last executing test programs:

1m18.460231513s ago: executing program 0 (id=331):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe2}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000180)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6fc40b5d175e86ac0b7a9fd7f1748af98902340eb3de6f89a6272ddc63ce532e270bc6cba3d229a96e108026bf64d48efc0435d52b40c578d3deb33677cf2ec5fadf9a784f2b2bdc8d978e9e1a788494631d094", 0xe3}, {&(0x7f0000000f00)}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000003c0)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb306c7f77c8a00000000000000d037280699ca67e7143e46e0267c791d9ebf43d49dc561ceb279ff", 0x52}, {&(0x7f0000002700)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635af71dc487553859348d48e6fc49d81c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e661725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d70581691a79a4678db1e5e7fa1c98c5b9e4a87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae99200000062635399677c089645ecee7fdddf4f74597a84ed4f771ab273c5720d5cc397c0be582a0b23f749ff982cd036ac23aa6a072cfed3e03efb9f3f267516af3477a4d8caba0b615c1fa14f19d2cf694102c0d9dcc23d55940ea1d4ecbc7c54c342e9094a6c0e69514e6ded113af16d9d43f7ce", 0x143}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472f0700000000000000e71ba62334303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c", 0x3b}, {&(0x7f0000000000)="bd2f6aa36cea0e62ac", 0x9}], 0x4}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="b5d3838236773268a73daecfa0fdc5beb5a7ac332a11523627b41db31da6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b64", 0x50}, {&(0x7f0000000500)="e47ecfc6ce6d4d9cc5a0fbf98f301803da3adfbec8a1d5324076b744b24bc7cf83120d4819726e827d90219c71", 0x2d}], 0x2}}], 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

1m17.253938723s ago: executing program 0 (id=333):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000001c0)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

1m16.969128577s ago: executing program 4 (id=334):
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000040)={0x1, @capture={0x0, 0x1, {0x1, 0x9}, 0x7c, 0xffffff01}})

1m16.605245889s ago: executing program 0 (id=336):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[<r3=>0x0], &(0x7f00000000c0), 0x1, r1})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x14, r3, r1})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x20, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000000f00000009000300", @ANYRES32=r6, @ANYBLOB="2f000e0080000000ffffffffffff08021100000008021100000000000000000000000000640003900100050302540500080026006c09000008000c006400000008000d00010000000800a100060000000800270000000000"], 0x74}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10)
sendto$inet(r8, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004500002c000000000006901414bbac1414aa00004e220000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6c2000009078000003030900"], 0x0)
pselect6(0x40, &(0x7f0000000280)={0x5c8a, 0x3, 0x0, 0x300, 0x0, 0x0, 0x0, 0x800000000}, 0x0, &(0x7f0000000100)={0x8, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0)
sendmsg$NFT_BATCH(r7, 0x0, 0x0)
eventfd2(0x3ff, 0x800)
r9 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r10 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000000000010902"], 0x0)
fchdir(r11)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r10, &(0x7f0000000a00)='net/vlan/vlan1\x00')
add_key(&(0x7f0000000200)='rxrpc\x00', 0x0, &(0x7f0000000240)="0000000000000001ff000065dd530700a2752cbf86f474fad8cb594ed9fabe9ec277bb8d00000000000000ff07000000000000c9", 0x34, r9)
sendmsg$NFT_BATCH(r7, 0x0, 0x0)

1m15.880382672s ago: executing program 4 (id=340):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}}, 0x0)

1m15.417350912s ago: executing program 4 (id=343):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe2}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000180)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6fc40b5d175e86ac0b7a9fd7f1748af98902340eb3de6f89a6272ddc63ce532e270bc6cba3d229a96e108026bf64d48efc0435d52b40c578d3deb33677cf2ec5fadf9a784f2b2bdc8d978e9e1a788494631d094", 0xe3}, {&(0x7f0000000f00)="397d5f2edc82d0337ae5ab9ee47dc3e798cf69cfebf1", 0x16}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000003c0)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb306c7f77c8a00000000000000d037280699ca67e7143e46e0267c791d9ebf43d49dc561ceb279ff", 0x52}, {&(0x7f0000002700)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635af71dc487553859348d48e6fc49d81c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e661725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d70581691a79a4678db1e5e7fa1c98c5b9e4a87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae99200000062635399677c089645ecee7fdddf4f74597a84ed4f771ab273c5720d5cc397c0be582a0b23f749ff982cd036ac23aa6a072cfed3e03efb9f3f267516af3477a4d8caba0b615c1fa14f19d2cf694102c0d9dcc23d55940ea1d4ecbc7c54c342e9094a6c0e69514e6ded113af16d9d43f7ce", 0x143}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472f0700000000000000e71ba62334303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c", 0x3b}, {&(0x7f0000000000)="bd2f6aa36cea0e62ac", 0x9}], 0x4}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="b5d3838236773268a73daecfa0fdc5beb5a7ac332a11523627b41db31da6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b64", 0x50}, {&(0x7f0000000500)="e47ecfc6ce6d4d9cc5a0fbf98f301803da3adfbec8a1d5324076b744b24bc7cf83120d4819726e827d90219c71", 0x2d}], 0x2}}], 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

1m14.720531978s ago: executing program 4 (id=345):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x6000, 0x80600})

1m14.375596281s ago: executing program 0 (id=347):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)

1m12.745321711s ago: executing program 4 (id=350):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x10)
close(0x3)

1m11.82495258s ago: executing program 4 (id=352):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

1m10.945617748s ago: executing program 0 (id=353):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000010280)='./mnt\x00', 0x1008004, &(0x7f0000000280)=ANY=[@ANYBLOB="70726a6a71756f74613d6469474bcc8aeef1a8827363736768643d000000000000", @ANYRES64, @ANYRESHEX, @ANYRESOCT=0x0, @ANYRES16, @ANYRESDEC, @ANYBLOB="ba9d33cf594607c5527e18013eab93019bca112d383a377051bf4546fc4dd211389653995d1295cc188aadaed11ea001e27c691a438d49fd727ac1fcfec8c643a5969ee9b808e615d7cf920fa3e00b3c01f23bdd147f7b38f57eb17c5ec7ca859e5bf497817070941d03107d6aa2732591cb7703345c58b5c32e6a7ea3103ef583dd00e4980fd097b49f52ddef0d43ec12cbdbb300cc2b510ef9343a029b3c58512a84fab0429cb19b81010be3b3e43640f2de8811e7a804d3c22c83f0930570915ccb7d35b7cbbedf50"], 0x1, 0x10212, &(0x7f0000020500)="$eJzs3L9uW1UYAPBzaxoVWkqEGNg4EiA5ErGu7aSCskRUVQdIFdEyMji2Y7lN7Ch2nNAJBv48BBtMvAMPwMbSoW+AxIbEUiGBfO4NQhVDVUzcOL+fdO93z3dvvnOO5eW7ihyAc2s5/v5bFq6GF0MIlRDClRDSdVYeyUYRXg8hvBFCuPCPIyvzfyeWQggvhRCuTosXNbPy1nc/fvXp9798+Pa3P/xUyb/5+tf57RqYt7dCCHv7xfXRXhGHvSLeK/OtST/FvbVJGYsbe/fL8bCIR93tVOGodfJcK8Vmr3h+uH84msad3VZ7Gnv9nZTfHxQTjia9kzrpD+61DtK4091OsT8apth7UKzruIwPRuOiTqes91kqH8bjk1jku8fdYj/791NsD8Zlvqg77HSPp3FSxnK60Nl+9s/3rPioPzg8jpPuwag/HMT1Wj2v5asH7WureV5/r7na67R22te6jbVOa2ctVrsbo+HuSqz22u1YvXXjxkqs57VGLX8n3rr9SdztxOo0ftAfHI77u6OV2Kg112v1lfhmPd7Z3IpbH9+8ubl1N24OB/H2cBKbeaw3r683rjffjVt37sZG3sjt/1R9ccrzsWCyeS8A4OzR/wPz8Ez9/6Uir/9fHOe9/z3v+9e+8Z/4AgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnFuXf37/MF0sF+MLZf7lMvVqOc7Ke3/+i+yJmpVp3RDCxad8/ssshKVyjpPjhRDCRnn88cr/+xkAAADAInv0uPowS916cVqe94I4TUvpnF35fEb10mudmX2H0ouo12ZVrZLWN6udXg7lG6qZuDg9XZpVtadSOdXZAACA54NOAAAAABbak/+GDwAAACwe/T8AAAAsvtT/+/0/AAAAWGyPHlcfznsNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzF3r2cIAwEAQCd9XcJotiOF0uwGUuwEDvymjq8iUQRRxARFaKI4T0YkklCdue4e5gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALqu2s5X9f58V1r9pzm286l6AAAAgCeml0sv03E+mmVe8t2jtfv9zkE/IqqIGL75/bpEjHKMawwiYpFxmHy7eAAAAOiuerNb/noOAAAAAAAAAAAAAAAAAAAAwI1/7P/XODgAAAAAXtH/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO7M7LCQAwCAPQfhbo/tMWQTcQvLwHCTkGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOizM+vUuFFv+hcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDZnWMbgAAgCqDnLKCyjyHUtjWLxgxETiVqQt5LLpf833wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+bR0ilrYuj6CrPM9+3Obp7l81Tw3+qv7tAbCzO8cmAAAhEAR53gLsv1oxtAIDZ+CSixYAALjg92J+L7dqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAodufQCgAYBKJYS/dh//EqeHgcJjF8gTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICpN/q4JzqjEgCAkn1zeQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBRAAAA//+J5RiV")

