last executing test programs:

3.808767295s ago: executing program 1 (id=844):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f00000006c0)=[{{&(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xfffffffc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)="24c28cd154a036d5293dc51b8e486dea56478377c1f0ae1469ee52594d0901986ec0a8db4304da11dfb7bd43359182a392c5b8139307ff97b41b8901266ce38b6fe269f707fe3b3413d783ee9f1d655aaa1bf17834be72011f8c0bbca8ddcea41d57c3c85a626b4fb3727de761c94deed7b2607799714096dd53d8355999021f7ba9f0dc6145682e7b494d", 0x8b}], 0x1}}], 0x2, 0x2000c8c0)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40)
recvmmsg(r0, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000004c0)=""/138, 0x8a}, {0x0, 0x12}, {&(0x7f0000000100)=""/111, 0x6f}], 0x3}, 0x1ff}], 0x1, 0x40, 0x0)

3.764577343s ago: executing program 3 (id=845):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x53fe0)
connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

3.607447939s ago: executing program 3 (id=846):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="10000000feffffffa5"], 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

3.47854499s ago: executing program 1 (id=847):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = dup(r0)
bind$bt_l2cap(r1, &(0x7f0000000080), 0xe)
listen(r1, 0x0)
accept4$vsock_stream(r1, 0x0, 0x58, 0x0)

3.393501175s ago: executing program 3 (id=848):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2208010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6d0, &(0x7f0000001340)="$eJzs3cFvHFcdB/DvrNeOt1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitEKQAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmfXu/Y6Xif2OoHPJxrPe/Nm3vzmN29mvOusNsD/rctn0ryfIpfPvHG3rG+sL7Y31heP1M3tJGW5kTS7sxQ3k+JBslS2FwNTBubbfLx66a3PHm583q0166laf6q/3exYIY/Yx716ynzd3/zILafH6r/bVxVeXkxypZ4Pmxm3r6EVy6Sdrudw6Drb3NvL5jte78Czr/d0KrrPzW3mkhfqJ3P1O0F9d2hMLsKDsae7HAAAADynPr112BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA86f+/v+inhr1PPMpet//P9NbVpefQUtjr3n/QOMAAAAAAAAAgMn4+qM8yt0c7dU7RfU3/1NV5Xi+6CRfyvu5k5XcztnczXLWspbbOZ9kbqCjmbvLa2u3z/e3LI3e8sLILS9M6ogBAAAAAAAA4H/SL9Pa/Ps/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8C4pkqjurpuP1PHNpNLPZlnvJP5PMHHa8e1CMWnh/8nEAAADAU5l9gm2+/CiPcjdHe/VOUb3m/0r1enk27+dm1rKatbSzkqv1a+jyVX9jY32xvbG+eKOcyvpwv9//957CmKl7mKpqo/Z8slqjlWtZrZaczZUqmKtpdPd9OjnZi2cgrgEflTEV36uNGVmzTmu5s9/v9C7Cvhh+K6LxmDVbm8El/Yws1LGVWx7rZqCo3qhJtmZi17PTHKrNVb1O9/d0Po3+Oz/HDyDnL9Tz8nh+c6A536t+JhqpMnGhN/rKa+bxmUi+8dc/vX29ffPd69funHl2DmkXUzss3zomFgcy8cpznYnmHtdfqDJxol+/nB/lJzmT+byZ21nNT7OctaykU7cv1+O5/Dn3+EwtDdXe3C2Smfq8dM/ZODHN54dVaTmnqm2PZjVFbuVqVvJ69e9CzufbuZiLuTRwhk/sGHd1bNVV39h61ffO9N9GBn/6m3WhvLv9dvMut/S4I95pdO6X7r2/zOuxgbx2R/3D/lrHBq6DhYEsvdTLzvTIzp/k3tj8al0o9/GrXZ4TkzVXZ6K8gHpPiV50L3cz0ayeRdvH+R865XZp3+x0ri+/t0P/97bUX6vn5bBa/9pua/eMPhX7qxwvL2W2vpMMj46y7eX+XWagrbM5lrttw0/ccrsTVVtR9K7UH+dWNQC2X6kz9e9w23u6ULW9MrJtsWo7OdA29PtWbqWdqxPIHwBP4h9v94tzeWGm9a/Wp61PWr9uXW+9MfuDI9858upMpv8+/d3mwtRrjVeLv+ST/Hzz9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDk7nzw4bvL7fbK7dGFxs5NQ4VWti7Zqecjo/sp6i/0GWNfz0VhNsnQkup7jiYeRmtrGNsKnV8kE89P70sER6/zu7LQ3DaiRhWWhpb8eXuHH+0xwmK86+IAC41MdqdTGT0ADvGmBEzEubUb752788GH31q9sfzOyjsrN6cvXry0cOni64vnrq22Vxa6Pw87SuAgbD70DzsSAAAAAAAAAAAAYFyjPhhw6sXdPjQy1mc8/M9CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYF9cPpPm/RQ5v3B2oaxvrC+2y6lX3lyzmaTRSIqfJcWDZCndKXMD3RX544N0Ruzn49VLb332cOPzzb6a3fWTRj3f2eNbk9yrp8wnmarnT2GovytP3V/xn94xlAn7otPpLD1dfLA//hsAAP//P3v0tA==")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x1)
symlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40880, 0x20)
getdents(r0, 0x0, 0x0)

3.00056251s ago: executing program 1 (id=849):
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="007a93b9d6cfc45636b907277d9dbc239676439a4b03da7712dbfb44f93d157a7b94833c802e8650810eff9fdc8bb6e768076d890752db516f649dec5891435b1f58f186364bdaa1125ea94a5612d57018cabe3abbf321deff9ed2c87853e41507def3240220d808940ac2bb251873ea3f1bdb0d5ee04cf4ffd184dbadc5a1d70bc5a49841645535cd001511b8ff09ca784255eaa71060b5d8a8e48a837f0000007792c93473b987329eb2f14caa61dc0dd0aa6d91ebd9522a076cb40792e8541570a733ad433f6fc926cfa2890a6005fd74a822076e172f1f5ca254e5936e8c3eb5b4d966f1d6b877"], 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x19e)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

2.861960613s ago: executing program 3 (id=851):
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000005240), 0x1, 0x51aa, &(0x7f0000005280)="$eJzs3V+IVNcdB/Az+0cXpe5UCtqCRR987mJ9aOnDDoXSP7Iw1lq0oLsKlYogi1SwuFBFC0pBtmwRWimI0AcpylAqQjcQIZAQElh8kIgBE4mQ5ElJAgbyEnbuPbMz53p3xo1mjX4+snvn3N89554Z7sN8xz13AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQQRqd+s+f0vaufl9W3XrpTv7durHbm2Lnhxtrj4yFUmvsreX38p7/49YEd42NDscPE9mxbrZYNmXV9P2us6Ng536/zZ18IYTAZoD/f/qy/rW8lPUE4UhxwUScHrm24uXfb2Exj7sHho5unik+deUPLPYHlkl9X9xeupVrzd19yRKvddulVOi7RrH96wX0tTwIAeCIj9eam9XY0f4vbap9I60m7lrSnk3Z8hzDd3liKbNwVZfPcmNaXaZ61LCqsLJ1nUs9f/1a7nvZP2knUeIJ5dh6aR5qhsnlOJvXlmicAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8+Tsj2Y/evX3e94pq2+9dKd+b91Y7cyxc8ONtcfHQ6g291eycmX33H8uf+vYz394+f4XI1sOPvx/f94vbgfaDg6344MfD4ewv61yPw778ZoQ6p2FZjP8o1g42Hzwy1gAAADgRfLd5u++VjuLg4Md7UozTVaa/6IsLJ4cuLbh5t5tYzONuQeHj26eWvp49ZLxao8dr9WuLvxU2oJxjL/peAv1eOiRwjiLS0dM8/zOqR9Urjz6zpWy/oX8X108/8dXTv4HAADgq5D/03EW1y3/rz775n9PvTX2WVn/Qv7f2HHKQv6PM475vy8sLf8DAADA8+xZ5/9aYZzFdcv/f7879OfTnxxZVda/kP9Hesv/A+3TjjvfjhM+NBzCSLepAwAAACXi/7svfLQQ83r2yUGa1y9cP7Dvn/+78q+y8Qr5v9Zb/h986s8MAAAAWKrZk43ZW3+58++yeiH/13vL/yuf+cwBAACAXl3d9cH5C997tLOsXsj/E73l/7igIF/5kHV6Pf4VwsxwCEPzDyazwhtherRVAAAAAJ6SmNNvVXd9v/rh6GzZcYX8P7n4/f/jnQ7i+v+O+/8V1v+3FbK7/v3EjQEAAAB4GRXX88fb42ffXFD2/fu9rv8/v73v7v6/jTXKzl/I/yd6y//97dun+f1/AAAAsATftO//210YZ3Hd7v+/6b3Xbhz9429Hy/oX8v90b/k/ble3P70b8fU5NRzC+vkH+d0EL8fTHUoKjcG2QvbCJz12xB55obGyrdA0mfTYMhzCpvkHJ5LCt2NhOik8XJMXLiaFuVjIr4dW4WpSuBGvtPNr8ummheuxkC+waMQVFKtbSyKSHp+W9ZgvPLbHu62TAwAAvFRieM6z7GBnM6RRtlHpdsCqbgf0dTugv9sBA8kB6YFl+8NEZyHuf+VX9Znbv/vDn0KJQv6/2Fv+jy/FimxTtv4/xPX/+fcattb/T8RCNSk0YqGe3jGgHs+Rhd2/xnNU63mPh+tbBQAAAHihxc8F+pd5HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAle/ceI9dVHw787Hr26X3l8SMJz4WImPyQ1+s1oQ1EYkNBPEM3JKCklGadeBMWbxIntis7oNZ5NIKkQCoilQJSHRAClwosoAq4qeIGYdTUUqLQoCRASoIRpSRKIqrQyn+kmr33zN45d69nHHsdb/r5/LFzZr7neefO7Jx775wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+b6jd975v//A9+zdVxd/wpUemHjvlvMlPbPv08O4TP3ZJCFPzj3dk4Y6L7/v6rsFt71i368DB8YnZp/d05+XyeFhZ/9OZ37kp1npgMIQ7O0KopYHVA1mgK78/EOt7+UAIJ4SFQKPETH9WIm04/KAvhJ1hIdCo6nt9IQwUAhc+cM/dn6onbu8L4bUhhJ60jZ/1ZG30pYEzurNAfxq4upYFfvdcphH4bmcWgCMWXwyNnX73VHOGkcXLVex/XUetYy+sdHgrYmKkOt+T5y5xpwq60wemjuhpK1XHkii9PPZ6tS2DV1tpO9/maSt+kMo/oTy3EOoJnRtmLl+/dW5LfKQzjI2tqKppiZ7nh5/5+GWHk142+2HswMhR2Q+fuOrmi1bdMnlg113v3TN979aJI+3mQ4VNWkwvtZ6Q73PL5nmMJr2fLIOXX+lT0qgPXSGEj3znzWtvrH3m36ripfn/yKHn/3F3jredTbljrQeHsrl5fGQgJp4ayubmAAAAsGwsh6OmT/3RNXvufXL/v1fVV5r/j7Z3/j+e8s8n89lo94YwOZ+4cTiEU+cfzwK7YnOXDofw6vnUVHPg3CSwN4TT5hNnNqpKSvTGEqNJ4FdDeWAyCeyLgakk8JUYuC0J3BQDu5PAZTGwNwm8NQbCbPM4/v9QPo62A30xMJ1txN3xKoTfDsXWkm31k0ZVAAAAR0k+O+xqvlu41uFIM8Tp5e6+VhniFdiVGXqSGtIZbGNaVVlDrVUNna1qaIx7x6GHX6q5o1XNpcswOpozfPfJv/nnG9504MFQoTT/Hz/0/L9nkY50lM7/h3D+/N+YuzOPzDXi01NNGQAAAIAj8LbvfGH6tN9cen9VvDT/n2zv+v94TGRFIXPYHw9DbBwOYbw5kFX75nIgO+u9Mg8AAADActA4H984Fz6b32aXaKfz6XL+qcPMH0/8Ty6a/7xHRz//+Af+fKqqv6X5/1R71//3N99mndgXe/HZ4RB6C4Efxl7WA/NGY+Dnb2kO5OPfFzfArbGq/MKERlW3xhLTMTCeBHZWlbi/UeLU5kD+ZDUav7Exjtm8RCEAAAAAx1w8HBDPy8fr/z/5F3c9dMsXv/WWqnKl+f/04V3/Pz8PLl3eP7cyhDW1EFakXwzY358tDBgDAx154p/6s7pWpFVd3x/COfWBpVU9lq//X0vXGHygL6sqBk59zdeeOaOe+HJfCGuKgR9/6I6z6oktSaDR+Af6QnhVfbRp4//QmzXelTb+170hvLIQaFR1aW8I9ca606ru6cl/xyCt6ps9IZxUCDSqemNPCNsDAMtU/Fe6ofjg5u3XbVw/Nzdz7RIm4jH8vnD57NzM2GVXz23oqejThqTPTcsYXV8eU2ebY/9pvkTRgxdsHG4n3fie4HixL/lx/NKFg/n9+Fmoa36cE11Nd9elQ37d6eUm0iG9EEPuL1ay8CSW6o/5u8PK0Lt188y1Y9vWb9ly7drsb7vZJ7K/8TRTtq3Wptuqf7G+tbF7tLuq9vPdVquKlazZcuWmNZu3X7d69sr1V8xcMXPVurXjZ5/9xomzzp5YUx/VePa3xVBXLVZ1MtTn7igPYal3i5fWCpUci3cNCQmJ5ZZ49IMTtZe85vX/WfX2U5r/bzr0/D++68R3/nx9hqrz/yPxNH/2+MJp/ukY2Nnu+f+RqrP5jQsDRpPAjhjY4TQ/AAAALw7xcGQ8mhkPPz79kY8+Wdu27pqqcqX5/472vv9/lNb/byxd/+6qZf7PjCXGq9b/T5f5b6z/v6Nq/f90mf/G+v87X4D1/7c2Askm+a31/wEAgBeDY7f+f8vl/dMfCChlaLm8f/oDAaUMLZfxb/cHAg57/f+Hb7rzgv83e/G7QoXS/P+29ub/Fu4HAACA40f/6O/2/eL6+8+tipfm/zvbm/8f+/X/QtX1/6NVgamqhQGt/wcAAMAyVbX+38Vv/87LPjj6hvbX/9vd3vw/XnbR2ZQ71npwKFvTLqRr2j011PjKAAAAACwPnWFsrKvNvE0ro1aejW/t4Xwp0EOli/7j8SvXnLP390+vqq80/9/b3vy/6XsZT1x180Wrbpk8cHDXXe/dM33v1omF8/8AAADA0mn3uAQAAAAAAAAAAAAAAPDC+3X/F/70lL8b+X5VvPT9/3D+/ONV3/+Pv/sXv19wclPuWGvr9f/y+xe+5xvb55cs3D8UwunFwMYbNp4Q8t/mX1UM3P3hM0+pJ25IS9z16Ft/WU9ckgbeufrEZ+uJc5LAdFwk8bQ0EH9V8dnBJBCXV/xRGojbY3ca6M4DnxzMxtGRbqtfD2TbqiPdVo8MhDBcCDS21Z0DWRsd6QBvTwKNAV6TBuIA35cHOtNefWNl1qsYGIhF/3Zl1isAAI5b8VNgV7h8dm5mPH6Ej7cvrTXfRk1Lll1fXW0rP82XJnvwgo3D7aRXpJ9FF35rvCv01IewtvRxtZilY36UR6eWFpvu5Ioht1rtrVZRLnW4m667ekR92YjGLrt6bkNXy4Gva51lotYyy9rSZKeYpXN+k7ZRSxt9aWNEbW6bNroc73eGsbEVSa43xeBIaNJqj2j3+/rFdf6q9oJino6T//Kdt3925o6q+krz/5H25v89xXE9m/8YwI74y3o3DodwapsjAgAAANr1k398aOLqL9z89+ntNx/ff/Mr7znv6apypfn/aHvz/3hgLD8VnB3t2Bt//78x/x/JArtic5cOh/Dq+dRULJH9oP67Y4nxLLArHjA5M5aYnmquqjcGdieBXw3lgb1JYF8M5EcpvhbyQzl/NRTCWfOp85tLbIolRpLAH8bAaBIYi4HxJDAYA5NJ4InBPDCVBP41BsJs87b69qCjKwAAwPOQz7O6mu+GdJ63u9YqQ0erDP2tMnS2ytDTKkPVKOL9b8UMXcXz8XmG+FBXWmtfUkspQ/wx/MPuVylDuL85Z1qw1HS8/qBxvUFHc4b/Pvkzn39V756DoUJp/j/e3vy/v/k2a31fnP8v/P5fFvhh7N5n46XjozHw87c0B/IDA/viZPfWRlVTeYl80n5rLDEZA6NJYFMMTCaB6fPzwM5TmgP5TLvR+I2NxmfzEoUAAAAAHHPxAEE8TBPn/+8/6fXfP+9dMw9UlSvN/yfbm//H9lYWG7sp1npgMIQ7OxZ60wisHsgC8TjGQPx6/MsHQjihcICjUWKmPyvRnTQcftCXfUO9O63qe33ZGgPx/oUP3HP3p+qJ2/tCeG3h6EujjZ/1ZG30pYEzurNAfxq4upYF4pGfRuC7nVkAjljjqGDcofJLXRpGFi9Xsf+9WH4TNB1e6RjoIvkW+87VUulJH8iPqTYc3tNWqo4lUXp57PVqW46vthGvtuIHqfwTynMLoZ7QuWHm8vVb57bER4rfZC1Zoue5+C3VdtJHYT/c8fx721pP2oHx5O1jfPFyi++HHbG6J666+aJVt0we2HXXe/dM37t1ou1uVIhfFH77c58beaiweZdaT8j3uWX3fjLl/WQ5/hsY9bTVX+Yvmb7qgkd+9GRVvDT/n2pv/l9Lbuf9T9yYm4dDeF1h4+6Pm/8PhrP3wUIge5c8qRzITrn/YqjynRMAAACOtsbhjsbxgtn8NrsgPJ0nl/NPHWb+eLxictH87fZ7/b7f/PHYaa+4tCpemv9PH3r+35t00/l/5/9ZIs7/L+p4PxTdmz6w44gORZeqY0k4/7+o4/3V5vz/opz/d/5/Mc7/t+D8/6KO96et9Clpkw9dIYTXffCr4fHPPNv++n+b2pv/W/9v8UX7Guv/TVet/7epav2/Hdb/AwAAllTFQnPpPK+0el8pQ7p6XylDywUCWy4xaP2/w17/b//bXvGz7R/49UWhQmn+v6O9+X/cHVYWW18u6/+Nnl9R1W0xsMnCgAAAAByPqg4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MK6/09W/941n1/15ar4G770yNRjp5w3+Yltnx7efeLHLglhdv7xjizccfF9X981uO0d63YdODg+Mfv0np68XFd++7Km3LHWg0Mh7Cw8MhATTw3V7ywELnzPN7bX6on9QyGcXgxsvGHjCfXEV4ZCWFUM3P3hM0+pJ25IS9z16Ft/WU9ckgbeufrEZ+uJc/JAR9rdLw5m3e1Iu/upwRCGC4FGdz862FxVo4135IHOtI2vDmRtxMBALPq5gayNGJiLJWZ7Q1hTC2FFWtW/9GRVrUirqj87w4VAo6o/6wnhnBBCLa3q0e6sqlo68vu6s6pi4NTXfO2ZM+qJnd0hrCkGfvyhO86qJ65JAo3G398dwqvqu0za+Le6ssa70sZv7wrhlSGE7rTEf9WyEt1picdqIZxUCDQa/0gthO2BF4X45rOh+ODm7ddtXD83N3PtEia687b6wuWzczNjl109t6En6VOVjkL6uesPHT+Unz7z8cvqtw9esHG4nXQtL9c13+WJrqa7645W79t1uL2P/eovVrLwfJTqj/m7w8rQu3XzzLVj29Zv2XLt2uxvu9knsr8r8mi2rdYerW21okX56Pluq1XFStZsuXLTms3br1s9e+X6K2aumLlq3drxs89+48RZZ0+sqY9qPPt7NIZ6RzneucRDfWmtUMmxeAOQkJBYbonOpne38eP9X3bpg/5CR7tCz/wbdGlaUczSMT/KozHoc8vxpXpLL01JSiNaW5o4lLJMtM6yrjSZWMjSl2WZ/1xXmhwWa+qc36QLm2RsrPKf+kjz3eLmfXKRzduuh/NN124aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6XHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W4fRswEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//0cRM9w=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
r1 = dup(r0)
pwritev2(r1, &(0x7f0000000500)=[{&(0x7f00000000c0)="aa", 0x1}], 0x1, 0xd8c1, 0x0, 0x0)
copy_file_range(r0, 0x0, r1, &(0x7f0000000640)=0xe000, 0x1fff, 0x0)

