO1+ku1+oVqfS1rtUftc9VGv3XhXLrY6U2GVUftRv9iJ8s6vXatmfWX0sVOs1mt19PFS+2VbmOQ1uu1s7Uz1fNL5dbp9I2rH6S9Vro4ia91B7dG3d4wvZ6tpcU7ltLl2tmXl9JT9fS9K9fSa+9evnzl2vsfXfrw6qtX3nq9HHTftNLF5TPLy9X6mepyfekZOv9Py0k/wvknD07/9OPuLhsUdviAAbCz+/r/2N7/h/4fmLrd9P/9m+X+3vT/8TD9f0yz/5+0VPr//+5/K4/U/56YSv87H/r/PTx/2JXH6/8PTn0eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM3M/zX72ZbywU+8fK/P/K1HPlfhIRlYi4+wBzcXBLzbmyzvwO4+e3zeG7JPIKk2McKpejEXGxXP78/15fBQAAAHh6fX3n5OdFt16sFvZ7QsxScdOmcvzjKdVLImJ+4ZcpVatMVs9PqVj++T4Q61Oqlt/AOjylYsUttwPTqvZQ5raEw/eEpAiVmU4HAACYia2dwGy7EAAAAGbps3999ZWZzYMZS2LzUebms+D8l/f/PBA8Mlnd3fbjfgAAAOBJkuz3BAAAAIA9l/f//v8PAAAAnm7F//8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NzPjdpAFAfgZ4OB/FNQlHtayQ3KSAk55hgoIE1QAmkhDVADkXJICStYYc8ieRek1TLGWvR9ku2d8ernGeDyxtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXfpbree/f375dWnObn+ZPLMBAAAATtlW63n9x7Rpv0v9H1LXp9QuIqKMiFO1+yBGrcxByqnO/H/1aAx/IuqEQ/84HW8j4ms67j52/SkAAADA7dosV7OmWm9OaQngX7+j4kqaRZvy/bdMeUVEVNP/mdLKw+lzprD69z2MH5nS6gWsSaawZsltePreKNdD2gaty8NMFvWXWLfKbp4LAAD0qV0JnKlCAAAAuAHf+x4A1/C0tC+Op+N7xnFzSS8E37RaAAAAwCtU9D0AAAAAoHN1/d/N/n+TF+3/V9j/DwAAALJr9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS9tqPd8sV7Nz9xfPzNntL5NvRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKGxSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsW//vm1UcQDA3/lspylUhIAiEUAFdYCFpm5p6YoQKGLgT0CKUqcEXAptBlpFlCxsKHMXBAsSQkigsOV/6NxIXcrWIUOQmBiC7lf6nJgmpO05TT8f6fl9/Xx5P86Wla/fHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQWX83vNIo4zR7GCviqu32xuJsVq9tqzOry3cms5LFyUjVeuz1+mZ/oL0aPzk+MbyJAAAAcFgc2/WItMrvQwh3WyvTWd0Yy/P/VnVMlvP/UHaVlG3b8/61jcUj5UuTVf7/x+/3XtwaaCzNx8k6nZvvdU/tnEpz38t8wj236xHN/Mznv72k+RvS+HDphfVWfj6T727der+dhyN1zBYA2I+TVV0G1f9DWd0Z5sQAeGo0o8S7yv/TseHOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAO60vhmSpOQgiTzftxZm1jcXZQ/c3yncnVspy7eXM57jProhVCmJvvdU/VuJaDqzqb1z+b6fW6V65eqzs4HkIY8NKNvf15Wk7/P49phxD6Wk68NKCfj/cw1rZ+dgTlxzPUew5Hs/XtenDS15LsOOHvbRaG8QGoK2iU78/jGGK09ve9P6g+e4++5//zXTLyaL6SAAA41FplyTLRu62V6awtGQ9h88f+/P+NKA59ef/mjaKleL4a5f/3Pjl3Ox4rzv87Na3vSTC1cOmLqavXrr81f2nmYvdi9/O3T3fe6Zw5f/bs+an8t5KpudDwiwkAAAAPoV2WOP8fHbD/fzSKwwP2/4st4SL///L7ztfxWKn8f6D7m37DngkAAMDTqL0VPf/a338lA45I2u3w1czCwpVO8bj1/HTxWOt092mkLHH+n44Pe1YAAABAHdaXkr79/wtRHB6w/x9f///szy//GveZFtcWXA4hdE/OXu5dqG85B1r/Tb8/pY/jRuV8oPawVwoAAMCwjJYl3v9vjWf5f2PrkodGCOHNEyH8U97DH/aY/6cffPtLPFZ8/f+ZWld58DQmivOR1xMhNCeGPSMAAAAOsyNlyZL9P1sr05/+dvSjtuv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr2bwAAAP//aR4tAA==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0dbf)
fchown(r0, 0x0, 0xee00)

4.95488383s ago: executing program 3 (id=1458):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x28000054)
sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r1, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/232, 0xe8}, {0x0}, {&(0x7f00000006c0)=""/145, 0x91}, {&(0x7f0000000480)=""/21, 0x15}], 0x4}, 0x1}], 0x2, 0x2023, 0x0)

4.95458793s ago: executing program 5 (id=1459):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000640)="70d4", 0x2, 0x0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000)=0xffff2652, 0x4)
ppoll(&(0x7f0000000100)=[{r0}], 0x1, &(0x7f0000000280), 0x0, 0x0)

4.913376864s ago: executing program 3 (id=1461):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000280), r2)
getsockname$packet(r2, &(0x7f00000004c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2c, r1, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008080}, 0x0)

4.784312466s ago: executing program 5 (id=1462):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvfrom(r1, 0x0, 0x0, 0x2080, 0x0, 0x0)

4.658153979s ago: executing program 4 (id=1464):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc", 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x28000054)
sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r3, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/232, 0xe8}, {&(0x7f0000000340)=""/121, 0x79}, {&(0x7f00000006c0)=""/145, 0x91}, {&(0x7f0000000480)=""/21, 0x15}], 0x4}, 0x1}], 0x2, 0x2023, 0x0)

4.584341726s ago: executing program 5 (id=1465):
r0 = io_uring_setup(0x7fc0, &(0x7f0000000000)={0x0, 0x3, 0x40})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000280)=[@ioring_restriction_register_op={0x0, 0x11}], 0x1)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, 0x0, 0x0)

4.584218586s ago: executing program 3 (id=1466):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x0)
setresuid(0x0, r1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x0, 0x0)

4.335876501s ago: executing program 3 (id=1468):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000200)={0x40, 0xf, 0x28, "f0803bb547c4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000000)={0x40, 0x8, 0x4, "76346e10"}, 0x0, 0x0, 0x0, 0x0, 0x0})

4.334035711s ago: executing program 5 (id=1469):
syz_usb_connect(0x0, 0x3e, &(0x7f0000001100)=ANY=[@ANYBLOB="1201000020dafb2099041010f50a0102030109022c00010000000009040000016f2bae000824020100000000092402020000000000090585da20"], 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x2, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f00000000c0)={0x80000001, 0x1, 0x200001, 0x10, &(0x7f0000000000)=[{}]})

3.893033055s ago: executing program 4 (id=1470):
socket$packet(0x11, 0x2, 0x300)
set_mempolicy(0x4003, &(0x7f00000000c0)=0x9, 0x5)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000400)='./file3\x00', 0x210048, &(0x7f00000003c0)=ANY=[], 0xfd, 0x1dc, &(0x7f00000007c0)="$eJzslj+v0lAYxp9zSgoYjYmji4Mk6mBpixoXElmcHEz8QxxMJFIJUiUBBiEx6Cdwd3Nw9wuY6OqHMOiiC07euTfnT+m5XApcbrkM9/0lnD5tz3n7nvdtngKCIE4tv3/tTaL/1T8FAGdRQl5f/2slc7gx/2fh39vv9+7WPzz9/CM/cYqLYkbR+s/PAfhWszCYrT24uqSPD8Fn+hE4rmldB4Oj9TNwPNY6AMMTrV8auivmO86Ldhg4z7thUwhXDJ4YfDFU5vObvmdoGvkx435/OOo0wjDobVGsqt+0xlE18jP75UBl6xr188DhaV0BwwOtbyMf10aVxNj/xVwS31q6fxvbrohI5QirLpxLbZUNYLM0AJZV7/FOv7LbfIdShAUp4o5mFNk6oV2IF33FHOSWVT67LWcnNunF1ztqTXwlGqtzOed8SsBovOYjbBy6VVy9KvGn6BPDFcOflJV8lJ8a0cJyfzi63n7VaAWt4LXvV265N1z3pl+WRqTGJf5XlP50Jom/8JsksJmNN43BoOepcXbuq3GR43LpfxxXL6tz4ab2XNyCoZn+cXmU3tv5kpo9QRDE7rgEJj1Z+nIs9NcExn/d+zvMkSAIgiAIgiAIgiCI47EfAAD//xEmRfM=")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x82400, 0x0)

3.727765271s ago: executing program 0 (id=1471):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x28000054)
sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r1, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/232, 0xe8}, {0x0}, {&(0x7f00000006c0)=""/145, 0x91}, {&(0x7f0000000480)=""/21, 0x15}], 0x4}, 0x1}], 0x2, 0x2023, 0x0)

3.518732442s ago: executing program 0 (id=1472):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0", 0x49}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)

3.444462019s ago: executing program 1 (id=1473):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)=0x4)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$P9_RVERSION(r2, 0x0, 0xfffffeb5)

3.43291867s ago: executing program 4 (id=1474):
r0 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0xfffffffd, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x7, 0xe})
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

3.23538487s ago: executing program 1 (id=1475):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5")
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
ioctl$NBD_SET_SOCK(r0, 0x8004587d, 0xffffffffffffffff)

3.143592659s ago: executing program 0 (id=1476):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000539d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.778983995s ago: executing program 0 (id=1477):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)=':', 0x1, 0x4c880, 0x0, 0xfffffffffffffe4b)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

2.600347353s ago: executing program 1 (id=1478):
mbind(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x6, 0x4)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0)
syz_usb_connect$uac1(0x5, 0x9c, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001000000406b1d010140000102030109028a000301ffa0060904000000010100000a240100000202010207240504062e7d0904010000000000000000010101010200000c2402ec79030420be11d1d109050109758b0620010725010006efff0904020000010200000904020101010200001124020306040803000c0000000000000007240116050210090506090002"], 0x0)

2.400346002s ago: executing program 4 (id=1479):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x2000850, &(0x7f0000005500)={[{@nobarrier}, {}, {@compress_force}, {@nossd_spread}, {@space_cache}, {@clear_cache}, {@compress}, {@usebackuproot}]}, 0x1, 0x5109, &(0x7f0000000280)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22yUMtVdaUqhFpmnVDg6oojR17TTZesGObEqMQGZuIRhaUNkjJhyKMoqjmA9QKRCQBhIsUR6g8IqqiAAKF1hAFQSlJRJoghWr23jN759ydh+1d4yW/n+SdM/M/zzsPz7n3zrkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC74chXrvj7ZvEHfnvBE09fPP75fesvfuGqC858JISJmcc7snBH/7U3jf/8tvNv33f32pvvPHbhe3vzcnk8DFT/dOZ3rom1Hlsawl0dIXSngVWDWaAnvz8Y63vbYAhnhNlArcRkf1YibTj8oC+Eg2E2UKvqe30hDBYCFz16/33XVRM39oWwPIRQSdt4qpK10ZcGzunNAv1pYHt3FvjVa5la4LudWQBOWnwz1F70hyfqMwzPXa7B669n3jr2+kqH1xUTw43zvbh+gTtV0Js+MHFST1upOhZE6e1xxLttEbzbStv5Bk9b8YtU/g3ltdlQJXRumdy66fLp3fGRzjA62tWopgV6nh9/+Uubjye9aF6HsQPD8/I6vP7h5bd1rfzYQ3euWv7cofftf/5ku/njwiYtphdaJeSvuUXzPEbjPk8Wwduv9C1pxJeuEMLWz/3Bx5vFS/P/4ebz//hyjreddbljra8OZXPz+MhgTLw0lM3NAQAAYNFYDHtNt4/e+6Fm9ZXm/yPtHf+Ph/zzyXw22iMhjM8k9i8L4ayZx7PArbG5zy4L4Z0zqYn6wPokcCSEt84kVtaqSkosiSVGksBPh/LAeBI4GgMTSeBbMXBDErgmBg4ngc0xcCQJnB8DYap+HH84lI+j7UBfDGzMNuLheBbCL4Zia8m2erJWFQAAwDzJZ4c99XcL5zqcbIY4vTzc1ypDPAO7YYZKUkM6g61NqxrW0N2qhs5WNdTGvbf58Es1d7SquXQaRkd9hpt++XefCE2U5v9jzef/lTk60lE6/h/Chpm/MXdnHpmuxTdO1GUAAAAATsLA/z3zzWbx0vx/vL3z/+M+ka5C5vBg3A2xbVkIY/WBrNo/Lgeyo94DeQAAAAAWg9rx+Nqx8Kn8NjtFO51Pl/NPHGf+eOB/fM78vUfu2disv6X5/0R75//3199mnTgae/G1ZSEsKQR+GHtZDcwYiYGffLg+kI//aNwAB2JV+YkJtaoOxBIbY2AsCRxsVOJHtRJn1QfyJ6vW+P7aOKbyEoUAAAAAnHJxd0A8Lh/P/3/Xb9Ze0axcaf6/8fjO/5+ZB5dO758eCGF1dwhd6Q8DHuzPFgaMgcGOPHFvf1ZXV1rV1f0hnFcdWFrVM/n6/93pGoOP9mVVxcBZ7zr08jnVxDf7QlhdDDz2qVveX03sTgK1xv+6L4R3VEebNv6dJVnjPWnjX18SwtsLgVpVn10SQrWx3rSq+yv5dQzSqv61EsKbCoFaVR+ohLAnALBIxf9KtxQf3LXnym2bpqcnd36/O0/UHpm3RNyH3xe2Tk1Pjm7ePr2l0qBPW5I+1y1jdHV5TO1e+ebJfImiT96xYbCddO13gmPFtvL9+KUTB/P78btQz8w41/bU3V2XDvk97y43EQrfpBoNuXOBh9xfrGT2SSzVH/P3hoGw5PJdkztHv7hp9+6da7K/7WZfm/2Nh5mybbUm3Vb9c/WtjZdHw9WyEie6rVYUK1m9+9Idq3ftuXLV1KWbLpm8ZPKyNR9YO3bu2LqxD567ujqqsexvi6GumKvqZKiv3dJoIAcWbKhndxcqmf/PCAkJicWf2D6woun/yaX5/47m8//4qRM/+fP1GRod/x+Oh/mzx2cP82+MgYPtHv8fbnQ0v3ZiwEgS2BsDex3mBwAA4I0hTvLj3sy4V/pnK7/zXLNypfn/3vZ+/z9P6//Xlq6/sNEy/ytjibFG6/+ny/zX1v/f22j9/3SZ/9r6/wdfh/X/L68Fkk3yC+v/AwAAbwSnbv3/lsv7pxcIKGVoubx/eoGAUoaWy/i3e4GA417//6n/+pv/CU2U5v83tDf/t3A/AAAAnD6+/BdX/F6zeGn+f7C9+f+pX/8vNDr/f6RRYKLRwoDW/wMAAGCRarT+3/C1/Z9pVq40/z/c3vw/nnbRWZc71vrqULamXUjXtHtpqPaTAQAAAFgcOsPoaE+beetWRl1/4m0+ni8F2ixd9MyfHTu+8/+PtDf/r/tdxvUPL7+ta+XHHnr1zlXLnzv0vv3Pzx7/BwAAABZOu/slAAAAAAAAAAAAAACA198z/7lvXbN46ff/YcPM441+/x+v+xd/X/Dmutyx1tbr/+X3L/ro7Xtmlix8cCiEdxcD2/ZtOyPk1+ZfUQzc9+mVb6km9qUl7nn6/Geric+kgY+sOvOVauK8JLAxLpL41jQQr6r4ytIkEJdX/I80ELfH4TTQmwe+ujQbR0e6rX42mG2rjnRbPTEYwrJCoLat7hrM2uhIB3hjEqgN8AtpIA7wL/NAZ9qr2weyXsXAYCx680DWKwAATlvxW2BP2Do1PTkWv8LH27O762+juiXLri5X29Fm80/mS5N98o4Ng+2ku9LvorPXGu8JleoQ1pS+rhazdMyMcn5qabHp3txgyK1We+tsUC51vJuut/GI+rIRjW7ePr2lp+XA17XOsra7ZZY1pclOMUvnzCZto5Y2+tLGiNrcNm10Od7vDKOjXUmuP4rB4VCn1Sui3d/rF9f5a/QqKOa57Nj+XzWrrzT/H25v/l8pjuuV/GIAe+OV9f5hmWX+AQAAYGF9df2vvxH/feLaBx5rlrc0/x9pb/4f92Dlh4KzvR1H4vX/9y8LYebS+sNZ4NbY3GeXhfDOmdRELJFdUP/CWGIsC9wad5isjCU2TtRXtSQGDieBnw7lgSNJ4GgM5HspDoV8V84/DoXw/pnUhvoSO2KJ4STw8RgYSQKjMTCWBJbGwHgSeGFpHphIAv8eA2GqflvdsTTfVgAAAMcjn2f11N8N6TzvcHerDB2tMvS3ytDZKkOlVYZGo4j3vx0z9CQnr3QUMvWktfYltZQyxIvhH3e/ShnCj+pzpgVLTcfzD+L5BpNJhrs/1F0JTZTm/2Ptzf/762+z1o/G+f/s9f+ywA9j974WTx0fiYGffLg+kO8YOBonuwdqVU3kJfJJ+4FYYjwGRpLAjhgYTwIbN+SBg2+pD+Qz7Vrj+2uNT+UlCgEAAAA45eIOgribJs7/b971lYFm5Urz//H25v+xvYFiY9fEWo8tDeGujtne1AKrBrNA3I8xGH8e/7bBEM4o7OColZjsz0r0Jg2HH/Rlv1DvTav6Xl/244N4/6JH77/vumrixr4Qlhf2vtTaeKqStdGXBs7pzQL9aWB7dxaIe35qge92ZgE4abW9gvEFlZ/qUjM8d7kGr783yjVB0+Gl+0DnyjfXb64WSmmHa75Pteb4nram+2+ZN6W3xxHvtsX4bhv2bit+kcq/obw2G6qEzi2TWzddPr07PlL8JWvJAj3PxV+ptpOeh9fh3hPvbWuVtANjycfH2Nzl5n4ddsTqrn94+W1dKz/20J2rlj936H37n2+7Gw3EHwrff9W/Df64sHkXWiXkr7lF93ky4fNkMf43MOJpCyFseOHrB5rFS/P/ifbm/93J7Yxfx425a1kI7yls3Afj5v/TZdnnYCGQfUq+qRzIDrn/91DDT04AAACYb7XdHbX9BVP5bXZCeDpPLuefOM78cX/F+Jz52+13/99+enmzeGn+v7H5/H9J0k3H/x3/Z4E4/j+n031X9JL0gb0ntSu6VB0LwvH/OZ3u77bfveP/ba0e7vi/4/9zeWMd/3/xinnsYsbx/zmd7v8NlL4l7fClK4Tw3J/c+0SzeGn+v6O9+b/1/+ZetK+2/t/GRuv/7Wi0/t9e6/8BAAALqsFCc+k8r7R6XylDunpfKUPLBQJbLjFo/b+W6//FnDHDs2c/9ZvQRGn+v7e9+X98OQwUW18s6/+NbGhQ1Q0xsMPCgAAAAJyOGu0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PV19z/975Zm8Qd+e8ETT188/vl96y9+4aoLznwkhKmZxzuycEf/tTeN//y282/fd/fam+88duF7K3m5nvz29+tyx1pfHQrhYOGRwZh4aah6ZzZw0Udv39NdTTw4FMK7i4Ft+7adUU18ayiEFcXAfZ9e+ZZqYl9a4p6nz3+2mvhMGvjIqjNfqSbOywMdaXf/eWnW3Y60u9ctDWFZIVDr7ueX1ldVa+PP80Bn2sa/DGZtxMBgLPqNwayNGJiOJaaWhLC6O4SutKoHKllVXWlV369kVXWlVX25EsJ5IYTutKqne7OqutORP9KbVRUDZ73r0MvnVBMHe0NYXQw89qlb3l9NfCEJ1Br/q94Q3lF9yaSNf7sna7wnbfzGnhDeHkLoTUv8sjsr0ZuWeKY7hDcVArXGP9cdwp7AG0L88Kn7RNu158ptm6anJ3cuYKI3b6svbJ2anhzdvH16SyXpUyMdhfRrV5/42J98+Uubq7efvGPDYDvp7rxcz0yX1/bU3V13uvc+9qu/WMns81GqP+bvDQNhyeW7JneOfnHT7t0712R/282+NvvblUezbbVmsWyrFcVKVu++dMfqXXuuXDV16aZLJi+ZvGzNB9aOnTu2buyD566ujmos+zsfQ73l1A/17O5CJafiA0BCQmKxJTrrPt3GTvcP8tIX/dmO9oTKzAd0aVpRzNIxM8r5GPT6ExzxiXxPaTmiNaWJQynL2jmyXF2fZV1pMjFbS1+WZeZ7XWlyWGysc2aTxvudYXS0q9F2GK6/W9y8L57E5n0833TtpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2cHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WYfRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcCgAA//9FxSWx")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)
fallocate(r0, 0x0, 0x7, 0x1)