1m5.78474449s ago: executing program 0 (id=357):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file0\x00', 0x218000, &(0x7f00000007c0)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@quota}, {@errors_remount}, {@grpid}, {@orlov}]}, 0x7c, 0x57f, &(0x7f0000001440)="$eJzs3d9rW1UcAPDvTdNu66brYAz1QQZ7cDKXrq0/JgjOR9HhQN9naLMymi6jScdaB64P7kUEGYKIA/EP8N3H4T/gXzHQwZBR9EGEyk1vuqxN+mvpki2fD9z2nNx7e+43535Pz81NSAB963j6IxfxckR8m0QcblqXj2zl8dXtlh/emEyXJFZWPv0riSR7rLF9kv0+mFVeiojfvoo4ldvYbnVhcaZYLpeWsvpobfbqaHVh8fTl2eJ0abp0ZXxi4uxbE+PvvvN2x2J9/cI/P3xy98OzX59Y/v6X+0duJ3EuDmXrmuN4AjebK8eL/2WlwTi3bsOxDjTWS5JuHwC7MpDl+WCkY8DhGMiyHnj+fRkRK0CfSuQ/9KnGPKBxbd+h6+BnxoMPVi+A6rEPNcefX31tJPbXr42Gl5PHroyGImKkA+2nbfz6553b6RKbvw5xYIs6wI7cXIqIM/n8xvE/yca/3TtTf/F4c+vb6Lf/P9BNd9P5zxut5n+5tflPtJj/HGyRu7uxdf7n7negmbbS+d97Lee/a0PXyEBWe6E+5xtMLl0ul85ExIsRcTIG96X1ze7nnF2+t9JuXfP8L13S9htzwew47uf3Pb7PVLFWzKagT+zBUsQr+VbxJ2v9n7To//T5uLDNNo6V7rzabt3W8e+tlZ8jXmvZ/4/uaCWb358crZ8Po42zYqO/bx37vV373Y4/7f/hzeMfSZru185Vd97GT/v/LbVbt9vzfyj5rF5uJMH1Yq02NxYxlHy88fHxR/s26o3t0/hPnth8/Gt1/qcXX59vM/5bR2+13bQX+n9qR/2/88K9j774sV372+v/N+ulk9kj2fjXWnaubPcAn/T5AwAAAAAAgF6Si4hDkeQKa+VcrlBYfX/H0RjOlSvV2qlLlfkrU1H/rOxIDOYad7oPN70fYix7P2yjPr6uPhERRyLiu4ED9XphslKe6nbwAAAAAAAAAAAAAAAAAAAA0CMOtvn8f+qPgW4fHbDn6l9ssK/bRwF0w5Zf+d+Jb3oCetKW+Q88t+Q/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAAEBHXTh/Pl1Wlh/emEzrU9cW5mcq105Plaozhdn5ycJkZe5qYbpSmS6XCpOV2a3+XrlSuTo2HvPXR2ulam20urB4cbYyf6V28fJscbp0sTT4VKICAAAAAAAAAAAAAAAAAACAZ0t1YXGmWC6X5vau8M3eN7G3hfejJw5jXWEgOhjgql3tnu+JZ+NZKgw/5UaXsu7d2V5dHJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ3/AwAA//9iQjFF")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_create_resource$binfmt(0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioprio_get$uid(0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=""/18, 0x12)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
getsockname$packet(r5, 0x0, 0x0)
futex(0x0, 0x5, 0x0, 0x0, &(0x7f0000048000), 0x20fffffe)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000035c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004050}, 0x8000)

56.253293414s ago: executing program 32 (id=352):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

49.029177027s ago: executing program 33 (id=357):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file0\x00', 0x218000, &(0x7f00000007c0)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@quota}, {@errors_remount}, {@grpid}, {@orlov}]}, 0x7c, 0x57f, &(0x7f0000001440)="$eJzs3d9rW1UcAPDvTdNu66brYAz1QQZ7cDKXrq0/JgjOR9HhQN9naLMymi6jScdaB64P7kUEGYKIA/EP8N3H4T/gXzHQwZBR9EGEyk1vuqxN+mvpki2fD9z2nNx7e+43535Pz81NSAB963j6IxfxckR8m0QcblqXj2zl8dXtlh/emEyXJFZWPv0riSR7rLF9kv0+mFVeiojfvoo4ldvYbnVhcaZYLpeWsvpobfbqaHVh8fTl2eJ0abp0ZXxi4uxbE+PvvvN2x2J9/cI/P3xy98OzX59Y/v6X+0duJ3EuDmXrmuN4AjebK8eL/2WlwTi3bsOxDjTWS5JuHwC7MpDl+WCkY8DhGMiyHnj+fRkRK0CfSuQ/9KnGPKBxbd+h6+BnxoMPVi+A6rEPNcefX31tJPbXr42Gl5PHroyGImKkA+2nbfz6553b6RKbvw5xYIs6wI7cXIqIM/n8xvE/yca/3TtTf/F4c+vb6Lf/P9BNd9P5zxut5n+5tflPtJj/HGyRu7uxdf7n7negmbbS+d97Lee/a0PXyEBWe6E+5xtMLl0ul85ExIsRcTIG96X1ze7nnF2+t9JuXfP8L13S9htzwew47uf3Pb7PVLFWzKagT+zBUsQr+VbxJ2v9n7To//T5uLDNNo6V7rzabt3W8e+tlZ8jXmvZ/4/uaCWb358crZ8Po42zYqO/bx37vV373Y4/7f/hzeMfSZru185Vd97GT/v/LbVbt9vzfyj5rF5uJMH1Yq02NxYxlHy88fHxR/s26o3t0/hPnth8/Gt1/qcXX59vM/5bR2+13bQX+n9qR/2/88K9j774sV372+v/N+ulk9kj2fjXWnaubPcAn/T5AwAAAAAAgF6Si4hDkeQKa+VcrlBYfX/H0RjOlSvV2qlLlfkrU1H/rOxIDOYad7oPN70fYix7P2yjPr6uPhERRyLiu4ED9XphslKe6nbwAAAAAAAAAAAAAAAAAAAA0CMOtvn8f+qPgW4fHbDn6l9ssK/bRwF0w5Zf+d+Jb3oCetKW+Q88t+Q/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAAEBHXTh/Pl1Wlh/emEzrU9cW5mcq105Plaozhdn5ycJkZe5qYbpSmS6XCpOV2a3+XrlSuTo2HvPXR2ulam20urB4cbYyf6V28fJscbp0sTT4VKICAAAAAAAAAAAAAAAAAACAZ0t1YXGmWC6X5vau8M3eN7G3hfejJw5jXWEgOhjgql3tnu+JZ+NZKgw/5UaXsu7d2V5dHJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ3/AwAA//9iQjFF")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_create_resource$binfmt(0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioprio_get$uid(0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=""/18, 0x12)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
getsockname$packet(r5, 0x0, 0x0)
futex(0x0, 0x5, 0x0, 0x0, &(0x7f0000048000), 0x20fffffe)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000035c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004050}, 0x8000)