2.708485278s ago: executing program 1 (id=852):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x2, 0x100, 0x0, 0x2, 0x0, 0x42})

2.440316313s ago: executing program 0 (id=853):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x100, 0x5, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0x0, 0xc}, {0x0, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008012}, 0x400c0)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000700)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="9800000010000104fcffffff0000000000000000", @ANYRES32=r2, @ANYBLOB="0025000000000000780012800b000100697036746e6c00006800028006000f0003000000060010000200000005000400a200000014000300200100000000000000000000000000010400130008000700f5ffffff080002392cf0000006000f"], 0x98}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)

2.194343324s ago: executing program 0 (id=855):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f00000005c0)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000000)={r3, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90)

1.946955506s ago: executing program 0 (id=856):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', @multicast})
write$tun(r0, &(0x7f0000000280)={@val={0xa, 0x9000}, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, "4fd2cd", 0x18, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x7, 0xa5aa, 0x1, 0xbd, [{0x2, 0x1, "065b0cbaddc1"}]}}}}}}}, 0x52)

1.651616325s ago: executing program 2 (id=858):
r0 = open(&(0x7f0000000600)='./file0\x00', 0x1e1142, 0xfb)
writev(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)="f5", 0x1}, {&(0x7f0000000040)="22517920d1f96d4ad0a9c6ca476099ab8508809ad3506332bbff1002950d2a77f7ab51d2a645fe46f99fa87a69f4912afdc495", 0x33}, {&(0x7f0000000100)="b33b7210d2331b9bfa0f5786829d349114ae083ae3d335", 0x17}], 0x3)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
sendfile(r2, r0, &(0x7f0000000280)=0x49, 0x7fff)

1.413435725s ago: executing program 0 (id=859):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
unshare(0x4000400)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000000)={0x0, r1})

1.412503285s ago: executing program 2 (id=860):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x4, 0x1000}, 0x4)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0x2, 0x3b}, 0x1c)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000003c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.134188891s ago: executing program 3 (id=861):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper})
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x325000, 0x800}, 0x20)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper, 0x2}, @any, 0x0, 0x0, 0x2, 0x6, 0x9a6, 0x10001, 0x8})

1.113372455s ago: executing program 0 (id=862):
r0 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000)=0x1, 0x0)

860.989617ms ago: executing program 2 (id=863):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000005180)={0x2020}, 0x2020)

699.401794ms ago: executing program 2 (id=864):
socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]})
socket$packet(0x11, 0x3, 0x300)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000520001000000000000000000020000000c00", @ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x48010}, 0x0)

502.316247ms ago: executing program 2 (id=865):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x800042, 0xf8, 0x1}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r2, 0x1, 0x4, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4081}, 0x0)

448.581196ms ago: executing program 3 (id=866):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x4, @loopback, 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
sendto$inet6(r0, &(0x7f00000003c0)='\x00', 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x20, @loopback, 0x1}, 0x1c)
sendto$inet6(r0, &(0x7f0000000340)='Q', 0x1, 0x4008041, 0x0, 0x0)
sendmmsg$sock(r0, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000640)="89", 0x1}], 0x1}}], 0x1, 0x0)

409.982542ms ago: executing program 1 (id=867):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000300004802c"], 0x84}}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0eab070004000523"], 0xfe33)

360.18976ms ago: executing program 2 (id=868):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x5, 0xc, 0x42, 0x40, 0xc0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100), &(0x7f00000001c0), 0x10f0, r1}, 0x38)

248.897159ms ago: executing program 1 (id=869):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
read(r0, &(0x7f0000000000)=""/116, 0x74)

0s ago: executing program 0 (id=870):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000010600), &(0x7f0000010640)='./bus\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002afdae3565781009f76e97b48ab97bfb17214266c0e5b7032d7a3d77ba65f6179d16cef7c34648024212402e69cc86c8fce5989be545ce26a9c4f5f2165f36561402b40d94de59edbb0507bf01e3ece0fd57e13bef384234e823d81383eac1c0afb4464b4d16006b7691ea638989f6f567a2817567b9c1606c0a15f5a0dbce62f473cd22efb03bcddff402dacf8c1372a5e8ff5bc5b6a5015037cf1236a6167a302d5d082a447099b4ee2bc4"], 0x1, 0x10600, &(0x7f0000020cc0)="$eJzs3D1vW1UYB/DHCX2llAr1hQHElRBSItVWnb4IFlSgFSDaqqIwMIFju5Zb2zeK3cR0YYEBiYmFL8EEn4EFdlZY2FhAYqso8r0niEAlIHHjQH4/6eZ/7vG5j8+xvBzf6AawZx3Lfvm5EkfjUETMR8SRiKJdSUfhYhlPRsQzqWsuHZXU/3vH/og4HBFHJ8XLmpX00lO/3vv+i2+uPP3xd59++8FnP92YzYqB3eC5iOivlO31fpl5p8xbqb+x1i2yf24tZflC/3Y6z8tcby8XFdYbG+MaRZ7tlOPzlTvDSd7sNZqT7HRvFv0rg/INh2udjTrFBbcaq8V5q71cZHeYF9m5W85rnPLucFTWaaV67xflYzTayLK/PW6X61m5XWRzMEr9Zd281R5Pci1lerto5r1WMY/lLX/Mu96V7uDOOFtrrw67+SA7X6s/X6tfqNZX81Z71D5XbfRbF85lC53eZFh11G70L3byvNNr15p5fzFb6DSb1Xo9W7jUXu42Blm9XjtbO1M9v5hap7NXr72d9VrZwiRf7g7ujLq9YXYzX83KKxazpdrZFxazZ+vZjavXs+tvXr589fpb715659pLV19/JQ36y7SyhaUzS0vV+pnqUn1xqys/fb+0V9dfGle2dz17nO8PwL+2lf3/nP0/sE32//b/saf3/9Yf9v9sl+8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCe9cO+L18rGsfK80dT/2Op64mIOBURJyPiRETcf4D52L+p5vGIqKT2g8bv+9McvqpEUWFyzYF0HI6Ii+m49/jD/hQAAADg/+vzrz/8KGJ+0iz+vDjrCbGT0o82B6dVr/jJ55FpVTteFBtPqdqJjZJTcTIi9h37cUrVTkXE3JH3plTtH5nfFAf/EJUy5nZyNgAAwM7YvBOY2u4NAACAXeeTWU+A2Sju16b/xU/3gg+UkW4IHto4e2MGswMAAACmoTLrCQAAAAAPXbH///vn/817/h8AAAD8h5XP/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA3du7mNnEgigP4A9YL+6VFKz5a4bTaIweK2BJyTAFJN7lRQyREHeSWEiKIsCdSHHGI5DFO0O8nmRlb8Nczt+exBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoE0PxXp5t725bZqzPzST524AAACAU3bFellOxtX5j3T9V7r0JyLmETGLiGlEnOrdB/G1ljmJiF6an/p+8aaG+4gy4fibYTq+R8S/dDz9bvtfAAAAgMu13SxWEYPjtPz423VBnFN6aDPKlVc+8vmSK21Shl1nSpu+RGYxi4hi/JgpbR4R/Z//M6W9y6A2jF4NvWron7MaAADgPOqdQLbuDQAAgA/nqusC6Ea5XpvexU9rwcNqSAuC32pnAAAAwCfU67oAAAAAoHVl/2//PwAAALhs1f5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtGlXrJfbzWLVNGd/aCbP3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLM/LykYwkAQBvt/qncK3v9WSoNudeWuCgIfM4QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCuv4+R9xqexJvl22vh1PJL8u2pMXTXmrhtLL4zb57bnfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCzPy8nAAIxGAbjW3ta7L8mL8oPevYmCDMgfCQEWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBvuvur/okhsVfVmGliyrhV1ZxVYskqseYgseWgvf3tOD94EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMUOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX2590mYiCMwuj1AAInBFACucWjBhIiBCXwkJAsuQYKoCESIlKLRtgWdiXvON7MG+w5yf2CCeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OCsd744StKkzFlSHj4v/4+TnKR8jeP96ZTN9+pvONvm88/vY82LPF21Sdo0S5wDALC4bt4pzvP+0b9dJ9Pe1L2te1e3exn61/1+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA27NzPSxRvHAfwZ1d3v1+7dekQBWVBQtT6A3EVL0WBBf0D3hbdRFpL1ENKEHaRLkGX7l261M1Tp/6DTl0iCuq+QUEEQRi7O2OPqbFedlZ6veCZ+TgMM88zB+E9n1EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOoL4ezqd1LoRwvPd33fD2y72Zvfb1+8dG0/Ho5PPF+JqNSxRCCDfna9XBDq6lm50Nw839h88PB+Jn+Od5y6trtyq1WnVJoVAotosMfmkBAHBoFZLRyPUfC5tTjWO5yRC2nu7M/+eiOrSZ/7eeDLyO7xXn/6GOrbC7pfl/+vrGxN/yf2llYbG0vLp2YX6hMledq94eGhsfGxwpjw6PlZrvU0reqgAAALC/YjLi/J+f3N3/PxLVoc38/+rlten4Xj3y/y5p/r/c3/+svf5/BpMEAAD4Rxw99e1rbo/juWIx3K2srCwNtbbbPw+3thlM9cD+S0ac/3sms54VAAAA0An19dyO/v9sVIc2+//vv185EV+zJ4TQl/T/L87cqc12bjldK+3/T1yq3Mj67/8zWD4AAAAd0peMuP9faH7/nz+dnpMPIQycadXJvwFsK///fDD+Jr5X/P3/SOeW2JXy5dbzSPP/xrsX8/vl/+a55RB6yxlNFgAAgEPv/2Q08v+nwubU0o/HV4u+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/s2DFKM0EUB/BJNvm+RjEgiKWFNhaigmAVsBAkHsJCFASPEBAPoOBZLLyDSOqk9AApvIHMZEfCNirIrobfDyb/R9hk3840eQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE9Nj8JGrov40pvV7fK98dvwPOakkumzN2sHccW6VW/bf856mc+T06fx3B62DpvrCQAAgMVT5Pk+hPDafTyJ2e6n+X8rXxNn/uHyrM7zfHXuz5ln/7iWHoqzjxv1ZvfphhAur64vdmt7wt9tM+ynHLxs38/vYfW6lS98VyedT/qHpkjH1h7crk67addbd6PR8b9U/v/5pwAAvmsnZ1nk30cx95psDICF1SlXmJv/i36zPQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU4T0AAP//F6aahA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x109342, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61)
writev(r0, &(0x7f0000001540)=[{0x0}, {&(0x7f00000003c0)="3d9e", 0x2}], 0x2)

kernel console output (not intermixed with test programs):