2.02462365s ago: executing program 5 (id=1481):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000480)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:* r'], 0xa)
r2 = openat$cgroup_devices(r0, &(0x7f00000002c0)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f00000000c0)={'b', ' *:* ', 'm\x00'}, 0x8)

1.268362645s ago: executing program 3 (id=1482):
unshare(0x6a040000)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lblcr\x00', 0x1, 0x4, 0x8}, 0x2c)
r1 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0xf}, {@remote, 0x4e1d, 0x3}}, 0x44)

1.264819865s ago: executing program 5 (id=1492):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f0000000080)={[{@barrier}, {@autodefrag}, {@noacl}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x34, 0x74]}}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000008c0)='.\x00', 0x40000, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000002480)={{r0}, 0x0, 0x0, @unused, @subvolid=0x3})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0xfffffe41)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x5000943f, &(0x7f0000001480)={{}, 0x0, 0x0, @unused=[0x25526d87, 0x10, 0x7, 0x2], @subvolid=0x40003})

1.028055868s ago: executing program 4 (id=1483):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000002cc0)="099ccccf84f531d9ec214606c11430c1", 0x10)
sendmmsg$alg(r1, &(0x7f0000000b40)=[{0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000001c00)="5985d20392a438a118753a61ccd1d0e83101f02653a3db12a8785d9bcc59b58251f9ae571dc6a2d023b82407fbb8ae52a24b445059869df6095b826013c10bb7745d9edc0ef211452945180b52cc3986fb74d70cdc0194be37b376d2d4798d4e4463d042b1a462e80d80915fcffca56f2e0f5a6b6bff7e43eb6c80c1a8e85c077f4e980c3aa7b4b34562044059224e7280a86d55356ca279765d0943a185ac585ba7355885a40b0f4d02e5afe7b154deb20048d62307273f7069b86987af5b7fd9272d1ed5a9891e493deafa8a98f30c86803d00028221b891d3ae3437e26e9e0bbb0c152036ffebc06c5aa3fe55480e68414e7283793c5f93bf95ee471bf2b70abf696bb304bbecce852fd81439df022489675c1827a96f824378a80ce5338143bbc8fc3b1955bba34f2121cf485212c7cd8b50d81382605d28573b46b376e1092560f6d76c8ee2c4ebd9cf88665cec5acd5c2bb34ed1ce0338a7c1c8583914be1ef3a054e91f35a82147c0ef819f7971e12c18c5314df9e06bbbea133f82e638fd4646fb6a517fe75130f65392e8e1456fff3ae5cc7298b7bd6e7ea141808b4b4ec6930e7ee97e802a9a5c37c7bfaf6f8fd113b1e713e9d07cf0ddddf91965c29dbcc7a6478a071efe498458ee8428baeacd171ca321a88863d747ae8ba633f835401e66c831bec8d66ede3a6be8c9d6cd2e543df191a661d934e115c49db11cd3382aa4c378ea27b37078e4dbd52d5237873388f0b114dbcd77332e3cae456d8a96465a763709b9e33255b9648f186ae462f585dd729676a66e5dcba00b76ef82b9926d820d1f81f2ef2bdedb9727bc9b8420a16af0a3d49bfabaf53637b5712cd1efcfecefea443d99749398406a15af44464330fcc7ae05bc1319a403f17320384adf670171b10572b7a3c29224327d4da0cc98605adb69b143b75f495c3ee34b0e2df6119cdecfc9c14adac77c00225ba394a33c2031f7fd6fd5c51603133fd282b714d0206a61dcbfd9826847751c0828c7258b75739fc0f26cb4f5037652f608bfd156660b8ca43069fdfd27dc658b768b0842a71bd2191064e7c343710b26b4f94900dea847881b9269a250b165aa5b32cb02e853e01df7283f5aae557f555cdd110ffa52c5c702cb214934c5aa8a99c87b2ec9dd6717693827029ad477fa822c84c83303d04a6db313af73b83ef53d0caae2a0de16e13746d092a2e6260638245c57bf2904740ef4d4385b3fd888ea17795c712dbce6a559c71a8425deab805f99ec9f16cf268c5c6cb6cbbefe71115e62c85e9a0940b96a19a49b4a9373250c5b7a2446b4393aaa144ba32a9a0fff5cffc515d48691911a84ef869af3c3b08db4d8e44279b8ecf0753e88e5405897b4050db08c254cf0ff5b69a045bc62049218a573c6a395148454953a72768ddbd4326a0d247a0a4571ea894875a2f899f47487c3d2b62e51d8239633d3421fd79b0c32d05b99256614accf64ee6e2d51a3bdd2210d000000e6ac68159923977200feba975e290d768d7255416a06c8f161fa39f7a04c4651d420f1d96703cb3773bd2a2a0c37b1603151c4cc47f0699900849509534f8ec5131cfee5d96d598e28d571328ca037a34ba31aa5e6d51fe2604f8316545f129f0ae8e0856888d3315ed22f6246852df12d67e3a64e7891df946b81495189341e9401406037cfb31490fcff4fc0406f2f70e2cabcd0fb8adeec4be909526dfa252a5aee0435df3a07e0897b86eaff8dd190f466b2a81e8a37ffb577bfb5feddefb292809c1d925c2f9cf27380dc78e74d74ceb1d31ebe84bbd2e6ce48dded3c55203966896ad1458d3d3095b9bacf250416ee27aa73a5c5d6ec6b2c9c323759ffe97df44481f796f4762e3245c0a88fd129dbafde688f2c57445665c623025a76748a9931a7f67c53faa4a155c9ba5caa38986462e48db7c580749bd372955244c9d4a17631f24b9b64036de9e97147b7056dcb54652fca36a037d0c3f754a303c594d8e04f706fe75e8f19607e6cc94ac60d83b4fc620a00b52605323391f3e005dcdb9be443b59d89760b605f32c07bef27a326863e07d770e7bb2853354f6404a83d099559e5a25849bd16c6381354ec45df14e3e16099a0cc299256118be93e47c025b01a2fe899c81411c8f6b74808562ecb2f91b8688b1617b93516b29162bf71db6e2dbee1ba98fba3cf6e7f56d90fbf017d2d81d2411515d73272bc167a55770deacb3d79dcfa1cb9c27e27585b521d3900e4fb280c1ba1f9e956bd1326bf162255f66b0189ae648a402e48cc61fdd20fd3a09070c88167730bf80b34cecfcb37a4046552d1b345f66c97fb67f1993990e55e43ee58372455864de62d636d836477fca1ca355bce2eed04ca30751ad642e61862d1e29886b9acc5be9d6ab7e6eab7c89a7ebde051116ae5f12432caa8228c4dddb5221f7f5fafeef8d397ee0c7d94dfcd2fade21947c98bd89b071f4e24dfb43b46f1db5f1276d8d71e3cccca479cb612be6bd02e6f188403b85022ed0e9d42f9c4531a11659bfd144b4a49b6659be2a548658a66d7faa44622742d7c42d7f90caa2ca3a24d10c993a9b1c814f4e0b735615cbd9c00d6bf444d0ae1071f2b74023d2e53b9d2b79f6ddaeadcef3bcc5d13971b7f9c7e72d1a431e1d79234e1dab13ee758f741777d836905c7873de0192ecda15d3a224331fc2222f6793edd69da51befe4f772ec696e4e4e5deba877b52b91d8b7de4fd151e1009134cebf4a353e6219b21f131487b3fba0f4b7e39626c5c7583ed5073086ff735ce19cb786e8d1bf359b4c3a7bc29bbf9d441d914d7e842b88f0868d0f6a6fd41624271ad5e166d677ea5109b6c8e9d2fdfff9e944e9c9ad50b3cde7e3f229e2bbf81c6aaa7b7c8e5700362000b6509942bbed25253e0833a5f7a71975b780472ed6f3da3a2ba162f20b3b90d4a084acbb137129bbd9b65f3e9ba6886241d80ee90dcf7d64050d52e8550f21262a88395ca06b83a5b5d9c05426582c86fe7753019a71ecc84c59fae3239d195246306f153b301629fbc6bd6e3fbc6aff7d35d79c5c8046b61ec70e2b7356c9400477778990364091be2b74bdab711f5561ff137021fdf9e82a35fd5bf85673bbb2944cf1f36a2e25fa4dd948525621f7a14dc3c8d1e1f1ec9d334dddcf7f9487f3d3ec60106becfddc15ece3850215aa3231a543264263757c6417adde58eb6b624096a9759c8f7a1c9add4d374a4301a86fcc5c7b96e4e294cc935ad9315669d03b80522e5b7f6207e325cc5e9a33cdd8d5512aa388e452674a936826d47f23097d33c4e4a1f2f0802a2b9be2a608f2f0ff27f6b041d70d268f848687d45e6e510691ad516c7d7038d4153fb30415e425a4cb9d879aee8ffbca65df46876151af9a583d9a3fb331fb1b616a8007fddba31bee77e420172cd2a2a140a3376db47d7336d958bfa6f4ae80f78310c9043a184258dbaa9bba0c2482d7eb70c2bd94d52587fb92fd80c58110b05ad6eb1623009cd263deb3cb219bfde713ef738dfed0b1c6254177d939e8c358cc69ddfa3e31aa4c3cbfe384d96749217ff3b2b45a15f34403fe327aa2f805d1eaf7ee7f187070032eceba18a11e4ccf7c2e3a4d5c72d1db7b0bb5dc2354ae7eb27dedb91a5571203835b482353950220ad39f21334135c6fdd22a71c6119ce5dfa292a71ad296b141663210872c192aa228e21068d717235f1186234de39e69e5904ead38314ef69b86a656371d9987d327a7064fc6e1acd7f822165b1e42da9bff573db1eaf2563552bf6dbb6591031883f5cf7e22d1f2e2522e5bb88fc4bdece187d7f2612886a7f314895d43dd2c9e1b731aec39014028590ea0c76f1cd7d71c96ed45ce31d5e38f38a36a95d54708875dd99d8612275450a700251c7f21742d31b9be6de5fcf63b7b639ff746f31537694b3005ddf6cc8375f25bd782bc784943b72bd19f938a449fe0a617b5b1430a4d506e3bf0a1f118b6e45e9e6a3515efd9ecd1a964c5459921b01a0cacf0d4e4659f06ee2e53123a2241b583072f91af6b82f51fa14622ead00697b2f511e7f54cc4e8b015bd03b4ebae849ec9f7738d945450ff8363aee60678b80a86e93326f6a87d73b1a114f6f6186e2a4365d66d5b74df15280c4060ec847da5a1baf1706e7a373f2ec73ad755bffdd5813cf5ce8cf8b07d4ac8b324293b7248145b35b13fe638f902c5e8147084c221591cefa221573080f49ed7b3479e9c81c4ec2e5e8df89ce0266f6023327aae85f74fc70085398ca9749a1b8467d3d2d7bdcfc4bb9af62721a4cf55a5d2600210eeda03de3b9353725eb991583d7226debf7e3d4b06d89c41599b3687d56571c6c810882e1060510b0e6480b4e3d8705c858e24897dd8bd936f9a16bd626b98dd55696aa2dea3c0a12a6b12f5befba90ea487134453b5a8e863b5446565730e9d84e019d664654568c3448bbddd8cccc15e4615addae0d732dafe6f54b229cd5689396720d0010dfea3f9e6d9793b51be5c4e39659e8eb604ec15ee7ae2a2961a8b815d9417795cdde0702d6cf7dcdc16f02365d7eee5dfc7a0a9ea3957672f00a209fb845e782777ef9e5c9e7aa7926bb93c3486a8612e222ddc9709d9a2acef6c60db859c4fd39f365bb22f90edd04f891fd3ccdff35c5eac56ec49d02063a7859aa14c938d575fb85cc26a3f3fb3ef4d8ce576e927dc54c27702aff904e133a6869ac4384ca6ce273d1a7f3b4ffb570dd097e607ade8eb8ca1d436733262b527c508e4ff7e09bb56432c36a38065c582210252efc06aa0d3fe0ea99e97e6ee88f80ad33bcb2cd0570b8f97488bfe09d4560b9ab44ec7ea5726d291460ab46d32922c1b37067425ff9abc8a4bf810879114dc266a575e1ddcbfd6ef2c51b624091b3ebe68ededfd94f883ae674b1f00be817a559b3c6376aa68f039628ae425191b7c7ba60e73b0fa3c4fe5533b4f8fe0b21f61a5f9e520e22cdbebd929048552b6d8d1d5c18fa9900b7786462e7e4d738e57485e9a6dd14a0fd37f0256613317df8ec3518c7eee50c59070a7276f8b0575426887f2cb5be122cc766a25a07132ef01611d0c2d3f16de29a8c0f39a3a5a3e9596b61fdd3dff97b95ff67b4798ddbc4b14e518bcc52cdd2d87605ce9d9c5f2a6d4e11d2f94575b0d5de72d0b97d0a2cf32b5465c6a4ddb62d61b97f2331341c9d448ec765180f858394f2c0b2ee982b9f867d73f97d0e0e3b275ef49c7c262c4d6f5fac787edafaa8b79410b1288a0b52afd93c8584ff9d61eddfa0cada98bd3c200fc708078098764bbe304c44d62eff132415a917c022c9f7466318017da7b4649eb0fae58fcb716a1f295d84dd9ec14218beb0372c041aaa4421a8f75eaef5115f0f32aca8fd30fde0e9e08972e23faf5381eb18c626c0ce920261461c3dfe7f1e8b35ca16f7283de3af4bba5c384e256cd369568214101a8e27c94531a81fe4fba595a4455f8724eebea716d1a4940b3d787fc4bd6ad8aa403fceb74f316fb5a816890646338efb6f13aba195f127aa1b1107bf303b1f997c74d6f4f664d708f58c3b3ca063825405ad7a61260debf4b220443b6537f5ae94820ec62901944cc9023e655f82e0e31a13f351ed0336cbcfda8ae0b20025fb33e49f011f6aa708140cffefbd06f9b90fefc6f9d79f67495ff0b1a2f1ff075eda3fdd800088fc0583dc0e1e9f7f02673da61cc4466a2559d70cd90e453b11449442eb11f444e1203bc38754f7ad0d93bb91e40f9cd490d2dd5d7e2571c460718f", 0x1000}, {&(0x7f0000003c80)="f494bc1bb96aba00df31753b51c2437e", 0x10}], 0x2, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20000010}], 0x1, 0x20049001)
recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000b80)=""/4095, 0xfff}, {&(0x7f00000002c0)=""/39, 0x27}], 0x2}, 0x2)

746.052066ms ago: executing program 0 (id=1484):
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef)

74.987423ms ago: executing program 0 (id=1485):
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x55a8, &(0x7f00000014c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64asumCJWPBPEEisWPIbWMASdogFiB1SkWcm0KQNtI3jqO3zSDNn5vj1mXdGlqUzYzmAZ9ZC+sdvSZyIIxExFxHHk8i3k3KJuBNxsRj7QkScjIjKPUtS5v9OHIyIoxFxYlK8qJmUL31xenzq/K9v//7t94cOHPvymx/29cSBffViRPRXi+3b/SJmnSLeKPONcTeP/XPjMq5uqdHPivzt9kpe4XZjc1wjj2c7xfhs9dZwEq/3Gs1J7HSv5/nVQXHA4bizWWfyhvRGYy3fb7VX8tgdZnnsbBTHXd8ovts2hqOiTqus90lePkajzVjk2+vt4nxWb+axORiV+aJu1mqvT+K4jOXhopn1Wvk8Vh7zIj8B3ukObq2n4/basJsN0vO1+ku1+oVqfS1rtUftc9VGv3XhXLrY6U2GVUftRv9iJ8s6vXatmfWX0sVOs1mt19PFS+2VbmOQ1uu1s7Uz1fNL5dbp9I2rH6S9Vro4ia91B7dG3d4wvZ6tpcU7ltLl2tmXl9JT9fS9K9fSa+9evnzl2vsfXfrw6qtX3nq9HHTftNLF5TPLy9X6mepyfekZOv9Py0k/wvknD07/9OPuLhsUdviAAbCz+/r/2N7/h/4fmLrd9P/9m+X+3vT/8TD9f0yz/5+0VPr//+5/K4/U/56YSv87H/r/PTx/2JXH6/8PTn0eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM3M/zX72ZbywU+8fK/P/K1HPlfhIRlYi4+wBzcXBLzbmyzvwO4+e3zeG7JPIKk2McKpejEXGxXP78/15fBQAAAHh6fX3n5OdFt16sFvZ7QsxScdOmcvzjKdVLImJ+4ZcpVatMVs9PqVj++T4Q61Oqlt/AOjylYsUttwPTqvZQ5raEw/eEpAiVmU4HAACYia2dwGy7EAAAAGbps3999ZWZzYMZS2LzUebms+D8l/f/PBA8Mlnd3fbjfgAAAOBJkuz3BAAAAIA9l/f//v8PAAAAnm7F//8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NzPjdpAFAfgZ4OB/FNQlHtayQ3KSAk55hgoIE1QAmkhDVADkXJICStYYc8ieRek1TLGWvR9ku2d8ernGeDyxtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXfpbree/f375dWnObn+ZPLMBAAAATtlW63n9x7Rpv0v9H1LXp9QuIqKMiFO1+yBGrcxByqnO/H/1aAx/IuqEQ/84HW8j4ms67j52/SkAAADA7dosV7OmWm9OaQngX7+j4kqaRZvy/bdMeUVEVNP/mdLKw+lzprD69z2MH5nS6gWsSaawZsltePreKNdD2gaty8NMFvWXWLfKbp4LAAD0qV0JnKlCAAAAuAHf+x4A1/C0tC+Op+N7xnFzSS8E37RaAAAAwCtU9D0AAAAAoHN1/d/N/n+TF+3/V9j/DwAAALJr9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS9tqPd8sV7Nz9xfPzNntL5NvRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKGxSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsW//vm1UcQDA3/lspylUhIAiEUAFdYCFpm5p6YoQKGLgT0CKUqcEXAptBlpFlCxsKHMXBAsSQkigsOV/6NxIXcrWIUOQmBiC7lf6nJgmpO05TT8f6fl9/Xx5P86Wla/fHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQWX83vNIo4zR7GCviqu32xuJsVq9tqzOry3cms5LFyUjVeuz1+mZ/oL0aPzk+MbyJAAAAcFgc2/WItMrvQwh3WyvTWd0Yy/P/VnVMlvP/UHaVlG3b8/61jcUj5UuTVf7/x+/3XtwaaCzNx8k6nZvvdU/tnEpz38t8wj236xHN/Mznv72k+RvS+HDphfVWfj6T727der+dhyN1zBYA2I+TVV0G1f9DWd0Z5sQAeGo0o8S7yv/TseHOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAO60vhmSpOQgiTzftxZm1jcXZQ/c3yncnVspy7eXM57jProhVCmJvvdU/VuJaDqzqb1z+b6fW6V65eqzs4HkIY8NKNvf15Wk7/P49phxD6Wk68NKCfj/cw1rZ+dgTlxzPUew5Hs/XtenDS15LsOOHvbRaG8QGoK2iU78/jGGK09ve9P6g+e4++5//zXTLyaL6SAAA41FplyTLRu62V6awtGQ9h88f+/P+NKA59ef/mjaKleL4a5f/3Pjl3Ox4rzv87Na3vSTC1cOmLqavXrr81f2nmYvdi9/O3T3fe6Zw5f/bs+an8t5KpudDwiwkAAAAPoV2WOP8fHbD/fzSKwwP2/4st4SL///L7ztfxWKn8f6D7m37DngkAAMDTqL0VPf/a338lA45I2u3w1czCwpVO8bj1/HTxWOt092mkLHH+n44Pe1YAAABAHdaXkr79/wtRHB6w/x9f///szy//GveZFtcWXA4hdE/OXu5dqG85B1r/Tb8/pY/jRuV8oPawVwoAAMCwjJYl3v9vjWf5f2PrkodGCOHNEyH8U97DH/aY/6cffPtLPFZ8/f+ZWld58DQmivOR1xMhNCeGPSMAAAAOsyNlyZL9P1sr05/+dvSjtuv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr2bwAAAP//aR4tAA==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0dbf)
fchown(r0, 0x0, 0xee00)

74.694092ms ago: executing program 1 (id=1486):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})

1.76871ms ago: executing program 1 (id=1487):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x4000, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

0s ago: executing program 3 (id=1488):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r2, 0x0, 0x18, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)

kernel console output (not intermixed with test programs):