14.009382538s ago: executing program 2 (id=413):
socket(0x40000000015, 0x5, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r0, 0xfffffffc)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
getpid()
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd700000000100010000001c000180060001000200000008000300ac14141c080006000300000079f0387ef3df26d83e620f475ba4cb668f36ee5032e4bc81420a0f18cbb500edf1bc68ca1d83b833156b0f"], 0x30}, 0x1, 0xff07}, 0x2000000)

12.346350062s ago: executing program 2 (id=415):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}], 0x1)
eventfd(0x6)
mmap$snddsp(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000, 0x30, 0xffffffffffffffff, 0x10000)
syz_emit_vhci(&(0x7f00000006c0)=@HCI_EVENT_PKT={0x4, @hci_ev_si_security={{0x2, 0x7}, {0xc, 0x4, 0x2, 0x1}}}, 0xa)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
socket$packet(0x11, 0x3, 0x300)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
socket$tipc(0x1e, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff}, 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

11.369031118s ago: executing program 3 (id=418):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x1)
fchdir(r5)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r6, 0x0, 0x0)

8.435647031s ago: executing program 3 (id=419):
r0 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)}, 0x0)

7.989411747s ago: executing program 2 (id=421):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a0, 0xe0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x1d0, 0x20a, 0x278, 0x1d0, 0x278, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {0xffff, 0xfc}, {0xffffffffffffffff, 0xfe}, 0x3, 0x80000001}}}, {{@uncond, 0x0, 0xd0, 0xf0, 0x0, {0x10000000}, [@inet=@rpfilter={{0x28}, {0x3}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x300)

7.900893252s ago: executing program 3 (id=422):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000004a40)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r1=>0x0}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
write$FUSE_INIT(r0, &(0x7f0000002200)={0x50, 0x0, r1, {0x7, 0x27, 0x0, 0x14a4014}}, 0x50)

7.680787268s ago: executing program 1 (id=423):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timerfd_settime(0xffffffffffffffff, 0x2, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r3, 0x4b72, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001300)={{}, &(0x7f0000001280), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

7.436525897s ago: executing program 2 (id=424):
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000000)='./bus\x00', 0x2000000, &(0x7f0000000600)=ANY=[], 0xde, 0xc2d, &(0x7f0000002d80)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b)
mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x4000, 0x0, 0x3f26, 0x1)
open(0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff00100000080039"], 0x15)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1001)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
write$binfmt_register(r2, 0x0, 0xb)

4.911119415s ago: executing program 1 (id=425):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000400)={0x8, r2})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000040)={0x8, r2})

4.666721485s ago: executing program 3 (id=426):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, 0x0, 0x0, 0x20004004)
socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
r1 = syz_io_uring_setup(0x109, &(0x7f0000000580)={0x0, 0x1161, 0x80, 0x3}, &(0x7f0000000640)=<r2=>0x0, &(0x7f0000000600)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r1, 0x47f9, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f0000000680)={0x0, 0x989680}, 0x0)

3.996987101s ago: executing program 2 (id=427):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), 0xffffffffffffffff)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_io_uring_setup(0x497, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40004)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x0, 0x200, 0x20000, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x3, 0x0, 0x100000001]})
fstat(r0, 0x0)
close(0x3)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x8205, &(0x7f0000000080)={[{@journal_dev={'journal_dev', 0x3d, 0x1}}]}, 0x81, 0x633, &(0x7f0000000600)="$eJzs3c9rHNcdAPDvzGplyVYruxRTm5YKerChWD9cU7c92b7UB0MN9aGUHiwsyRVe2cKSoXYNlqGHBhIIIdcQfMk/kHswueYWAkluOQecEBxySII3zOyMvKx25bWs3ZW9nw/s6s2bmX3vu6O3897Mzk4AQ2sqe0ojjkTE5SRismneRDRmThXLPf7m7pXskUS9/vevk0iKvHL5J8XfA9lTEjEWER+fi/hFZWu5a7fvXJuv1RvuRcysr6zOrN2+c2J5Zf7q4tXF63Mn/3Tq9Oyf507N7UqcZVznL/zt12/8799/XPqkdiKJM3Gp+t+F1jh2y1RMxZMixOb8kYg4nSXavC8vmzKEZMD1YGcqxf9jNSIOx2RUYt/mvMlYfn2glQN6ql6JqANDKtls/9XBVgTos7IfUI7tezEO3ssenW0MgLbGP9I4NhJj+dho/+MkHyeVsvHuwV0oPyvjx7tH38ke0eE4xMgulNPJxv2I+FW7+JO8bgfzozhZ/GmkTetl6dmIGC3ei3SH5U+1TPf7/+954m/eDlm8Z4q/Wf65HZY/6PgBGE4PzxY78o1s6un+L+sZlv2faOn/JMW5odZ9104Mev/Xuf9X7u/H8mPkaUs/LHsPLrZ/yWprxhevnX+rU/nN/b/skZVf9gX74dH9iKMt8f8/78wlm9s/adP/zRa53GUZf/30q/Od5g06/vqDiGNtxz9Pz2hlqZn1ldUyr+X85MzScm1xtvHctowPPvrXe53KH3T82faPDvFvt/2zvNUuy3j/4oOVTvMmnhl/+uVocilPjRY5/5lfX785FzGaXCgWaco/ubli24+ncpnyNbL4j/+uffvfJv58Q290Gf/qP649bqS2niXtevtv+VTJPal3WYdOsvgXdrj93+yyjO/+ees3LVnjZWK7+Me3vlTS7XsOAAAAAAAAwyjNz8Em6fRmOk2npxvX8P4y9qe1G2vrv1+6cev6QsTx/PuQ1bQ80z3ZmE6y6bni+7Dl9MmW6T9ExKGIeLsynk9PX7lRWxh08AAAAAAAAAAAAAAAAAAAALBHHCiu/y/vU/1tpXH9f1fWD/e4dkDP9fIGc8Depv3D8Mrbfxd3cN3Xh7oA/WX/D8NL+4fhpf3D8NL+YXg12n8XBwCBV479Pwwv7R+Gl/YPAAAAAK+kQ799+HkSERt/Gc8fmdFiXnWgNQN6rbmNj3W1xlTP6gL0V6WvqwF7yeapf9/+haHT1Rj/++LHAXtfHWAAknaZeeegvn3jf9h2TQAAAAAAAAAAAACgB44dcf0/DKs0Pnyexev1+r3eVQboqxe4kN9vAMBLzk//w/AyxgeedRV/x98GdP0/AAAAAAAAAAAAAPTNRP5I0uniFqATkabT0xE/i4iDUU2WlmuLsxHx84j4rFLdl03PDbrSAAAAAAAAAAAAAAAAAAAA8IpZu33n2nyttnizOfHDlpweJ8q7i3WzcIc6v0iivAtqP0PuNhFJ/wsdj4i9EHtvEiNNOUnERrbl90TFbq7FnqhGmldjgB9KAAAAAAAAAAAAAAAAAAAwpJquPW7v6Lt9rhEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9N/T+//vPJE843UGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HL6KQAA//9SFzeV")
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc1}})
syz_emit_ethernet(0x0, 0x0, 0x0)