y 0 port 6081 - 0
[   93.207436][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.218559][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.414520][ T4148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.440906][ T4148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.468728][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.479419][ T4457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.489024][ T4457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.512942][ T5816] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   93.600532][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.615296][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.656982][ T2103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.672478][ T2103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.758960][ T5816] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.791084][ T5816] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.821078][ T5816] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   93.871159][ T5816] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   93.893852][ T5816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.902409][ T5838] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   93.931949][ T5816] usb 3-1: config 0 descriptor??
[   94.126168][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.155740][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   94.201990][ T5838] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   94.246001][ T5838] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   94.275883][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.307583][ T5838] usb 4-1: config 0 descriptor??
[   94.452919][ T5816] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[   94.624024][ T5816] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[   94.771836][ T5838] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[   94.853406][ T5838] plantronics 0003:047F:FFFF.0002: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[   94.963288][ T5776] Bluetooth: hci1: command tx timeout
[   94.974246][ T5776] Bluetooth: hci2: command tx timeout
[   95.042508][ T5776] Bluetooth: hci3: command tx timeout
[   95.052987][ T5776] Bluetooth: hci0: command tx timeout
[   95.268546][ T5837] usb 3-1: USB disconnect, device number 2
[   96.113291][ T5868] loop2: detected capacity change from 0 to 4096
[   96.131232][ T5868] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[   96.250580][ T5868] ntfs: volume version 3.1.
[   96.545741][   T42] ntfs: (device loop2): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry.
[   96.716430][ T5778] usb 4-1: USB disconnect, device number 2
[   97.216645][ T5877] loop3: detected capacity change from 0 to 4096
[   97.244606][ T5877] EXT4-fs: inline encryption not supported
[   97.281153][ T5877] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   97.333168][ T5877] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8856c019, mo2=0003]
[   97.495378][ T5880] loop0: detected capacity change from 0 to 2048
[   97.536457][ T5877] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.588563][ T5880] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[   97.638910][ T5880] UDF-fs: Scanning with blocksize 512 failed
[   97.719713][ T5880] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   97.867062][  T787] cfg80211: failed to load regulatory.db
[   97.882492][   T28] audit: type=1800 audit(1775931003.203:4): pid=5882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.10" name="file1" dev="loop3" ino=15 res=0 errno=0
[   98.154156][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.574341][ T5891] loop2: detected capacity change from 0 to 512
[   98.589564][ T5891] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   98.672450][ T5891] EXT4-fs (loop2): 1 truncate cleaned up
[   98.679662][ T5891] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.908058][   T28] audit: type=1800 audit(1775931004.243:5): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.13" name="file1" dev="loop2" ino=15 res=0 errno=0
[   99.002025][   T28] audit: type=1800 audit(1775931004.243:6): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.13" name="file1" dev="loop2" ino=15 res=0 errno=0
[   99.215549][ T5888] loop0: detected capacity change from 0 to 32768
[   99.335290][ T5888] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   99.696616][ T5888] XFS (loop0): Ending clean mount
[   99.751744][ T5888] XFS (loop0): Quotacheck needed: Please wait.
[   99.848807][ T5888] XFS (loop0): Quotacheck: Done.
[   99.956010][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.418998][ T5772] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  100.592053][ T5911] loop1: detected capacity change from 0 to 4096
[  100.650386][ T5911] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  100.750488][ T5915] process 'syz.2.20' launched './file1' with NULL argv: empty string added
[  100.806607][ T5911] ntfs: volume version 3.1.
[  101.158570][ T2103] ntfs: (device loop1): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry.
[  101.272076][ T5921] loop2: detected capacity change from 0 to 2048
[  101.315808][ T5921] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  101.367182][ T5921] UDF-fs: Scanning with blocksize 512 failed
[  101.382709][ T5778] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  101.407810][ T5921] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  101.609174][ T5778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.650907][ T5778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.671223][ T5778] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  101.696557][ T5778] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  101.732210][ T5778] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.759169][ T5778] usb 1-1: config 0 descriptor??
[  101.944984][ T5923] loop3: detected capacity change from 0 to 32768
[  101.991123][ T5923] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.25 (5923)
[  102.170897][ T5923] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  102.202217][ T5778] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  102.247944][ T5778] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  102.262019][ T5923] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  102.324571][ T5923] BTRFS info (device loop3): turning on sync discard
[  102.332161][ T5923] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  102.355525][ T5923] BTRFS info (device loop3): use zstd compression, level 3
[  102.372483][ T5923] BTRFS info (device loop3): turning on async discard
[  102.418092][ T5923] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  102.491194][ T5923] BTRFS info (device loop3): trying to use backup root at mount time
[  102.552342][ T5923] BTRFS info (device loop3): enabling auto defrag
[  102.607610][ T5923] BTRFS info (device loop3): using free space tree
[  102.673477][ T5927] loop1: detected capacity change from 0 to 40427
[  102.704764][ T5927] F2FS-fs (loop1): build fault injection attr: rate: 684, type: 0x7ffff
[  102.801562][ T5778] usb 1-1: USB disconnect, device number 2
[  102.820249][ T5927] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x35f7
[  102.842011][ T5930] fido_id[5930]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  102.943256][ T5927] F2FS-fs (loop1): Image doesn't support compression
[  103.004694][   T42] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  103.027113][ T5927] F2FS-fs (loop1): invalid crc value
[  103.061370][ T5923] BTRFS error (device loop3): failed to load root extent
[  103.103811][ T5923] BTRFS warning (device loop3): try to load backup roots slot 1
[  103.165579][ T4457] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  103.179246][ T5927] F2FS-fs (loop1): Found nat_bits in checkpoint
[  103.213782][ T5923] BTRFS warning (device loop3): couldn't read tree root
[  103.252651][ T5923] BTRFS warning (device loop3): try to load backup roots slot 2
[  103.298417][ T2103] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  103.329706][ T5923] BTRFS warning (device loop3): couldn't read tree root
[  103.352398][ T5923] BTRFS warning (device loop3): try to load backup roots slot 3
[  103.419373][ T5927] F2FS-fs (loop1): Start checkpoint disabled!
[  103.491782][ T5927] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  103.496294][ T5923] BTRFS info (device loop3): enabling ssd optimizations
[  103.529613][ T5923] BTRFS info (device loop3): rebuilding free space tree
[  103.689154][ T5923] BTRFS info (device loop3): checking UUID tree
[  104.189471][ T3473] kworker/u4:9: attempt to access beyond end of device
[  104.189471][ T3473] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  104.235670][ T3473] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  104.257189][ T3473] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  104.339975][ T5773] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  105.185487][ T5956] loop1: detected capacity change from 0 to 512
[  105.290170][ T5956] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  105.343362][ T5956] EXT4-fs (loop1): 1 truncate cleaned up
[  105.384593][ T5956] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.517521][   T28] audit: type=1800 audit(1775931010.853:7): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.27" name="file1" dev="loop1" ino=15 res=0 errno=0
[  105.555939][   T28] audit: type=1800 audit(1775931010.853:8): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.27" name="file1" dev="loop1" ino=15 res=0 errno=0
[  106.320210][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.980253][ T5961] loop2: detected capacity change from 0 to 32768
[  107.017419][ T5961] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  107.092199][ T5961] XFS (loop2): Ending clean mount
[  107.116076][ T5961] XFS (loop2): Quotacheck needed: Please wait.
[  107.209609][ T5961] XFS (loop2): Quotacheck: Done.
[  107.772169][ T5980] loop0: detected capacity change from 0 to 8192
[  107.817062][ T5980] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  107.879257][ T5980] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  107.931358][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  107.968505][ T5980] REISERFS (device loop0): using ordered data mode
[  107.975449][ T5980] reiserfs: using flush barriers
[  107.988916][ T5980] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  108.028071][ T5980] REISERFS (device loop0): checking transaction log (loop0)
[  108.433872][ T5980] REISERFS (device loop0): Using tea hash to sort names
[  108.452079][ T5980] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  108.495082][ T5980] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  109.145811][ T5997] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  109.621458][ T5995] loop2: detected capacity change from 0 to 32768
[  109.719858][ T6005] loop5: detected capacity change from 0 to 7
[  109.761195][ T5995] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  109.792642][ T6005] Dev loop5: unable to read RDB block 7
[  109.798659][ T6005]  loop5: unable to read partition table
[  109.808250][ T6005] loop5: partition table beyond EOD, truncated
[  109.823102][ T6005] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  109.898680][ T5995] JBD2: Ignoring recovery information on journal
[  110.051313][ T5995] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  110.469915][ T6014] syz.2.33 (6014) used greatest stack depth: 19632 bytes left
[  110.797690][ T5770] ocfs2: Unmounting device (7,2) on (node local)
[  111.171483][ T6013] loop1: detected capacity change from 0 to 32768
[  111.230924][ T6013] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  111.260688][ T6025] loop2: detected capacity change from 0 to 1024
[  111.329897][ T6025] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.416022][ T6013] XFS (loop1): Ending clean mount
[  111.452337][ T6013] XFS (loop1): Quotacheck needed: Please wait.
[  111.581929][ T6013] XFS (loop1): Quotacheck: Done.
[  112.126358][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.208229][ T5771] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  112.349690][ T6043] loop3: detected capacity change from 0 to 128
[  112.377623][ T6042] netlink: 24 bytes leftover after parsing attributes in process `syz.2.51'.
[  112.411403][ T6042] bond0: invalid ARP target 0.0.0.0 specified for addition
[  112.432543][ T6042] bond0: option arp_ip_target: invalid value (0)
[  112.470142][ T6043] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  112.561721][ T6045] loop0: detected capacity change from 0 to 4096
[  112.593711][ T6045] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  112.739282][ T6045] ntfs: volume version 3.1.
[  112.849970][ T6050] loop2: detected capacity change from 0 to 256
[  113.016279][ T6050] FAT-fs (loop2): Directory bread(block 64) failed
[  113.043065][ T6050] FAT-fs (loop2): Directory bread(block 65) failed
[  113.057537][ T6051] loop1: detected capacity change from 0 to 4096
[  113.083598][ T6050] FAT-fs (loop2): Directory bread(block 66) failed
[  113.090246][ T6050] FAT-fs (loop2): Directory bread(block 67) failed
[  113.128460][ T6050] FAT-fs (loop2): Directory bread(block 68) failed
[  113.158891][ T6050] FAT-fs (loop2): Directory bread(block 69) failed
[  113.182810][ T6050] FAT-fs (loop2): Directory bread(block 70) failed
[  113.232040][ T6050] FAT-fs (loop2): Directory bread(block 71) failed
[  113.257025][ T6050] FAT-fs (loop2): Directory bread(block 72) failed
[  113.290433][ T6050] FAT-fs (loop2): Directory bread(block 73) failed
[  113.564589][   T28] audit: type=1800 audit(1775931018.893:9): pid=6050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.57" name="bus" dev="loop2" ino=1048595 res=0 errno=0
[  113.646330][ T6061] syz.2.57: attempt to access beyond end of device
[  113.646330][ T6061] loop2: rw=2049, sector=1224, nr_sectors = 8 limit=256
[  113.935624][ T3473] kworker/u4:9: attempt to access beyond end of device
[  113.935624][ T3473] loop2: rw=1, sector=1232, nr_sectors = 536 limit=256
[  113.966503][ T3473] kworker/u4:9: attempt to access beyond end of device
[  113.966503][ T3473] loop2: rw=1, sector=1800, nr_sectors = 128 limit=256
[  113.999976][ T3473] kworker/u4:9: attempt to access beyond end of device
[  113.999976][ T3473] loop2: rw=1, sector=1960, nr_sectors = 1380 limit=256
[  114.239953][ T6063] loop0: detected capacity change from 0 to 32768
[  114.273059][ T6063] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  114.391780][ T6063] XFS (loop0): Ending clean mount
[  114.441596][ T6063] XFS (loop0): Quotacheck needed: Please wait.
[  114.501133][ T6063] XFS (loop0): Quotacheck: Done.
[  114.958030][ T5772] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  115.801527][    T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  115.841454][    T9] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  115.999228][ T6057] loop3: detected capacity change from 0 to 131072
[  116.038657][ T6057] F2FS-fs (loop3): Found nat_bits in checkpoint
[  116.092810][  T787] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  116.177585][ T6057] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  116.239598][   T28] audit: type=1804 audit(1775931021.573:10): pid=6057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.60" name="/newroot/16/file1/bus" dev="loop3" ino=10 res=1 errno=0
[  116.317084][  T787] usb 2-1: config 0 has no interfaces?
[  116.345981][  T787] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  116.392700][  T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  116.442185][  T787] usb 2-1: SerialNumber: syz
[  116.466972][  T787] usb 2-1: config 0 descriptor??
[  116.566935][ T6091] loop0: detected capacity change from 0 to 40427
[  116.628227][ T6091] F2FS-fs (loop0): build fault injection attr: rate: 684, type: 0x7ffff
[  116.655863][ T6091] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x35f7
[  116.696637][ T6091] F2FS-fs (loop0): Image doesn't support compression
[  116.761463][ T6091] F2FS-fs (loop0): invalid crc value
[  116.789575][ T6091] F2FS-fs (loop0): Found nat_bits in checkpoint
[  117.004652][ T6091] F2FS-fs (loop0): Start checkpoint disabled!
[  117.032512][ T6091] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  117.220125][ T6091] F2FS-fs (loop0): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50
[  117.273821][ T6091] syz.0.65: attempt to access beyond end of device
[  117.273821][ T6091] loop0: rw=2049, sector=77824, nr_sectors = 624 limit=40427
[  117.491811][ T6116] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  117.613913][ T4148] kworker/u4:10: attempt to access beyond end of device
[  117.613913][ T4148] loop0: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  117.653318][ T4148] kworker/u4:10: attempt to access beyond end of device
[  117.653318][ T4148] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  117.688961][ T4148] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  117.712984][ T4148] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  117.922679][ T6118] loop3: detected capacity change from 0 to 128
[  117.967381][ T6118] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  118.057432][ T6118] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.133846][ T6118] syz.3.70 (pid 6118) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  118.354881][ T6118] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)"
[  118.425017][ T5773] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  118.674338][ T6135] tls_set_device_offload: netdev not found
[  118.791396][ T1187] usb 2-1: USB disconnect, device number 2
[  119.005320][ T6144] loop0: detected capacity change from 0 to 16
[  119.066121][ T6144] erofs: (device loop0): mounted with root inode @ nid 36.
[  119.196674][ T6129] loop2: detected capacity change from 0 to 32768
[  119.204029][   T28] audit: type=1800 audit(1775931024.533:11): pid=6144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.88" name="file2" dev="overlay" ino=89 res=0 errno=0
[  119.283898][ T6129] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  119.292835][ T5778] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  119.418957][ T6129] XFS (loop2): Ending clean mount
[  119.455720][ T6129] XFS (loop2): Quotacheck needed: Please wait.
[  119.504232][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.535787][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.573375][ T5778] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  119.588609][ T6145] loop1: detected capacity change from 0 to 32768
[  119.598527][ T6129] XFS (loop2): Quotacheck: Done.
[  119.607811][ T5778] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  119.617794][ T5778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.629802][ T5778] usb 4-1: config 0 descriptor??
[  119.660592][ T6145] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.81 (6145)
[  119.733230][ T6145] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  119.777493][ T6145] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  119.820175][ T6145] BTRFS info (device loop1): enabling auto defrag
[  119.852439][ T6145] BTRFS info (device loop1): use no compression
[  119.861446][ T6145] BTRFS info (device loop1): max_inline at 4096
[  119.878376][ T6145] BTRFS info (device loop1): using free space tree
[  119.978574][ T6145] BTRFS info (device loop1): enabling ssd optimizations
[  120.015508][ T6145] BTRFS info (device loop1): auto enabling async discard
[  120.075640][ T5778] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  120.105998][ T5778] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  120.162339][   T28] audit: type=1800 audit(1775931025.493:12): pid=6145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.81" name="file1" dev="loop1" ino=260 res=0 errno=0
[  120.396283][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  120.538939][ T6177] loop0: detected capacity change from 0 to 512
[  120.626650][ T6177] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 213 vs 220 free clusters
[  120.692457][ T6177] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.84: attempt to clear invalid blocks 983261 len 1
[  120.713908][ T1187] usb 4-1: USB disconnect, device number 3
[  120.755284][ T6177] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.84: invalid indirect mapped block 2683928664 (level 0)