] batman_adv: batadv0: Adding interface: batadv_slave_1
[  306.050301][ T6455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.194470][ T6455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.022061][ T6455] device hsr_slave_0 entered promiscuous mode
[  308.052157][ T6455] device hsr_slave_1 entered promiscuous mode
[  308.142028][ T6455] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  308.149661][ T6455] Cannot create hsr debugfs directory
[  308.260461][ T6649] sp0: Synchronizing with TNC
[  314.707926][ T6710] loop4: detected capacity change from 0 to 2048
[  314.960085][ T6455] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  315.057930][ T6455] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  315.123757][ T4199] hid-generic 0401:0009:0002.0002: item fetching failed at offset 6/131
[  315.191077][ T4199] hid-generic: probe of 0401:0009:0002.0002 failed with error -22
[  315.212806][ T6710] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  316.058137][ T6739] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  316.410765][ T6455] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  316.777184][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  316.793368][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  316.851888][ T6739] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 150 with error 28
[  316.864887][ T6739] EXT4-fs (loop4): This should not happen!! Data will be lost
[  316.864887][ T6739] 
[  316.874689][ T6739] EXT4-fs (loop4): Total free blocks count 0
[  316.880714][ T6739] EXT4-fs (loop4): Free/Dirty block details
[  316.886782][ T6739] EXT4-fs (loop4): free_blocks=2415919104
[  316.892840][ T6739] EXT4-fs (loop4): dirty_blocks=160
[  316.898069][ T6739] EXT4-fs (loop4): Block reservation details
[  316.904148][ T6739] EXT4-fs (loop4): i_reserved_data_blocks=10
[  317.027598][ T6455] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  317.254553][  T398] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  317.300649][  T398] EXT4-fs (loop4): This should not happen!! Data will be lost
[  317.300649][  T398] 
[  317.956967][ T6761] wg2 speed is unknown, defaulting to 1000
[  317.966566][ T6761] wg2 speed is unknown, defaulting to 1000
[  317.974834][ T6761] wg2 speed is unknown, defaulting to 1000
[  318.065890][ T6761] infiniband syz2: set active
[  318.070989][ T6761] infiniband syz2: added wg2
[  318.088200][ T6761] infiniband syz2: Couldn't open port 1
[  318.141977][ T6761] RDS/IB: syz2: added
[  318.146834][ T6761] smc: adding ib device syz2 with port count 1
[  318.153283][ T6761] smc:    ib device syz2 port 1 has pnetid 
[  318.237139][ T4501] device hsr_slave_0 left promiscuous mode
[  318.276303][ T4501] device hsr_slave_1 left promiscuous mode
[  318.290361][ T4501] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  318.308326][ T4501] batman_adv: batadv0: Removing interface: batadv_slave_0
[  318.338251][ T4501] batman_adv: batadv0: Removing interface: batadv_slave_1
[  318.363210][ T4501] device bridge_slave_1 left promiscuous mode
[  318.369438][ T4501] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.383932][ T4501] device bridge_slave_0 left promiscuous mode
[  318.390309][ T4501] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.675464][ T4501] device veth1_macvtap left promiscuous mode
[  318.768157][ T4501] device veth0_macvtap left promiscuous mode
[  318.850565][ T4501] device veth1_vlan left promiscuous mode
[  318.921460][ T4501] device veth0_vlan left promiscuous mode
[  320.026274][ T4501] team0 (unregistering): Port device team_slave_1 removed
[  320.052592][ T4501] team0 (unregistering): Port device team_slave_0 removed
[  320.065805][ T4501] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  320.092511][ T4501] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  320.311222][ T4501] bond0 (unregistering): Released all slaves
[  321.119289][ T4287] wg2 speed is unknown, defaulting to 1000
[  321.127345][ T6772] netlink: 12 bytes leftover after parsing attributes in process `syz.4.590'.
[  321.140895][ T6772] device vlan2 entered promiscuous mode
[  321.148000][ T6772] device erspan0 entered promiscuous mode
[  321.261652][ T6761] wg2 speed is unknown, defaulting to 1000
[  321.284439][ T5399] wg2 speed is unknown, defaulting to 1000
[  321.329806][ T6455] 8021q: adding VLAN 0 to HW filter on device bond0
[  321.343893][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  321.352566][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  321.363417][ T6455] 8021q: adding VLAN 0 to HW filter on device team0
[  321.387656][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  321.419688][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  321.675620][ T3094] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.682882][ T3094] bridge0: port 1(bridge_slave_0) entered forwarding state
[  322.572192][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  322.621304][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  322.672423][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  322.694681][ T3094] bridge0: port 2(bridge_slave_1) entered blocking state
[  322.701915][ T3094] bridge0: port 2(bridge_slave_1) entered forwarding state
[  322.710046][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  322.719092][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  322.727873][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  322.738618][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  322.747675][ T6761] wg2 speed is unknown, defaulting to 1000
[  322.747999][ T3094] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  322.843999][ T6761] wg2 speed is unknown, defaulting to 1000
[  322.941787][ T6761] wg2 speed is unknown, defaulting to 1000
[  322.982549][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  323.030762][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  323.098831][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  323.110328][ T6796] loop4: detected capacity change from 0 to 512
[  323.156266][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  323.226890][ T6455] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  323.258540][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  323.345977][ T6761] wg2 speed is unknown, defaulting to 1000
[  323.547615][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  323.562928][ T6796] EXT4-fs (loop4): Ignoring removed nobh option
[  323.819838][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  324.033736][ T6796] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.599: iget: bad i_size value: 38620345925642
[  324.212290][ T6796] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.599: couldn't read orphan inode 15 (err -117)
[  324.295704][ T6796] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback.
[  324.405870][ T6809] Invalid ELF header type: 3 != 1
[  327.927383][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  327.947249][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  327.975007][ T6841] loop1: detected capacity change from 0 to 256
[  327.981771][ T6837] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  328.006294][ T6455] 8021q: adding VLAN 0 to HW filter on device batadv0
[  329.902114][ T4288] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  330.510180][ T6869] loop1: detected capacity change from 0 to 512
[  330.531846][ T4288] usb 5-1: Using ep0 maxpacket: 8
[  331.633308][ T4288] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  331.691874][ T4288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.748571][ T4288] usb 5-1: Product: syz
[  331.781838][ T4288] usb 5-1: Manufacturer: syz
[  331.881759][ T4288] usb 5-1: SerialNumber: syz
[  331.979505][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  332.649844][ T4288] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  332.679297][ T4288] usb 5-1: USB disconnect, device number 2
[  332.686177][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  332.778876][ T6863] loop4: detected capacity change from 0 to 2048
[  332.786203][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  332.802609][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  332.844054][ T6455] device veth0_vlan entered promiscuous mode
[  332.863685][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  332.904508][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  332.910571][ T4288] usblp0: removed
[  332.968024][ T6455] device veth1_vlan entered promiscuous mode
[  333.721210][ T6863] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  333.755004][ T6907] loop1: detected capacity change from 0 to 128
[  333.768261][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  333.787581][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  333.823097][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  333.843248][ T6907] FAT-fs (loop1): Unrecognized mount option "time_offset=0x00000sk=000000000000001" or missing value
[  333.854977][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  333.867032][ T6455] device veth0_macvtap entered promiscuous mode
[  333.879956][ T6455] device veth1_macvtap entered promiscuous mode
[  333.920551][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.948342][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.986702][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  334.009650][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  334.050370][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  334.106873][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  334.147419][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  334.219263][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  334.270669][ T6455] batman_adv: batadv0: Interface activated: batadv_slave_0
[  334.281023][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  334.291525][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  334.353943][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  334.405185][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  334.447818][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  334.521292][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  335.211749][ T6455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  335.269360][ T6455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  335.283853][ T6455] batman_adv: batadv0: Interface activated: batadv_slave_1
[  335.293203][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  335.399197][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  335.432412][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  335.468871][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  335.477765][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  335.486465][ T1263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  336.231358][ T6455] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  337.147172][ T6455] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  337.704738][ T6455] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  337.741799][ T6455] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  338.622219][ T3094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.689501][ T3094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.716447][ T6958] loop4: detected capacity change from 0 to 1024
[  338.745575][ T1263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.760834][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  338.791745][ T1263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.809586][  T398] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  338.836663][ T6958] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5
[  338.836663][ T6958] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  338.836663][ T6958] 
[  338.899256][ T6958] EXT4-fs (loop4): INFO: recovery required on readonly filesystem
[  338.936880][ T6958] EXT4-fs (loop4): write access will be enabled during recovery
[  339.535230][ T6958] EXT4-fs (loop4): barriers disabled
[  339.540586][ T6958] JBD2: no valid journal superblock found
[  339.741937][ T6958] EXT4-fs (loop4): error loading journal
[  345.156374][ T7009] loop1: detected capacity change from 0 to 1024
[  345.434927][ T7009] EXT4-fs (loop1): Unrecognized mount option "fsmagic=0x0000000000000009" or missing value
[  346.204858][ T7022] rdma_rxe: rxe_register_device failed with error -23
[  346.213326][ T7022] rdma_rxe: failed to add lo
[  351.039851][ T7057] loop1: detected capacity change from 0 to 128
[  352.952217][ T7069] loop4: detected capacity change from 0 to 40427
[  353.139509][ T7069] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  353.147314][ T7069] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  353.174574][ T7080] delete_channel: no stack
[  353.179856][ T7080] delete_channel: no stack
[  353.222286][ T7069] F2FS-fs (loop4): invalid crc value
[  353.287365][ T7069] F2FS-fs (loop4): Found nat_bits in checkpoint
[  353.724671][ T7069] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  353.732022][ T7069] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  355.411746][   T26] audit: type=1800 audit(1760570792.117:41): pid=7094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.651" name="file1" dev="loop4" ino=10 res=0 errno=0
[  355.978058][ T4183] attempt to access beyond end of device
[  355.978058][ T4183] loop4: rw=2049, want=40968, limit=40427
[  357.958728][ T7114] syz.3.660 (7114) used greatest stack depth: 17640 bytes left
[  361.135421][ T7142] loop1: detected capacity change from 0 to 512
[  361.335849][ T7142] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  361.432243][ T7142] EXT4-fs (loop1): group descriptors corrupted!
[  361.831811][ T4288] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  365.091817][ T4288] usb 6-1: unable to read config index 0 descriptor/all
[  365.098943][ T4288] usb 6-1: can't read configurations, error -71
[  368.212103][ T7222] loop1: detected capacity change from 0 to 2048
[  369.270540][ T7224] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  372.106454][ T7252] loop5: detected capacity change from 0 to 128
[  377.572092][ T7309] netlink: 8 bytes leftover after parsing attributes in process `syz.4.700'.
[  377.580984][ T7309] netlink: 12 bytes leftover after parsing attributes in process `syz.4.700'.
[  379.438940][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  379.453155][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  380.640442][ T1108] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  382.811829][ T1108] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  383.279498][ T1108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.290656][ T1108] usb 6-1: config 0 descriptor??
[  383.341850][ T1108] usb 6-1: can't set config #0, error -71
[  383.362930][ T1108] usb 6-1: USB disconnect, device number 4
[  385.877765][ T7389] loop5: detected capacity change from 0 to 1024
[  387.459132][  T398] hfsplus: b-tree write err: -5, ino 4
[  389.231800][ T7421] loop1: detected capacity change from 0 to 40427
[  390.132272][ T7421] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  390.140800][ T7421] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x4
[  390.175206][ T7421] F2FS-fs (loop1): invalid crc value
[  390.387218][ T7421] F2FS-fs (loop1): Found nat_bits in checkpoint
[  390.433801][ T7421] F2FS-fs (loop1): Start checkpoint disabled!
[  390.481711][ T7421] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  390.625235][ T7450] ufs: You didn't specify the type of your ufs filesystem
[  390.625235][ T7450] 
[  390.625235][ T7450] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  390.625235][ T7450] 
[  390.625235][ T7450] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  390.657097][ T7450] ufs: ufstype=old is supported read-only
[  390.668972][ T7450] blk_update_request: I/O error, dev loop7, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  394.585154][ T4356] attempt to access beyond end of device
[  394.585154][ T4356] loop1: rw=2049, want=40984, limit=40427
[  395.536822][ T7483] loop5: detected capacity change from 0 to 1024
[  395.637665][ T7483] EXT4-fs (loop5): Unrecognized mount option "fsmagic=0x0000000000000009" or missing value
[  402.833839][ T7552] netlink: 8 bytes leftover after parsing attributes in process `syz.5.753'.
[  404.695848][ T7561] loop4: detected capacity change from 0 to 32768
[  405.886363][ T7576] blk_update_request: I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  405.897804][ T7576] MINIX-fs: unable to read superblock
[  406.070689][ T7579] loop4: detected capacity change from 0 to 256
[  406.179437][ T7579] exFAT-fs (loop4): invalid boot record signature
[  406.401821][ T7579] exFAT-fs (loop4): failed to read boot sector
[  407.151754][ T7579] exFAT-fs (loop4): failed to recognize exfat type
[  408.649203][ T7595] loop1: detected capacity change from 0 to 8192
[  409.396319][ T7612] wg2 speed is unknown, defaulting to 1000
[  409.743656][ T4177]  loop1: p1 p2
[  409.747535][ T4177] loop1: partition table partially beyond EOD, truncated
[  409.923058][ T4177] loop1: p1 start 16777216 is beyond EOD, truncated
[  409.929957][ T4177] loop1: p2 size 515840 extends beyond EOD, truncated
[  410.290986][ T7595]  loop1: p1 p2
[  410.424851][ T7595] loop1: partition table partially beyond EOD, truncated
[  410.598135][ T7595] loop1: p1 start 16777216 is beyond EOD, truncated
[  410.605290][ T7595] loop1: p2 size 515840 extends beyond EOD, truncated
[  412.147752][ T7641] overlayfs: failed to clone lowerpath
[  412.736548][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  413.825225][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  414.058118][ T7660] ax25_connect(): syz.5.775 uses autobind, please contact jreuter@yaina.de
[  414.071364][ T7660] netlink: 12 bytes leftover after parsing attributes in process `syz.5.775'.
[  415.831470][ T7669] loop4: detected capacity change from 0 to 256
[  416.568392][ T4233] Bluetooth: hci4: command 0x0406 tx timeout
[  416.619121][   T26] audit: type=1326 audit(1760570853.837:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7666 comm="syz.1.778" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c4b186ec9 code=0x0
[  416.640654][    C1] vkms_vblank_simulate: vblank timer overrun
[  416.729560][ T7672] loop1: detected capacity change from 0 to 128
[  416.871497][ T7680] loop5: detected capacity change from 0 to 128
[  416.930942][ T7672] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  416.982624][ T7672] hpfs: filesystem error: improperly stopped
[  416.988914][ T7672] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  417.022102][ T7672] hpfs: You really don't want any checks? You are crazy...
[  417.673320][ T7672] hpfs: hpfs_map_sector(): read error
[  417.678857][ T7672] hpfs: code page support is disabled
[  418.126385][ T7689] loop4: detected capacity change from 0 to 1024
[  418.134694][ T7672] hpfs: hpfs_map_4sectors(): unaligned read
[  418.140633][ T7672] hpfs: hpfs_map_4sectors(): unaligned read
[  418.251755][ T7672] hpfs: filesystem error: unable to find root dir
[  418.665875][ T7700] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  419.861724][ T7667] hpfs: hpfs_map_4sectors(): unaligned read
[  421.031018][ T7723] loop4: detected capacity change from 0 to 8192
[  423.333619][ T7737] netlink: 72 bytes leftover after parsing attributes in process `syz.5.793'.
[  423.342612][ T7737] netlink: 'syz.5.793': attribute type 3 has an invalid length.
[  428.094238][ T7749] loop5: detected capacity change from 0 to 512
[  428.240407][ T7749] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.796: Invalid inode bitmap blk 4 in block_group 0
[  428.434753][ T7749] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,nolazytime,inode_readahead_blks=0x0000000000800000,noload,minixdf,lazytime,,errors=continue. Quota mode: none.
[  429.920195][ T7755] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 13: invalid block bitmap
[  430.586166][  T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  430.596880][  T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0
[  430.604354][  T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  430.614411][  T146] Workqueue: hci2 hci_rx_work
[  430.619104][  T146] Call Trace:
[  430.622387][  T146]  <TASK>
[  430.625321][  T146]  dump_stack_lvl+0x168/0x230
[  430.630011][  T146]  ? show_regs_print_info+0x20/0x20
[  430.635234][  T146]  ? load_image+0x3b0/0x3b0
[  430.639756][  T146]  sysfs_create_dir_ns+0x252/0x280
[  430.644872][  T146]  ? __lock_acquire+0x7c60/0x7c60
[  430.649900][  T146]  ? sysfs_warn_dup+0xa0/0xa0
[  430.654583][  T146]  ? le_conn_complete_evt+0xcbc/0x1590
[  430.660051][  T146]  ? hci_event_packet+0xe05/0x12f0
[  430.665175][  T146]  ? process_one_work+0x863/0x1000
[  430.670309][  T146]  ? do_raw_spin_unlock+0x11d/0x230
[  430.675515][  T146]  kobject_add_internal+0x662/0xd00
[  430.680728][  T146]  kobject_add+0x152/0x210
[  430.685155][  T146]  ? kobject_init+0x1d0/0x1d0
[  430.689840][  T146]  ? klist_children_get+0x50/0x50
[  430.694865][  T146]  ? get_device_parent+0x121/0x3f0
[  430.699985][  T146]  device_add+0x483/0xfb0
[  430.704405][  T146]  hci_conn_add_sysfs+0xd1/0x1e0
[  430.709362][  T146]  le_conn_complete_evt+0xcbc/0x1590
[  430.714683][  T146]  ? cs_le_create_conn+0x5e0/0x5e0
[  430.719816][  T146]  ? mark_lock+0x94/0x320
[  430.724152][  T146]  ? __mutex_trylock_common+0x14f/0x250
[  430.729728][  T146]  hci_le_meta_evt+0x289/0x3b80
[  430.734597][  T146]  ? hci_event_packet+0x36d/0x12f0
[  430.739718][  T146]  ? hci_event_packet+0x2e2/0x12f0
[  430.744835][  T146]  ? __lock_acquire+0x7c60/0x7c60
[  430.749869][  T146]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  430.755867][  T146]  ? lock_chain_count+0x20/0x20
[  430.760749][  T146]  ? hci_remote_host_features_evt+0x280/0x280
[  430.766844][  T146]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  430.772493][  T146]  ? lockdep_hardirqs_on+0x94/0x140
[  430.777695][  T146]  ? mutex_unlock+0x10/0x10
[  430.782211][  T146]  ? hci_event_packet+0x266/0x12f0
[  430.787333][  T146]  hci_event_packet+0xe05/0x12f0
[  430.792277][  T146]  ? lockdep_hardirqs_on+0x94/0x140