3.944144996s ago: executing program 1 (id=428):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x1d, 0x18, &(0x7f0000000080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd03d, 0x0, 0x0, 0x0, 0x991}, {}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x6, 0x22, &(0x7f0000000180)=""/34, 0x40f00, 0x7a, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x0, 0x9, 0x5, 0xfffffffc}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000000280), 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000004c0)={@ifindex, 0x11, 0x1, 0x9, &(0x7f00000003c0), 0x0, 0x0, &(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000440), &(0x7f0000000480)}, 0x40)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup/syz0\x00', 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xd, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86", 0x0, 0xfffb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={0xffffffffffffffff}, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000700)='host1x_wait_cdma\x00', r1, 0x0, 0x4}, 0x18)

3.744602039s ago: executing program 3 (id=429):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec5"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xa3}, 0x1, 0x0, 0x0, 0x8050}, 0x40000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r1, 0x8946, &(0x7f0000000140)="a6cc04e2d8f1c38afbf14b29b86e3a")

3.039074136s ago: executing program 2 (id=430):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB='quota,iocharset=cp437,noquota,errors=continue,discard=0x00000\x00\x00000000004,errors=continue,quota,discard,grpquota,\x00'], 0x1, 0x60b9, &(0x7f0000013cc0)="$eJzs3UuPHFfZB/Cn+jaXvEmsLKK8FkKTxFxCiK/BGALEWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo8zma6eOb+fNK56+lRNn/K/qy9TVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgf/uDH56qIuPqrdMOJiP+LfkQvYqWp1yJiZe1EXn4QES/EdnM8HxHDpYhm/e1/no14PSI+eibiwcO7683N5/fZj+//+R9/+MlTP/r7n4Zn/vuX2/03pi13585v//PXewfbZgAAAChNXdd1lT7mn0yf73tddwoAmIv8+l8n+Xb1wtWbC9YftVqtVh/Buq2e7F67iIjN9jrNewaH4wHgiNmMj7vuAh2Sf9EGEfFU150AFlrVdQc4FA8e3l2vUr5V+/Vgbac9nwuyJ//Navf6jmnTWcbPMZnX42sr+vHclP6szKkPiyTn3xvP/+pO+ygtd9j5z8u0/Ec7lz4VJ+ffH89/zPHJvzcx/1Ll/AdPlH9f/gAAAAAAsMDy3/9PdHz8d+ngm7Ivjzv+uzanPgAAAAAAAADA5+2g4//tMv4fAAAALKzms3rjd888um3ad7E1t1+pIp4eWx4oTLpYZrXrfgAAAAAAAAAAAABASQY75/BeqSKGEfH06mpd181P23j9pA66/lFX+vZDybp+kgcAgB0fPTN2LX8VsRwRV9J3/Q1XV1frenlltV6tV5by+9nR0nK90vpcm6fNbUujfbwhHozq5pctt9Zrm/V5eVb7+O9r7mtU9/fRsfnoMHAAiIidV6MHXpGOmbp+Nrp+l8PRYP8/fuz/7EfXj1MAAADg8NV1XVfp67xPpmP+va47BQDMRX79Hz8uoFar1Wq1+vjVbfVk99pFRGy212neMxiOHwCOmM34uOsu0CH5F20QES903QlgoVVdd4BD8eDh3fUq5Vu1Xw/S+O75XJA9+W9W2+vl9SdNZxk/x2Rej6+t6MdzU/rz/Jz6sEhy/r3x/K/utI/Scoed/7xMy7/ZzhMd9KdrOf/+eP5jjk/+vYn5lyrnP3ii/PvyBwAAAACABZb//n9ioY7/jj7r5sz0uOO/a4d2rwAAAAAAAABwuB48vLuer3vNx/+/MGE5138eTzn/Sv5Fyvn3xvL/6thy/db8/bce5f/vh3fX/3j7X/+fp/vNfynPVOmRVaVHRJXuqRqk6UG27tO2hv1Rc0/DqtcfpHN+6uE7cT1uxEac3bNsL/1/PGo/t6e96elwu73u77Sf39M+2G3P61/Y0z5MZzrVK7n9dKzHz+NGvL3d3rQtzdj+5Rnt9Yz2nH/f/l+knP+g9dPkv5raq7Fp4/6HvU/t9+3ppPu5fP2Lvzl7+Jsz01b0d7etrdm+lzroz/b/yVOj+OWtjZun71y7ffvmuUiTPbeejzT5nOX8h+ln9/n/5Z32/Lzf3l/vfzh64vwXxVYMpub/cmu+2d5X5ty3LuT8R+kn5/92ap+8/x/l/Kfv/6920B8AAAAAAAAAAAAAAAB4nLquty8RvRwRF9P1P11dmwkAzNfl9JUbdZJvn1fdn/P9qdVHvK4WrD9zrT+pF6s/avVRrNvqyd5sFxHxt/Y6FyPi15N+GQCwyD6JiH923Qk6I/+C5e/7a6anuu4MMFe33v/gp9du3Ni4eavrngAAAAAAAAAAn1Ue/3OtNf7zqbqu740tt2f817di7aDjfw7yzO4Ao1MGqu4/+TY9zlZv1O+1hht/MaaN/z3cnXvc+N+DGfc3nNE+mtG+NKN9eUb7xAs9WnL+L7bGOz8VESfHhl8vYfzX8THvS5Dzf6n1eG7y/8rYcu38698f5fx7e/I/c/u9X5y59f4Hr11/79q7G+9u/OzCuXNnL1y8eOnSpTPvXL+xcXbn3w57fLhy/nnsa+eBliXnnzOXf1ly/l9KtfzLkvP/cqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP/XUi3/suT8X021/MuS8/96quVflpz/a6mWf1ly/qdTLf+y5PzPpHqf+a8cdr+Yj5x/PsJl/y9