[  120.830561][ T6177] EXT4-fs error (device loop0): __ext4_get_inode_loc:4496: comm syz.0.84: Invalid inode table block 0 in block_group 0
[  120.874521][ T6177] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5939: Corrupt filesystem
[  120.914136][ T6177] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem
[  120.926748][ T5771] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  120.933783][ T6177] EXT4-fs error (device loop0): __ext4_get_inode_loc:4496: comm syz.0.84: Invalid inode table block 0 in block_group 0
[  120.958331][ T6177] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5939: Corrupt filesystem
[  120.970011][ T6177] EXT4-fs error (device loop0): ext4_truncate:4301: inode #13: comm syz.0.84: mark_inode_dirty error
[  120.981983][ T6177] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem
[  121.010777][ T6177] EXT4-fs error (device loop0): __ext4_get_inode_loc:4496: comm syz.0.84: Invalid inode table block 0 in block_group 0
[  121.036375][ T6177] EXT4-fs (loop0): 1 truncate cleaned up
[  121.055314][ T6177] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.501468][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.137959][ T6207] loop2: detected capacity change from 0 to 128
[  123.501195][ T6235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.102'.
[  123.540915][ T6211] loop2: detected capacity change from 0 to 40427
[  123.562623][ T5816] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  123.570109][ T6211] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  123.570193][ T6211] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  123.575786][ T6211] F2FS-fs (loop2): invalid crc value
[  123.777027][ T6225] loop0: detected capacity change from 0 to 32768
[  123.811879][ T5816] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  123.827382][ T6241] Illegal XDP return value 834338816 on prog  (id 6) dev syz_tun, expect packet loss!
[  123.844870][ T6225] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  123.856071][ T5816] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.865724][ T5816] usb 2-1: Product: syz
[  123.870222][ T5816] usb 2-1: Manufacturer: syz
[  123.875738][ T5816] usb 2-1: SerialNumber: syz
[  123.879514][ T6211] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  123.893762][ T5816] usb 2-1: config 0 descriptor??
[  123.899027][ T6211] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  123.929256][ T5816] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  124.001601][ T6225] XFS (loop0): Ending clean mount
[  124.058364][ T6225] XFS (loop0): Quotacheck needed: Please wait.
[  124.160847][   T28] audit: type=1800 audit(1775931029.493:13): pid=6211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.95" name="file1" dev="loop2" ino=10 res=0 errno=0
[  124.192097][ T6225] XFS (loop0): Quotacheck: Done.
[  124.322994][ T5770] syz-executor: attempt to access beyond end of device
[  124.322994][ T5770] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  124.364409][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  124.376461][ T5772] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  125.134277][ T5816] gspca_sunplus: reg_w_riv err -71
[  125.143560][ T5816] sunplus: probe of 2-1:0.0 failed with error -71
[  125.163458][ T5816] usb 2-1: USB disconnect, device number 3
[  125.300058][ T6273] loop2: detected capacity change from 0 to 764
[  125.408104][ T6277] loop0: detected capacity change from 0 to 512
[  125.437665][ T6277] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  125.479210][ T6277] EXT4-fs (loop0): 1 truncate cleaned up
[  125.491067][ T6277] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.515567][   T28] audit: type=1800 audit(1775931030.853:14): pid=6277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.112" name="file1" dev="loop0" ino=15 res=0 errno=0
[  125.563318][   T28] audit: type=1800 audit(1775931030.853:15): pid=6277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.112" name="file1" dev="loop0" ino=15 res=0 errno=0
[  126.120754][ T6273] Symlink component flag not implemented
[  126.128997][ T6273] Symlink component flag not implemented
[  126.135778][ T6273] Symlink component flag not implemented (128)
[  126.148275][ T6273] Symlink component flag not implemented (105)
[  126.160941][ T6273] ISOFS: unable to read i-node block
[  126.470227][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.356645][ T6322] loop1: detected capacity change from 0 to 512
[  127.390777][ T6322] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  127.487385][ T6322] EXT4-fs (loop1): 1 truncate cleaned up
[  127.508306][ T6322] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  127.543312][ T6324] loop2: detected capacity change from 0 to 8192
[  127.585247][ T6324] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  127.617945][   T28] audit: type=1800 audit(1775931032.943:16): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.129" name="file1" dev="loop1" ino=15 res=0 errno=0
[  127.644717][ T6324] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  127.654680][ T6324] REISERFS (device loop2): using ordered data mode
[  127.661463][ T6324] reiserfs: using flush barriers
[  127.671183][ T6324] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  127.693028][ T6324] REISERFS (device loop2): checking transaction log (loop2)
[  127.701365][   T28] audit: type=1800 audit(1775931032.973:17): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.129" name="file1" dev="loop1" ino=15 res=0 errno=0
[  127.763041][  T787] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  127.911938][ T6324] REISERFS (device loop2): Using tea hash to sort names
[  127.934074][ T6324] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  127.975611][  T787] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  127.992407][  T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.012166][ T6324] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  128.024321][  T787] usb 4-1: config 0 descriptor??
[  128.035627][  T787] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  128.248150][  T787] gp8psk: usb in 128 operation failed.
[  128.493318][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.497196][  T787] gp8psk: usb in 146 operation failed.
[  128.522299][  T787] gp8psk: failed to get FW version
[  128.552404][  T787] gp8psk: usb in 149 operation failed.
[  128.557968][  T787] gp8psk: failed to get FPGA version
[  128.798543][  T787] gp8psk: usb out operation failed.
[  128.809074][  T787] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  128.841975][  T787] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  128.889974][  T787] usb 4-1: USB disconnect, device number 4
[  128.980508][ T6337] loop0: detected capacity change from 0 to 40427
[  128.991134][ T6337] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  128.997727][ T6337] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  129.027453][ T6337] F2FS-fs (loop0): invalid crc value
[  129.280502][ T6337] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  129.297922][ T6337] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  129.434857][ T6363] loop1: detected capacity change from 0 to 256
[  129.476550][ T6363] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  129.507425][ T6363] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  129.529718][   T28] audit: type=1800 audit(1775931034.863:18): pid=6337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.132" name="file1" dev="loop0" ino=10 res=0 errno=0
[  129.576789][ T6363] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d)
[  129.633687][ T4148] kworker/u4:10: attempt to access beyond end of device
[  129.633687][ T4148] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  129.655001][ T4148] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  129.706500][ T6337] VFS:Filesystem freeze failed
[  129.828889][ T6363] exFAT-fs (loop1): invalid start cluster (2155899459)
[  129.954646][ T6373] syz_tun: entered allmulticast mode
[  129.983723][ T6372] syz_tun: left allmulticast mode
[  130.202376][  T787] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  130.342397][ T5778] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  130.371206][ T6379] loop3: detected capacity change from 0 to 8192
[  130.388222][ T6379] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  130.402473][ T6379] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  130.412795][ T6379] REISERFS (device loop3): using ordered data mode
[  130.419366][ T6379] reiserfs: using flush barriers
[  130.430804][  T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.440060][ T6379] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  130.459067][  T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.461299][ T6379] REISERFS (device loop3): checking transaction log (loop3)
[  130.482825][ T6379] REISERFS (device loop3): Using r5 hash to sort names
[  130.494715][ T6379] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  130.497134][  T787] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  130.524920][ T5778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.525660][  T787] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  130.536437][ T5778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.557993][ T5778] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  130.570922][ T5778] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  130.580865][ T5778] usb 2-1: Manufacturer: syz
[  130.586985][   T28] audit: type=1800 audit(1775931035.923:19): pid=6379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.146" name="bus" dev="loop3" ino=2 res=0 errno=0
[  130.613842][ T5778] usb 2-1: config 0 descriptor??
[  130.632937][  T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.660155][  T787] usb 3-1: config 0 descriptor??
[  131.103708][  T787] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  131.140332][  T787] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  131.567173][ T6385] loop0: detected capacity change from 0 to 32768
[  131.581374][ T6385] (syz.0.148,6385,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  131.603579][ T6385] (syz.0.148,6385,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  131.654786][ T6385] JBD2: Ignoring recovery information on journal
[  131.669742][ T5778] uclogic 0003:256C:006D.0006: v1 frame probing failed: -71
[  131.684762][ T5778] uclogic 0003:256C:006D.0006: failed probing parameters: -71
[  131.702890][ T5778] uclogic: probe of 0003:256C:006D.0006 failed with error -71
[  131.731436][ T5778] usb 2-1: USB disconnect, device number 4
[  131.752690][ T6385] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  132.166051][ T6385] syz.0.148 (6385) used greatest stack depth: 18768 bytes left
[  132.301396][ T5772] ocfs2: Unmounting device (7,0) on (node local)
[  132.452370][ T5778] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  132.597230][ T6400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.153'.
[  132.652602][ T5778] usb 4-1: Using ep0 maxpacket: 8
[  132.689764][ T5778] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  132.700032][ T5778] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  132.711149][ T5778] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  132.723601][ T5778] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  132.734528][ T5778] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  132.749599][ T5778] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  132.766626][ T5778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.002895][ T5778] usb 4-1: usb_control_msg returned -32
[  133.008587][ T5778] usbtmc 4-1:16.0: can't read capabilities
[  133.029133][ T6411] loop2: detected capacity change from 0 to 256
[  133.064665][ T6411] FAT-fs (loop2): Unrecognized mount option "shorwname6lower" or missing value
[  133.140102][ T5789] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  133.226867][    T9] usb 3-1: USB disconnect, device number 3
[  133.685842][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  133.693028][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  133.792535][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  133.926401][ T6433] loop0: detected capacity change from 0 to 256
[  133.968977][ T6433] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  134.006590][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  134.031922][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  134.077606][    T9] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  134.097484][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  134.113744][    T9] usb 3-1: SerialNumber: syz
[  134.153008][ T6438] loop1: detected capacity change from 0 to 128
[  134.349316][    T9] usb 3-1: 0:2 : does not exist
[  134.355565][    T9] usb 3-1: unit 20 not found!
[  134.360379][    T9] usb 3-1: unit 2 not found!
[  134.392150][    T9] usb 3-1: USB disconnect, device number 4
[  134.435035][ T5790] udevd[5790]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  135.014479][ T6446] loop2: detected capacity change from 0 to 512
[  135.029207][ T6446] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  135.069864][ T6446] EXT4-fs (loop2): 1 truncate cleaned up
[  135.090841][ T6446] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.175660][   T28] audit: type=1800 audit(1775931040.483:20): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.168" name="file1" dev="loop2" ino=15 res=0 errno=0
[  135.265881][   T28] audit: type=1800 audit(1775931040.533:21): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.168" name="file1" dev="loop2" ino=15 res=0 errno=0
[  135.302839][ T1187] usb 4-1: USB disconnect, device number 5
[  135.423193][ T6454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.170'.
[  135.462602][ T6457] mmap: syz.3.172 (6457) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  135.864308][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.390741][ T6473] loop2: detected capacity change from 0 to 2048
[  136.422425][ T6473] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  136.454071][ T6473] NILFS (loop2): mounting unchecked fs
[  136.476253][ T5790] udevd[5790]: incorrect nilfs2 checksum on /dev/loop2
[  136.514924][ T6473] NILFS (loop2): recovery complete
[  136.531353][ T6477] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  136.640829][ T6467] loop1: detected capacity change from 0 to 32768
[  136.698355][ T6467] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  136.946301][ T6467] XFS (loop1): Ending clean mount
[  136.967025][ T6467] XFS (loop1): Quotacheck needed: Please wait.
[  137.019944][ T6495] loop2: detected capacity change from 0 to 512
[  137.054929][ T6495] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  137.085003][ T6467] XFS (loop1): Quotacheck: Done.
[  137.112647][ T6495] EXT4-fs (loop2): 1 truncate cleaned up
[  137.136698][ T6495] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.190510][   T28] audit: type=1800 audit(1775931042.523:22): pid=6495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.185" name="file1" dev="loop2" ino=15 res=0 errno=0
[  137.240216][   T28] audit: type=1800 audit(1775931042.553:23): pid=6495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.185" name="file1" dev="loop2" ino=15 res=0 errno=0
[  137.331400][ T5771] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  137.759668][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.219854][ T6513] netlink: 'syz.3.192': attribute type 10 has an invalid length.
[  138.231986][ T6513] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.241428][ T6513] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.282961][ T6513] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.290241][ T6513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.299176][ T6513] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.306574][ T6513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.323750][ T6513] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  138.668986][ T6523] syz.1.195 uses obsolete (PF_INET,SOCK_PACKET)
[  138.918364][ T6531] loop1: detected capacity change from 0 to 512
[  138.934095][ T6531] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  138.974586][ T6531] EXT4-fs (loop1): 1 truncate cleaned up
[  138.981890][ T6531] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.143243][   T28] audit: type=1800 audit(1775931044.473:24): pid=6531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.199" name="file1" dev="loop1" ino=15 res=0 errno=0
[  139.197213][   T28] audit: type=1800 audit(1775931044.503:25): pid=6531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.199" name="file1" dev="loop1" ino=15 res=0 errno=0
[  139.799224][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.011454][ T6551] netlink: 'syz.1.206': attribute type 15 has an invalid length.
[  140.032487][ T6551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.206'.
[  140.064861][ T6551] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  140.074332][ T6551] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  140.083521][ T6551] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  140.092432][ T6551] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  140.107738][ T6551] netlink: 'syz.1.206': attribute type 15 has an invalid length.
[  140.140557][ T6551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.206'.
[  140.182642][ T6551] Zero length message leads to an empty skb
[  140.261560][ T6553] loop3: detected capacity change from 0 to 2048
[  140.318649][ T6555] loop1: detected capacity change from 0 to 128
[  140.385278][ T6556] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  140.406649][ T6555] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  140.426432][ T6555] hpfs: filesystem error: improperly stopped
[  140.436565][ T6555] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  140.454723][ T6555] hpfs: You really don't want any checks? You are crazy...
[  140.490667][ T6555] hpfs: Code page index out of array
[  140.516523][ T6555] hpfs: code page support is disabled
[  140.525318][   T28] audit: type=1800 audit(1775931045.863:26): pid=6553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.207" name="file1" dev="loop3" ino=15 res=0 errno=0
[  140.557009][ T6555] hpfs: hpfs_map_4sectors(): unaligned read
[  140.569947][ T6555] hpfs: hpfs_map_4sectors(): unaligned read
[  140.578137][ T6555] hpfs: filesystem error: unable to find root dir
[  140.649837][ T6553] NILFS (loop3): nilfs_palloc_commit_free_entry (ino=3): entry number 7168 already freed
[  140.789267][ T6556] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  140.817179][ T6556] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  140.841321][ T6556] Remounting filesystem read-only
[  140.849035][ T4148] NILFS (loop3): discard dirty page: offset=0, ino=3
[  140.856443][ T4148] NILFS (loop3): discard dirty block: blocknr=42, size=1024
[  140.864595][ T4148] NILFS (loop3): discard dirty block: blocknr=43, size=1024
[  140.871955][ T4148] NILFS (loop3): discard dirty block: blocknr=44, size=1024
[  140.879932][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  140.889849][ T4148] NILFS (loop3): discard dirty page: offset=229376, ino=3
[  140.897379][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  140.906612][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  140.915983][ T4148] NILFS (loop3): discard dirty block: blocknr=50, size=1024
[  140.925028][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  140.942408][ T4148] NILFS (loop3): discard dirty page: offset=0, ino=5
[  140.958811][ T4148] NILFS (loop3): discard dirty block: blocknr=41, size=1024
[  140.973760][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  140.992092][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.011373][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.030638][ T4148] NILFS (loop3): discard dirty page: offset=0, ino=4
[  141.040371][ T4148] NILFS (loop3): discard dirty block: blocknr=40, size=1024
[  141.049141][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.061037][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.070400][ T4148] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.080592][ T5773] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  141.090400][ T5773] NILFS (loop3): discard dirty page: offset=0, ino=6