[  430.797499][  T146]  ? rcu_lock_release+0x20/0x20
[  430.802370][  T146]  ? hci_send_to_monitor+0x9c/0x4a0
[  430.807578][  T146]  hci_rx_work+0x255/0xa10
[  430.812035][  T146]  process_one_work+0x863/0x1000
[  430.817012][  T146]  ? worker_detach_from_pool+0x240/0x240
[  430.822666][  T146]  ? lockdep_hardirqs_off+0x70/0x100
[  430.827967][  T146]  ? _raw_spin_lock_irq+0xab/0xe0
[  430.832997][  T146]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  430.838382][  T146]  ? wq_worker_running+0x97/0x170
[  430.843434][  T146]  worker_thread+0xaa8/0x12a0
[  430.848172][  T146]  kthread+0x436/0x520
[  430.852246][  T146]  ? rcu_lock_release+0x20/0x20
[  430.857105][  T146]  ? kthread_blkcg+0xd0/0xd0
[  430.861704][  T146]  ret_from_fork+0x1f/0x30
[  430.866149][  T146]  </TASK>
[  430.881361][  T146] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  430.895194][  T146] Bluetooth: hci2: failed to register connection device
[  430.936836][ T7806] loop5: detected capacity change from 0 to 64
[  431.992544][ T7818] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  437.643550][ T7868] overlayfs: failed to clone upperpath
[  438.736180][ T7877] loop4: detected capacity change from 0 to 512
[  439.982569][ T7888] delete_channel: no stack
[  440.008304][ T7888] loop5: detected capacity change from 0 to 2048
[  440.020862][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  440.027207][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  441.246286][ T7888] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  442.743420][ T7899] loop1: detected capacity change from 0 to 256
[  443.737732][ T7911] loop5: detected capacity change from 0 to 128
[  444.330877][ T7918] attempt to access beyond end of device
[  444.330877][ T7918] loop5: rw=3, want=144, limit=128
[  444.343441][ T7918] attempt to access beyond end of device
[  444.343441][ T7918] loop5: rw=2051, want=1041, limit=128
[  447.399381][ T7943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.834'.
[  451.292428][ T7983] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  453.504703][ T8003] loop5: detected capacity change from 0 to 164
[  453.953029][ T8003] isofs_fill_super: get root inode failed
[  455.849672][ T8022] loop5: detected capacity change from 0 to 512
[  457.132496][ T8022] EXT4-fs warning (device loop5): ext4_multi_mount_protect:300: Invalid MMP block in superblock
[  458.198149][ T8044] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  458.205554][ T8044] comedi comedi3: 8255: I/O port conflict (0x10000,4)
[  458.213131][ T8044] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  458.219685][ T8044] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  459.097364][ T8059] loop4: detected capacity change from 0 to 8
[  459.232761][ T8066] loop5: detected capacity change from 0 to 512
[  459.277422][ T8059] SQUASHFS error: zlib decompression failed, data probably corrupt
[  459.346363][ T8069] capability: warning: `syz.1.860' uses deprecated v2 capabilities in a way that may be insecure
[  459.815832][ T8059] SQUASHFS error: Failed to read block 0x9b: -5
[  459.831691][ T8059] SQUASHFS error: Unable to read metadata cache entry [99]
[  459.849157][ T8059] SQUASHFS error: Unable to read inode 0x127
[  460.019127][ T8076] loop1: detected capacity change from 0 to 2048
[  460.062775][ T8066] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  460.224362][ T4175]  loop1: AHDI p1 p2
[  460.233255][ T8076]  loop1: AHDI p1 p2
[  460.483378][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  460.503522][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  460.521514][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  460.535280][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  460.549818][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  460.566802][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  460.580360][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  461.670856][ T8110] loop4: detected capacity change from 0 to 256
[  461.731904][ T8110] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  461.972709][ T1111] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  463.149369][ T8130] loop4: detected capacity change from 0 to 164
[  463.842013][ T1111] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 64
[  463.919051][ T8103] ax25_connect(): syz.3.871 uses autobind, please contact jreuter@yaina.de
[  463.929813][ T8135] loop1: detected capacity change from 0 to 128
[  463.931734][ T1111] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  463.986713][ T8103] netlink: 12 bytes leftover after parsing attributes in process `syz.3.871'.
[  464.107745][ T8129] loop4: detected capacity change from 0 to 4096
[  464.162112][ T8129] ntfs3: Unknown parameter 'windaws_îaMes'
[  464.232082][ T1111] usb 6-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  464.245400][ T1111] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.257684][ T1111] usb 6-1: Product: syz
[  464.262299][ T1111] usb 6-1: Manufacturer: syz
[  464.267083][ T1111] usb 6-1: SerialNumber: syz
[  464.275563][ T1111] usb 6-1: config 0 descriptor??
[  464.315229][ T8102] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  464.451712][    C1] port100 6-1:0.0: NFC: The urb has been stopped (status -2)
[  464.461177][ T1111] port100 6-1:0.0: NFC: Could not get supported command types
[  464.676815][ T4287] usb 6-1: USB disconnect, device number 5
[  464.850653][ T8165] loop5: detected capacity change from 0 to 512
[  465.023560][ T8165] EXT4-fs (loop5): unsupported inode size: 8192
[  465.029923][ T8165] EXT4-fs (loop5): blocksize: 2048
[  465.419390][ T8186] loop1: detected capacity change from 0 to 128
[  465.469003][ T8192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.894'.
[  465.599529][ T8186] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  465.643998][ T8186] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  466.300737][ T8186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.892'.
[  466.507562][   T26] audit: type=1800 audit(1760570903.727:43): pid=8186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.892" name="file1" dev="loop1" ino=104 res=0 errno=0
[  466.908863][ T8226] loop5: detected capacity change from 0 to 512
[  467.559737][ T8226] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,errors=continue,abort,bsdgroups,,errors=continue. Quota mode: writeback.
[  467.591785][ T8226] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  468.145826][ T8261] netlink: 16 bytes leftover after parsing attributes in process `syz.5.916'.
[  468.181736][ T8261] netlink: 16 bytes leftover after parsing attributes in process `syz.5.916'.
[  468.972966][ T8269] loop5: detected capacity change from 0 to 128
[  469.054796][ T8269] qnx6: invalid mount options.
[  469.173193][ T8275] loop4: detected capacity change from 0 to 128
[  469.322004][ T8275] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  469.629998][ T8275] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  470.079370][ T8278] netlink: 4 bytes leftover after parsing attributes in process `syz.4.921'.
[  470.157027][   T26] audit: type=1800 audit(1760570907.377:44): pid=8275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.921" name="file1" dev="loop4" ino=104 res=0 errno=0
[  470.419970][ T8258] loop1: detected capacity change from 0 to 32768
[  470.502279][ T8303] netlink: 8 bytes leftover after parsing attributes in process `syz.5.931'.
[  470.560060][ T8258] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.911 (8258)
[  470.721332][ T8258] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  470.721546][ T8258] BTRFS info (device loop1): using free space tree
[  470.721567][ T8258] BTRFS info (device loop1): has skinny extents
[  470.768881][ T8313] netlink: 16 bytes leftover after parsing attributes in process `syz.4.933'.
[  470.781736][ T8313] netlink: del zone limit has 8 unknown bytes
[  470.912296][ T8333] loop4: detected capacity change from 0 to 512
[  470.959280][ T8333] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  471.158447][ T8333] EXT4-fs (loop4): 1 truncate cleaned up
[  471.215816][ T8333] EXT4-fs (loop4): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,nombcache,debug_want_extra_isize=0x0000000000000068,i_version,nodiscard,nodioread_nolock,,errors=continue. Quota mode: none.
[  471.273965][ T8258] BTRFS error (device loop1): open_ctree failed: -12
[  471.662722][ T4177] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by udevd (4177)
[  471.951912][ T8375] netlink: 4 bytes leftover after parsing attributes in process `syz.3.944'.
[  472.066036][ T8387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.947'.
[  474.325254][ T8439] netlink: 8 bytes leftover after parsing attributes in process `syz.4.970'.
[  474.479007][ T8441] loop1: detected capacity change from 0 to 128
[  475.803283][ T8459] attempt to access beyond end of device
[  475.803283][ T8459] loop1: rw=3, want=144, limit=128
[  475.815275][ T8459] attempt to access beyond end of device
[  475.815275][ T8459] loop1: rw=2051, want=1041, limit=128
[  476.153440][ T8466] dlm: dev_write: no op 0 0
[  476.579148][ T8472] delete_channel: no stack
[  477.233657][ T8485] loop1: detected capacity change from 0 to 128
[  477.267659][ T8487] xt_CONNSECMARK: invalid mode: 66
[  477.323973][ T8485] qnx6: invalid mount options.
[  477.606718][ T8502] loop4: detected capacity change from 0 to 1024
[  478.050722][ T8502] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none.
[  478.166726][ T8502] ext4 filesystem being mounted at /209/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  478.278097][   T26] audit: type=1800 audit(1760570915.497:45): pid=8502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1000" name="file1" dev="loop4" ino=15 res=0 errno=0
[  478.299499][ T8502] EXT4-fs error (device loop4): ext4_map_blocks:739: inode #15: comm syz.4.1000: lblock 0 mapped to illegal pblock 0 (length 1)
[  478.552698][ T8528] loop4: detected capacity change from 0 to 512
[  478.611905][ T8363] Bluetooth: hci4: command 0x0405 tx timeout
[  478.632924][ T8528] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  478.658725][ T8530] loop1: detected capacity change from 0 to 128
[  478.666194][ T8528] EXT4-fs (loop4): invalid journal inode
[  478.712038][ T8528] EXT4-fs (loop4): can't get journal size
[  478.770879][ T8528] EXT4-fs (loop4): 1 truncate cleaned up
[  478.788325][ T8528] EXT4-fs (loop4): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none.
[  478.852276][ T8530] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,grpquota,,errors=continue. Quota mode: writeback.
[  478.895505][ T8530] ext4 filesystem being mounted at /196/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  479.067916][ T8526] loop5: detected capacity change from 0 to 32768
[  479.147452][ T8526] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 scanned by syz.5.1010 (8526)
[  479.175385][ T8535] loop1: detected capacity change from 0 to 1024
[  479.266248][ T8526] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  479.312483][ T8526] BTRFS info (device loop5): using free space tree
[  479.319025][ T8526] BTRFS info (device loop5): has skinny extents
[  479.332750][ T8537] loop4: detected capacity change from 0 to 128
[  479.392960][ T4356] hfsplus: b-tree write err: -5, ino 4
[  479.428172][ T8537] FAT-fs (loop4): Directory bread(block 162) failed
[  479.440685][ T8537] FAT-fs (loop4): Directory bread(block 163) failed
[  479.447559][ T8537] FAT-fs (loop4): Directory bread(block 164) failed
[  479.454272][ T8537] FAT-fs (loop4): Directory bread(block 165) failed
[  479.460987][ T8537] FAT-fs (loop4): Directory bread(block 166) failed
[  479.475235][ T8537] FAT-fs (loop4): Directory bread(block 167) failed
[  479.482519][ T8537] FAT-fs (loop4): Directory bread(block 168) failed
[  479.489447][ T8537] FAT-fs (loop4): Directory bread(block 169) failed
[  479.538478][ T8537] FAT-fs (loop4): Directory bread(block 162) failed
[  479.636638][ T8537] FAT-fs (loop4): Directory bread(block 163) failed
[  479.654181][ T8526] BTRFS info (device loop5): enabling ssd optimizations
[  480.026579][ T8579] loop1: detected capacity change from 0 to 256
[  480.143275][ T8579] FAT-fs (loop1): Directory bread(block 64) failed
[  480.143351][ T8579] FAT-fs (loop1): Directory bread(block 65) failed
[  480.143455][ T8579] FAT-fs (loop1): Directory bread(block 66) failed
[  480.143488][ T8579] FAT-fs (loop1): Directory bread(block 67) failed
[  480.143557][ T8579] FAT-fs (loop1): Directory bread(block 68) failed
[  480.143594][ T8579] FAT-fs (loop1): Directory bread(block 69) failed
[  480.143681][ T8579] FAT-fs (loop1): Directory bread(block 70) failed
[  480.143712][ T8579] FAT-fs (loop1): Directory bread(block 71) failed
[  480.143789][ T8579] FAT-fs (loop1): Directory bread(block 72) failed
[  480.143821][ T8579] FAT-fs (loop1): Directory bread(block 73) failed
[  480.598107][ T8594] loop4: detected capacity change from 0 to 256
[  480.724124][ T8594] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  480.934759][ T8601] loop1: detected capacity change from 0 to 256
[  480.983417][ T8601] exfat: Deprecated parameter 'utf8'
[  481.035393][ T8601] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  481.155649][ T8607] loop5: detected capacity change from 0 to 4096
[  481.325998][ T8614] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  482.538235][ T8603] loop4: detected capacity change from 0 to 32768
[  482.665489][ T8603] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1032 (8603)
[  482.774395][ T8603] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  482.814058][ T8603] BTRFS info (device loop4): setting nodatacow, compression disabled
[  482.861846][ T8603] BTRFS info (device loop4): disabling tree log
[  482.901726][ T8603] BTRFS info (device loop4): turning on sync discard
[  482.908921][ T8603] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  482.921560][ T8637] loop5: detected capacity change from 0 to 4096
[  482.933342][ T8611] loop1: detected capacity change from 0 to 32768
[  482.954144][ T8603] BTRFS info (device loop4): force zstd compression, level 3
[  482.961964][ T8603] BTRFS info (device loop4): using free space tree
[  482.982360][ T8603] BTRFS info (device loop4): has skinny extents
[  483.025835][ T8637] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512)
[  483.205063][ T8603] BTRFS info (device loop4): enabling ssd optimizations
[  484.492965][ T8695] wg2 speed is unknown, defaulting to 1000
[  484.579009][ T8678] loop5: detected capacity change from 0 to 32768
[  485.563193][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  485.575284][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  485.582857][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  485.592943][ T4193] Workqueue: hci2 hci_rx_work
[  485.597642][ T4193] Call Trace:
[  485.600931][ T4193]  <TASK>
[  485.603881][ T4193]  dump_stack_lvl+0x168/0x230
[  485.608575][ T4193]  ? show_regs_print_info+0x20/0x20
[  485.613791][ T4193]  ? load_image+0x3b0/0x3b0
[  485.618320][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  485.623438][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  485.628471][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  485.633171][ T4193]  kobject_add_internal+0x662/0xd00
[  485.638410][ T4193]  kobject_add+0x152/0x210
[  485.642838][ T4193]  ? kobject_init+0x1d0/0x1d0
[  485.647526][ T4193]  ? klist_children_get+0x50/0x50
[  485.652556][ T4193]  ? get_device_parent+0x121/0x3f0
[  485.657676][ T4193]  device_add+0x483/0xfb0
[  485.662018][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  485.666961][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  485.672260][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  485.677393][ T4193]  ? __mutex_trylock_common+0x14f/0x250
[  485.682958][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  485.687825][ T4193]  ? hci_event_packet+0x36d/0x12f0
[  485.692944][ T4193]  ? hci_event_packet+0x2e2/0x12f0
[  485.698072][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  485.703146][ T4193]  ? mark_lock+0x94/0x320
[  485.707505][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  485.713576][ T4193]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  485.719224][ T4193]  ? mark_lock+0x94/0x320
[  485.723563][ T4193]  ? mutex_unlock+0x10/0x10
[  485.728073][ T4193]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  485.734076][ T4193]  ? lock_chain_count+0x20/0x20
[  485.738943][ T4193]  ? __rwlock_init+0x140/0x140
[  485.743714][ T4193]  hci_event_packet+0xe05/0x12f0
[  485.748666][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  485.753883][ T4193]  ? rcu_lock_release+0x20/0x20
[  485.758749][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  485.763973][ T4193]  hci_rx_work+0x255/0xa10
[  485.768414][ T4193]  process_one_work+0x863/0x1000
[  485.773373][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  485.779014][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  485.784325][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  485.789352][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  485.794732][ T4193]  ? wq_worker_running+0x97/0x170
[  485.799771][ T4193]  worker_thread+0xaa8/0x12a0
[  485.804455][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  485.810363][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  485.815570][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  485.821478][ T4193]  kthread+0x436/0x520
[  485.825677][ T4193]  ? rcu_lock_release+0x20/0x20
[  485.830542][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  485.835165][ T4193]  ret_from_fork+0x1f/0x30
[  485.839617][ T4193]  </TASK>
[  485.842674][    C0] vkms_vblank_simulate: vblank timer overrun
[  485.922890][ T4193] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  485.936559][ T4193] Bluetooth: hci2: failed to register connection device
[  486.474426][ T8738] loop1: detected capacity change from 0 to 256
[  486.529019][ T8738] exfat: Deprecated parameter 'utf8'
[  486.537674][ T8738] exfat: Deprecated parameter 'namecase'
[  486.558511][ T8738] exfat: Deprecated parameter 'utf8'
[  486.667034][ T8738] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d)
[  486.681682][ T8687] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  486.825937][   T26] audit: type=1800 audit(1760570924.027:46): pid=8738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1076" name="file1" dev="loop1" ino=1048627 res=0 errno=0
[  486.848877][ T8738] [syz.1.1076/8738] FS: loop1 File: /file1 would truncate fibmap result
[  486.956268][ T8727] loop5: detected capacity change from 0 to 32768
[  487.049496][ T8727] jfs_lookup: dtSearch returned -5
[  487.247922][ T8687] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  487.265973][ T8687] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  487.284621][ T8687] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  487.297906][ T8687] usb 5-1: New USB device found, idVendor=056a, idProduct=0101, bcdDevice= 0.00
[  487.307014][ T8687] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.401703][ T1108] Bluetooth: hci0: command 0x0401 tx timeout
[  487.777215][ T8687] usb 5-1: config 0 descriptor??
[  487.895414][ T8758] loop1: detected capacity change from 0 to 2048
[  488.192832][ T8760] loop1: detected capacity change from 0 to 64
[  488.264773][ T8687] wacom 0003:056A:0101.0003: unknown main item tag 0x0
[  488.291741][ T8687] wacom 0003:056A:0101.0003: unknown main item tag 0x0
[  488.306918][ T8687] wacom 0003:056A:0101.0003: unknown main item tag 0x0
[  488.326874][ T8687] wacom 0003:056A:0101.0003: unknown main item tag 0x0
[  488.353809][ T8687] wacom 0003:056A:0101.0003: unknown main item tag 0x0
[  488.370917][ T8687] wacom 0003:056A:0101.0003: unknown main item tag 0x0
[  488.388233][ T8687] wacom 0003:056A:0101.0003: unknown main item tag 0x0
[  488.449889][ T8687] wacom 0003:056A:0101.0003: hidraw0: USB HID v0.06 Device [HID 056a:0101] on usb-dummy_hcd.4-1/input0
[  488.498766][ T8687] usb 5-1: USB disconnect, device number 3
[  488.509656][ T8756] loop5: detected capacity change from 0 to 32768
[  488.627301][ T8756] ERROR: (device loop5): diAllocAG: nfreeinos = 0, but iag on freelist
[  488.627301][ T8756] 
[  488.676836][ T8764] fido_id[8764]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  488.717416][ T8756] ERROR: (device loop5): remounting filesystem as read-only
[  488.737264][ T8756] ialloc: diAlloc returned -5!
[  488.781747][ T8691] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  489.011727][ T4307] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  489.061720][ T8691] usb 4-1: Using ep0 maxpacket: 32
[  489.074724][ T8776] loop4: detected capacity change from 0 to 1024
[  489.183371][ T8776] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 2: comm syz.4.1089: lblock 2 mapped to illegal pblock 2 (length 1)
[  489.201754][ T8691] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  489.220276][ T8691] usb 4-1: config 0 has no interface number 0
[  489.324943][ T8776] Quota error (device loop4): qtree_write_dquot: dquota write failed
[  489.343736][ T8776] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 48: comm syz.4.1089: lblock 0 mapped to illegal pblock 48 (length 1)
[  489.381813][ T4307] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  489.384017][ T8691] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  489.391580][ T4307] usb 2-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00
[  489.409881][ T8776] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  489.411148][ T8691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.441694][ T8691] usb 4-1: Product: syz
[  489.445895][ T8691] usb 4-1: Manufacturer: syz
[  489.447189][ T8776] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.1089: Failed to acquire dquot type 0
[  489.460915][ T8691] usb 4-1: SerialNumber: syz
[  489.467403][ T8595] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  489.475126][ T4307] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.479601][ T8691] usb 4-1: config 0 descriptor??
[  489.503691][ T4307] usb 2-1: config 0 descriptor??