Lzj+f2SD/suT8z6da/mXJ+V9ItfzLkvN/PdXyL0vO/xupln9Zcv4XUy3/suT8v5lq+Zcl538p1fIvS87/W6mWf1ly/t9OtfzLkvN/I9XyL0vO/zupln9Zcv7fTbX8y5Lz/16q5V+WnP+bqZZ/WR59/78ZM2bM5Jmun5kAAAAAAAAAAAAAgHHzOJ24620EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt69xsh11vcDP3v12rkZCPk7+RtYO8YYZ5NdX+ILrYsJ14Zbya2kl9iud+0s+BavXZI0kh0FSiSMiirahhdtAUVt3lRYVV7QKqC8QK0qVSLtC/oGUaHyIqoCCkiV2ipkqznzPM/OzJ6d2bUn9sw5n48U/7wzZ+acOXPm7H7X+c4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA02vD+mS8OZFlW+y//Y22WXVv7++rxtfll77naWwgAAABcrl/mf756Q7pg/zJu1LDMP779+8/Pz8/PZ58e+pORr87PpyvGs2xkVZbl10UXf/zgQOMywVPZ2MBgw9eDHVY/1OH64Q7Xj3S4frTD9as6XD/W4fpFO2CR1fXfx+R3tin/69r6Ls1uzEby6zYV3OqpgVWDg/F3ObmB/DbzI0ey2exYNpNNNS1fX3YgX/6FDbV1fSSL6xpsWNf62hHy8ycOx20YCPt4U9O6Fu4z+un7svFf/PyJw3915pWbi2bH3dB0f/Xt3LKxtp2fD5fUt3UgW5X2SdzOwYbtXF/wnAw1bedAfrva31u389VlbufQwmZeUa3P+Vg2mP/9pXw/DTf+Wi/tp/Xhsv++Ncuy8wub3brMonVlg9mapksGF56fsfoRWbuP2qH05mx4RcfphmUcp7U5van5OG19TcTnf0O43fAS29D4NP30ydGG5/21+Us5TqPao17qtdJ6DHb7tdIrx2A8Ll7KH/TThcfgpvD4n9i89DFYeOwUHIPpcTccgxs7HYODo0P5NqcnYSC/zcIxuK1p+aF8TQP5fHlz+2Nw8szxU5Nzjz1+++zxQ0dnjs6c2LFt29SOXbv27NkzeWT22MxU/c9L3Nu9b002mF4DG8O+i6+Bd7Us23iozn9jdNH591Jfh2NtXodrW5bt9utwuPXBDVyZF+TiY7r+2rivttPHLgxmS7zG8udn6+W/DtPjbngdDje8Dgu/pxS8DoeX8TqsLXNq6/J+Zhlu+K9oG5b+XnB5x+DahmOw9eeR1mOw2z+P9MoxOBaOix9uXfp7wfqwvU9PrPTnkaFFx2B6uOHcU7sk/bw/ticfRcflLbUrrhnNzs7NnL7j0UNnzpzeloVxRbyl4VhpPV7XNDymbNHxOrji43X/7NufvqXg8rVhX43dXvtjbMnnqrbMzjvaP1f5d7fi/dl06fYsjC670vuz6Lt5bX+OZtnXvvfkPd954mvvX3J/1vLm5ycv/2fxlEsbzr8jS5x/Y+5/vb6+dFdPDY0M11+/Q2nvjDSdj5ufquH83DWQr/vVyeWdj0fCf1f6fHxjm/PxupZlu30+Hml9cPF8PNDptx2Xp/X5HAvHybGp9ufj2jLrtq/0mBxuez6+NcyBsP/fHZJCykUNx85Sx21a1/DwSHhcw3ENzcfpjqblR0I2q63rue2XdpxuubV+X0Pp0S24UsfpeMuy3T5O0+++ljpOBzr99u3StD6fY+G4uHFH++O0tsyLOy//3Lk6/rXh3Dna6RgcGRqtbfNIOgjz8302vzoeg3dkh7OT2bFsOr92ND+eBvJ1Tdy5vGNwNPx3pc+V69ocg1talu32MZi+jy117A0ML37wXdD6fI6F4+KZO9sfg7VlPrC7uz+7bgmXpGUafnZt/f3aUr/zuqVlN71Rx8pw2M7v7W7/u9naMsf2rDRntt9Pt4VLrinYT62v36VeU9PZldlP68J2vrJn6f1U257aMl/du8zjaX+WZeceuSv/fW/495W/PfuD55v+3aXo33TOPXLXz6478g8r2X4A+t/r9bGm/r2u4V+mlvPv/wAAAEBfiLl/MMxE/gcAAIDSiLk//l/hifwPAAAApRFz/3CYSUXy/7oPvDL7+rksNfPng3h92g1315eLHdep8PX4/ILa5Xc9O/Nff39ueesezLLstbv/oHD5dXfH7aobD9t58YPNly/y/O3LWvfB+8+l9Tb2178e7j8+nuUeBkUV3Kksy1644cv5esYfvJDPF+8+mM97zj/9VG2ZV/fWv463f/kt9eX/PJR/9x851HT7l8N++EmYUx8t3h/xdt+68O71ux9YWF+83cDG6/OH/cxD9fuN75Pzlafqy8f9vNT2f+dLz32rtvyj7yze/nODxdv/XLjfZ8P8n7fVl298Dmpfx9t9IWx/XF+83R3f/G7h9l/8Yn35Ux+qL3cwzLj+LeHrTR96ZbZxfz06cKjpcWUfri8X1z/1gz/Kr4/3F++/dfvHDlxo2h+tx8eL/1q/n8mW5ePlcT3R37Wsv3Y/jcdnXP9zf3iwaT93Wv/Fe15+W+1+W9d/W8typx7Zmq9/4f6a37HpL77w5cL1xe3Z/zenmh7P/k+F13FY/zMPheMxXP+/F+v31/ruCgc/1Xz+ict/fe25pscTfeQX9fVffO/RfK4aW73mmmuvu/78O2r7LsteWlW/v07rP/qXJ5u2/xs31fdHvD529FvXv5S4/tOfmzhxcu7s7HTaq0/ckL93zsfq2xO394Zwbm39+sDJMw/PnB6fGp/KsvHyvoXeJftmmD+rj/Ptl55fdAbden94Pm/5sxfWbP6XL8XL/+2++uUXPlr/vvWusNxXwuVrw/O3svUv9syGm/LX98CLYQvnF79f8OVYv+k/9yxrwfD4W38uiMf7qbc+nO+H2nX59434ur7M7f/RdP1+vh3263x4Z+aNNy2sr3H5+N4IF+6tv94ve/+F01x8Xv86PN8f/0n9/uN2xcf7o/BzzHfXNZ/v4vHx7XODrfefv4vH+XA+yc7Xr49Lxf194dWbCjcvvg9Jdv7m/Os/Tvdz84oe5lLmHpubPDZ74uyjk2dm5s5Mzj32+IHjJ8+eOHMgfy/PA5/pdPuF89Oa/Pw0PbNrZ5afrU7Wxxvsam//qfsPT++e2jw9c+TQ2SNn7j81c/ro4bm5wzPTc5sPHTky87lOt5+d3rdt+94du7dPHJ2d3rdn794deydmT5ysbUZ9ozrYNfXZiROnD+Q3mdu3c++2O+/cOTVx/OT0zL7dU1MTZzvdPv/eNFG79e9PnJ45dujM7PGZibnZx2f2bdu7a9f2ju8GePzUkbnxydNnT0yenZs5PVl/LONn8otr3/s63Z5ymvv3+s+zrQbqb8SXffK2Xen9WWuefXLJu6ov0vIGoq+E96L5pzed2rOcr2PuHwkzqUj+BwAAgCqIuX80zET+BwAAgNKIuX9VmIn8DwAAAKURc/9YmElF8n/p+v/rzi1r/fr/+v+N+0v/v2L9/3t7rf9fP1/o/3fH5fbv9f8D/X/9f/1//X/9f7qg1/r/MfevzrJK5n8AAACogpj714SZyP8AAABQGjH3XxNmIv8DAABAacTcf22YSUXyv/6//r/+v/6//n/x+vX/+5P+f3v6/x3o/09m1er/n+/m9uv/6/+zWK/1/2Puvy7MpCL5HwAAAKog5v7rw0zkfwAAACiNmPtvCDOR/wEAAKA0Yu5fG2ZSkfyv/6//r/+v/6//X7x+/f/+pP/fnv5/B/r/Pv9f/1//n67qtf5/zP1vCjOpSP4HAACAKoi5/81hJvI/AAAA9J7hS7tZzP1vCTNZlP8vcQUAAADAVRdz/41ZSxG8Iv/+r/+v/6//r/+v/1+8/uX3/4cy/f/eof/fnv5/B/r/+v/6//r/dFWv9f/z3J+NZW8NM6lI/gcAAIAqiLn/pjAT+R8AAABKI+b+/xdmIv8DAABAacTcvy7MpCL5X/9f/1//X/9f/794/T7/vz/p/7en/9+B/r/+v/6//j9d1Wv9/5j7bw4zqUj+BwAAgCqIuf+WMBP5HwAAAEoj5v7/H2Yi/wMAAEBpxNy/PsykIvlf/7/H+/+xOar/r/+v/6//r/+/LPr/7en/d6D/r/+v/6//T1f1Wv8/5v63hZlUJP8DAABAFcTc//YwE/kfAAAASiPm/neEmcj/AAAAUBox94+HmVQk/+v/93j/3+f/6//r/+v/6/+viP5/e/r/Hej/6//r/+v/01W91v+PuX9DmElF8j8AAABUQcz9G8NM5H8AAAAojZj7bw0zkf8BAACgNGLu3xRmUpH8r/+v/6//r/+v/1+8fv3//qT/357+fwf6//r/+v/6/3RVr/X/Y+5/Z5hJRfI/AAAAVEHM/ZvDTOR/AAAAKI2Y+98VZiL/AwAAQGnE3L8lzKQi+V//X/9f/1//X/+/eP36//1J/789/f8O9P/1//X/9f/pql7r/8fc/+4wk4rkfwAAAKiCmPu3hpnI/wAAAFAaMfffFmYi/wMAAEBpxNw/EWZSkfyv/6//r/+v/6//X7x+/f/+pP/fnv5/B/r/+v/6//r/dFWv9f9j7r89zKQi+R8AAACqIOb+O8JM5H8AAAAojZj7J8NM5H8AAAAojZj7p8JMKpL/9f/1//X/9f9X1P9/x8L96v/X6f/3Fv3/9vT/O9D/1/+/6v3/Ef1/SqXX+v8x928LM6lI/gcAAIAqiLl/e5iJ/A8AAAClEXP/jjAT+R8AAABKI+b+nWEmFcn/+v/6//r/+v8+/794/fr//Un/v73u9//jQ9T/1//X//f5//r/LNZr/f+Y++8MM6lI/gcAAIAqiLl/V5iJ/A8AAAClEXP/7jAT+R8AAABKI+b+PWEmFcn/+v/6//r/+v/6/8Xr1//vT/r/7fn8/w70//X/9f/1/+mqXuv/x9y/N8ykIvkfAAAAqiDm/veEmcj/AAAAUBox9/9KmIn8DwAAAKURc/+vhplUJP/r/+v/6//r/+v/F69f/78/6f+3p//fgf6//r/+v/4/XdVr/f+Y+/eFmVQk/wMAAEAVxNz/a2Em8j8AAACURsz97w0zkf8BAACgNGLu3x9mUpH8r/+v/6//r/+v/1+8fv3//qT/357+fwf6//r/+v/6/3RVr/X/Y+5/X5hJRfI/AAAAVEHM/XeFmcj/AAAAUBox978/zET+BwAAgNKIuf8DYSYVyf/6//r/+v/6//r/xevX/+9P+v/t6f93oP+v/6//r/9PV/Va/z/m/g+GmVQk/wMAAEAVxNz/oTAT+R8AAABKI+b+D4eZyP8AAABQGjH3fyTMpCL5X/9f/1//X/9f/794/fr//Un/vz39/w70/0vW/x+/Tv9f/583SlECWuzS+v/XvrbkCi+z/x9z/6+HmVQk/wMAAEAVxNx/d5iJ/A8AAAClEXP/R8NM5H8AAAAojZj7PxZmUpH8r/+v/6//r/+v/1+8fv3//qT/316f9f9/eX24XP+/Tv+/t7e/J/v/P16q/z+/qvX2+v+8ES6t/1+oK/3/mPs/HmZSkfwPAAAAVRBz/yfCTOR/AAAAKI2Y+z8ZZiL/AwAAQGnE3P8bYSYVyf/6/7XtWGgv6//r/+cX6P/r/+v/9y39//b6rP/v8/9b6P/39vb3ZP/f5/9zlfVa/z/m/k+FmVQk/wMAAEAVxNx/T5iJ/A8AAAClEXP/vWEm8j8AAACURsz994WZVCT/6//7/H/9f/1//f/i9ev/9yf9//b0/zvQ/9f/77X+/3/o/9Pfeq3/H3P//WEmFcn/AAAAUAUx9z8QZiL/AwAAQGnE3P+bYSbyPwAAAJRGzP2fDjOpSP7X/++X/v+4/r/+v/5/y+PR/9f/L6L/357+fwf6//r/vdb/9/n/9Lle6//H3P9gmMny8//YspcEAAAAroqY+38rzKQi//4PAAAAVRBz/2+Hmcj/AAAAUBox9/9OmElF8r/+f7/0/33+f6b/r//f8nj0//X/i1y5/n888+j/6//r/0f6//r/+v+06rX+f8z9vxtmUpH8DwAAAFUQc/9DYSbyPwAAAPSFov8nu1XM/QfCTOR/AAAAKI2Y+w+GmVQk/+v/6//r//do//9PN/7zD7//iYPb9P/1//X/V+SKfv5/7cXv8//1//X/E/1//X/9f1r1Wv8/5v5DYSYVyf8AAABQBTH3/16YifwPAAAApRFz/+EwE/kfAAAASiPm/ukwk4rkf/1//X/9/x7t//fx5//H/aH/36xr/f940tX/L3RF+/8PLPTE9f9X2v8fLbxU/1//v5+3X/9f/5/Feq3/H3P/TJhJRfI/AAAAVEHI/YNH6nPhCvkfAAAASiPm/qNhJvI/AAAAlEbM/Q+HmVQk/+v/6//r/+v/+/z/4vX3bP/f5/+3pf/fXu/0/4vp/+v/9/P26//r/7NYr/X/Y+6fDTOpSP4HAACAKoi5/zNhJvI/AAAAlEbM/Z8NM5H/AQAAoDRi7j8WZlKR/K//r/+v/6//r/9fvH79//6k/9+e/n8H+v/6//r/+v90Va/1/2PuPx5mUpH8DwAAAFUQc/+JMBP5HwAAAEoj5v6TYSbyPwAAAJRGzP2nwkz+j737aN6rLv84fuf/D2MyPAAXbtj7EFjoWh+ACzcudMZxoaPYG8FesfeCvWMBRWzYG9hQ7GLvigU76sRxcl1X8kvO79xJvJOc871er82lwXiiw4Af4T3fJvtf/6//H7b/v5v+f7/v6//1/yPT/8/T/2+h/9f/6//1/+zU0vr/3P0Pjlua7H8AAADoIHf/Q+IW+x8AAACGkbv/srjF/gcAAIBh5O5/aNzSZP+f1P8f2PTs/zPj1f+P1P97/3/f7+v/9f8jO7/9/xX//SOf/l//r/8P+n/9v/6fky2t/8/d/7C4pcn+BwAAgA5y9z88brH/AQAAYBi5+x8Rt9j/AAAAMIzc/Y+MW5rsf+//e/9f/6//1/9Pf1//v07e/5/Xqf+/7JaLH3j7dXe5/ky+r//X/+v/9f/s1tL6/9z9j4pbmux/AAAA6CB3/6PjFvsfAAAAhpG7/zFxi/0PAAAAw8jd/9i4pcn+1//r//X/+n/9//T39f/rpP+f16n/P5vv6//1//p//T+7tbT+P3f/4+KWJvsfAAAAOsjd//i4xf4HAACAYeTuvzxusf8BAABgGLn7j8QtTfa//v/c9///1v/r/+Pq//X/+v9zT/8/T/+/hf5f/6//1/+zU0vr/3P3XxG3NNn/AAAA0EHu/ifELfY/AAAADCN3/xPjFvsfAAAAhpG7/0lxS5P9r//3/r/+X/+v/5/+vv5/nfT/885//z/1Z8j96f9X3/9fpP/X/+v/OdEZ9v93zPxheyf9f+7+J8ctTfY/AAAAdJC7/ylxi/0PAAAAw8jd/9S4xf4HAACAYeTuf1rc0mT/6//1//p//b/+f/r7+v910v/PW8z7/wcOTv6w/n/1/b/3//X/+n/2WNr7/7n7nx63NNn/AAAA0EHu/mfELfY/AAAADCN3/zPjFvsfAAAAhpG7/1lxS5P9r//X/+v/9f/6/+nvz/X/15/w69P/L4v+f95i+v996P/1/2v+9ev/9f+camn9f+7+Z8ctTfY/AAAAdJC7/8q4xf4HAACAYeTuf07cYv8DAADAMHL3PzduabL/p/v/479d/3969P97f/36/+nfP3bV/+e/o/5/tv+/u/f/e9L/z9P/b6H/1//r//fr/w9v+/n6f6Ysrf/P3f+8uKXJ/gcAAIAOcvc/P26x/wEAAGAYuftfELfY/wAAADCM3P0vjFua7H/v/+v/9f/r6/+9/3/MhXz/f3Pe+/+D+v/TpP+fp//fQv+v/9f/e/+fnVpa/5+7/0VxS5P9DwAAAB3k7n9x3GL/AwAAwDqc+PcOnPw3lIbc/S+JW+x/AAAAGEbu/pfGLU32v/5f/6//1//37v8PraT/9/7/6dL/z9P/b3Fh+/8Dg/b/Bwfr/6/a7+cvof+/XP/Pwuzp/284/uMXqv/P3f+yuKXJ/gcAAIAOcve/PG6x/wEAAGAYuftfEbfY/wAAADCM3P2vjFua7P9z3v8f3v/b+n/9v/5f/3/h+/+1vP+v/z9d+v95+v8tvP/v/X/v/+v/2ak9/f8JLlT/n7v/VXFLk/0PAAAAHeTuf3XcYv8DAADAMHL3XxW32P8AAAAwjNz9r4lbmux/7//r//X/+n/9//T39f/rpP+fp//fQv+v/9f/6//ZqaX1/7n7Xxu3NNn/AAAA0EHu/tfFLfY/AAAADCN3/+vjFvsfAAAAhpG7/w1xS5P9r/8/t/1//rj+X/+/0f/r//X/50Xb/v/A1J+JTrVP/3/T/Y/cc++P6P/1//p//b/+nx1YRP9/9Pj/uszd/8a4pcn+BwAAgA5y978pbrH/AQAAYBi5+98ct9j/AAAAMIzc/W+JWwbZ/4e2/Hb9v/f/9f/6f/3/9Pf1/+vUtv8/Td7/30L/r//X/+v/2alF9P8n/PPc/W+NWwbZ/wAAAMCmdv/b4hb7HwAAAIaRu//tcYv9DwAAAMPI3f+OuKXJ/tf/6//1//p//f/09/X/66T/n6f/30L/r//X/+v/2aml9f+5+6+OW5rsfwAAAOggd/874xb7HwAAAIaRu/9dcYv9DwAAAMPI3f/uuKXJ/tf/6//1//p//f/09/X/66T/n6f/32w218z8Aqb6/6N30v/r//X/+n/O0tL6/9z974lbmux/AAAA6CB3/zVxi/0PAAAAw8jdf23cYv8DAADAMHL3vzduabL/9f/6f/2//l//P/19/f866f/n6f+38P6//l//r/9np5bW/+fuf1/c0mT/AwAAQAe5+6+LW+x/AAAAGEbu/vfHLfY/AAAADCN3//VxS5P9r//X/+v/9f/6/+nv6//X6dz1/xv9v/5f/7+F/l//r//nZEvr/3P3fyBuabL/AQAAoIPc/R+MW+x/AAAAGEbu/g/FLfY/AAAADCN3/4fjlib7X/+v/9f/6//1/9Pf1/+vk/f/5+n/t9D/6//1//p/dmpp/X/u/o/ELU32PwAAAHSQu/+GuMX+BwAAgGHk7v9o3GL/AwAAwDBy938sbmmy//X/+v+9/f9mo//X/+v/jzkP/f+hjf5/5/T/8/T/W+j/x+z//28zUP9/eN+fr/9niZbW/+fu/3jc0mT/AwAAQAe5+z8Rt9j/AAAAMIzc/Z+MW+x/AAAAGEbu/k/FLU32v/5f/+/9f/2//n/6+97/Xyf9/zz9/xb6/zH7f+//6/+5YJbW/+fu/3Tc0mT/AwAAQAe5+z8Tt9j/AAAAMIzc/Z+NW+x/AAAAGEbu/s/FLU32v/5f/6//1//r/6e/r/9fJ/3/PP3/Fvp//b/+X//PTi2t/8/d//m4pcn+BwAAgA5y998Yt9j/AAAAMIzc/TfFLfY/AAAADCN3/xfilib7X/+v/9f/r7P/P6T/1//r/yctpf+/9NJ73Kz/1//r//X/+n/9f3dL6/9z938xbmmy/wEAAKCD3P1filvsfwAAABhG7v4vxy32PwAAAAwjd/9X4pYm+//U/v+izbFC9Zip/j8aNf3/CfT/e3/9+v/p3z+8/6//1/+fe0vp/73/f3a/fv2//n/Nv/4z6v8vOfXn6/8Z0dL6/9z9N8ctTfY/AAAAdJC7/6txi/0PAAAAw8jd/7W4xf4HAACAYeTuvyVuabL/vf+v/9f/6//1/9Pf1/+vk/5/nv5/C/2//t/7/w+67//r/9mdpfX/ufu/Hrc02f8AAADQQe7+b8Qt9j8AAAAMI3f/N+MW+x8AAACGkbv/W3FLk/2v/9f/6//1//r/6e/r/9dJ/z9P/7+F/l//r//3/j87tbT+P3f/t+OWJvsfAAAAOsjd/524xf4HAACAYeTu/27cYv8DAADAMHL3fy9uabL/d9//X6L/D/r/pfT/99H/n/R9/b/+f2T6//wz+jT9/xb6f/2//l//z04trf/P3X9r3NJk/wMAAEAHufu/H7fY/wAAADCM3P0/iFvsfwAAABhG7v4fxi1N9r/3/3v1/wc2Hft/7//r//X/nej/5+n/t9D/6//1//p/dmpp/X/u/h/FLU32PwAAAKzVve76gFtP91+bu//HcYv9DwAAAMPI3f+TuMX+BwAAgGHk7v9p3NJk/+v/e/X/Pd//1//r//X/nej/5+n/t9D/6//1//p/dmpp/X/u/p/FLScMv4Nn/J8SAAAAWJLc/T+PW5r89X8AAADoIHf/L+KWU/b/0dP8u9oBAACApcnd/8u4pclf/9f/L7z/34zf/9+20f/r/4/R/+v/d0H/P+9/7P+PHtD/6/9n6P/1//p/Tra0/j93/6/ilib7HwAAAAa15/9RyN3/67jF/gcAAIBh5O7/Tdxi/wMAAMAwcvf/Nm5psv/1/wvv/8/q/f/D9Y/W0P97//8c9v9XHpr8vv5f/z8y/f887/9vof/X/+v/9f/s1NL6/9z9t8UtTfY/AAAAdJC7/3dxi/0PAAAAw8jd//u4xf4HAACAYeTu/0Pc0mT/6/9H7P/X9f6//t/7/2ff/9/54iM33vt+116t/+e489n/5+8L+n/9v/7/GP2//l//z8mW1v/n7v9j3NJk/wMAAEAHuftvj1vsfwAAABhG7v4/xS32PwAAAAwjd/+f45Ym+1//r/9fSv+f/11fgP7/yPr6/2yKu/f/3v/X/5/K+//z9P9b6P/1//p//T87tbT+P3f/X+KWJvsfAAAAOsjd/9e4xf4HAACAYeTu/1vcYv8DAADAMHL3/z1uabL/9f/6/6X0/8n7/8d/nvf/j9H/6//PhP5/nv5/C/2//l//r/9np5bW/+fu/0fc0mT/AwAAQAe5+++IW+x/AAAAGEbu/n/GLfY/AAAADCN3/7/ilib7X/+v/9f/6//1/9Pf1/+vk/5/nv5/C/2//l//r/9np5bW/+fu/08AAAD//6cRdCE=")
lsetxattr$security_evm(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000300), &(0x7f0000000380)=@v2={0x5, 0x1, 0x8, 0x7, 0x3, "be2e00"}, 0xff61, 0x1)