[  141.097598][ T5773] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.107134][ T5773] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.116775][ T5773] NILFS (loop3): discard dirty block: blocknr=37, size=1024
[  141.125094][ T5773] NILFS (loop3): discard dirty block: blocknr=38, size=1024
[  141.252193][ T6568] loop1: detected capacity change from 0 to 512
[  141.274229][ T6568] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  141.317238][ T6568] EXT4-fs (loop1): 1 truncate cleaned up
[  141.334168][ T6568] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  141.449810][   T28] audit: type=1800 audit(1775931046.783:27): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.214" name="file1" dev="loop1" ino=15 res=0 errno=0
[  141.491321][   T28] audit: type=1800 audit(1775931046.823:28): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.214" name="file1" dev="loop1" ino=15 res=0 errno=0
[  142.258905][ T6590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.221'.
[  142.300127][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.839169][ T6613] loop5: detected capacity change from 0 to 7
[  143.855920][ T6613] Dev loop5: unable to read RDB block 7
[  143.862097][ T6613]  loop5: unable to read partition table
[  143.876150][ T6613] loop5: partition table beyond EOD, truncated
[  143.899254][ T5815] libceph: connect (1)[c::]:6789 error -101
[  143.906406][ T6613] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  143.916107][ T5815] libceph: mon0 (1)[c::]:6789 connect error
[  143.936813][ T5815] libceph: connect (1)[c::]:6789 error -101
[  143.943396][ T5815] libceph: mon0 (1)[c::]:6789 connect error
[  143.973125][ T5815] libceph: connect (1)[c::]:6789 error -101
[  143.980779][ T5815] libceph: mon0 (1)[c::]:6789 connect error
[  144.217975][ T5815] libceph: connect (1)[c::]:6789 error -101
[  144.225587][ T5815] libceph: mon0 (1)[c::]:6789 connect error
[  144.244447][ T5815] libceph: connect (1)[c::]:6789 error -101
[  144.250932][ T5815] libceph: mon0 (1)[c::]:6789 connect error
[  144.582447][ T5815] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  144.641376][ T6611] ceph: No mds server is up or the cluster is laggy
[  144.641568][ T6616] ceph: No mds server is up or the cluster is laggy
[  144.781168][ T5815] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  144.800960][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.819500][ T5815] usb 2-1: Product: syz
[  144.829111][ T5815] usb 2-1: Manufacturer: syz
[  144.834524][ T5815] usb 2-1: SerialNumber: syz
[  144.860705][ T5815] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  144.983442][    T9] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  145.204527][ T6631] loop0: detected capacity change from 0 to 256
[  145.217097][ T6631] exfat: Deprecated parameter 'utf8'
[  145.222872][ T6631] exfat: Deprecated parameter 'utf8'
[  145.228532][ T6631] exfat: Deprecated parameter 'utf8'
[  145.275129][ T6631] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x0afbdf60, utbl_chksum : 0xe619d30d)
[  145.356984][   T28] audit: type=1800 audit(1775931050.693:29): pid=6631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.238" name=FFFFFFFF dev="loop0" ino=1048602 res=0 errno=0
[  145.632873][ T5815] usb 2-1: USB disconnect, device number 5
[  145.656914][ T6641] netlink: 67 bytes leftover after parsing attributes in process `syz.0.242'.
[  146.252501][    T9] usb 2-1: Service connection timeout for: 256
[  146.272997][    T9] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  146.295561][    T9] ath9k_htc: Failed to initialize the device
[  146.317619][ T5815] usb 2-1: ath9k_htc: USB layer deinitialized
[  146.369116][ T6648] loop3: detected capacity change from 0 to 32768
[  146.408941][ T6648] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.245 (6648)
[  146.448780][ T6648] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  146.460253][ T6648] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  146.476306][ T6648] BTRFS info (device loop3): force clearing of disk cache
[  146.513076][ T6648] BTRFS info (device loop3): metadata ratio 0
[  146.519262][ T6648] BTRFS info (device loop3): enabling ssd optimizations
[  146.534209][ T6648] BTRFS info (device loop3): using spread ssd allocation scheme
[  146.541948][ T6648] BTRFS info (device loop3): using free space tree
[  146.619182][ T6662] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.250'.
[  146.640280][ T6648] BTRFS info (device loop3): auto enabling async discard
[  146.695594][ T6648] BTRFS info (device loop3): rebuilding free space tree
[  147.088994][ T5773] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  147.134884][ T6685] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  147.217125][ T6688] iommufd_mock iommufd_mock2: Adding to iommu group 1
[  147.255621][ T6687] syzkaller1: entered promiscuous mode
[  147.261184][ T6687] syzkaller1: entered allmulticast mode
[  147.327683][ T6690] loop1: detected capacity change from 0 to 1024
[  147.433158][ T6690] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  147.476783][ T5790] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 11 /dev/loop3 scanned by udevd (5790)
[  147.489223][ T6690] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.668134][ T6702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.259'.
[  147.817512][ T6706] loop2: detected capacity change from 0 to 1024
[  147.937809][ T6706] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.251373][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.346516][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  148.448213][ T6715] loop3: detected capacity change from 0 to 128
[  148.798862][ T6707] loop0: detected capacity change from 0 to 32768
[  148.838474][ T6707] JBD2: Ignoring recovery information on journal
[  148.898809][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.268'.
[  149.025209][ T6707] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  149.256936][ T6731] loop2: detected capacity change from 0 to 512
[  149.315146][ T6731] EXT4-fs error (device loop2): ext4_iget_extra_inode:4739: inode #15: comm syz.2.270: corrupted in-inode xattr: e_value size too large
[  149.362678][ T6731] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.270: couldn't read orphan inode 15 (err -117)
[  149.456918][ T6731] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.644946][ T6731] EXT4-fs error (device loop2): ext4_map_blocks:610: inode #2: block 12: comm syz.2.270: lblock 3 mapped to illegal pblock 12 (length 1)
[  149.685152][ T6707] syz.0.261 (6707) used greatest stack depth: 18544 bytes left
[  149.827367][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.847345][ T5772] ocfs2: Unmounting device (7,0) on (node local)
[  150.275584][ T6742] IPv6: NLM_F_CREATE should be specified when creating new route
[  150.286710][ T6742] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  150.294812][ T6742] IPv6: NLM_F_CREATE should be set when creating new route
[  150.302420][ T6742] IPv6: NLM_F_CREATE should be set when creating new route
[  150.735988][ T6751] loop3: detected capacity change from 0 to 4096
[  151.001719][ T6745] loop0: detected capacity change from 0 to 32768
[  151.078438][ T6745] JBD2: Ignoring recovery information on journal
[  151.269020][ T6745] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  151.743063][ T5772] ocfs2: Unmounting device (7,0) on (node local)
[  151.888502][ T6771] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  151.980615][ T6773] loop0: detected capacity change from 0 to 512
[  151.989964][ T6771] bond1: (slave lo): Enslaving as an active interface with an up link
[  152.039606][ T6771] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  152.276968][ T6764] loop3: detected capacity change from 0 to 32768
[  152.633950][ T6764] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  152.761103][ T6764] XFS (loop3): Ending clean mount
[  152.800615][ T6764] XFS (loop3): Quotacheck needed: Please wait.
[  152.919082][ T6764] XFS (loop3): Quotacheck: Done.
[  153.292233][    C0] sched: RT throttling activated
[  153.492984][ T6778] loop0: detected capacity change from 0 to 131072
[  153.566559][ T5773] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  153.914033][ T6778] F2FS-fs (loop0): Test dummy encryption mode enabled
[  153.932536][ T6778] F2FS-fs (loop0): invalid crc value
[  153.981030][ T6778] F2FS-fs (loop0): Found nat_bits in checkpoint
[  154.072792][ T6778] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  154.430845][ T6824] loop1: detected capacity change from 0 to 512
[  154.445779][ T6778] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  154.509217][ T6824] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 17. Delete some EAs or run e2fsck.
[  154.542523][ T6824] EXT4-fs (loop1): 1 truncate cleaned up
[  154.570452][ T6824] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.765071][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.852303][ T6778] fscrypt (loop0, inode 13): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  154.864798][ T6778] overlayfs: upper fs does not support tmpfile.
[  154.875791][ T6778] fscrypt (loop0, inode 14): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  155.350341][ T6872] loop2: detected capacity change from 0 to 512
[  155.586164][ T6872] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  155.787773][ T6872] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.302: bg 0: block 104: invalid block bitmap
[  155.902815][ T6872] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem
[  155.966764][ T6872] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.302: invalid indirect mapped block 1 (level 1)
[  156.045177][ T6872] EXT4-fs (loop2): 1 truncate cleaned up
[  156.077084][ T6872] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.115939][ T6898] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  156.417221][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.927916][ T6901] loop1: detected capacity change from 0 to 32768
[  157.028208][ T6901] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  157.124702][ T6901] XFS (loop1): Ending clean mount
[  157.411976][ T6922] loop0: detected capacity change from 0 to 128
[  157.497996][ T5771] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  157.601434][ T6922] syz.0.301: attempt to access beyond end of device
[  157.601434][ T6922] loop0: rw=2049, sector=145, nr_sectors = 5 limit=128
[  157.629630][ T6922] syz.0.301: attempt to access beyond end of device
[  157.629630][ T6922] loop0: rw=34817, sector=102, nr_sectors = 27 limit=128
[  157.648963][ T6922] syz.0.301: attempt to access beyond end of device
[  157.648963][ T6922] loop0: rw=34817, sector=145, nr_sectors = 5 limit=128
[  157.854733][ T6928] netlink: 104 bytes leftover after parsing attributes in process `syz.3.313'.
[  158.125776][ T6938] loop0: detected capacity change from 0 to 1024
[  158.167603][ T6938] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.389443][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.792473][ T1187] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  158.811590][ T5781] Bluetooth: hci4: command 0x1003 tx timeout
[  158.820019][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  159.020786][ T1187] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  159.030175][ T1187] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.052527][ T1187] usb 4-1: Product: syz
[  159.056789][ T1187] usb 4-1: Manufacturer: syz
[  159.072404][ T1187] usb 4-1: SerialNumber: syz
[  159.090465][ T1187] usb 4-1: config 0 descriptor??
[  160.161293][ T1187] usb 4-1: Firmware version (0.0) predates our first public release.
[  160.192274][ T1187] usb 4-1: Please update to version 0.2 or newer
[  160.276116][ T1187] usb 4-1: USB disconnect, device number 6
[  160.617943][ T7004] syzkaller1: tun_chr_ioctl cmd 1074025677
[  160.627800][ T7004] syzkaller1: Refused to change device type
[  160.924921][ T7015] loop1: detected capacity change from 0 to 16
[  160.945768][ T7015] erofs: (device loop1): mounted with root inode @ nid 36.
[  161.270266][ T7017] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  161.288362][ T7017] overlayfs: failed to set xattr on upper
[  161.299918][ T7017] overlayfs: ...falling back to redirect_dir=nofollow.
[  161.314172][ T7017] overlayfs: ...falling back to metacopy=off.
[  161.330065][ T7017] overlayfs: ...falling back to index=off.
[  161.342452][ T7017] overlayfs: ...falling back to uuid=null.
[  162.064018][ T7030] loop0: detected capacity change from 0 to 4096
[  162.319801][ T7044] loop2: detected capacity change from 0 to 2048
[  162.337772][ T7044] EXT4-fs: Ignoring removed mblk_io_submit option
[  162.357101][ T7044] EXT4-fs: Ignoring removed i_version option
[  162.396008][ T7044] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.510995][   T28] audit: type=1326 audit(1775931067.840:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7048 comm="syz.0.359" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff62459c819 code=0x0
[  162.533224][   T28] audit: type=1800 audit(1775931067.840:31): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.358" name="file1" dev="loop2" ino=15 res=0 errno=0
[  162.598877][ T7052] EXT4-fs (loop2): shut down requested (1)
[  162.651242][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.958704][ T7059] veth0: entered promiscuous mode
[  162.978215][ T7059] netlink: 4 bytes leftover after parsing attributes in process `syz.2.362'.
[  163.169074][ T7059] veth0 (unregistering): left promiscuous mode
[  163.314233][ T7066] netlink: 'syz.1.365': attribute type 1 has an invalid length.
[  163.462676][ T7066] bond2: entered promiscuous mode
[  163.468247][ T7066] 8021q: adding VLAN 0 to HW filter on device bond2
[  163.625138][ T7068] bond2: (slave veth3): making interface the new active one
[  163.638919][ T7068] veth3: entered promiscuous mode
[  163.651020][ T7068] bond2: (slave veth3): Enslaving as an active interface with an up link
[  163.836172][ T7079] loop2: detected capacity change from 0 to 256
[  163.961039][ T7061] loop3: detected capacity change from 0 to 40427
[  164.069097][ T7061] F2FS-fs (loop3): invalid crc value
[  164.202336][ T7061] F2FS-fs (loop3): Found nat_bits in checkpoint
[  164.528814][ T7061] F2FS-fs (loop3): Start checkpoint disabled!
[  164.569357][ T7061] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  165.360235][ T6881] kworker/u4:20: attempt to access beyond end of device
[  165.360235][ T6881] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  165.415467][ T6881] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  165.448998][ T6881] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  165.850080][ T7102] veth1_to_bond: entered allmulticast mode
[  165.877333][ T7102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.380'.
[  166.083883][ T7102] veth1_to_bond (unregistering): left allmulticast mode
[  166.174627][ T7102] bond0: (slave bond_slave_1): Releasing backup interface
[  166.386347][ T7083] loop0: detected capacity change from 0 to 262144
[  166.406234][ T7083] F2FS-fs (loop0): invalid crc value
[  166.424682][ T7083] F2FS-fs (loop0): Found nat_bits in checkpoint
[  166.477093][ T7083] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  166.485076][ T7104] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  166.532581][ T7104] overlayfs: failed to set xattr on upper
[  166.575325][ T7104] overlayfs: ...falling back to redirect_dir=nofollow.
[  166.602431][ T7104] overlayfs: ...falling back to metacopy=off.
[  166.620337][ T7104] overlayfs: ...falling back to index=off.
[  166.662389][ T7104] overlayfs: ...falling back to uuid=null.
[  167.543050][ T7114] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  167.551261][ T7114] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  167.687555][ T7121] loop1: detected capacity change from 0 to 40427
[  167.728844][ T7121] F2FS-fs (loop1): invalid crc value
[  167.769605][ T7121] F2FS-fs (loop1): Found nat_bits in checkpoint
[  167.796735][ T7130] loop3: detected capacity change from 0 to 128
[  167.893521][ T7130] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  167.913187][ T7130] ext4 filesystem being mounted at /100/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  167.978483][ T7121] F2FS-fs (loop1): Start checkpoint disabled!
[  168.010204][ T7121] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  168.095832][ T5773] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  168.489907][ T6875] kworker/u4:17: attempt to access beyond end of device
[  168.489907][ T6875] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  168.532445][ T6875] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  168.552476][ T6875] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  168.559443][ T6875] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  168.643821][ T6875] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  168.764854][ T7143] loop3: detected capacity change from 0 to 4096
[  168.898937][ T7145] loop2: detected capacity change from 0 to 2048
[  168.970301][ T7145] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  169.000658][ T7145] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  169.402549][ T7147] netlink: 20 bytes leftover after parsing attributes in process `syz.3.397'.
[  169.426463][ T7149] veth0: entered promiscuous mode
[  169.439608][ T7149] netlink: 4 bytes leftover after parsing attributes in process `syz.1.391'.
[  169.676345][ T7149] veth0 (unregistering): left promiscuous mode
[  170.240560][ T7170] capability: warning: `syz.2.406' uses 32-bit capabilities (legacy support in use)
[  170.257408][ T7169] netlink: 56 bytes leftover after parsing attributes in process `syz.1.405'.
[  170.306831][ T7166] loop3: detected capacity change from 0 to 8192
[  170.364914][ T7166] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  170.647021][ T7160] loop0: detected capacity change from 0 to 32768
[  170.711622][ T7160] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  170.777578][ T7184] loop1: detected capacity change from 0 to 1024
[  170.785543][ T7184] EXT4-fs: Ignoring removed bh option
[  170.825811][ T7184] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  170.876804][ T7160] XFS (loop0): Ending clean mount
[  171.006963][ T7184] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.144995][ T5772] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  171.793984][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.830418][   T28] audit: type=1326 audit(1775931077.160:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz.3.420" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f702619c819 code=0x0
[  172.056690][ T7217] input: syz1 as /devices/virtual/input/input5
[  172.385622][ T7224] loop2: detected capacity change from 0 to 4096
[  172.424343][ T7224] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.541475][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.641123][ T7227] loop2: detected capacity change from 0 to 256
[  173.122347][ T5815] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  173.326117][ T7244] Bluetooth: MGMT ver 1.22
[  173.378097][ T5815] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  173.402077][ T5815] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  173.422603][ T5815] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  173.447094][ T5815] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  173.462602][  T787] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  173.472376][ T5815] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.506920][ T5815] usb 3-1: config 0 descriptor??
[  173.676259][  T787] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  173.695398][  T787] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  173.712384][  T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  173.732890][  T787] usb 4-1: Product: syz
[  173.737425][  T787] usb 4-1: Manufacturer: syz
[  173.742924][  T787] usb 4-1: SerialNumber: syz
[  173.882500][ T5155] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  173.941204][ T5815] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  173.965802][ T5815] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  173.981169][  T787] usblp 4-1:1.0: usblp1: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  174.109704][ T5155] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  174.128812][ T5155] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  174.161575][ T5155] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  174.191500][ T5155] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  174.203643][ T5155] usb 2-1: Product: syz