[  489.510488][ T8776] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  489.544381][ T8776] EXT4-fs error (device loop4): ext4_evict_inode:282: inode #11: comm syz.4.1089: mark_inode_dirty error
[  489.557320][ T8691] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  489.571569][ T8776] EXT4-fs warning (device loop4): ext4_evict_inode:285: couldn't mark inode dirty (err -117)
[  489.582728][ T8776] EXT4-fs (loop4): 1 orphan inode deleted
[  489.588479][ T8776] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,data_err=ignore,max_batch_time=0x00000000000008c9,nodiscard,stripe=0x0000000000000004,noauto_da_alloc,,errors=continue. Quota mode: none.
[  489.622089][ T7662] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:0: lblock 1 mapped to illegal pblock 1 (length 1)
[  489.675010][ T7662] Quota error (device loop4): remove_tree: Can't read quota data block 1
[  489.691905][ T7662] EXT4-fs error (device loop4): ext4_release_dquot:6245: comm kworker/u4:0: Failed to release dquot type 0
[  489.731685][ T8595] usb 6-1: Using ep0 maxpacket: 32
[  489.788207][ T8691] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  489.806887][ T4358] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  489.821853][ T8691] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  489.861917][ T8595] usb 6-1: config 0 has an invalid interface number: 66 but max is 0
[  489.867452][ T4358] Quota error (device loop4): remove_tree: Can't read quota data block 1
[  489.870146][ T8595] usb 6-1: config 0 has no interface number 0
[  489.899340][ T4358] EXT4-fs error (device loop4): ext4_release_dquot:6245: comm kworker/u4:10: Failed to release dquot type 0
[  489.930674][ T4183] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz-executor: Invalid inode table block 1 in block_group 0
[  489.949420][ T4183] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  489.966966][ T4183] EXT4-fs error (device loop4): ext4_quota_off:6515: inode #3: comm syz-executor: mark_inode_dirty error
[  490.024035][ T4307] wacom 0003:056A:032B.0004: hidraw0: USB HID v0.04 Device [HID 056a:032b] on usb-dummy_hcd.1-1/input0
[  490.062322][ T8595] usb 6-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  490.081809][ T8595] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.089832][ T8595] usb 6-1: Product: syz
[  490.118225][ T8595] usb 6-1: Manufacturer: syz
[  490.128204][ T8595] usb 6-1: SerialNumber: syz
[  490.150848][ T8595] usb 6-1: config 0 descriptor??
[  490.198879][ T1108] usb 4-1: USB disconnect, device number 2
[  490.201654][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  490.220050][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  490.230204][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  490.237794][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  490.247859][ T4193] Workqueue: hci2 hci_rx_work
[  490.252565][ T4193] Call Trace:
[  490.255852][ T4193]  <TASK>
[  490.258802][ T4193]  dump_stack_lvl+0x168/0x230
[  490.263508][ T4193]  ? show_regs_print_info+0x20/0x20
[  490.268919][ T4193]  ? load_image+0x3b0/0x3b0
[  490.273463][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  490.278588][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  490.283640][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  490.288352][ T4193]  ? do_raw_spin_unlock+0x11d/0x230
[  490.293561][ T4193]  kobject_add_internal+0x662/0xd00
[  490.298776][ T4193]  kobject_add+0x152/0x210
[  490.303215][ T4193]  ? kobject_init+0x1d0/0x1d0
[  490.307909][ T4193]  ? klist_children_get+0x50/0x50
[  490.312956][ T4193]  ? get_device_parent+0x121/0x3f0
[  490.318083][ T4193]  device_add+0x483/0xfb0
[  490.322452][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  490.327400][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  490.332692][ T4193]  ? __switch_to_asm+0x34/0x60
[  490.337487][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  490.342624][ T4193]  ? __schedule+0x11c3/0x4390
[  490.347303][ T4193]  ? __mutex_trylock_common+0x14f/0x250
[  490.352877][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  490.357743][ T4193]  ? hci_event_packet+0x36d/0x12f0
[  490.362870][ T4193]  ? hci_event_packet+0x2e2/0x12f0
[  490.368003][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  490.373037][ T4193]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  490.379027][ T4193]  ? lock_chain_count+0x20/0x20
[  490.383890][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  490.389986][ T4193]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  490.395633][ T4193]  ? mutex_unlock+0x10/0x10
[  490.400157][ T4193]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  490.405819][ T4193]  hci_event_packet+0xe05/0x12f0
[  490.410773][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  490.416012][ T4193]  ? rcu_lock_release+0x20/0x20
[  490.420891][ T4193]  ? lock_acquire+0x1f2/0x3f0
[  490.425585][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  490.430793][ T4193]  hci_rx_work+0x255/0xa10
[  490.435273][ T4193]  process_one_work+0x863/0x1000
[  490.440246][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  490.445904][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  490.451203][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  490.456235][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  490.461613][ T4193]  ? wq_worker_running+0x97/0x170
[  490.466641][ T4193]  worker_thread+0xaa8/0x12a0
[  490.471337][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  490.477263][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  490.482467][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  490.488373][ T4193]  kthread+0x436/0x520
[  490.492444][ T4193]  ? rcu_lock_release+0x20/0x20
[  490.497305][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  490.501925][ T4193]  ret_from_fork+0x1f/0x30
[  490.506400][ T4193]  </TASK>
[  490.546528][ T4193] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  490.562285][ T4193] Bluetooth: hci2: failed to register connection device
[  490.583890][ T8595] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  490.597134][ T1108] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  490.609364][ T8595] dvb-usb: bulk message failed: -22 (2/0)
[  490.623679][ T1108] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  490.638610][ T8595] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  490.648763][ T1108] quatech2 4-1:0.51: device disconnected
[  490.661062][ T4307] usb 2-1: USB disconnect, device number 4
[  490.674638][ T8595] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  490.693378][ T8595] usb 6-1: media controller created
[  490.707290][ T8595] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  490.719219][ T8595] cxusb: set interface failed
[  490.719234][ T8595] dvb-usb: bulk message failed: -22 (1/0)
[  490.757520][ T8595] DVB: Unable to find symbol lgdt330x_attach()
[  490.757535][ T8595] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  490.941802][ T8595] rc_core: IR keymap rc-dvico-portable not found
[  490.948196][ T8595] Registered IR keymap rc-empty
[  490.963703][ T8595] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0
[  490.995731][ T8595] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input14
[  491.027540][ T8595] dvb-usb: schedule remote query interval to 100 msecs.
[  491.057125][ T8595] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  491.114591][ T8595] usb 6-1: USB disconnect, device number 6
[  491.249111][ T8595] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  491.378711][ T8820] loop1: detected capacity change from 0 to 2048
[  491.446446][ T8828] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  491.478176][ T8828] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  491.498886][ T8820] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  491.501886][ T8828] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  491.548281][ T8828] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  491.583038][ T8828] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  491.622096][ T8828] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  491.648951][ T8828] comedi comedi3: 8255: I/O port conflict (0x81,4)
[  491.672124][ T8828] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffc,4)
[  491.697267][ T8828] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  491.705322][ T8828] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  491.723363][ T8828] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  492.221674][ T4307] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  492.229217][ T8687] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  492.381683][ T8364] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  492.481861][ T4307] usb 6-1: Using ep0 maxpacket: 32
[  492.503281][ T8687] usb 2-1: Using ep0 maxpacket: 32
[  492.601888][ T4307] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.618977][ T4307] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.638987][ T8364] usb 5-1: Using ep0 maxpacket: 32
[  492.644223][ T8687] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  492.741980][ T4307] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  492.751169][ T4307] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  492.760235][ T4307] usb 6-1: Product: syz
[  492.765114][ T4307] usb 6-1: Manufacturer: syz
[  492.773544][ T8364] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.784617][ T8364] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.795282][ T8364] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  492.805720][ T8364] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.813753][ T4307] hub 6-1:4.0: USB hub found
[  492.829347][ T8364] usb 5-1: config 0 descriptor??
[  492.834722][ T8687] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5
[  492.851154][ T8687] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.859804][ T8687] usb 2-1: Product: syz
[  492.864297][ T8687] usb 2-1: Manufacturer: syz
[  492.868906][ T8687] usb 2-1: SerialNumber: syz
[  492.882798][ T8687] usb 2-1: config 0 descriptor??
[  492.901931][ T8841] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  493.071796][ T4307] hub 6-1:4.0: config failed, hub doesn't have any ports! (err -19)
[  493.225800][ T8687] usb 2-1: USB disconnect, device number 5
[  493.313470][ T8364] kone 0003:1E7D:2CED.0005: unknown main item tag 0x1
[  493.320332][ T8364] kone 0003:1E7D:2CED.0005: unknown main item tag 0x0
[  493.357908][ T8364] kone 0003:1E7D:2CED.0005: unknown main item tag 0x0
[  493.378249][ T8364] kone 0003:1E7D:2CED.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.4-1/input0
[  493.447342][ T1108] usb 6-1: USB disconnect, device number 7
[  493.478885][ T8890] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  493.541976][ T8364] kone 0003:1E7D:2CED.0005: couldn't init struct kone_device
[  493.549437][ T8364] kone 0003:1E7D:2CED.0005: couldn't install mouse
[  493.559107][ T8364] kone: probe of 0003:1E7D:2CED.0005 failed with error -5
[  493.583103][ T8364] usb 5-1: USB disconnect, device number 4
[  493.627994][ T8893] fido_id[8893]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  493.791719][ T1108] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  493.803536][ T8903] loop1: detected capacity change from 0 to 2048
[  493.960597][ T8903] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  494.662071][ T8364] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  494.738021][ T8916] loop1: detected capacity change from 0 to 256
[  494.789258][ T8916] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1141'.
[  494.851916][ T8591] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  494.941801][ T8364] usb 5-1: Using ep0 maxpacket: 32
[  494.952002][ T1108] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  494.970454][ T1108] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  495.000792][ T1108] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  495.021477][ T1108] usb 4-1: config 220 has no interface number 2
[  495.036688][ T1108] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  495.070172][ T1108] usb 4-1: config 220 interface 0 has no altsetting 0
[  495.081831][ T8364] usb 5-1: config 0 has an invalid interface number: 66 but max is 0
[  495.082120][ T1108] usb 4-1: config 220 interface 76 has no altsetting 0
[  495.101112][ T1108] usb 4-1: config 220 interface 1 has no altsetting 0
[  495.108065][ T8364] usb 5-1: config 0 has no interface number 0
[  495.176253][ T8920] loop1: detected capacity change from 0 to 32768
[  495.211743][ T8591] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  495.222056][ T8591] usb 6-1: config 0 has no interface number 0
[  495.229969][ T8591] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  495.253208][ T8591] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  495.263546][ T1108] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  495.278007][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.288108][ T8591] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  495.291932][ T8364] usb 5-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  495.311672][ T1108] usb 4-1: Product: syz
[  495.315913][ T8364] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.321202][ T1108] usb 4-1: Manufacturer: syz
[  495.325707][ T8364] usb 5-1: Product: syz
[  495.331328][ T8591] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.332875][ T8364] usb 5-1: Manufacturer: syz
[  495.332892][ T8364] usb 5-1: SerialNumber: syz
[  495.351027][ T8920] XFS (loop1): Mounting V5 Filesystem
[  495.351963][ T8364] usb 5-1: config 0 descriptor??
[  495.361654][ T1108] usb 4-1: SerialNumber: syz
[  495.389381][ T8591] usb 6-1: config 0 descriptor??
[  495.404237][ T8364] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  495.419093][ T8364] dvb-usb: bulk message failed: -22 (2/0)
[  495.437616][ T8364] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  495.458335][ T8920] XFS (loop1): Ending clean mount
[  495.472766][ T8364] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  495.480834][ T8364] usb 5-1: media controller created
[  495.508134][ T8920] XFS (loop1): Quotacheck needed: Please wait.
[  495.512647][ T8364] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  495.551429][ T8364] cxusb: set interface failed
[  495.556582][ T8364] dvb-usb: bulk message failed: -22 (1/0)
[  495.592027][ T8364] DVB: Unable to find symbol lgdt330x_attach()
[  495.598463][ T8364] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  495.614423][ T8914] cxusb: i2c wr: len=80 is too big!
[  495.614423][ T8914] 
[  495.629842][ T8920] XFS (loop1): Quotacheck: Done.
[  495.731029][ T4184] XFS (loop1): Unmounting Filesystem
[  495.738447][ T1108] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  495.750227][ T1108] usb 4-1: No valid video chain found.
[  495.761341][ T1108] usb 4-1: selecting invalid altsetting 0
[  495.802206][ T8364] rc_core: IR keymap rc-dvico-portable not found
[  495.808976][ T8364] Registered IR keymap rc-empty
[  495.815052][ T8364] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[  495.843172][ T8364] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input15
[  495.862931][ T1108] usb 4-1: selecting invalid altsetting 0
[  495.873441][ T8364] dvb-usb: schedule remote query interval to 100 msecs.
[  495.874759][ T8591] prodikeys 0003:041E:2801.0006: unknown main item tag 0x2
[  495.880802][ T8364] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  495.897639][ T1108] usbtest: probe of 4-1:220.1 failed with error -22
[  495.925408][ T8591] prodikeys 0003:041E:2801.0006: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.5-1/input1
[  495.941294][ T1108] usb 4-1: USB disconnect, device number 3
[  495.975328][ T8364] usb 5-1: USB disconnect, device number 5
[  495.979219][ T8591] hid_prodikeys: hid-prodikeys: failed to find output report
[  495.979219][ T8591] 
[  496.086741][ T8364] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  496.091928][ T8591] usb 6-1: USB disconnect, device number 8
[  496.173434][ T8937] fido_id[8937]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  497.312220][ T8980] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  497.319382][ T8980] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  497.521711][ T8364] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  497.633701][ T8994] loop5: detected capacity change from 0 to 256
[  497.712382][ T8994] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 198)
[  497.762263][ T8994] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 198)
[  497.911944][ T8364] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  497.935469][ T8364] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  497.965836][ T8364] usb 5-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00
[  498.025774][ T8364] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.109015][ T8364] usb 5-1: config 0 descriptor??
[  498.613472][ T8364] elecom 0003:056E:011C.0007: item fetching failed at offset 1/5
[  498.631137][ T8364] elecom: probe of 0003:056E:011C.0007 failed with error -22
[  498.837401][ T1108] usb 5-1: USB disconnect, device number 6
[  499.175862][ T9027] loop1: detected capacity change from 0 to 128
[  499.241154][ T9017] loop5: detected capacity change from 0 to 40427
[  499.249199][ T9027] qnx6: invalid mount options.
[  499.476774][ T9017] F2FS-fs (loop5): Found nat_bits in checkpoint
[  499.729147][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  499.739578][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  499.747141][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  499.757296][ T4193] Workqueue: hci0 hci_rx_work
[  499.761990][ T4193] Call Trace:
[  499.765279][ T4193]  <TASK>
[  499.768218][ T4193]  dump_stack_lvl+0x168/0x230
[  499.772925][ T4193]  ? show_regs_print_info+0x20/0x20
[  499.778134][ T4193]  ? load_image+0x3b0/0x3b0
[  499.782665][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  499.787787][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  499.792816][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  499.797514][ T4193]  ? preempt_schedule_irq+0xd0/0x150
[  499.802808][ T4193]  ? mark_lock+0x94/0x320
[  499.807165][ T4193]  ? do_raw_spin_unlock+0x11d/0x230
[  499.812368][ T4193]  kobject_add_internal+0x662/0xd00
[  499.817582][ T4193]  kobject_add+0x152/0x210
[  499.822004][ T4193]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  499.827659][ T4193]  ? kobject_init+0x1d0/0x1d0
[  499.832367][ T4193]  ? get_device_parent+0x6b/0x3f0
[  499.837404][ T4193]  ? get_device_parent+0x121/0x3f0
[  499.842528][ T4193]  device_add+0x483/0xfb0
[  499.846878][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  499.851830][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  499.857124][ T4193]  ? __switch_to_asm+0x34/0x60
[  499.861903][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  499.867045][ T4193]  ? __mutex_trylock_common+0x14f/0x250
[  499.872607][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  499.877471][ T4193]  ? hci_event_packet+0x36d/0x12f0
[  499.882594][ T4193]  ? hci_event_packet+0x2e2/0x12f0
[  499.887722][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  499.892757][ T4193]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  499.898798][ T4193]  ? lock_chain_count+0x20/0x20
[  499.903660][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  499.909734][ T4193]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  499.915383][ T4193]  ? mutex_unlock+0x10/0x10
[  499.919978][ T4193]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  499.925626][ T4193]  hci_event_packet+0xe05/0x12f0
[  499.930570][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  499.935782][ T4193]  ? rcu_lock_release+0x20/0x20
[  499.940645][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  499.945866][ T4193]  hci_rx_work+0x255/0xa10
[  499.950304][ T4193]  process_one_work+0x863/0x1000
[  499.955270][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  499.960907][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  499.966202][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  499.971336][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  499.976717][ T4193]  ? wq_worker_running+0x97/0x170
[  499.981764][ T4193]  worker_thread+0xaa8/0x12a0
[  499.986445][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  499.992352][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  499.997560][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  500.003466][ T4193]  kthread+0x436/0x520
[  500.007538][ T4193]  ? rcu_lock_release+0x20/0x20
[  500.012394][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  500.016986][ T4193]  ret_from_fork+0x1f/0x30
[  500.021420][ T4193]  </TASK>
[  500.053780][ T4193] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  500.067233][ T4193] Bluetooth: hci0: failed to register connection device
[  500.158445][ T9017] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  500.684275][ T6455] attempt to access beyond end of device
[  500.684275][ T6455] loop5: rw=2049, want=45104, limit=40427
[  500.711978][ T8687] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  501.121933][ T8687] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  501.146180][ T8687] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  501.182096][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  501.188486][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  501.236620][ T8687] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  501.311534][ T9052] loop1: detected capacity change from 0 to 32768
[  501.341559][ T8687] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0a16, bcdDevice= 0.00
[  501.407442][ T8687] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.464991][ T8687] usb 5-1: config 0 descriptor??
[  501.498012][ T9052] XFS (loop1): Mounting V5 Filesystem
[  501.835645][ T9052] XFS (loop1): Ending clean mount
[  501.856924][ T9052] XFS (loop1): Quotacheck needed: Please wait.
[  501.957308][ T9052] XFS (loop1): Quotacheck: Done.
[  501.965034][ T8687] hid-generic 0003:1B1C:0A16.0008: unbalanced collection at end of report description
[  501.998949][ T8687] hid-generic: probe of 0003:1B1C:0A16.0008 failed with error -22