[  174.207898][ T5155] usb 2-1: SerialNumber: syz
[  174.238659][ T5778] usb 4-1: USB disconnect, device number 7
[  174.264428][ T5778] usblp1: removed
[  175.265250][ T5155] cdc_ncm 2-1:1.0: bind() failure
[  175.351190][ T5155] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  175.361513][ T5155] cdc_ncm 2-1:1.1: bind() failure
[  175.472093][   T23] usb 2-1: USB disconnect, device number 6
[  175.504638][ T7267] loop5: detected capacity change from 0 to 7
[  175.517606][ T5790] Dev loop5: unable to read RDB block 7
[  175.532587][ T5790]  loop5: unable to read partition table
[  175.538527][ T5790] loop5: partition table beyond EOD, truncated
[  175.551665][ T7267] Dev loop5: unable to read RDB block 7
[  175.561007][ T7267]  loop5: unable to read partition table
[  175.589501][ T7267] loop5: partition table beyond EOD, truncated
[  175.602533][ T7267] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  175.814717][ T7275] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  175.827868][ T7275] netlink: 'syz.3.446': attribute type 12 has an invalid length.
[  175.838801][ T7275] netlink: 'syz.3.446': attribute type 29 has an invalid length.
[  175.848161][ T7275] netlink: 148 bytes leftover after parsing attributes in process `syz.3.446'.
[  175.858488][ T7275] netlink: 'syz.3.446': attribute type 2 has an invalid length.
[  175.866360][ T7275] netlink: 'syz.3.446': attribute type 3 has an invalid length.
[  175.875841][ T7275] netlink: 15 bytes leftover after parsing attributes in process `syz.3.446'.
[  175.991422][ T7277] "syz.2.448" (7277) uses obsolete ecb(arc4) skcipher
[  176.012112][ T7280] loop3: detected capacity change from 0 to 128
[  176.016771][ T7277] trusted_key: syz.2.448 sent an empty control message without MSG_MORE.
[  176.038052][ T7281] loop0: detected capacity change from 0 to 256
[  176.089140][ T7281] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  176.148691][ T7280] syz.3.447: attempt to access beyond end of device
[  176.148691][ T7280] loop3: rw=2049, sector=145, nr_sectors = 5 limit=128
[  176.180733][ T1187] usb 3-1: USB disconnect, device number 5
[  176.220921][ T7280] syz.3.447: attempt to access beyond end of device
[  176.220921][ T7280] loop3: rw=34817, sector=102, nr_sectors = 27 limit=128
[  176.262526][ T7280] syz.3.447: attempt to access beyond end of device
[  176.262526][ T7280] loop3: rw=34817, sector=145, nr_sectors = 5 limit=128
[  176.511329][ T7287] loop0: detected capacity change from 0 to 128
[  177.410102][ T7283] loop1: detected capacity change from 0 to 131072
[  177.443305][ T7283] F2FS-fs (loop1): invalid crc value
[  177.504197][ T7283] F2FS-fs (loop1): Found nat_bits in checkpoint
[  177.572707][ T7298] block nbd2: server does not support multiple connections per device.
[  177.601873][ T7283] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  177.638958][ T7283] F2FS-fs (loop1): Stopped filesystem due to reason: 0
[  177.683074][ T7295] block nbd2: shutting down sockets
[  178.107732][ T2930] Bluetooth: hci4: Frame reassembly failed (-84)
[  178.156528][ T7317] loop1: detected capacity change from 0 to 512
[  178.164760][ T7315] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  178.236916][ T7317] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
[  178.979852][ T7321] loop3: detected capacity change from 0 to 40427
[  178.992038][ T7321] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  179.009733][ T7321] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  179.039404][ T7321] F2FS-fs (loop3): invalid crc value
[  179.281606][ T7321] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  179.293397][ T7321] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  179.420461][   T28] audit: type=1800 audit(1775931084.750:33): pid=7321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.464" name="file1" dev="loop3" ino=10 res=0 errno=0
[  179.472177][ T7336] loop2: detected capacity change from 0 to 1024
[  179.542493][ T5773] syz-executor: attempt to access beyond end of device
[  179.542493][ T5773] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  179.586245][ T5773] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  179.670276][ T7336] hfsplus: can't free extent
[  179.706060][   T28] audit: type=1800 audit(1775931085.040:34): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.470" name="file1" dev="loop2" ino=20 res=0 errno=0
[  180.082514][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  180.089554][ T5781] Bluetooth: hci4: command 0x1003 tx timeout
[  180.431082][ T7350] loop0: detected capacity change from 0 to 4096
[  180.903050][ T7362] veth1_to_bond: entered allmulticast mode
[  180.934541][ T7362] netlink: 4 bytes leftover after parsing attributes in process `syz.0.479'.
[  181.144023][ T7362] veth1_to_bond (unregistering): left allmulticast mode
[  181.217334][ T7362] bond0: (slave bond_slave_1): Releasing backup interface
[  181.748612][ T7381] netlink: 'syz.2.486': attribute type 1 has an invalid length.
[  181.848335][ T7381] bond1: entered promiscuous mode
[  181.873011][ T7381] 8021q: adding VLAN 0 to HW filter on device bond1
[  182.035545][ T7384] bond1: (slave veth1): making interface the new active one
[  182.049195][ T7384] veth1: entered promiscuous mode
[  182.057296][ T7384] bond1: (slave veth1): Enslaving as an active interface with an up link
[  182.174331][ T7386] loop0: detected capacity change from 0 to 128
[  182.376121][ T7377] loop3: detected capacity change from 0 to 32768
[  182.468219][ T7377] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  182.517910][ T7393] syz_tun: entered allmulticast mode
[  182.538492][ T7377] XFS (loop3): Ending clean mount
[  182.577633][ T7391] syz_tun: left allmulticast mode
[  182.598122][ T7377] XFS (loop3): Quotacheck needed: Please wait.
[  182.745213][ T7377] XFS (loop3): Quotacheck: Done.
[  182.892885][ T5773] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  183.143827][ T7408] netlink: 28 bytes leftover after parsing attributes in process `syz.3.495'.
[  184.308976][ T7431] loop0: detected capacity change from 0 to 2048
[  184.441083][ T7431] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.515629][   T28] audit: type=1800 audit(1775931089.850:35): pid=7431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.511" name="file2" dev="loop0" ino=16 res=0 errno=0
[  184.560961][ T7436] loop3: detected capacity change from 0 to 8192
[  184.624461][ T7436] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  184.663289][ T7436] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  184.711720][ T7436] REISERFS (device loop3): using ordered data mode
[  184.718760][ T7436] reiserfs: using flush barriers
[  184.734050][ T7436] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  184.778666][ T7436] REISERFS (device loop3): checking transaction log (loop3)
[  184.793257][ T5155] kernel write not supported for file /vcs (pid: 5155 comm: kworker/0:3)
[  184.802433][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.013247][   T27] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  185.049430][   T27] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  185.110178][ T7436] REISERFS (device loop3): Using tea hash to sort names
[  185.120651][ T7436] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  185.210465][ T7456] loop2: detected capacity change from 0 to 1024
[  185.242433][ T7456] ext4: Unknown parameter 'nojournal'
[  185.732478][  T787] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  185.937533][  T787] usb 2-1: config 1 interface 0 has no altsetting 0
[  185.969454][  T787] usb 2-1: string descriptor 0 read error: -22
[  185.992428][  T787] usb 2-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.40
[  186.028287][  T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.464026][  T787] hid (null): unknown global tag 0xe
[  186.558749][ T7480] loop2: detected capacity change from 0 to 256
[  186.586453][  T787] nzxt-kraken2 0003:1E71:170E.000A: unknown global tag 0xe
[  186.602484][  T787] nzxt-kraken2 0003:1E71:170E.000A: item 0 0 1 14 parsing failed
[  186.614585][  T787] nzxt-kraken2 0003:1E71:170E.000A: hid parse failed with -22
[  186.625951][  T787] nzxt-kraken2: probe of 0003:1E71:170E.000A failed with error -22
[  186.641641][ T7480] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  186.672634][  T787] usb 2-1: USB disconnect, device number 7
[  186.764092][ T7482] netlink: 8 bytes leftover after parsing attributes in process `syz.3.520'.
[  187.342159][ T7503] loop1: detected capacity change from 0 to 2048
[  187.367976][ T7503] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  187.402611][ T7503] NILFS (loop1): mounting unchecked fs
[  187.444594][ T5790] udevd[5790]: incorrect nilfs2 checksum on /dev/loop1
[  187.456725][ T7503] NILFS (loop1): recovery complete
[  187.476551][ T7507] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  187.687630][ T7513] netlink: 'syz.1.533': attribute type 10 has an invalid length.
[  187.700693][ T7513] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.708398][ T7513] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.741746][ T7513] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.749019][ T7513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.756658][ T7513] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.763970][ T7513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.785333][ T7513] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  188.256049][ T7526] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  188.413210][  T787] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  188.626505][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.648883][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.661015][  T787] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  188.679696][  T787] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  188.699472][  T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.720846][  T787] usb 2-1: config 0 descriptor??
[  189.102569][ T5838] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  189.128563][   T28] audit: type=1326 audit(1775931094.460:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7542 comm="syz.3.544" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f702619c819 code=0x0
[  189.160068][  T787] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  189.191356][  T787] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  189.302060][ T5838] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  189.317409][ T5838] usb 3-1: config 0 has no interface number 0
[  189.333271][ T5838] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.350379][ T5838] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.366901][ T5838] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  189.376843][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.397056][ T5838] usb 3-1: config 0 descriptor??
[  189.859218][ T5838] input: HID 04d9:a055 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:04D9:A055.000C/input/input7
[  190.036839][ T5838] holtek_kbd 0003:04D9:A055.000C: input,hidraw1: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.2-1/input1
[  190.098957][ T5838] usb 3-1: USB disconnect, device number 6
[  190.415831][ T7552] fido_id[7552]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  191.344180][ T7559] loop2: detected capacity change from 0 to 40427
[  191.367179][ T7559] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff
[  191.388163][  T787] usb 2-1: USB disconnect, device number 8
[  191.403254][ T7559] F2FS-fs (loop2): Image doesn't support compression
[  191.410117][ T7559] F2FS-fs (loop2): Image doesn't support compression
[  191.451964][ T7559] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4
[  191.494592][ T7559] F2FS-fs (loop2): invalid crc value
[  191.521831][ T7559] F2FS-fs (loop2): Found nat_bits in checkpoint
[  191.655775][ T7559] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  191.726873][   T28] audit: type=1800 audit(1775931097.060:37): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.549" name="bus" dev="loop2" ino=14 res=0 errno=0
[  191.826843][ T5770] syz-executor: attempt to access beyond end of device
[  191.826843][ T5770] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  191.876761][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  191.895572][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  191.933014][ T7563] loop1: detected capacity change from 0 to 32768
[  191.979360][ T7563] (syz.1.550,7563,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  192.013943][ T7563] (syz.1.550,7563,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  192.098710][ T7563] JBD2: Ignoring recovery information on journal
[  192.199821][ T7563] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  192.770318][ T5771] ocfs2: Unmounting device (7,1) on (node local)
[  192.912703][ T5838] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  193.017583][   T28] audit: type=1326 audit(1775931098.350:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.1.559" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f07b359c819 code=0x0
[  193.094395][ T5838] usb 4-1: too many endpoints for config 1 interface 0 altsetting 13: 253, using maximum allowed: 30
[  193.106028][ T5838] usb 4-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  193.119382][ T5838] usb 4-1: config 1 interface 0 has no altsetting 0
[  193.129918][ T5838] usb 4-1: string descriptor 0 read error: -22
[  193.136361][ T5838] usb 4-1: New USB device found, idVendor=04d9, idProduct=a04a, bcdDevice= 0.40
[  193.145647][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.604127][ T5838] holtek_mouse 0003:04D9:A04A.000D: unknown main item tag 0x4
[  193.614657][ T5838] holtek_mouse 0003:04D9:A04A.000D: invalid report_size 11124
[  193.622440][ T5838] holtek_mouse 0003:04D9:A04A.000D: item 0 2 1 7 parsing failed
[  193.631376][ T5838] holtek_mouse 0003:04D9:A04A.000D: hid parse failed: -22
[  193.639002][ T5838] holtek_mouse: probe of 0003:04D9:A04A.000D failed with error -22
[  193.819779][    T9] usb 4-1: USB disconnect, device number 8
[  194.153774][ T7596] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  194.697717][ T7610] netlink: 67 bytes leftover after parsing attributes in process `syz.3.568'.
[  195.058326][ T7617] sctp: [Deprecated]: syz.3.571 (pid 7617) Use of struct sctp_assoc_value in delayed_ack socket option.
[  195.058326][ T7617] Use struct sctp_sack_info instead
[  195.128691][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  195.140862][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  195.760473][ T7629] netlink: 208128 bytes leftover after parsing attributes in process `syz.0.577'.
[  195.797841][ T7629] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  196.321086][ T7644] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  196.336882][ T7644] iommufd_mock iommufd_mock2: Adding to iommu group 1
[  196.482547][ T1187] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  196.555775][ T7631] loop1: detected capacity change from 0 to 40427
[  196.578616][ T7631] F2FS-fs (loop1): invalid crc value
[  196.593765][ T7631] F2FS-fs (loop1): Found nat_bits in checkpoint
[  196.671482][ T7631] F2FS-fs (loop1): Start checkpoint disabled!
[  196.685995][ T7631] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  196.695973][ T1187] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  196.707817][ T1187] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.722565][ T1187] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  196.732090][ T1187] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  196.740732][ T1187] usb 3-1: Product: syz
[  196.762322][ T1187] usb 3-1: SerialNumber: syz
[  197.118223][ T2930] kworker/u4:7: attempt to access beyond end of device
[  197.118223][ T2930] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  197.143563][ T2930] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  197.693693][ T7660] netlink: 'syz.1.587': attribute type 2 has an invalid length.
[  197.701516][ T7660] netlink: 40 bytes leftover after parsing attributes in process `syz.1.587'.
[  197.807454][ T1187] cdc_ncm 3-1:1.0: bind() failure
[  197.835998][ T1187] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  197.853568][ T1187] cdc_ncm 3-1:1.1: bind() failure
[  198.053859][ T1187] usb 3-1: USB disconnect, device number 7
[  198.621229][ T7671] loop0: detected capacity change from 0 to 32768
[  198.645788][ T7671] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.593 (7671)
[  198.716134][ T7671] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  198.765517][ T7671] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  198.809027][ T7671] BTRFS info (device loop0): enabling auto defrag
[  198.818467][ T7671] BTRFS info (device loop0): use no compression
[  198.833165][ T7671] BTRFS info (device loop0): max_inline at 4096
[  198.853497][ T7671] BTRFS info (device loop0): using free space tree
[  198.952881][ T7671] BTRFS info (device loop0): enabling ssd optimizations
[  198.959928][ T7671] BTRFS info (device loop0): auto enabling async discard
[  199.257353][ T5772] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  200.115248][ T7713] syzkaller1: entered promiscuous mode
[  200.120833][ T7713] syzkaller1: entered allmulticast mode
[  200.633377][ T7721] input: syz0 as /devices/virtual/input/input8
[  200.808286][ T7723] netlink: 16 bytes leftover after parsing attributes in process `syz.2.610'.
[  200.879329][ T7727] loop1: detected capacity change from 0 to 1024
[  200.917113][ T7727] ext4: Unknown parameter 'nojournal'
[  200.979050][ T5789] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  201.085560][ T7730] loop3: detected capacity change from 0 to 1024
[  201.170853][ T7730] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.374784][ T7736] loop2: detected capacity change from 0 to 131072
[  202.432914][ T7736] F2FS-fs (loop2): Test dummy encryption mode enabled
[  202.444172][ T7736] F2FS-fs (loop2): invalid crc value
[  202.484653][ T7736] F2FS-fs (loop2): Found nat_bits in checkpoint
[  202.562576][ T7736] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  202.839860][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.061847][ T7736] fscrypt (loop2, inode 13): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  203.073863][ T7736] overlayfs: upper fs does not support tmpfile.
[  203.082672][ T7736] fscrypt (loop2, inode 14): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  203.504365][ T7731] loop0: detected capacity change from 0 to 262144
[  203.513404][ T7731] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 scanned by syz.0.620 (7731)
[  203.552541][ T7731] BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  203.562849][ T7731] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  203.572144][ T7731] BTRFS info (device loop0): using free space tree
[  203.762784][ T7731] BTRFS info (device loop0): enabling ssd optimizations
[  203.769868][ T7731] BTRFS info (device loop0): auto enabling async discard
[  203.868664][   T28] audit: type=1800 audit(1775931109.200:39): pid=7731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.620" name="file1" dev="loop0" ino=260 res=0 errno=0
[  204.223535][ T5772] BTRFS info (device loop0): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  204.593593][   T28] audit: type=1800 audit(1775931109.920:40): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.622" name="file1" dev="overlay" ino=861 res=0 errno=0
[  204.859407][ T7785] input: syz1 as /devices/virtual/input/input9
[  205.038505][ T7774] loop1: detected capacity change from 0 to 32768
[  205.069731][ T7774] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.617 (7774)
[  205.176430][ T7774] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  205.212327][ T7774] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  205.236672][ T7774] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  205.258626][ T7774] BTRFS info (device loop1): use zstd compression, level 3
[  205.278816][ T7774] BTRFS info (device loop1): using free space tree
[  205.474306][ T7774] BTRFS info (device loop1): enabling ssd optimizations
[  205.481382][ T7774] BTRFS info (device loop1): auto enabling async discard
[  205.667598][ T7807] loop3: detected capacity change from 0 to 512
[  205.754802][ T7807] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.782481][ T7807] EXT4-fs error (device loop3): ext4_readdir:223: inode #12: comm syz.3.625: path /158/file0/file0: directory fails checksum at offset 0
[  205.966451][ T5771] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  205.988522][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.567820][ T7818] loop2: detected capacity change from 0 to 8192
[  206.623741][ T5787] block nbd1: Receive control failed (result -32)
[  206.635968][ T7818] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  206.654474][ T7821] block nbd1: shutting down sockets
[  206.682210][ T7818] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  206.692027][ T7818] REISERFS (device loop2): using ordered data mode
[  206.698904][ T7818] reiserfs: using flush barriers
[  206.707281][ T7818] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  206.724252][ T7818] REISERFS (device loop2): checking transaction log (loop2)
[  206.771906][ T7818] REISERFS (device loop2): Using r5 hash to sort names
[  206.786693][ T7818] REISERFS (device loop2): using 3.5.x disk format
[  206.803367][ T7818] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  207.323976][  T787] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  207.438167][ T7826] loop1: detected capacity change from 0 to 32768
[  207.469868][ T7826] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  207.505226][ T7826] XFS (loop1): Ending clean mount
[  207.520268][  T787] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  207.549002][  T787] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  207.570855][  T787] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  207.583831][  T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.601341][ T7828] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  207.617312][  T787] usb 4-1: Quirk or no altest; falling back to MIDI 1.0
[  207.653905][ T5771] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  207.892521][ T1187] usb 4-1: USB disconnect, device number 9
[  207.954018][ T7842] loop1: detected capacity change from 0 to 1024
[  207.982074][ T7838] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  207.991069][ T7838] overlayfs: failed to set xattr on upper
[  208.022920][ T7838] overlayfs: ...falling back to redirect_dir=nofollow.
[  208.049143][ T7838] overlayfs: ...falling back to index=off.
[  208.057523][ T7838] overlayfs: ...falling back to uuid=null.
[  208.066076][ T7838] overlayfs: maximum fs stacking depth exceeded
[  208.132696][ T7842] hfsplus: can't free extent
[  208.163840][   T28] audit: type=1800 audit(1775931113.315:41): pid=7842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.630" name="file1" dev="loop1" ino=20 res=0 errno=0
[  209.193867][ T7845] loop2: detected capacity change from 0 to 32768
[  209.223848][ T7859] netlink: 12 bytes leftover after parsing attributes in process `syz.0.639'.
[  209.293118][ T7845] JBD2: Ignoring recovery information on journal
[  209.348533][ T7845] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  209.594175][ T7852] loop1: detected capacity change from 0 to 32768
[  209.669758][ T7852] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  209.714067][ T7879] netlink: 'syz.0.642': attribute type 1 has an invalid length.
[  209.772411][ T7879] 8021q: adding VLAN 0 to HW filter on device bond1
[  209.792353][ T7881] bond1: (slave geneve2): making interface the new active one
[  209.803447][ T7881] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  209.835858][ T7852] XFS (loop1): Ending clean mount
[  209.891516][ T7845] syz.2.633 (7845) used greatest stack depth: 18288 bytes left
[  210.009887][ T5770] ocfs2: Unmounting device (7,2) on (node local)
[  210.123576][ T5771] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  211.425051][ T7897] netlink: 'syz.2.647': attribute type 10 has an invalid length.
[  211.433659][ T7897] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.441945][ T7897] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.494702][ T7897] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.502189][ T7897] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.510131][ T7897] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.517485][ T7897] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.538891][ T7897] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  212.040525][ T5815] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  212.246843][ T5815] usb 3-1: Using ep0 maxpacket: 16
[  212.257675][ T5815] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  212.267536][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.275566][ T5815] usb 3-1: Product: syz
[  212.281558][ T5815] usb 3-1: Manufacturer: syz
[  212.286225][ T5815] usb 3-1: SerialNumber: syz
[  212.670533][ T7919] netlink: 33 bytes leftover after parsing attributes in process `syz.1.666'.
[  213.075391][ T5787] Bluetooth: hci2: command 0x0406 tx timeout
[  213.075899][ T5784] Bluetooth: hci1: command 0x0406 tx timeout
[  213.089032][ T5085] Bluetooth: hci3: command 0x0406 tx timeout
[  213.095188][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  213.511875][ T7926] netlink: 'syz.0.660': attribute type 10 has an invalid length.
[  213.521455][ T7926] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.529316][ T7926] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.567351][ T7926] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.574715][ T7926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.582520][ T7926] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.589779][ T7926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.615800][ T5815] snd-usb-audio: probe of 3-1:1.0 failed with error -71
[  213.640347][ T7926] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  213.645556][ T5815] usb 3-1: USB disconnect, device number 8
[  213.762786][ T7929] loop3: detected capacity change from 0 to 256
[  213.855815][ T7929] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  214.240298][ T7939] loop3: detected capacity change from 0 to 128
[  214.261448][ T7939] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  214.400117][ T6220] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  216.250266][ T7984] loop1: detected capacity change from 0 to 1024
[  216.261344][ T7984] EXT4-fs: Ignoring removed i_version option
[  216.277410][ T7984] EXT4-fs: Ignoring removed bh option
[  216.282896][ T7984] ext4: Unknown parameter 'nouser_xattr'
[  216.702367][ T7991] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  216.732503][ T7991] overlayfs: failed to set xattr on upper
[  216.756234][ T7991] overlayfs: ...falling back to redirect_dir=nofollow.
[  216.781623][ T7991] overlayfs: ...falling back to index=off.
[  216.797924][ T7991] overlayfs: ...falling back to uuid=null.
[  216.804364][ T7991] overlayfs: maximum fs stacking depth exceeded
[  217.114467][ T7994] netlink: 'syz.1.686': attribute type 4 has an invalid length.
[  217.211678][ T7995] netlink: 'syz.1.686': attribute type 4 has an invalid length.
[  217.310685][ T7997] loop0: detected capacity change from 0 to 64
[  218.119811][ T8004] pim6reg1: entered promiscuous mode
[  218.125271][ T8004] pim6reg1: entered allmulticast mode
[  218.410160][ T8016] netlink: 'syz.1.694': attribute type 10 has an invalid length.
[  218.464338][ T8016] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.471927][ T8016] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.492440][ T8018] netlink: 'syz.3.695': attribute type 11 has an invalid length.
[  218.586260][    T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  218.791109][    T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  218.823386][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  218.845695][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  218.863960][    T9] usb 3-1: Product: syz
[  218.873078][    T9] usb 3-1: Manufacturer: syz
[  218.890537][    T9] usb 3-1: SerialNumber: syz
[  219.156261][    T9] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  219.421814][ T8035] loop0: detected capacity change from 0 to 1024
[  219.495606][    C0] usblp0: nonzero write bulk status received: -71
[  219.504616][    T9] usb 3-1: USB disconnect, device number 9
[  219.539126][ T8014] usblp0: removed
[  220.654744][ T8052] warning: `syz.0.708' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  221.230613][ T8071] loop1: detected capacity change from 0 to 64
[  221.852209][ T6881] kworker/u4:20: attempt to access beyond end of device
[  221.852209][ T6881] loop1: rw=1, sector=65, nr_sectors = 1 limit=64
[  221.880312][ T6881] Buffer I/O error on dev loop1, logical block 65, lost async page write
[  221.889625][ T6881] kworker/u4:20: attempt to access beyond end of device
[  221.889625][ T6881] loop1: rw=1, sector=66, nr_sectors = 1 limit=64
[  221.904404][ T6881] Buffer I/O error on dev loop1, logical block 66, lost async page write
[  221.924094][ T6881] kworker/u4:20: attempt to access beyond end of device
[  221.924094][ T6881] loop1: rw=1, sector=67, nr_sectors = 1 limit=64
[  221.938130][ T6881] Buffer I/O error on dev loop1, logical block 67, lost async page write
[  221.947088][ T6881] kworker/u4:20: attempt to access beyond end of device
[  221.947088][ T6881] loop1: rw=1, sector=68, nr_sectors = 1 limit=64
[  221.982345][ T6881] Buffer I/O error on dev loop1, logical block 68, lost async page write
[  221.993451][ T6881] kworker/u4:20: attempt to access beyond end of device
[  221.993451][ T6881] loop1: rw=1, sector=72, nr_sectors = 1 limit=64
[  222.006822][ T6881] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  222.017638][ T6881] kworker/u4:20: attempt to access beyond end of device
[  222.017638][ T6881] loop1: rw=1, sector=73, nr_sectors = 1 limit=64
[  222.031574][ T6881] Buffer I/O error on dev loop1, logical block 73, lost async page write
[  222.040139][ T6881] kworker/u4:20: attempt to access beyond end of device
[  222.040139][ T6881] loop1: rw=1, sector=76, nr_sectors = 1 limit=64
[  222.054601][ T6881] Buffer I/O error on dev loop1, logical block 76, lost async page write
[  222.063914][ T6881] kworker/u4:20: attempt to access beyond end of device
[  222.063914][ T6881] loop1: rw=1, sector=77, nr_sectors = 1 limit=64
[  222.077782][ T6881] Buffer I/O error on dev loop1, logical block 77, lost async page write
[  222.087980][ T6881] kworker/u4:20: attempt to access beyond end of device
[  222.087980][ T6881] loop1: rw=1, sector=78, nr_sectors = 744 limit=64
[  222.102983][ T6881] kworker/u4:20: attempt to access beyond end of device
[  222.102983][ T6881] loop1: rw=1, sector=822, nr_sectors = 1 limit=64
[  222.117067][ T6881] Buffer I/O error on dev loop1, logical block 822, lost async page write
[  222.130387][ T6881] Buffer I/O error on dev loop1, logical block 823, lost async page write
[  222.390762][ T8080] loop1: detected capacity change from 0 to 256
[  222.413052][ T8080] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d)
[  223.373928][ T8085] loop2: detected capacity change from 0 to 4096
[  223.422059][ T8085] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  223.445209][ T8085] NILFS (loop2): mounting unchecked fs
[  223.547612][ T5790] udevd[5790]: incorrect nilfs2 checksum on /dev/loop2
[  223.564246][ T8085] NILFS (loop2): recovery complete
[  223.606135][ T8088] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  225.278045][ T8109] netlink: 4 bytes leftover after parsing attributes in process `syz.1.730'.
[  225.585387][ T8115] overlayfs: metacopy file 'file1' has too small xattr
[  225.848033][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  226.045881][    T9] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[  226.054271][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.065909][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.076705][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  226.090084][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  226.099427][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.110727][    T9] usb 3-1: config 0 descriptor??
[  226.579538][    T9] plantronics 0003:047F:FFFF.000E: unknown main item tag 0xd
[  226.619722][    T9] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  226.643221][    T9] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  226.887719][    T9] usb 3-1: USB disconnect, device number 10
[  227.649384][    T9] IPVS: starting estimator thread 0...
[  227.773436][ T8144] IPVS: using max 24 ests per chain, 57600 per kthread
[  228.335792][ T8156] loop0: detected capacity change from 0 to 512
[  228.378987][ T8156] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  228.429598][ T8156] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002]
[  228.447422][ T8156] System zones: 1-12
[  228.473717][ T8156] EXT4-fs (loop0): 1 truncate cleaned up
[  228.501701][ T8156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.849848][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.667081][ T8163] loop3: detected capacity change from 0 to 131072
[  229.681793][ T8163] F2FS-fs (loop3): Invalid log sectorsize (67108873)
[  229.688675][ T8163] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  229.698846][ T8163] F2FS-fs (loop3): invalid crc value
[  229.713160][ T8163] F2FS-fs (loop3): Found nat_bits in checkpoint
[  229.776477][ T8163] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  229.783632][ T8163] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  230.364208][ T8179] loop2: detected capacity change from 0 to 32768
[  230.400711][ T8179] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop2 scanned by syz.2.757 (8179)
[  230.468331][ T1187] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  230.482806][ T8179] BTRFS info (device loop2): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  230.494994][ T8179] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  230.510041][ T8179] BTRFS info (device loop2): using free space tree
[  230.607952][    C1] icmp: detected local route for 172.20.20.170 during ICMP sending, src 172.20.20.24
[  230.680637][ T1187] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  230.723201][ T1187] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  230.747248][ T8179] BTRFS info (device loop2): enabling ssd optimizations
[  230.754417][ T8179] BTRFS info (device loop2): auto enabling async discard
[  230.784155][ T1187] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  230.828824][ T1187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.881358][ T8184] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  230.922070][ T1187] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  231.220629][ T1187] usb 2-1: USB disconnect, device number 9
[  231.496728][ T5770] BTRFS info (device loop2): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  232.099832][ T8217] loop2: detected capacity change from 0 to 64
[  232.382728][ T5815] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  232.421948][ T8224] syzkaller1: entered promiscuous mode
[  232.438486][ T8224] syzkaller1: entered allmulticast mode
[  232.590239][ T5815] usb 4-1: config 4 has an invalid interface number: 121 but max is 0
[  232.608439][ T5815] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  232.621625][ T6881] bio_check_eod: 72 callbacks suppressed
[  232.621642][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.621642][ T6881] loop2: rw=1, sector=65, nr_sectors = 1 limit=64
[  232.628832][ T5815] usb 4-1: config 4 has no interface number 0
[  232.671517][ T6881] buffer_io_error: 62 callbacks suppressed
[  232.671534][ T6881] Buffer I/O error on dev loop2, logical block 65, lost async page write
[  232.689141][ T5815] usb 4-1: config 4 interface 121 has no altsetting 0
[  232.704617][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.704617][ T6881] loop2: rw=1, sector=66, nr_sectors = 1 limit=64
[  232.740765][ T5815] usb 4-1: New USB device found, idVendor=6b86, idProduct=c211, bcdDevice=25.ca
[  232.743373][ T6881] Buffer I/O error on dev loop2, logical block 66, lost async page write
[  232.788208][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.797548][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.797548][ T6881] loop2: rw=1, sector=67, nr_sectors = 1 limit=64
[  232.817777][ T6881] Buffer I/O error on dev loop2, logical block 67, lost async page write
[  232.824268][ T5815] usb 4-1: Product: syz
[  232.830308][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.830308][ T6881] loop2: rw=1, sector=68, nr_sectors = 1 limit=64
[  232.830615][ T5815] usb 4-1: Manufacturer: syz
[  232.852218][ T6881] Buffer I/O error on dev loop2, logical block 68, lost async page write
[  232.862522][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.862522][ T6881] loop2: rw=1, sector=72, nr_sectors = 1 limit=64
[  232.874736][ T5815] usb 4-1: SerialNumber: syz
[  232.884560][ T6881] Buffer I/O error on dev loop2, logical block 72, lost async page write
[  232.895207][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.895207][ T6881] loop2: rw=1, sector=73, nr_sectors = 1 limit=64
[  232.918841][ T6881] Buffer I/O error on dev loop2, logical block 73, lost async page write
[  232.927698][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.927698][ T6881] loop2: rw=1, sector=76, nr_sectors = 1 limit=64
[  232.947268][ T6881] Buffer I/O error on dev loop2, logical block 76, lost async page write
[  232.956329][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.956329][ T6881] loop2: rw=1, sector=77, nr_sectors = 1 limit=64
[  232.977088][ T6881] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  232.988819][ T6881] kworker/u4:20: attempt to access beyond end of device
[  232.988819][ T6881] loop2: rw=1, sector=78, nr_sectors = 944 limit=64
[  233.009550][ T6881] kworker/u4:20: attempt to access beyond end of device
[  233.009550][ T6881] loop2: rw=1, sector=1022, nr_sectors = 1 limit=64
[  233.023672][ T6881] Buffer I/O error on dev loop2, logical block 1022, lost async page write
[  233.040036][ T6881] Buffer I/O error on dev loop2, logical block 1023, lost async page write
[  233.169321][ T5815] usb 4-1: USB disconnect, device number 10
[  234.088800][ T8240] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  235.065934][    C1] Unknown status report in ack skb
[  235.447146][ T8242] loop1: detected capacity change from 0 to 32768
[  235.520915][ T8242] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  235.672566][ T8244] loop3: detected capacity change from 0 to 131072
[  235.691358][ T8244] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[  235.699617][ T8244] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  235.717774][ T8244] F2FS-fs (loop3): invalid crc value
[  235.723560][ T8242] XFS (loop1): Ending clean mount
[  235.812314][ T8244] F2FS-fs (loop3): Found nat_bits in checkpoint
[  235.880820][ T8244] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  235.888025][ T8244] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  236.160143][ T5771] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  236.824340][ T8271] loop0: detected capacity change from 0 to 64
[  237.574127][ T8283] loop3: detected capacity change from 0 to 4096
[  237.710810][ T8283] ntfs3: loop3: ino=21, "file1" mmap(write) compressed not supported
[  237.996590][ T8293] loop0: detected capacity change from 0 to 2048
[  238.114396][ T8293] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.378651][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.718429][ T8296] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.726044][ T8296] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.594623][ T8296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  239.626288][ T8296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  239.804533][ T8296] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  239.833984][ T8296] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  239.858807][ T8296] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  239.888490][ T8296] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  240.240268][ T8303] netlink: 'syz.1.790': attribute type 1 has an invalid length.