[  502.198347][ T8687] usb 5-1: USB disconnect, device number 7
[  502.455455][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  502.466473][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  502.474031][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  502.484114][ T4193] Workqueue: hci3 hci_rx_work
[  502.488814][ T4193] Call Trace:
[  502.492102][ T4193]  <TASK>
[  502.495036][ T4193]  dump_stack_lvl+0x168/0x230
[  502.499727][ T4193]  ? show_regs_print_info+0x20/0x20
[  502.504935][ T4193]  ? load_image+0x3b0/0x3b0
[  502.509473][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  502.514602][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  502.519638][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  502.524341][ T4193]  kobject_add_internal+0x662/0xd00
[  502.529570][ T4193]  kobject_add+0x152/0x210
[  502.534009][ T4193]  ? kobject_init+0x1d0/0x1d0
[  502.538719][ T4193]  ? klist_children_get+0x50/0x50
[  502.543760][ T4193]  ? get_device_parent+0x121/0x3f0
[  502.548893][ T4193]  device_add+0x483/0xfb0
[  502.553247][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  502.558198][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  502.563492][ T4193]  ? release_firmware_map_entry+0x190/0x190
[  502.569404][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  502.574518][ T4193]  ? preempt_schedule_common+0xa5/0xd0
[  502.579981][ T4193]  ? preempt_schedule+0xa7/0xb0
[  502.584863][ T4193]  ? schedule_preempt_disabled+0x20/0x20
[  502.590504][ T4193]  ? __mutex_trylock_common+0x14f/0x250
[  502.596070][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  502.600938][ T4193]  ? hci_event_packet+0x36d/0x12f0
[  502.606066][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  502.611102][ T4193]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  502.617185][ T4193]  ? lock_chain_count+0x20/0x20
[  502.622052][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  502.628124][ T4193]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  502.633772][ T4193]  ? mutex_unlock+0x10/0x10
[  502.638297][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  502.644497][ T4193]  hci_event_packet+0xe05/0x12f0
[  502.649452][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  502.654669][ T4193]  ? rcu_lock_release+0x20/0x20
[  502.659544][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  502.665030][ T4193]  hci_rx_work+0x255/0xa10
[  502.669533][ T4193]  process_one_work+0x863/0x1000
[  502.674503][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  502.680142][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  502.685443][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  502.690491][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  502.695882][ T4193]  ? wq_worker_running+0x97/0x170
[  502.700942][ T4193]  worker_thread+0xaa8/0x12a0
[  502.705639][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  502.711560][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  502.716776][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  502.722690][ T4193]  kthread+0x436/0x520
[  502.726769][ T4193]  ? rcu_lock_release+0x20/0x20
[  502.731720][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  502.736331][ T4193]  ret_from_fork+0x1f/0x30
[  502.740776][ T4193]  </TASK>
[  502.768851][    C0] hrtimer: interrupt took 25028208 ns
[  502.785748][ T4193] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  502.802359][ T4193] Bluetooth: hci3: failed to register connection device
[  502.874248][ T4184] XFS (loop1): Unmounting Filesystem
[  502.886908][ T9104] netlink: 15 bytes leftover after parsing attributes in process `syz.5.1208'.
[  502.955037][ T9104] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1208'.
[  503.316197][ T9115] loop4: detected capacity change from 0 to 128
[  503.561505][   T26] audit: type=1800 audit(1760570940.777:47): pid=9115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1213" name="file2" dev="loop4" ino=1048629 res=0 errno=0
[  503.695887][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  503.708013][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  503.715591][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  503.725651][ T4193] Workqueue: hci4 hci_rx_work
[  503.730340][ T4193] Call Trace:
[  503.733644][ T4193]  <TASK>
[  503.736585][ T4193]  dump_stack_lvl+0x168/0x230
[  503.741274][ T4193]  ? show_regs_print_info+0x20/0x20
[  503.746480][ T4193]  ? load_image+0x3b0/0x3b0
[  503.751023][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  503.756237][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  503.761360][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  503.766076][ T4193]  kobject_add_internal+0x662/0xd00
[  503.771291][ T4193]  kobject_add+0x152/0x210
[  503.775715][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  503.781877][ T4193]  ? kobject_init+0x1d0/0x1d0
[  503.786565][ T4193]  ? get_device_parent+0x8b/0x3f0
[  503.791610][ T4193]  ? get_device_parent+0x121/0x3f0
[  503.796738][ T4193]  device_add+0x483/0xfb0
[  503.801080][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  503.806031][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  503.811327][ T4193]  ? release_firmware_map_entry+0x190/0x190
[  503.817241][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  503.822361][ T4193]  ? preempt_schedule_common+0xa5/0xd0
[  503.827825][ T4193]  ? preempt_schedule+0xa7/0xb0
[  503.832680][ T4193]  ? schedule_preempt_disabled+0x20/0x20
[  503.838321][ T4193]  ? __mutex_trylock_common+0x14f/0x250
[  503.843879][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  503.848738][ T4193]  ? hci_event_packet+0x36d/0x12f0
[  503.853860][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  503.858899][ T4193]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  503.864893][ T4193]  ? lock_chain_count+0x20/0x20
[  503.869749][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  503.875819][ T4193]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  503.881459][ T4193]  ? mutex_unlock+0x10/0x10
[  503.885969][ T4193]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  503.891621][ T4193]  hci_event_packet+0xe05/0x12f0
[  503.896567][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  503.901780][ T4193]  ? rcu_lock_release+0x20/0x20
[  503.906644][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  503.911845][ T4193]  hci_rx_work+0x255/0xa10
[  503.916279][ T4193]  process_one_work+0x863/0x1000
[  503.921233][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  503.926865][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  503.932157][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  503.937183][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  503.942560][ T4193]  ? wq_worker_running+0x97/0x170
[  503.947587][ T4193]  worker_thread+0xaa8/0x12a0
[  503.952284][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  503.958194][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  503.963402][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  503.969315][ T4193]  kthread+0x436/0x520
[  503.973393][ T4193]  ? rcu_lock_release+0x20/0x20
[  503.978254][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  503.982857][ T4193]  ret_from_fork+0x1f/0x30
[  503.987300][ T4193]  </TASK>
[  503.991251][    C0] vkms_vblank_simulate: vblank timer overrun
[  504.020602][    C0] vkms_vblank_simulate: vblank timer overrun
[  504.032136][ T4193] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  504.046028][ T4193] Bluetooth: hci4: failed to register connection device
[  504.067674][    C0] vkms_vblank_simulate: vblank timer overrun
[  504.287870][ T9126] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  504.582486][ T8591] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  504.812158][  T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  504.822709][  T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0
[  504.830179][  T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  504.840240][  T146] Workqueue: hci4 hci_rx_work
[  504.844931][  T146] Call Trace:
[  504.848227][  T146]  <TASK>
[  504.851165][  T146]  dump_stack_lvl+0x168/0x230
[  504.855859][  T146]  ? show_regs_print_info+0x20/0x20
[  504.861073][  T146]  ? load_image+0x3b0/0x3b0
[  504.865733][  T146]  sysfs_create_dir_ns+0x252/0x280
[  504.870866][  T146]  ? __lock_acquire+0x7c60/0x7c60
[  504.875933][  T146]  ? sysfs_warn_dup+0xa0/0xa0
[  504.880622][  T146]  ? le_conn_complete_evt+0xcbc/0x1590
[  504.886215][  T146]  ? hci_event_packet+0xe05/0x12f0
[  504.891360][  T146]  ? process_one_work+0x863/0x1000
[  504.896498][  T146]  ? do_raw_spin_unlock+0x11d/0x230
[  504.901728][  T146]  kobject_add_internal+0x662/0xd00
[  504.906953][  T146]  kobject_add+0x152/0x210
[  504.911409][  T146]  ? kobject_init+0x1d0/0x1d0
[  504.916110][  T146]  ? klist_children_get+0x50/0x50
[  504.921164][  T146]  ? get_device_parent+0x121/0x3f0
[  504.926385][  T146]  device_add+0x483/0xfb0
[  504.930745][  T146]  hci_conn_add_sysfs+0xd1/0x1e0
[  504.935705][  T146]  le_conn_complete_evt+0xcbc/0x1590
[  504.941024][  T146]  ? cs_le_create_conn+0x5e0/0x5e0
[  504.946162][  T146]  ? __mutex_trylock_common+0x14f/0x250
[  504.951727][  T146]  hci_le_meta_evt+0x289/0x3b80
[  504.956589][  T146]  ? hci_event_packet+0x36d/0x12f0
[  504.961717][  T146]  ? mark_lock+0x94/0x320
[  504.966065][  T146]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  504.972070][  T146]  ? lock_chain_count+0x20/0x20
[  504.976958][  T146]  ? hci_remote_host_features_evt+0x280/0x280
[  504.983061][  T146]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  504.989232][  T146]  ? lockdep_hardirqs_on+0x94/0x140
[  504.994453][  T146]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  505.000638][  T146]  ? hci_event_packet+0x37c/0x12f0
[  505.005775][  T146]  hci_event_packet+0xe05/0x12f0
[  505.010728][  T146]  ? lockdep_hardirqs_on+0x94/0x140
[  505.015950][  T146]  ? rcu_lock_release+0x20/0x20
[  505.020823][  T146]  ? hci_send_to_monitor+0x9c/0x4a0
[  505.026058][  T146]  hci_rx_work+0x255/0xa10
[  505.030552][  T146]  process_one_work+0x863/0x1000
[  505.035526][  T146]  ? worker_detach_from_pool+0x240/0x240
[  505.041172][  T146]  ? lockdep_hardirqs_off+0x70/0x100
[  505.046513][  T146]  ? _raw_spin_lock_irq+0xab/0xe0
[  505.051552][  T146]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  505.056937][  T146]  ? wq_worker_running+0x97/0x170
[  505.061976][  T146]  worker_thread+0xaa8/0x12a0
[  505.066696][  T146]  kthread+0x436/0x520
[  505.070775][  T146]  ? rcu_lock_release+0x20/0x20
[  505.075640][  T146]  ? kthread_blkcg+0xd0/0xd0
[  505.080244][  T146]  ret_from_fork+0x1f/0x30
[  505.084695][  T146]  </TASK>
[  505.088666][    C0] vkms_vblank_simulate: vblank timer overrun
[  505.137683][  T146] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  505.147241][    C0] vkms_vblank_simulate: vblank timer overrun
[  505.151176][  T146] Bluetooth: hci4: failed to register connection device
[  505.741814][ T8591] usb 2-1: Using ep0 maxpacket: 32
[  505.884167][ T9165] Cannot find set identified by id 65534 to match
[  506.022118][ T8591] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  506.060678][ T8591] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.091945][ T9174] loop5: detected capacity change from 0 to 512
[  506.110033][ T8591] usb 2-1: Product: syz
[  506.125196][ T8591] usb 2-1: Manufacturer: syz
[  506.140576][ T8591] usb 2-1: SerialNumber: syz
[  506.175900][ T9174] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  506.197350][ T8591] usb 2-1: config 0 descriptor??
[  506.255649][ T9174] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.1233: bg 0: block 5: invalid block bitmap
[  506.283107][ T9174] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6178: Corrupt filesystem
[  506.293668][ T9174] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1233: invalid indirect mapped block 3 (level 2)
[  506.308872][ T9174] EXT4-fs (loop5): 2 truncates cleaned up
[  506.315226][ T9174] EXT4-fs (loop5): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000000006,dioread_nolock,grpquota,,errors=continue. Quota mode: writeback.
[  506.345000][ T8591] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  506.352575][ T9174] EXT4-fs error (device loop5): empty_inline_dir:1863: inode #12: block 7: comm syz.5.1233: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0
[  506.387208][ T9174] EXT4-fs warning (device loop5): empty_inline_dir:1870: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60
[  506.441932][ T1108] Bluetooth: hci0: command 0x0406 tx timeout
[  507.152152][ T8591] gspca_ov534_9: reg_w failed -71
[  507.155801][ T9201] loop4: detected capacity change from 0 to 4096
[  507.271627][ T9206] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  507.437170][ T9205] loop5: detected capacity change from 0 to 4096
[  507.542084][ T8591] gspca_ov534_9: Unknown sensor 0000
[  507.542195][ T8591] ov534_9: probe of 2-1:0.0 failed with error -22
[  507.594452][ T8591] usb 2-1: USB disconnect, device number 6
[  507.646277][ T9205] ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  507.928749][ T9205] ntfs: volume version 3.1.
[  508.041893][ T1108] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  508.062643][ T9222] loop1: detected capacity change from 0 to 1764
[  508.422096][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.445048][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  508.490982][ T1108] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  508.538995][ T1108] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  508.590495][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.635293][ T1108] usb 5-1: config 0 descriptor??
[  508.841682][ T8691] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  509.001713][ T8357] Bluetooth: hci3: command 0x0406 tx timeout
[  509.114902][ T1108] plantronics 0003:047F:FFFF.0009: unbalanced delimiter at end of report description
[  509.163749][ T1108] plantronics 0003:047F:FFFF.0009: parse failed
[  509.170917][ T1108] plantronics: probe of 0003:047F:FFFF.0009 failed with error -22
[  509.367033][ T1108] usb 5-1: USB disconnect, device number 8
[  509.631849][ T8691] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  509.640159][ T8691] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  509.685508][ T9237] ax25_connect(): syz.5.1261 uses autobind, please contact jreuter@yaina.de
[  509.686323][ T8691] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  509.732577][ T8691] usb 2-1: config 220 has no interface number 2
[  509.768486][ T8691] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  509.821562][ T8691] usb 2-1: config 220 interface 0 has no altsetting 0
[  509.845946][ T8691] usb 2-1: config 220 interface 76 has no altsetting 0
[  509.858801][ T8691] usb 2-1: config 220 interface 1 has no altsetting 0
[  510.057086][ T8691] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  510.080804][ T8691] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.109334][ T8691] usb 2-1: Product: syz
[  510.129326][ T8691] usb 2-1: Manufacturer: syz
[  510.286322][ T8364] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  510.294717][ T8691] usb 2-1: SerialNumber: syz
[  510.304408][ T8687] Bluetooth: hci4: command 0x0406 tx timeout
[  510.632735][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  510.646311][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  510.653966][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  510.664194][ T4193] Workqueue: hci4 hci_rx_work
[  510.668910][ T4193] Call Trace:
[  510.672193][ T4193]  <TASK>
[  510.675135][ T4193]  dump_stack_lvl+0x168/0x230
[  510.679842][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  510.686010][ T4193]  ? show_regs_print_info+0x20/0x20
[  510.691212][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  510.697388][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  510.702521][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  510.707566][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  510.712260][ T4193]  kobject_add_internal+0x662/0xd00
[  510.717470][ T4193]  kobject_add+0x152/0x210
[  510.722070][ T4193]  ? kobject_init+0x1d0/0x1d0
[  510.726771][ T4193]  ? klist_children_get+0x50/0x50
[  510.731821][ T4193]  ? get_device_parent+0x121/0x3f0
[  510.736943][ T4193]  device_add+0x483/0xfb0
[  510.741287][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  510.746232][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  510.751544][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  510.756661][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  510.761887][ T4193]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  510.767552][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  510.772408][ T4193]  ? hci_event_packet+0x36d/0x12f0
[  510.777526][ T4193]  ? hci_event_packet+0x2e2/0x12f0
[  510.782654][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  510.787693][ T4193]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  510.793339][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  510.799428][ T4193]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  510.805167][ T4193]  ? mutex_unlock+0x10/0x10
[  510.809707][ T4193]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  510.815713][ T4193]  ? lock_chain_count+0x20/0x20
[  510.820589][ T4193]  hci_event_packet+0xe05/0x12f0
[  510.825555][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  510.831737][ T4193]  ? rcu_lock_release+0x20/0x20
[  510.836621][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  510.841835][ T4193]  hci_rx_work+0x255/0xa10
[  510.846277][ T4193]  process_one_work+0x863/0x1000
[  510.851242][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  510.856887][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  510.862192][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  510.867227][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  510.872119][ T9255] loop4: detected capacity change from 0 to 256
[  510.872654][ T4193]  ? wq_worker_running+0x97/0x170
[  510.883909][ T4193]  worker_thread+0xaa8/0x12a0
[  510.888599][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  510.894523][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  510.899740][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  510.905663][ T4193]  kthread+0x436/0x520
[  510.909759][ T4193]  ? rcu_lock_release+0x20/0x20
[  510.914620][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  510.919218][ T4193]  ret_from_fork+0x1f/0x30
[  510.923651][ T4193]  </TASK>
[  510.927009][    C0] vkms_vblank_simulate: vblank timer overrun
[  510.956004][    C0] vkms_vblank_simulate: vblank timer overrun
[  510.968794][ T4193] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  510.978603][ T8364] usb 4-1: Using ep0 maxpacket: 8
[  510.982846][ T4193] Bluetooth: hci4: failed to register connection device
[  511.002613][    C0] vkms_vblank_simulate: vblank timer overrun
[  511.072176][ T8691] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  511.081755][ T8691] usb 2-1: No valid video chain found.
[  511.087320][ T8691] usb 2-1: selecting invalid altsetting 0
[  511.333029][ T8691] usb 2-1: selecting invalid altsetting 0
[  511.338822][ T8691] usbtest: probe of 2-1:220.1 failed with error -22
[  511.345748][ T8364] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  511.351405][ T9260] FAT-fs (loop4): error, clusters badly computed (3 != 1)
[  511.361701][ T8364] usb 4-1: config 0 has no interface number 0
[  511.879789][ T8691] usb 2-1: USB disconnect, device number 7
[  512.101753][ T8364] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  512.110984][ T8364] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.131647][ T8364] usb 4-1: Product: syz
[  512.135853][ T8364] usb 4-1: Manufacturer: syz
[  512.140461][ T8364] usb 4-1: SerialNumber: syz
[  512.162156][ T8364] usb 4-1: config 0 descriptor??
[  512.367803][ T9271] loop4: detected capacity change from 0 to 512
[  512.384725][ T9268] loop1: detected capacity change from 0 to 4096
[  512.442020][ T8364] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  512.454534][ T9268] EXT4-fs (loop1): Test dummy encryption mode enabled
[  512.458894][ T9271] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  512.494484][ T8364] usb 4-1: No valid video chain found.
[  512.533659][ T8364] usb 4-1: USB disconnect, device number 4
[  512.549927][ T9268] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  512.589753][ T9268] System zones: 0-5
[  512.618535][ T9271] EXT4-fs (loop4): 1 truncate cleaned up
[  512.633423][ T9268] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback.
[  512.666673][ T9271] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,lazytime,quota,. Quota mode: writeback.
[  512.913946][ T9268] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  513.273768][ T9296] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1283'.
[  513.341797][ T8595] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  513.349668][ T9299] loop4: detected capacity change from 0 to 128
[  513.373590][ T9299] qnx6: invalid mount options.
[  513.520020][ T9297] loop5: detected capacity change from 0 to 8192
[  513.641919][ T8595] usb 4-1: Using ep0 maxpacket: 16
[  513.776829][ T9297] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  513.787730][ T8595] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice=a3.85
[  513.861955][ T9297] REISERFS (device loop5): using ordered data mode
[  513.863891][ T8595] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.868537][ T9297] reiserfs: using flush barriers
[  513.931939][ T9297] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  513.963276][ T8595] usb 4-1: config 0 descriptor??
[  513.974812][ T9297] REISERFS (device loop5): checking transaction log (loop5)
[  514.025131][ T9297] REISERFS (device loop5): Using tea hash to sort names
[  514.039917][ T8595] usb 4-1: interface 1 not found
[  514.066713][ T9297] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  514.287770][ T4307] usb 4-1: USB disconnect, device number 5
[  514.439102][ T9315] loop1: detected capacity change from 0 to 2048