[  240.255110][ T8303] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  240.895510][ T8362] loop2: detected capacity change from 0 to 4096
[  240.936301][ T8362] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.211832][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.360395][ T8381] loop3: detected capacity change from 0 to 128
[  241.393571][ T8381] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  241.410414][ T8381] ext4 filesystem being mounted at /205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  242.056808][ T5773] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  242.793485][ T8430] loop3: detected capacity change from 0 to 512
[  242.856003][ T8430] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  242.913783][ T8430] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002]
[  242.941996][ T8430] System zones: 1-12
[  242.955221][ T8430] EXT4-fs (loop3): 1 truncate cleaned up
[  242.962386][ T8430] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.971091][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  243.221514][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.443737][ T8439] loop3: detected capacity change from 0 to 128
[  243.569656][ T8439] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  243.629715][ T8439] ext4 filesystem being mounted at /210/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  243.828949][ T5773] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  244.101139][ T8305] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  244.127115][ T8441] loop1: detected capacity change from 0 to 32768
[  244.136503][ T8305] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  244.141434][ T8441] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop1 scanned by syz.1.824 (8441)
[  244.204888][ T8441] BTRFS info (device loop1): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  244.230209][ T8441] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  244.252125][ T8441] BTRFS info (device loop1): using free space tree
[  244.294455][ T8446] loop2: detected capacity change from 0 to 4096
[  244.322710][ T8446] EXT4-fs: quotafile must be on filesystem root
[  244.355095][ T8441] BTRFS info (device loop1): enabling ssd optimizations
[  244.379466][ T8441] BTRFS info (device loop1): auto enabling async discard
[  244.527565][ T8464] loop3: detected capacity change from 0 to 512
[  244.612818][ T5789] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  244.769899][ T5771] BTRFS info (device loop1): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  245.636416][ T8484] loop0: detected capacity change from 0 to 1024
[  246.024344][ T4148] hfsplus: b-tree write err: -5, ino 25
[  246.083718][ T4148] hfsplus: b-tree write err: -5, ino 4
[  246.091206][ T4148] hfsplus: b-tree write err: -5, ino 2
[  246.107756][ T4148] hfsplus: b-tree write err: -5, ino 26
[  246.124656][ T4148] hfsplus: b-tree write err: -5, ino 20
[  246.233178][ T8334] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  246.433050][ T8500] loop1: detected capacity change from 0 to 2048
[  246.458004][ T8334] usb 3-1: Using ep0 maxpacket: 8
[  246.471117][ T8334] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  246.480588][ T8334] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  246.494037][ T8334] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  246.507335][ T8334] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  246.526503][ T8334] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  246.546117][ T8334] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  246.587502][ T8500] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  246.605503][ T8334] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.758385][ T8500] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  246.813476][ T8500] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  246.828224][ T8500] EXT4-fs (loop1): This should not happen!! Data will be lost
[  246.828224][ T8500] 
[  246.838137][ T8500] EXT4-fs (loop1): Total free blocks count 0
[  246.846898][ T8500] EXT4-fs (loop1): Free/Dirty block details
[  246.853079][ T8500] EXT4-fs (loop1): free_blocks=66060288
[  246.867516][ T8500] EXT4-fs (loop1): dirty_blocks=48
[  246.877320][ T8500] EXT4-fs (loop1): Block reservation details
[  246.883486][ T8500] EXT4-fs (loop1): i_reserved_data_blocks=3
[  246.901646][ T8334] usb 3-1: usb_control_msg returned -32
[  246.912371][ T8334] usbtmc 3-1:16.0: can't read capabilities
[  247.044685][ T8496] loop0: detected capacity change from 0 to 32768
[  247.066358][ T8496] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop0 scanned by syz.0.839 (8496)
[  247.094901][ T6880] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  247.164836][ T8496] BTRFS info (device loop0): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  247.187357][ T8496] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  247.241904][ T8496] BTRFS info (device loop0): using free space tree
[  247.368218][ T8496] BTRFS info (device loop0): enabling ssd optimizations
[  247.388094][ T8496] BTRFS info (device loop0): auto enabling async discard
[  247.616256][ T8538] loop3: detected capacity change from 0 to 1024
[  247.703405][ T8540] usbtmc 3-1:16.0: usb_control_msg returned -71
[  247.880578][ T8538] hfsplus: xattr search failed
[  247.895548][ T8543] loop1: detected capacity change from 0 to 22
[  247.921357][ T5778] usb 3-1: USB disconnect, device number 11
[  247.929807][ T8543] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  247.961082][ T5772] BTRFS info (device loop0): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  247.979206][ T8543] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  248.586462][ T5778] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  248.605852][ T8552] netlink: 28 bytes leftover after parsing attributes in process `syz.0.853'.
[  248.793648][ T5778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.816526][ T5778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.831024][ T5778] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  248.853568][ T5778] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  248.873841][ T5778] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.896544][ T5778] usb 2-1: config 0 descriptor??
[  249.113826][ T8560] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.121241][ T8560] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.146995][ T8550] loop3: detected capacity change from 0 to 32768
[  249.163843][ T8550] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop3 scanned by syz.3.851 (8550)
[  249.164613][ T8559] syzkaller1: entered promiscuous mode
[  249.205650][ T8559] syzkaller1: entered allmulticast mode
[  249.269070][ T8550] BTRFS info (device loop3): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  249.309141][ T8550] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  249.327376][ T8550] BTRFS info (device loop3): using free space tree
[  249.361658][ T5778] plantronics 0003:047F:FFFF.0010: unknown main item tag 0xd
[  249.380366][ T5778] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[  249.396721][ T5778] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  249.517024][ T8550] BTRFS info (device loop3): enabling ssd optimizations
[  249.524211][ T8550] BTRFS info (device loop3): auto enabling async discard
[  249.806844][ T5864] usb 2-1: USB disconnect, device number 10
[  249.948811][ T5773] BTRFS info (device loop3): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  250.554368][ T8602] netlink: 'syz.1.867': attribute type 1 has an invalid length.
[  250.562580][ T8602] netlink: 'syz.1.867': attribute type 4 has an invalid length.
[  250.579110][ T8602] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.867'.
[  251.691189][    C1] ------------[ cut here ]------------
[  251.696723][    C1] WARNING: CPU: 1 PID: 8609 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600
[  251.706853][    C1] Modules linked in:
[  251.710818][    C1] CPU: 1 PID: 8609 Comm: syz.0.870 Not tainted syzkaller #0
[  251.718151][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  251.728978][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  251.735480][    C1] Code: 24 4c 89 e7 e8 8e 80 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 79 be 82 f7 0f 0b e9 f6 f7 ff ff e8 6d be 82 f7 <0f> 0b e9 48 fb ff ff e8 61 be 82 f7 48 c7 c7 00 85 64 8e 4c 89 e6
[  251.755162][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[  251.761280][    C1] RAX: ffffffff8a046393 RBX: ffffffff8a045196 RCX: ffff8880215c5a00
[  251.769320][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  251.777352][    C1] RBP: 0000000000000000 R08: ffff8880215c5a00 R09: 0000000000000003
[  251.785520][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805da0e3c0
[  251.793732][    C1] R13: dffffc0000000000 R14: ffff88805da0e8b0 R15: ffff88802fd45024
[  251.801802][    C1] FS:  00007ff62541b6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  251.810788][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  251.817594][    C1] CR2: 00007ff61e3f6000 CR3: 00000000788f2000 CR4: 00000000003506e0
[  251.825675][    C1] DR0: 0000000000000000 DR1: 0000000000000003 DR2: 0000000000000000
[  251.833822][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  251.841923][    C1] Call Trace:
[  251.845298][    C1]  <IRQ>
[  251.848193][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  251.853772][    C1]  ieee80211_beacon_get_tim+0xbf/0x580
[  251.859308][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  251.866189][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  251.871894][    C1]  __iterate_interfaces+0x243/0x500
[  251.877219][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  251.883531][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  251.890797][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  251.897077][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  251.904187][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  251.909425][    C1]  __hrtimer_run_queues+0x520/0xc40
[  251.914732][    C1]  ? ktime_get_update_offsets_now+0x99/0x3f0
[  251.920860][    C1]  ? hw_scan_work+0xf60/0xf60
[  251.925607][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  251.930744][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  251.936887][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  251.942143][    C1]  handle_softirqs+0x280/0x820
[  251.947068][    C1]  ? __irq_exit_rcu+0xd3/0x190
[  251.951864][    C1]  ? do_softirq+0x1a0/0x1a0
[  251.956427][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  251.961689][    C1]  __irq_exit_rcu+0xd3/0x190
[  251.966441][    C1]  ? irq_exit_rcu+0x20/0x20
[  251.970985][    C1]  irq_exit_rcu+0x9/0x20
[  251.975307][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  251.981112][    C1]  </IRQ>
[  251.984064][    C1]  <TASK>
[  251.987046][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  251.993065][    C1] RIP: 0010:unmap_page_range+0xd5a/0x3000
[  251.998868][    C1] Code: 00 48 8b 44 24 28 48 89 18 e9 81 0d 00 00 e8 3d a5 bd ff 48 8b 7c 24 68 48 8b b4 24 98 00 00 00 e8 8b 1c 73 ff 48 8b 44 24 38 <48> 89 c3 48 c1 eb 03 42 80 3c 23 00 74 0f 48 8b 7c 24 38 e8 ae dc
[  252.018540][    C1] RSP: 0018:ffffc9000b4df620 EFLAGS: 00000246
[  252.024674][    C1] RAX: ffffc9000b4dfa10 RBX: 00007ff61b35a000 RCX: 0000000000080000
[  252.032717][    C1] RDX: ffffc9000d4cc000 RSI: 000000000007ffff RDI: 0000000000080000
[  252.040736][    C1] RBP: ffffc9000b4df810 R08: ffffffff8e8b14ef R09: 1ffffffff1d1629d
[  252.048725][    C1] R10: dffffc0000000000 R11: fffffbfff1d1629e R12: dffffc0000000000
[  252.056765][    C1] R13: 00007ff61b35a000 R14: 0000000000000000 R15: ffff88805f21fad0
[  252.065016][    C1]  ? copy_page_range+0x3670/0x3670
[  252.070162][    C1]  ? folio_batch_move_lru+0x55e/0x660
[  252.075610][    C1]  ? folio_add_lru+0xd30/0xd30
[  252.080527][    C1]  ? unmap_single_vma+0x1b0/0x2a0
[  252.085656][    C1]  unmap_vmas+0x286/0x3f0
[  252.090031][    C1]  ? unmap_page_range+0x3000/0x3000
[  252.095314][    C1]  ? __lock_acquire+0x7d40/0x7d40
[  252.100476][    C1]  ? tlb_gather_mmu+0x233/0x300
[  252.105411][    C1]  unmap_region+0x220/0x370
[  252.109945][    C1]  ? vma_iter_init+0xd0/0xd0
[  252.114766][    C1]  do_vmi_align_munmap+0x10dc/0x16d0
[  252.120211][    C1]  ? do_vmi_align_munmap+0xac5/0x16d0
[  252.125801][    C1]  ? do_vmi_munmap+0x2d0/0x2d0
[  252.130751][    C1]  ? mtree_range_walk+0x674/0x7c0
[  252.135823][    C1]  ? mas_find_setup+0x493/0x590
[  252.140732][    C1]  do_vmi_munmap+0x252/0x2d0
[  252.145376][    C1]  __vm_munmap+0x1a2/0x3c0
[  252.149844][    C1]  ? vm_munmap+0x20/0x20
[  252.154108][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  252.160132][    C1]  ? syscall_enter_from_user_mode+0x25/0x80
[  252.166134][    C1]  __x64_sys_munmap+0x60/0x70
[  252.170882][    C1]  do_syscall_64+0x55/0xa0
[  252.175316][    C1]  ? clear_bhb_loop+0x40/0x90
[  252.180065][    C1]  ? clear_bhb_loop+0x40/0x90
[  252.184826][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  252.190870][    C1] RIP: 0033:0x7ff62459c647
[  252.195321][    C1] Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  252.214996][    C1] RSP: 002b:00007ff62541ae08 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[  252.223485][    C1] RAX: ffffffffffffffda RBX: 0000000004000000 RCX: 00007ff62459c647
[  252.231566][    C1] RDX: 0000000004000000 RSI: 0000000008400000 RDI: 00007ff61a3f7000
[  252.239731][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  252.248027][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  252.256069][    C1] R13: 00007ff62541aee0 R14: 00007ff62541aea0 R15: 00007ff61a3f7000
[  252.264104][    C1]  </TASK>
[  252.267185][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  252.274501][    C1] CPU: 1 PID: 8609 Comm: syz.0.870 Not tainted syzkaller #0
[  252.281892][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  252.291967][    C1] Call Trace:
[  252.295271][    C1]  <IRQ>
[  252.298140][    C1]  dump_stack_lvl+0x18c/0x250
[  252.302856][    C1]  ? show_regs_print_info+0x20/0x20
[  252.308131][    C1]  ? load_image+0x420/0x420
[  252.312681][    C1]  panic+0x2dc/0x730
[  252.316608][    C1]  ? bpf_jit_dump+0xd0/0xd0
[  252.321154][    C1]  __warn+0x2e0/0x470
[  252.325190][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  252.330939][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  252.336706][    C1]  report_bug+0x2be/0x4f0
[  252.341062][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  252.346807][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  252.352562][    C1]  ? __ieee80211_beacon_get+0x1235/0x1600
[  252.358328][    C1]  handle_bug+0xcf/0x120
[  252.362606][    C1]  exc_invalid_op+0x1a/0x50
[  252.367133][    C1]  asm_exc_invalid_op+0x1a/0x20
[  252.372035][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  252.378521][    C1] Code: 24 4c 89 e7 e8 8e 80 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 79 be 82 f7 0f 0b e9 f6 f7 ff ff e8 6d be 82 f7 <0f> 0b e9 48 fb ff ff e8 61 be 82 f7 48 c7 c7 00 85 64 8e 4c 89 e6
[  252.398157][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[  252.404245][    C1] RAX: ffffffff8a046393 RBX: ffffffff8a045196 RCX: ffff8880215c5a00
[  252.412242][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  252.420354][    C1] RBP: 0000000000000000 R08: ffff8880215c5a00 R09: 0000000000000003
[  252.428373][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805da0e3c0
[  252.436459][    C1] R13: dffffc0000000000 R14: ffff88805da0e8b0 R15: ffff88802fd45024
[  252.444452][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  252.450070][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  252.455822][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  252.461566][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  252.467140][    C1]  ieee80211_beacon_get_tim+0xbf/0x580
[  252.472618][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  252.479416][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  252.484987][    C1]  __iterate_interfaces+0x243/0x500
[  252.490212][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  252.496474][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  252.503703][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  252.509965][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  252.517067][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  252.522295][    C1]  __hrtimer_run_queues+0x520/0xc40
[  252.527507][    C1]  ? ktime_get_update_offsets_now+0x99/0x3f0
[  252.533530][    C1]  ? hw_scan_work+0xf60/0xf60
[  252.538225][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  252.543357][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  252.549445][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  252.554606][    C1]  handle_softirqs+0x280/0x820
[  252.559387][    C1]  ? __irq_exit_rcu+0xd3/0x190
[  252.564161][    C1]  ? do_softirq+0x1a0/0x1a0
[  252.568690][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  252.573909][    C1]  __irq_exit_rcu+0xd3/0x190
[  252.578525][    C1]  ? irq_exit_rcu+0x20/0x20
[  252.583044][    C1]  irq_exit_rcu+0x9/0x20
[  252.587311][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  252.592954][    C1]  </IRQ>
[  252.595901][    C1]  <TASK>
[  252.598867][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  252.604864][    C1] RIP: 0010:unmap_page_range+0xd5a/0x3000
[  252.610606][    C1] Code: 00 48 8b 44 24 28 48 89 18 e9 81 0d 00 00 e8 3d a5 bd ff 48 8b 7c 24 68 48 8b b4 24 98 00 00 00 e8 8b 1c 73 ff 48 8b 44 24 38 <48> 89 c3 48 c1 eb 03 42 80 3c 23 00 74 0f 48 8b 7c 24 38 e8 ae dc
[  252.630223][    C1] RSP: 0018:ffffc9000b4df620 EFLAGS: 00000246
[  252.636303][    C1] RAX: ffffc9000b4dfa10 RBX: 00007ff61b35a000 RCX: 0000000000080000
[  252.644288][    C1] RDX: ffffc9000d4cc000 RSI: 000000000007ffff RDI: 0000000000080000
[  252.652274][    C1] RBP: ffffc9000b4df810 R08: ffffffff8e8b14ef R09: 1ffffffff1d1629d
[  252.660260][    C1] R10: dffffc0000000000 R11: fffffbfff1d1629e R12: dffffc0000000000
[  252.668250][    C1] R13: 00007ff61b35a000 R14: 0000000000000000 R15: ffff88805f21fad0
[  252.676311][    C1]  ? copy_page_range+0x3670/0x3670
[  252.681505][    C1]  ? folio_batch_move_lru+0x55e/0x660
[  252.686907][    C1]  ? folio_add_lru+0xd30/0xd30
[  252.691684][    C1]  ? unmap_single_vma+0x1b0/0x2a0
[  252.696826][    C1]  unmap_vmas+0x286/0x3f0
[  252.701181][    C1]  ? unmap_page_range+0x3000/0x3000
[  252.706405][    C1]  ? __lock_acquire+0x7d40/0x7d40
[  252.711460][    C1]  ? tlb_gather_mmu+0x233/0x300
[  252.716332][    C1]  unmap_region+0x220/0x370
[  252.720861][    C1]  ? vma_iter_init+0xd0/0xd0
[  252.725570][    C1]  do_vmi_align_munmap+0x10dc/0x16d0
[  252.730917][    C1]  ? do_vmi_align_munmap+0xac5/0x16d0
[  252.736314][    C1]  ? do_vmi_munmap+0x2d0/0x2d0
[  252.741097][    C1]  ? mtree_range_walk+0x674/0x7c0
[  252.746190][    C1]  ? mas_find_setup+0x493/0x590
[  252.751101][    C1]  do_vmi_munmap+0x252/0x2d0
[  252.755710][    C1]  __vm_munmap+0x1a2/0x3c0
[  252.760148][    C1]  ? vm_munmap+0x20/0x20
[  252.764403][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  252.770405][    C1]  ? syscall_enter_from_user_mode+0x25/0x80
[  252.776332][    C1]  __x64_sys_munmap+0x60/0x70
[  252.781029][    C1]  do_syscall_64+0x55/0xa0
[  252.785452][    C1]  ? clear_bhb_loop+0x40/0x90
[  252.790174][    C1]  ? clear_bhb_loop+0x40/0x90
[  252.794873][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  252.800793][    C1] RIP: 0033:0x7ff62459c647
[  252.805212][    C1] Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  252.824828][    C1] RSP: 002b:00007ff62541ae08 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[  252.833275][    C1] RAX: ffffffffffffffda RBX: 0000000004000000 RCX: 00007ff62459c647
[  252.841431][    C1] RDX: 0000000004000000 RSI: 0000000008400000 RDI: 00007ff61a3f7000
[  252.849431][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  252.857513][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  252.865511][    C1] R13: 00007ff62541aee0 R14: 00007ff62541aea0 R15: 00007ff61a3f7000
[  252.873596][    C1]  </TASK>
[  252.877218][    C1] Kernel Offset: disabled
[  252.881658][    C1] Rebooting in 86400 seconds..