[  514.664734][ T9315] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  514.712054][ T9315] UDF-fs: Scanning with blocksize 512 failed
[  514.796754][ T9315] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  514.948110][ T9329] loop4: detected capacity change from 0 to 512
[  515.718116][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.973167][  T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  515.987165][  T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0
[  515.994648][  T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  516.004706][  T146] Workqueue: hci0 hci_rx_work
[  516.009401][  T146] Call Trace:
[  516.012690][  T146]  <TASK>
[  516.015638][  T146]  dump_stack_lvl+0x168/0x230
[  516.020339][  T146]  ? show_regs_print_info+0x20/0x20
[  516.025545][  T146]  ? load_image+0x3b0/0x3b0
[  516.030091][  T146]  sysfs_create_dir_ns+0x252/0x280
[  516.035230][  T146]  ? sysfs_warn_dup+0xa0/0xa0
[  516.039930][  T146]  kobject_add_internal+0x662/0xd00
[  516.045147][  T146]  kobject_add+0x152/0x210
[  516.049576][  T146]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  516.055739][  T146]  ? kobject_init+0x1d0/0x1d0
[  516.060421][  T146]  ? get_device_parent+0x8b/0x3f0
[  516.065454][  T146]  ? get_device_parent+0x121/0x3f0
[  516.070575][  T146]  device_add+0x483/0xfb0
[  516.074931][  T146]  hci_conn_add_sysfs+0xd1/0x1e0
[  516.079878][  T146]  le_conn_complete_evt+0xcbc/0x1590
[  516.085184][  T146]  ? cs_le_create_conn+0x5e0/0x5e0
[  516.090325][  T146]  ? skb_pull+0x76/0x130
[  516.094574][  T146]  hci_le_meta_evt+0x289/0x3b80
[  516.099431][  T146]  ? hci_event_packet+0x36d/0x12f0
[  516.104552][  T146]  ? __lock_acquire+0x7c60/0x7c60
[  516.109591][  T146]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  516.115752][  T146]  ? hci_remote_host_features_evt+0x280/0x280
[  516.121827][  T146]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  516.127474][  T146]  ? mutex_unlock+0x10/0x10
[  516.131983][  T146]  ? mark_lock+0x94/0x320
[  516.136329][  T146]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  516.142355][  T146]  hci_event_packet+0xe05/0x12f0
[  516.147324][  T146]  ? rcu_lock_release+0x20/0x20
[  516.152206][  T146]  ? hci_rx_work+0x248/0xa10
[  516.156820][  T146]  hci_rx_work+0x255/0xa10
[  516.161258][  T146]  process_one_work+0x863/0x1000
[  516.166221][  T146]  ? worker_detach_from_pool+0x240/0x240
[  516.171859][  T146]  ? lockdep_hardirqs_off+0x70/0x100
[  516.177159][  T146]  ? _raw_spin_lock_irq+0xab/0xe0
[  516.182195][  T146]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  516.187574][  T146]  ? wq_worker_running+0x97/0x170
[  516.192605][  T146]  worker_thread+0xaa8/0x12a0
[  516.197333][  T146]  kthread+0x436/0x520
[  516.201423][  T146]  ? rcu_lock_release+0x20/0x20
[  516.206273][  T146]  ? kthread_blkcg+0xd0/0xd0
[  516.210872][  T146]  ret_from_fork+0x1f/0x30
[  516.215308][  T146]  </TASK>
[  516.218892][    C0] vkms_vblank_simulate: vblank timer overrun
[  516.244025][    C0] vkms_vblank_simulate: vblank timer overrun
[  516.258205][  T146] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  516.271689][  T146] Bluetooth: hci0: failed to register connection device
[  516.286938][    C0] vkms_vblank_simulate: vblank timer overrun
[  516.397506][ T9362] fuse: Bad value for 'fd'
[  516.585879][ T9369] 9pnet: Insufficient options for proto=fd
[  516.710545][  T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  516.720759][  T146] CPU: 1 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0
[  516.728236][  T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  516.738305][  T146] Workqueue: hci3 hci_rx_work
[  516.743006][  T146] Call Trace:
[  516.746295][  T146]  <TASK>
[  516.749236][  T146]  dump_stack_lvl+0x168/0x230
[  516.753933][  T146]  ? show_regs_print_info+0x20/0x20
[  516.759148][  T146]  ? load_image+0x3b0/0x3b0
[  516.763683][  T146]  sysfs_create_dir_ns+0x252/0x280
[  516.768807][  T146]  ? __lock_acquire+0x7c60/0x7c60
[  516.773865][  T146]  ? sysfs_warn_dup+0xa0/0xa0
[  516.778556][  T146]  ? le_conn_complete_evt+0xcbc/0x1590
[  516.784071][  T146]  ? hci_event_packet+0xe05/0x12f0
[  516.789203][  T146]  ? process_one_work+0x863/0x1000
[  516.794326][  T146]  ? do_raw_spin_unlock+0x11d/0x230
[  516.799545][  T146]  kobject_add_internal+0x662/0xd00
[  516.804762][  T146]  kobject_add+0x152/0x210
[  516.809192][  T146]  ? kobject_init+0x1d0/0x1d0
[  516.813879][  T146]  ? klist_children_get+0x50/0x50
[  516.818922][  T146]  ? get_device_parent+0x121/0x3f0
[  516.824069][  T146]  device_add+0x483/0xfb0
[  516.828429][  T146]  hci_conn_add_sysfs+0xd1/0x1e0
[  516.833385][  T146]  le_conn_complete_evt+0xcbc/0x1590
[  516.838804][  T146]  ? cs_le_create_conn+0x5e0/0x5e0
[  516.843947][  T146]  ? finish_task_switch+0x12f/0x640
[  516.849185][  T146]  ? __mutex_trylock_common+0x14f/0x250
[  516.854768][  T146]  hci_le_meta_evt+0x289/0x3b80
[  516.859638][  T146]  ? hci_event_packet+0x36d/0x12f0
[  516.864763][  T146]  ? hci_event_packet+0x2e2/0x12f0
[  516.869884][  T146]  ? __lock_acquire+0x7c60/0x7c60
[  516.874920][  T146]  ? mark_lock+0x94/0x320
[  516.879269][  T146]  ? hci_remote_host_features_evt+0x280/0x280
[  516.885350][  T146]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  516.891030][  T146]  ? mark_lock+0x94/0x320
[  516.895373][  T146]  ? mutex_unlock+0x10/0x10
[  516.899920][  T146]  ? mark_lock+0x94/0x320
[  516.904259][  T146]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  516.910266][  T146]  hci_event_packet+0xe05/0x12f0
[  516.915221][  T146]  ? rcu_lock_release+0x20/0x20
[  516.920092][  T146]  hci_rx_work+0x255/0xa10
[  516.924534][  T146]  process_one_work+0x863/0x1000
[  516.929490][  T146]  ? worker_detach_from_pool+0x240/0x240
[  516.935130][  T146]  ? lockdep_hardirqs_off+0x70/0x100
[  516.940425][  T146]  ? _raw_spin_lock_irq+0xab/0xe0
[  516.945614][  T146]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  516.951018][  T146]  ? wq_worker_running+0x97/0x170
[  516.956066][  T146]  worker_thread+0xaa8/0x12a0
[  516.960790][  T146]  kthread+0x436/0x520
[  516.964870][  T146]  ? rcu_lock_release+0x20/0x20
[  516.969728][  T146]  ? kthread_blkcg+0xd0/0xd0
[  516.974331][  T146]  ret_from_fork+0x1f/0x30
[  516.978773][  T146]  </TASK>
[  516.996174][  T146] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  517.010426][  T146] Bluetooth: hci3: failed to register connection device
[  517.821725][ T8359] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  517.935372][ T9407] loop4: detected capacity change from 0 to 512
[  518.001336][ T9407] EXT4-fs (loop4): Ignoring removed bh option
[  518.041977][ T9407] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  518.112557][ T9407] EXT4-fs (loop4): 1 truncate cleaned up
[  518.118241][ T9407] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  518.221830][ T8359] usb 6-1: unable to get BOS descriptor or descriptor too short
[  518.311938][ T8359] usb 6-1: unable to read config index 0 descriptor/start: -71
[  518.319561][ T8359] usb 6-1: can't read configurations, error -71
[  518.568633][ T9420] overlayfs: failed to clone upperpath
[  518.694318][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  518.707269][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  518.714847][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  518.724920][ T4193] Workqueue: hci1 hci_rx_work
[  518.729622][ T4193] Call Trace:
[  518.732915][ T4193]  <TASK>
[  518.735862][ T4193]  dump_stack_lvl+0x168/0x230
[  518.740560][ T4193]  ? show_regs_print_info+0x20/0x20
[  518.745781][ T4193]  ? load_image+0x3b0/0x3b0
[  518.750315][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  518.755450][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  518.760157][ T4193]  kobject_add_internal+0x662/0xd00
[  518.765388][ T4193]  kobject_add+0x152/0x210
[  518.769831][ T4193]  ? kobject_init+0x1d0/0x1d0
[  518.774518][ T4193]  ? klist_children_get+0x50/0x50
[  518.779551][ T4193]  ? get_device_parent+0x121/0x3f0
[  518.784671][ T4193]  device_add+0x483/0xfb0
[  518.789103][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  518.794055][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  518.799359][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  518.804478][ T4193]  ? lock_chain_count+0x20/0x20
[  518.809343][ T4193]  ? mark_lock+0x94/0x320
[  518.813690][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  518.818556][ T4193]  ? mark_lock+0x94/0x320
[  518.822902][ T4193]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  518.828911][ T4193]  ? lock_chain_count+0x20/0x20
[  518.833777][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  518.839851][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  518.846013][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  518.851223][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  518.857466][ T4193]  ? hci_event_packet+0x5cf/0x12f0
[  518.862604][ T4193]  hci_event_packet+0xe05/0x12f0
[  518.867563][ T4193]  ? rcu_lock_release+0x20/0x20
[  518.872425][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  518.877628][ T4193]  hci_rx_work+0x255/0xa10
[  518.882073][ T4193]  process_one_work+0x863/0x1000
[  518.887043][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  518.892687][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  518.897981][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  518.903007][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  518.908387][ T4193]  ? wq_worker_running+0x97/0x170
[  518.913418][ T4193]  worker_thread+0xaa8/0x12a0
[  518.918107][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  518.924042][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  518.929248][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  518.935186][ T4193]  kthread+0x436/0x520
[  518.939270][ T4193]  ? rcu_lock_release+0x20/0x20
[  518.944127][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  518.948734][ T4193]  ret_from_fork+0x1f/0x30
[  518.953178][ T4193]  </TASK>
[  518.956410][    C0] vkms_vblank_simulate: vblank timer overrun
[  518.982834][    C0] vkms_vblank_simulate: vblank timer overrun
[  518.996962][ T4193] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  519.010532][ T4193] Bluetooth: hci1: failed to register connection device
[  519.027118][    C0] vkms_vblank_simulate: vblank timer overrun
[  519.111650][ T9424] loop4: detected capacity change from 0 to 128
[  519.303371][ T9424] qnx6: invalid mount options.
[  519.516258][ T9437] usb usb8: usbfs: process 9437 (syz.5.1337) did not claim interface 0 before use
[  520.714881][ T9467] loop4: detected capacity change from 0 to 128
[  520.826007][ T9467] qnx6: invalid mount options.
[  521.358837][ T9473] loop4: detected capacity change from 0 to 1024
[  521.453934][ T9475] loop1: detected capacity change from 0 to 1024
[  521.516482][ T9475] EXT4-fs (loop1): inline encryption not supported
[  521.540776][ T9473] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none.
[  521.555597][ T9475] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  521.574352][ T9473] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  521.626202][ T9475] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,norecovery,user_xattr,grpquota,discard,user_xattr,mb_optimize_scan=0x0000000000000001,errors=remount-ro,lazytime,. Quota mode: writeback.
[  521.702881][ T9473] EXT4-fs error (device loop4): ext4_map_blocks:739: inode #15: comm syz.4.1349: lblock 0 mapped to illegal pblock 0 (length 1)
[  521.721361][ T9457] loop5: detected capacity change from 0 to 40427
[  521.819206][ T9457] F2FS-fs (loop5): invalid crc value
[  521.907661][ T9457] F2FS-fs (loop5): Found nat_bits in checkpoint
[  522.221663][ T8687] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  522.239610][ T9457] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  522.358710][ T6455] attempt to access beyond end of device
[  522.358710][ T6455] loop5: rw=2049, want=45104, limit=40427
[  522.951750][ T8687] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  522.960922][ T8687] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.011805][ T8687] usb 4-1: Product: syz
[  523.016013][ T8687] usb 4-1: Manufacturer: syz
[  523.020610][ T8687] usb 4-1: SerialNumber: syz
[  523.113644][ T8687] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  523.234212][ T9518] loop1: detected capacity change from 0 to 8
[  523.375832][ T9518] SQUASHFS error: zlib decompression failed, data probably corrupt
[  523.426646][ T9518] SQUASHFS error: Failed to read block 0x9b: -5
[  523.442011][ T9518] SQUASHFS error: Unable to read metadata cache entry [99]
[  523.457396][ T9518] SQUASHFS error: Unable to read inode 0x127
[  523.584353][ T9518] overlayfs: failed to set xattr on upper
[  523.590732][ T9518] overlayfs: ...falling back to index=off,metacopy=off.
[  523.614105][ T9525] tipc: Started in network mode
[  523.619477][ T9525] tipc: Node identity , cluster identity 4711
[  523.691964][ T9525] tipc: Failed to obtain node identity
[  523.707808][ T9525] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  523.736661][ T9512] loop4: detected capacity change from 0 to 32768
[  523.781259][ T9512] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1362 (9512)
[  523.811818][ T8687] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  523.926081][ T9512] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  523.975970][ T9512] BTRFS info (device loop4): using free space tree
[  524.005571][ T9532] loop5: detected capacity change from 0 to 256
[  524.006897][ T9512] BTRFS info (device loop4): has skinny extents
[  524.027924][ T9487] udc-core: couldn't find an available UDC or it's busy
[  524.073961][ T9487] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  524.113645][ T8364] usb 4-1: USB disconnect, device number 6
[  524.156501][ T9532] exfat: Deprecated parameter 'utf8'
[  524.237905][ T9532] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  524.416943][ T9512] BTRFS info (device loop4): enabling ssd optimizations
[  524.552544][ T9530] loop1: detected capacity change from 0 to 40427
[  524.621152][ T9530] F2FS-fs (loop1): invalid crc value
[  524.706905][ T9530] F2FS-fs (loop1): Found nat_bits in checkpoint
[  524.842022][ T8687] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  524.849398][ T8687] ath9k_htc: Failed to initialize the device
[  524.914915][ T8364] usb 4-1: ath9k_htc: USB layer deinitialized
[  524.976266][ T9530] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  525.071394][ T9530] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  525.177813][ T9530] attempt to access beyond end of device
[  525.177813][ T9530] loop1: rw=2049, want=45104, limit=40427
[  525.285536][ T9569] attempt to access beyond end of device
[  525.285536][ T9569] loop1: rw=10241, want=53256, limit=40427
[  526.209847][ T9590] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  526.209847][ T9590] The task syz.4.1380 (9590) triggered the difference, watch for misbehavior.
[  526.362579][ T9596] loop1: detected capacity change from 0 to 256
[  526.528276][ T9596] FAT-fs (loop1): Directory bread(block 64) failed
[  526.884171][ T9596] FAT-fs (loop1): Directory bread(block 65) failed
[  526.897778][ T9596] FAT-fs (loop1): Directory bread(block 66) failed
[  526.940409][ T9596] FAT-fs (loop1): Directory bread(block 67) failed
[  526.980680][ T9596] FAT-fs (loop1): Directory bread(block 68) failed
[  527.088157][ T9596] FAT-fs (loop1): Directory bread(block 69) failed
[  527.101834][ T9596] FAT-fs (loop1): Directory bread(block 70) failed
[  527.132469][ T9596] FAT-fs (loop1): Directory bread(block 71) failed
[  527.166042][ T9596] FAT-fs (loop1): Directory bread(block 72) failed
[  527.203248][ T9596] FAT-fs (loop1): Directory bread(block 73) failed
[  527.791236][ T9634] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1394'.
[  528.625985][ T9655] loop5: detected capacity change from 0 to 32768
[  528.711733][ T9653] loop4: detected capacity change from 0 to 4096
[  528.721205][ T9655] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.1404 (9655)
[  528.801713][ T9655] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  528.810515][ T9655] BTRFS info (device loop5): disabling free space tree
[  528.817494][ T9655] BTRFS info (device loop5): max_inline at 0
[  528.823609][ T9655] BTRFS info (device loop5): setting nodatasum
[  528.829785][ T9655] BTRFS info (device loop5): turning off barriers
[  528.836247][ T9655] BTRFS info (device loop5): turning on flush-on-commit
[  528.843228][ T9655] BTRFS info (device loop5): doing ref verification
[  528.849835][ T9655] BTRFS info (device loop5): use no compression
[  528.856227][ T9655] BTRFS info (device loop5): force clearing of disk cache
[  528.863411][ T9655] BTRFS info (device loop5): enabling ssd optimizations
[  528.870410][ T9655] BTRFS info (device loop5): max_inline at 0
[  528.876449][ T9655] BTRFS info (device loop5): has skinny extents
[  528.913135][ T9663] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  529.123407][ T9655] BTRFS info (device loop5): clearing free space tree
[  529.130935][ T9655] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  529.141109][ T9655] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  531.289535][ T9710] wg2 speed is unknown, defaulting to 1000
[  531.317198][ T9713] device syzkaller1 entered promiscuous mode
[  531.720332][ T9716] loop4: detected capacity change from 0 to 32768
[  531.774761][ T9716] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1417 (9716)
[  531.816061][ T9716] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  531.824881][ T9716] BTRFS info (device loop4): enabling disk space caching
[  531.832091][ T9716] BTRFS info (device loop4): enabling ssd optimizations
[  531.839086][ T9716] BTRFS info (device loop4): force clearing of disk cache
[  531.846265][ T9716] BTRFS info (device loop4): turning off barriers
[  531.852762][ T9716] BTRFS info (device loop4): setting nodatacow, compression disabled
[  531.860865][ T9716] BTRFS info (device loop4): using spread ssd allocation scheme
[  531.868659][ T9716] BTRFS info (device loop4): disk space caching is enabled
[  531.875911][ T9716] BTRFS info (device loop4): has skinny extents
[  532.217622][ T9716] BTRFS info (device loop4): clearing free space tree
[  532.224970][ T9716] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  532.234689][ T9716] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  532.349781][   T26] audit: type=1800 audit(1760570969.567:48): pid=9716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1417" name="file3" dev="loop4" ino=261 res=0 errno=0
[  532.360371][ T9716] Invalid ELF header magic: != ELF
[  532.635058][ T8833] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop4 scanned by udevd (8833)
[  534.191707][ T9789] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  534.396084][ T9805] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1438'.
[  534.431960][ T9789] usb 2-1: Using ep0 maxpacket: 16
[  534.703085][ T9805] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  534.742165][ T9789] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.803937][ T9789] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  534.945848][ T9789] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  535.161762][ T9789] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  535.445968][ T9789] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.676915][ T9789] usb 2-1: config 0 descriptor??
[  535.732289][ T9789] usb 2-1: can't set config #0, error -71
[  535.769703][ T9789] usb 2-1: USB disconnect, device number 8
[  535.776237][   T26] audit: type=1326 audit(1760570972.987:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9830 comm="syz.3.1443" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd0ac236ec9 code=0x0
[  535.824298][ T9839] loop1: detected capacity change from 0 to 64
[  536.487378][ T9843] loop4: detected capacity change from 0 to 32768
[  536.966228][ T9843] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  537.046780][ T9868] loop2: detected capacity change from 0 to 7
[  537.074792][ T9868] Dev loop2: unable to read RDB block 7
[  537.121421][ T4498] (kworker/u4:11,4498,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  537.149432][ T9868]  loop2: unable to read partition table
[  537.292846][ T9868] loop2: partition table beyond EOD, truncated
[  537.299096][ T9868] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  537.628421][ T9876] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1456'.
[  537.715574][ T4193] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  537.728551][ T4193] CPU: 0 PID: 4193 Comm: kworker/u5:4 Not tainted syzkaller #0
[  537.736167][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  537.746225][ T4193] Workqueue: hci2 hci_rx_work
[  537.750921][ T4193] Call Trace:
[  537.754216][ T4193]  <TASK>
[  537.757149][ T4193]  dump_stack_lvl+0x168/0x230
[  537.761839][ T4193]  ? show_regs_print_info+0x20/0x20
[  537.767046][ T4193]  ? load_image+0x3b0/0x3b0
[  537.771571][ T4193]  sysfs_create_dir_ns+0x252/0x280
[  537.776738][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  537.782906][ T4193]  ? sysfs_warn_dup+0xa0/0xa0
[  537.787614][ T4193]  ? kobject_add_internal+0x654/0xd00
[  537.793004][ T4193]  kobject_add_internal+0x662/0xd00
[  537.798224][ T4193]  kobject_add+0x152/0x210
[  537.802643][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  537.808807][ T4193]  ? kobject_init+0x1d0/0x1d0
[  537.813519][ T4193]  device_add+0x483/0xfb0
[  537.817863][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  537.824033][ T4193]  hci_conn_add_sysfs+0xd1/0x1e0
[  537.829001][ T4193]  le_conn_complete_evt+0xcbc/0x1590
[  537.834318][ T4193]  ? cs_le_create_conn+0x5e0/0x5e0
[  537.839447][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  537.844654][ T4193]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  537.850297][ T4193]  hci_le_meta_evt+0x289/0x3b80
[  537.855151][ T4193]  ? hci_event_packet+0x36d/0x12f0
[  537.860267][ T4193]  ? hci_event_packet+0x2e2/0x12f0
[  537.865382][ T4193]  ? __lock_acquire+0x7c60/0x7c60
[  537.870414][ T4193]  ? release_firmware_map_entry+0x190/0x190
[  537.876317][ T4193]  ? hci_remote_host_features_evt+0x280/0x280
[  537.882402][ T4193]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  537.888054][ T4193]  ? mutex_unlock+0x10/0x10
[  537.892572][ T4193]  ? preempt_schedule+0xa7/0xb0
[  537.897449][ T4193]  ? schedule_preempt_disabled+0x20/0x20
[  537.903094][ T4193]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  537.909267][ T4193]  hci_event_packet+0xe05/0x12f0
[  537.914220][ T4193]  ? rcu_lock_release+0x20/0x20
[  537.919087][ T4193]  ? hci_send_to_monitor+0x9c/0x4a0
[  537.924301][ T4193]  hci_rx_work+0x255/0xa10
[  537.928736][ T4193]  process_one_work+0x863/0x1000
[  537.933722][ T4193]  ? worker_detach_from_pool+0x240/0x240
[  537.939403][ T4193]  ? lockdep_hardirqs_off+0x70/0x100
[  537.944730][ T4193]  ? _raw_spin_lock_irq+0xab/0xe0
[  537.949762][ T4193]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  537.955143][ T4193]  ? wq_worker_running+0x97/0x170
[  537.960177][ T4193]  worker_thread+0xaa8/0x12a0
[  537.964862][ T4193]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  537.970953][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  537.976171][ T4193]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  537.982091][ T4193]  kthread+0x436/0x520
[  537.986174][ T4193]  ? rcu_lock_release+0x20/0x20
[  537.991033][ T4193]  ? kthread_blkcg+0xd0/0xd0
[  537.995632][ T4193]  ret_from_fork+0x1f/0x30
[  538.000083][ T4193]  </TASK>
[  538.118793][ T4193] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  538.132280][ T4193] Bluetooth: hci2: failed to register connection device
[  538.532498][ T9889] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1461'.
[  538.828860][ T4183] ocfs2: Unmounting device (7,4) on (node local)
[  539.283550][ T9852] loop1: detected capacity change from 0 to 40427
[  539.402945][ T4264] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  539.434926][ T9852] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  539.463071][ T9911] loop4: detected capacity change from 0 to 16
[  539.469509][ T9852] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  539.491652][ T9573] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  539.519175][ T9911] erofs: (device loop4): mounted with root inode @ nid 36.
[  539.554782][ T9852] F2FS-fs (loop1): invalid crc value
[  539.560897][ T9911] erofs: (device loop4): z_erofs_readahead: readahead error at page 2 @ nid 89
[  539.585254][ T9852] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12)
[  539.620664][ T4193] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress 6887 in[4096, 0] out[8192]
[  539.658525][ T9911] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress 6887 in[4096, 0] out[8192]
[  539.683403][ T4264] usb 6-1: Using ep0 maxpacket: 32
[  539.688796][   T26] audit: type=1800 audit(1760570976.907:50): pid=9911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1470" name="file2" dev="loop4" ino=89 res=0 errno=0
[  539.802104][ T4264] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  539.887121][ T9573] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  539.920116][ T9573] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.021806][ T4264] usb 6-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5
[  540.041228][ T9573] usb 4-1: config 0 descriptor??
[  540.051283][ T4264] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.085867][ T4264] usb 6-1: Product: syz
[  540.090071][ T4264] usb 6-1: Manufacturer: syz
[  540.151342][ T4264] usb 6-1: SerialNumber: syz
[  540.209997][ T4264] usb 6-1: config 0 descriptor??
[  540.251973][ T9903] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  540.329896][ T9928] loop1: detected capacity change from 0 to 4096
[  540.476789][ T9928] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback.
[  540.532053][ T9791] usb 6-1: USB disconnect, device number 11
[  541.096840][ T9939] loop4: detected capacity change from 0 to 32768
[  541.212066][ T9939] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1479 (9939)
[  541.235187][ T9939] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  541.244125][ T9939] BTRFS info (device loop4): turning off barriers
[  541.250583][ T9939] BTRFS info (device loop4): allowing degraded mounts
[  541.257443][ T9939] BTRFS info (device loop4): force zlib compression, level 3
[  541.264874][ T9939] BTRFS info (device loop4): enabling disk space caching
[  541.271950][ T9939] BTRFS info (device loop4): force clearing of disk cache
[  541.279070][ T9939] BTRFS info (device loop4): use zlib compression, level 3
[  541.286615][ T9939] BTRFS warning (device loop4): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  541.297293][ T9939] BTRFS info (device loop4): trying to use backup root at mount time
[  541.305429][ T9939] BTRFS info (device loop4): disk space caching is enabled
[  541.312687][ T9939] BTRFS info (device loop4): has skinny extents
[  541.320226][ T4238] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  541.461787][ T9573] usb 4-1: Cannot set autoneg
[  541.469008][ T9573] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71
[  541.494329][ T9573] usb 4-1: USB disconnect, device number 7
[  541.682209][ T4238] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  541.692455][ T4238] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  541.708553][ T4238] usb 2-1: config 1 has no interface number 1
[  541.715578][ T4238] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  541.728628][ T4238] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  541.746599][  T398] BTRFS warning (device loop4): checksum verify failed on 5332992 wanted 0x0a5e5d25 found 0x32f839c6 level 0
[  541.759180][ T9939] BTRFS warning (device loop4): couldn't read tree root
[  541.767129][  T144] BTRFS warning (device loop4): checksum verify failed on 5316608 wanted 0x5387c9d6 found 0xc5289bf1 level 0
[  541.827039][ T9939] BTRFS warning (device loop4): failed to read root (objectid=2): -5
[  541.836196][ T9939] BTRFS error (device loop4): parent transid verify failed on 5255168 wanted 5 found 7
[  541.846385][ T9939] BTRFS warning (device loop4): couldn't read tree root
[  541.869565][ T9939] BTRFS info (device loop4): enabling ssd optimizations
[  541.877239][ T9939] BTRFS info (device loop4): clearing free space tree
[  541.884155][ T9939] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  541.894048][ T9939] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  541.923062][ T4238] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  541.934780][ T9939] BTRFS info (device loop4): checking UUID tree
[  541.952607][ T4238] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.960704][ T4238] usb 2-1: Product: syz
[  542.012629][ T4238] usb 2-1: Manufacturer: syz
[  542.017350][ T4238] usb 2-1: SerialNumber: syz
[  542.117182][ T9937] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  542.128955][ T9965] wg2 speed is unknown, defaulting to 1000
[  542.552449][ T8833] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop4 scanned by udevd (8833)
[  542.581656][ T4238] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  542.597047][ T4238] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  542.825226][ T4238] usb 2-1: USB disconnect, device number 9
[  543.344649][ T7328] udevd[7328]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  543.403360][ T9983] ==================================================================
[  543.412008][ T9983] BUG: KASAN: use-after-free in __nft_trace_packet+0x135/0x150
[  543.419576][ T9983] Read of size 2 at addr ffff88801f9d6440 by task syz.1.1487/9983
[  543.427392][ T9983] 
[  543.429746][ T9983] CPU: 1 PID: 9983 Comm: syz.1.1487 Not tainted syzkaller #0
[  543.437130][ T9983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  543.447224][ T9983] Call Trace:
[  543.450518][ T9983]  <TASK>
[  543.453459][ T9983]  dump_stack_lvl+0x168/0x230
[  543.458168][ T9983]  ? show_regs_print_info+0x20/0x20
[  543.463385][ T9983]  ? _printk+0xcc/0x110
[  543.467565][ T9983]  ? __nft_trace_packet+0x135/0x150
[  543.472793][ T9983]  ? load_image+0x3b0/0x3b0
[  543.477356][ T9983]  ? nft_synproxy_do_eval+0x341/0x570
[  543.482750][ T9983]  print_address_description+0x60/0x2d0
[  543.488326][ T9983]  ? __nft_trace_packet+0x135/0x150
[  543.493561][ T9983]  kasan_report+0xdf/0x130
[  543.498012][ T9983]  ? __nft_trace_packet+0x135/0x150
[  543.503244][ T9983]  __nft_trace_packet+0x135/0x150
[  543.508313][ T9983]  nft_do_chain+0x120e/0x1420
[  543.509728][ T9985] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  543.513016][ T9983]  ? ipt_do_table+0x138e/0x1580
[  543.513090][ T9983]  ? nft_fwd_dup_netdev_offload+0x120/0x120
[  543.513157][ T9983]  ? nf_nat_inet_fn+0x84e/0xa90
[  543.513200][ T9983]  ? nf_nat_packet+0xf0/0xf0
[  543.513225][ T9983]  nft_do_chain_inet+0x22b/0x300
[  543.513246][ T9983]  ? nft_do_chain_arp+0xe0/0xe0
[  543.513274][ T9983]  ? nf_nat_ipv4_local_in+0x209/0x5b0
[  543.513305][ T9983]  ? nft_do_chain_arp+0xe0/0xe0
[  543.513324][ T9983]  nf_hook_slow+0xb9/0x200
[  543.513346][ T9983]  ? NF_HOOK+0x360/0x360
[  543.513365][ T9983]  NF_HOOK+0x1cb/0x360
[  543.513384][ T9983]  ? NF_HOOK+0x360/0x360
[  543.588797][ T9983]  ? ip_local_deliver+0x1a0/0x1a0
[  543.593851][ T9983]  ? ip_rcv_finish_core+0xd8b/0x1bc0
[  543.599168][ T9983]  ? NF_HOOK+0x360/0x360
[  543.603436][ T9983]  ? ip_local_deliver+0x11e/0x1a0
[  543.608524][ T9983]  ? ip_rcv_core+0xb60/0xb60
[  543.613137][ T9983]  NF_HOOK+0x2d6/0x360
[  543.617230][ T9983]  ? ip_rcv_core+0xb60/0xb60
[  543.621844][ T9983]  ? ip_local_deliver+0x1a0/0x1a0
[  543.626898][ T9983]  ? ip_rcv_core+0xb60/0xb60
[  543.631519][ T9983]  ? ip_local_deliver_finish+0x320/0x320
[  543.637173][ T9983]  ? ip_local_deliver_finish+0x320/0x320
[  543.642826][ T9983]  __netif_receive_skb+0xcc/0x290
[  543.647888][ T9983]  ? ktime_get_with_offset+0x2d7/0x320
[  543.653378][ T9983]  netif_receive_skb+0x19e/0x6c0
[  543.658344][ T9983]  ? netif_receive_skb_core+0x210/0x210
[  543.663926][ T9983]  tun_rx_batched+0x5a1/0x6d0
[  543.668638][ T9983]  ? local_bh_enable+0x20/0x20
[  543.673427][ T9983]  ? __local_bh_enable_ip+0x12a/0x1b0
[  543.679036][ T9983]  ? read_lock_is_recursive+0x10/0x10
[  543.684439][ T9983]  ? __local_bh_enable_ip+0x12a/0x1b0
[  543.689840][ T9983]  ? _local_bh_enable+0xa0/0xa0
[  543.694712][ T9983]  ? skb_set_owner_w+0x213/0x340
[  543.699685][ T9983]  tun_get_user+0x23f0/0x38d0
[  543.704406][ T9983]  ? tun_ring_recv+0xc30/0xc30
[  543.709225][ T9983]  ? rcu_lock_release+0x5/0x20
[  543.714011][ T9983]  ? __lock_acquire+0x7c60/0x7c60
[  543.719089][ T9983]  tun_chr_write_iter+0x112/0x1e0
[  543.724138][ T9983]  vfs_write+0x712/0xd00
[  543.728409][ T9983]  ? file_end_write+0x250/0x250
[  543.733305][ T9983]  ? __fget_files+0x40f/0x480
[  543.738005][ T9983]  ? __fdget_pos+0x1e2/0x370
[  543.742608][ T9983]  ? ksys_write+0x71/0x250
[  543.747043][ T9983]  ksys_write+0x14d/0x250
[  543.751398][ T9983]  ? __ia32_sys_read+0x80/0x80
[  543.756195][ T9983]  ? lockdep_hardirqs_on+0x94/0x140
[  543.761462][ T9983]  do_syscall_64+0x4c/0xa0
[  543.765894][ T9983]  ? clear_bhb_loop+0x30/0x80
[  543.770588][ T9983]  ? clear_bhb_loop+0x30/0x80
[  543.775281][ T9983]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  543.781215][ T9983] RIP: 0033:0x7f7c4b18597f
[  543.785650][ T9983] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  543.805276][ T9983] RSP: 002b:00007f7c493ee000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  543.813719][ T9983] RAX: ffffffffffffffda RBX: 00007f7c4b3ddfa0 RCX: 00007f7c4b18597f
[  543.821716][ T9983] RDX: 0000000000000036 RSI: 0000200000000180 RDI: 00000000000000c8
[  543.829710][ T9983] RBP: 00007f7c4b209f91 R08: 0000000000000000 R09: 0000000000000000
[  543.837703][ T9983] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000000
[  543.845704][ T9983] R13: 00007f7c4b3de038 R14: 00007f7c4b3ddfa0 R15: 00007ffd63136758
[  543.853714][ T9983]  </TASK>
[  543.856752][ T9983] 
[  543.859081][ T9983] Allocated by task 9983:
[  543.863438][ T9983]  __kasan_slab_alloc+0x9c/0xd0
[  543.868422][ T9983]  slab_post_alloc_hook+0x4c/0x380
[  543.873556][ T9983]  kmem_cache_alloc+0x100/0x290
[  543.878423][ T9983]  __build_skb+0x26/0x2e0
[  543.882766][ T9983]  build_skb+0x1e/0x170
[  543.886935][ T9983]  __tun_build_skb+0x32/0x240
[  543.891630][ T9983]  tun_get_user+0x18f1/0x38d0
[  543.896323][ T9983]  tun_chr_write_iter+0x112/0x1e0
[  543.901376][ T9983]  vfs_write+0x712/0xd00
[  543.905643][ T9983]  ksys_write+0x14d/0x250
[  543.909985][ T9983]  do_syscall_64+0x4c/0xa0
[  543.914429][ T9983]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  543.920336][ T9983] 
[  543.922672][ T9983] Freed by task 9983:
[  543.926653][ T9983]  kasan_set_track+0x4b/0x70
[  543.931258][ T9983]  kasan_set_free_info+0x1f/0x40
[  543.936209][ T9983]  ____kasan_slab_free+0xd5/0x110
[  543.941241][ T9983]  slab_free_freelist_hook+0xea/0x170
[  543.946630][ T9983]  kmem_cache_free+0x8f/0x210
[  543.951336][ T9983]  nft_synproxy_eval_v4+0x373/0x560
[  543.956756][ T9983]  nft_synproxy_do_eval+0x341/0x570
[  543.961972][ T9983]  nft_do_chain+0x3fc/0x1420
[  543.966575][ T9983]  nft_do_chain_inet+0x22b/0x300
[  543.971519][ T9983]  nf_hook_slow+0xb9/0x200
[  543.975953][ T9983]  NF_HOOK+0x1cb/0x360
[  543.980035][ T9983]  NF_HOOK+0x2d6/0x360
[  543.984112][ T9983]  __netif_receive_skb+0xcc/0x290
[  543.989152][ T9983]  netif_receive_skb+0x19e/0x6c0
[  543.994106][ T9983]  tun_rx_batched+0x5a1/0x6d0
[  543.998804][ T9983]  tun_get_user+0x23f0/0x38d0
[  544.003495][ T9983]  tun_chr_write_iter+0x112/0x1e0
[  544.008548][ T9983]  vfs_write+0x712/0xd00
[  544.012801][ T9983]  ksys_write+0x14d/0x250
[  544.017178][ T9983]  do_syscall_64+0x4c/0xa0
[  544.021603][ T9983]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  544.027527][ T9983] 
[  544.029867][ T9983] The buggy address belongs to the object at ffff88801f9d63c0
[  544.029867][ T9983]  which belongs to the cache skbuff_head_cache of size 232
[  544.044456][ T9983] The buggy address is located 128 bytes inside of
[  544.044456][ T9983]  232-byte region [ffff88801f9d63c0, ffff88801f9d64a8)
[  544.057741][ T9983] The buggy address belongs to the page:
[  544.063388][ T9983] page:ffffea00007e7580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f9d6
[  544.073591][ T9983] memcg:ffff88807655e781
[  544.077840][ T9983] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  544.085410][ T9983] raw: 00fff00000000200 ffffea00015cc980 0000000e00000002 ffff88801b7e4140
[  544.094006][ T9983] raw: 0000000000000000 00000000800c000c 00000001ffffffff ffff88807655e781
[  544.102606][ T9983] page dumped because: kasan: bad access detected
[  544.109035][ T9983] page_owner tracks the page as allocated
[  544.114754][ T9983] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3563, ts 20088479511, free_ts 20051203387
[  544.130833][ T9983]  get_page_from_freelist+0x1b77/0x1c60
[  544.136399][ T9983]  __alloc_pages+0x1e1/0x470
[  544.140995][ T9983]  new_slab+0xc0/0x4b0
[  544.145062][ T9983]  ___slab_alloc+0x81e/0xdf0
[  544.149649][ T9983]  kmem_cache_alloc+0x195/0x290
[  544.154523][ T9983]  skb_clone+0x1bd/0x350
[  544.158776][ T9983]  netlink_broadcast_filtered+0x630/0x1170
[  544.164591][ T9983]  netlink_broadcast+0x33/0x40
[  544.169357][ T9983]  kobject_uevent_net_broadcast+0x364/0x530
[  544.175257][ T9983]  kobject_uevent_env+0x556/0x890
[  544.180313][ T9983]  kobject_synth_uevent+0x520/0xaf0
[  544.185522][ T9983]  store_uevent+0x12/0x20
[  544.189857][ T9983]  module_attr_store+0x5b/0x80
[  544.194627][ T9983]  kernfs_fop_write_iter+0x379/0x4c0
[  544.199919][ T9983]  vfs_write+0x712/0xd00
[  544.204163][ T9983]  ksys_write+0x14d/0x250
[  544.208495][ T9983] page last free stack trace:
[  544.213164][ T9983]  free_unref_page_prepare+0x637/0x6c0
[  544.218631][ T9983]  free_unref_page+0x94/0x280
[  544.223307][ T9983]  __unfreeze_partials+0x1a5/0x200
[  544.228430][ T9983]  put_cpu_partial+0x12d/0x190
[  544.233199][ T9983]  qlist_free_all+0x35/0x90
[  544.237707][ T9983]  kasan_quarantine_reduce+0x150/0x160
[  544.243180][ T9983]  __kasan_slab_alloc+0x2f/0xd0
[  544.248037][ T9983]  slab_post_alloc_hook+0x4c/0x380
[  544.253154][ T9983]  kmem_cache_alloc_trace+0x103/0x2a0
[  544.258533][ T9983]  kernfs_fop_open+0x3da/0xbf0
[  544.263300][ T9983]  do_dentry_open+0x7ff/0xf80
[  544.267986][ T9983]  path_openat+0x2682/0x2f30
[  544.272592][ T9983]  do_filp_open+0x1b3/0x3e0
[  544.277093][ T9983]  do_sys_openat2+0x142/0x4a0
[  544.281773][ T9983]  __x64_sys_openat+0x135/0x160
[  544.286636][ T9983]  do_syscall_64+0x4c/0xa0
[  544.291056][ T9983] 
[  544.293381][ T9983] Memory state around the buggy address:
[  544.299013][ T9983]  ffff88801f9d6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[  544.307072][ T9983]  ffff88801f9d6380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  544.315128][ T9983] >ffff88801f9d6400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  544.323190][ T9983]                                            ^
[  544.329338][ T9983]  ffff88801f9d6480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  544.337395][ T9983]  ffff88801f9d6500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  544.345451][ T9983] ==================================================================
[  544.353505][ T9983] Disabling lock debugging due to kernel taint
[  544.359709][ T9983] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  544.366909][ T9983] CPU: 1 PID: 9983 Comm: syz.1.1487 Tainted: G    B             syzkaller #0
[  544.375676][ T9983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  544.385736][ T9983] Call Trace:
[  544.389023][ T9983]  <TASK>
[  544.392003][ T9983]  dump_stack_lvl+0x168/0x230
[  544.396713][ T9983]  ? show_regs_print_info+0x20/0x20
[  544.401934][ T9983]  ? load_image+0x3b0/0x3b0
[  544.406460][ T9983]  panic+0x2c9/0x7f0
[  544.410373][ T9983]  ? bpf_jit_dump+0xd0/0xd0
[  544.414892][ T9983]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[  544.420814][ T9983]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  544.426727][ T9983]  ? _raw_spin_unlock+0x40/0x40
[  544.431592][ T9983]  ? print_memory_metadata+0x314/0x400
[  544.437081][ T9983]  ? __nft_trace_packet+0x135/0x150
[  544.442305][ T9983]  check_panic_on_warn+0x80/0xa0
[  544.447266][ T9983]  ? __nft_trace_packet+0x135/0x150
[  544.452479][ T9983]  end_report+0x6d/0xf0
[  544.456650][ T9983]  kasan_report+0x102/0x130
[  544.461163][ T9983]  ? __nft_trace_packet+0x135/0x150
[  544.466372][ T9983]  __nft_trace_packet+0x135/0x150
[  544.471414][ T9983]  nft_do_chain+0x120e/0x1420
[  544.476106][ T9983]  ? ipt_do_table+0x138e/0x1580
[  544.480988][ T9983]  ? nft_fwd_dup_netdev_offload+0x120/0x120
[  544.486918][ T9983]  ? nf_nat_inet_fn+0x84e/0xa90
[  544.491797][ T9983]  ? nf_nat_packet+0xf0/0xf0
[  544.496400][ T9983]  nft_do_chain_inet+0x22b/0x300
[  544.501339][ T9983]  ? nft_do_chain_arp+0xe0/0xe0
[  544.506199][ T9983]  ? nf_nat_ipv4_local_in+0x209/0x5b0
[  544.511590][ T9983]  ? nft_do_chain_arp+0xe0/0xe0
[  544.516452][ T9983]  nf_hook_slow+0xb9/0x200
[  544.520879][ T9983]  ? NF_HOOK+0x360/0x360
[  544.525137][ T9983]  NF_HOOK+0x1cb/0x360
[  544.529232][ T9983]  ? NF_HOOK+0x360/0x360
[  544.533484][ T9983]  ? ip_local_deliver+0x1a0/0x1a0
[  544.538524][ T9983]  ? ip_rcv_finish_core+0xd8b/0x1bc0
[  544.543825][ T9983]  ? NF_HOOK+0x360/0x360
[  544.548082][ T9983]  ? ip_local_deliver+0x11e/0x1a0
[  544.553127][ T9983]  ? ip_rcv_core+0xb60/0xb60
[  544.557745][ T9983]  NF_HOOK+0x2d6/0x360
[  544.561823][ T9983]  ? ip_rcv_core+0xb60/0xb60
[  544.566421][ T9983]  ? ip_local_deliver+0x1a0/0x1a0
[  544.571462][ T9983]  ? ip_rcv_core+0xb60/0xb60
[  544.576063][ T9983]  ? ip_local_deliver_finish+0x320/0x320
[  544.581708][ T9983]  ? ip_local_deliver_finish+0x320/0x320
[  544.587358][ T9983]  __netif_receive_skb+0xcc/0x290
[  544.592444][ T9983]  ? ktime_get_with_offset+0x2d7/0x320
[  544.597931][ T9983]  netif_receive_skb+0x19e/0x6c0
[  544.602885][ T9983]  ? netif_receive_skb_core+0x210/0x210
[  544.608449][ T9983]  tun_rx_batched+0x5a1/0x6d0
[  544.613154][ T9983]  ? local_bh_enable+0x20/0x20
[  544.617934][ T9983]  ? __local_bh_enable_ip+0x12a/0x1b0
[  544.623315][ T9983]  ? read_lock_is_recursive+0x10/0x10
[  544.628700][ T9983]  ? __local_bh_enable_ip+0x12a/0x1b0
[  544.634086][ T9983]  ? _local_bh_enable+0xa0/0xa0
[  544.638963][ T9983]  ? skb_set_owner_w+0x213/0x340
[  544.643915][ T9983]  tun_get_user+0x23f0/0x38d0
[  544.648613][ T9983]  ? tun_ring_recv+0xc30/0xc30
[  544.653392][ T9983]  ? rcu_lock_release+0x5/0x20
[  544.658172][ T9983]  ? __lock_acquire+0x7c60/0x7c60
[  544.663239][ T9983]  tun_chr_write_iter+0x112/0x1e0
[  544.668278][ T9983]  vfs_write+0x712/0xd00
[  544.672533][ T9983]  ? file_end_write+0x250/0x250
[  544.677399][ T9983]  ? __fget_files+0x40f/0x480
[  544.682090][ T9983]  ? __fdget_pos+0x1e2/0x370
[  544.686702][ T9983]  ? ksys_write+0x71/0x250
[  544.691137][ T9983]  ksys_write+0x14d/0x250
[  544.695478][ T9983]  ? __ia32_sys_read+0x80/0x80
[  544.700255][ T9983]  ? lockdep_hardirqs_on+0x94/0x140
[  544.705470][ T9983]  do_syscall_64+0x4c/0xa0
[  544.709904][ T9983]  ? clear_bhb_loop+0x30/0x80
[  544.714597][ T9983]  ? clear_bhb_loop+0x30/0x80
[  544.719290][ T9983]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  544.725201][ T9983] RIP: 0033:0x7f7c4b18597f
[  544.729631][ T9983] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  544.749248][ T9983] RSP: 002b:00007f7c493ee000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  544.757678][ T9983] RAX: ffffffffffffffda RBX: 00007f7c4b3ddfa0 RCX: 00007f7c4b18597f
[  544.765659][ T9983] RDX: 0000000000000036 RSI: 0000200000000180 RDI: 00000000000000c8
[  544.773629][ T9983] RBP: 00007f7c4b209f91 R08: 0000000000000000 R09: 0000000000000000
[  544.781603][ T9983] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000000
[  544.789574][ T9983] R13: 00007f7c4b3de038 R14: 00007f7c4b3ddfa0 R15: 00007ffd63136758
[  544.797552][ T9983]  </TASK>
[  544.800880][ T9983] Kernel Offset: disabled
[  544.805214][ T9983] Rebooting in 86400 seconds..