2.829108647s ago: executing program 1 (id=431):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x25, 0x1}, 0x24}}, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x89fb, &(0x7f0000000040)={'bond0\x00', 0xff})

2.286801536s ago: executing program 1 (id=432):
r0 = getpid()
syz_pidfd_open(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, 0x0, 0x0)
sendmsg$netlink(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@mangle={'mangle\x00', 0x1f, 0x6, 0x598, 0x1c8, 0x1c8, 0x410, 0x130, 0x328, 0x500, 0x500, 0x500, 0x500, 0x500, 0x6, 0x0, {[{{@ip={@empty, @dev={0xac, 0x14, 0x14, 0x3e}, 0xffffff00, 0x0, 'ip_vti0\x00', 'vlan0\x00', {}, {}, 0x21, 0x0, 0x44}, 0x0, 0xd0, 0x130, 0x0, {}, [@common=@ah={{0x30}, {[0x8, 0x9]}}, @common=@addrtype={{0x30}, {0xf28, 0x10, 0x1, 0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x4, 0x2, 0x0, 0x2], 0x3}, {0x2, [0x6, 0x2, 0x4, 0x0, 0x2]}}}}, {{@ip={@loopback, @empty, 0xffffffff, 0xff000000, 'netdevsim0\x00', 'geneve0\x00', {}, {}, 0x73, 0x1, 0x2c}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x130, 0x160, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@dev={0xfe, 0x80, '\x00', 0x40}, [0x0, 0x0, 0xffffffff], @ipv4=@empty, [0xffff00, 0xff000000, 0xff000000], @ipv6=@empty, [0xff000000, 0xffffff00, 0xff], @ipv4=@local, [0x0, 0xffffff00, 0xff, 0xffffffff], 0x0, 0x5, 0x16, 0x4e21, 0x4e20, 0x4e20, 0x4e20, 0x205a, 0x88}, 0x1, 0x880}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x40000000, 0xccb, @remote, 0x4e21}}}, {{@ip={@private=0xa010102, @multicast1, 0x5aabe60e4f786391, 0xffffff00, 'caif0\x00', 'vxcan1\x00', {0xff}, {0xff}, 0x5c, 0x1, 0x10}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @inet=@rpfilter={{0x28}, {0xe}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x3d, 0x3}}}, {{@uncond, 0x0, 0xc8, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}, @common=@ah={{0x30}, {[0x8, 0xffffffff], 0x1}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x5f8)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000040)='./file2\x00', 0x2080c2, &(0x7f0000001340)=ANY=[], 0x1, 0xac5, &(0x7f00000001c0)="$eJzs3V2MXFUBAOBzZ3e2f1s7xVa2tEARDfjDLltaBSu0hCZqTGoTH0zAl6aU2nSpxhIihIRCojExBBJCn3woxhdfIGoM8GIqD4aYQIzRkPiExNcaSXwgRhizs+fMzp7O9M5sd3dmdr4vOXvm3nPvPefO3rlz597zE4CRVWn83b9/YwjhpTdePHLjy289Pz/nUHOJWuPveMtUNYRQxOnxbHvvjS3EH33w1Il2cRH2Nf6m6XD0cnPdLSGE82FvuBRq4bmHLoy/+9rRd14JZx4/duTt11dn7xcVq50BAAAMgGOXDu7f+Y8/797+31dvOhw2NOen6/NanJ6M1/2H44Vyul6uhKXTRUtoNZEtNx5DJVturM1yrflUs+XGO+Q/kW232mG5DSX5j7XMa7ffMMzScVwLRWV6yXSlMj298Js8NH7XTxTTZ0/PPXKuTwUFVtx/bg4h7BVGM+y+pf9lEPoZ6tv6fQYCWJA/L7zC+ZV9Utfc2nh3+V++v9J+/RbVFS0ho+BnP971rdCH4z8n/8HO/5fPqKnAylmHR9Nft7bsV/ocTcbp/DlCXn+p189/2l7+PKLba4BOzxGG5flCp3KOrXE5lqtT+fPjYr26N8bpfbgvS4+fg8bjtPx/Oiz/Y6C9D4fl/n8YgDIIwlXCrqL/Zeg11Pt8/gEGV15vrh6l9LxeX56+oSR9Y0n6ppL0zSXpoct0GEW/fez58EKxeL8r/03f6/2wyWwTn+ixPPn9yF7zz+v9dq+6Ivnn9YlhoG3544W7H37wLwv1/4vm8f9xPN73xula/Gxdiguk+4X5ffVm3f/a0mwqHZa7LivO1jbLN17vWLpcsWNxO6HlPHNFOabSGgt3dLd1Wm7P0u3XsuU2xbAxK29+fbI5Wy/Vn04nxcklpVnc32rLfvx76+J5LJUjnVe2xzgvByxHOh6X1v+fP/oa9f+bj7GmQrV45PTcyTvjdPq8vTVW3TA/f3atCw5cs27b/0yFpe1/Jpvzq5XW88K2xflF63mhls3f12H+XXE6fc99b2xTY/70ie/PPbyk5PGH/NMr8z7AKDr3xJNnjs/Nnfzhar6Yz2iVs1iHL8L5EAagGMt9kY6wQSmPF928SP+143P9OiMBa2XmsUd/MHPuiSfvOP3o8VMnT508O3tg9u57DszOfumemcZ1/Uzr1f16rC4Mo2vx27/fJQEAAAAAAAAAAAC6der9mYt/e/PLf19o/7/Y/i+1/081f1P7/59m7f+zZv7NCsKpHWBqx3dFe/usg9WJbLlqDJ/Mtr8jy2dntt6nYtwcxy+2/0/Z5f26pvJcn83P++9Ny01l8/P+UiayPkiK8JPNreX7dIyf/d9CF0S/CNBHxab2s2Nc1r91OtZT/xT6pRhO6f+WjobUj8mWeCik9t6pv5LU/0M6/29fm2KywtaiXWG/9xFo71/D0v/3ckK6iOl3OQRhQEO9bhQPYDD0e/zPdN8zxWd//42N8yEtdvn+pefLvP9SuBaDPv7kesv/mT7nn+ti/M8VHV64Of5d1+e/bMS8/AFQlw4++81/tmQbbug2/3z809QP9I7e8v9qzD/tzW2hu/zrL2f55w+EunRvlv/mLvO/Yv/3LC//+2L+6W27/dZu818ocVFZWo78vnF6/pfuG38ny/9Qtv+pb8+e93+ZAzUejvnDKBuWcWZ7NSzj/3aS18M4EKfTiTDVc8jHO+m1/Kl+Rfoe2Jltvyj5frvq+L9D8DC4TfnrT9frPx+VcVy+EuOyz8Nk/J+m47HWZrrSMl1t896u13MNDKv31uHzv8Y5bADKIaxA2DQAZbj2sPC12jovfRlebb0/rH7Z6vV6X/v01aFwf/X7/e/30+d+59/v979MPv5vfg2fj/+bp+fj/347S8/H/83Xz8fXy9Pz8X/z93NL+/TmL9Prs+3m4wNPlaTvKkm/oSR9d0n6npL0G0vSbylJv6kk/eaS9OtK0m8NXw+t8vTPlKz/2c7pH7Yu2mn920u2/7mS9PUutUcZ1f2HUZa3z/P5h9GRnv90+vzvKEkHhteFV2cfePA3360ttP+faN4PSc/xDsfpavzt/KM4nT/3Di3T82lvxun3s/RBv98BoyTvPyP/fr+tJB0YXqmel883jKCifSXN/Hlbs9+qGKd+qzpd5zNcPh/jL8T4izG+I8bTMZ6J8WyM961R+VgdD/z6dwdfKBZ/72/L0rutT563B8r7ibqry/Lk9wd6rc+e9+PXq2vNf5nNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPqm0vi7f/9UEcJLb7x45OKfvvar+TmHmkvUGn/HW6aqzfVCuDPGYzG+GF989MFTJ1rjj2NchH2hCEVzfjh6uZnTlhDC+bA3XAq18NxDF8bffe3oO6+EM48fO/L266v3DiwoVjsDAAAA6KP/BwAA//8LwBbF")
socket$nl_route(0x10, 0x3, 0x0)

2.190356491s ago: executing program 3 (id=433):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_open_procfs(0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)

0s ago: executing program 1 (id=434):
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x8b, 0x2a7, &(0x7f0000000180)="$eJzs3U9P1EAYx/HftMuyCGIVjInxYFCiJwN4MV5IDPE1eNGo7JoQNxAVE/Ui8Wx8Ad69+AJ8EZ6MiWc9efIFcKuZ2Vl2yrZbWEIr8ftJFsp2/jzTdtt5miwVgP/WnbWfn27+ti8jxYol3ZYiu+qyGpLO60Lr5eb2xna30x7VUCy15F5GcjXNUJn1zU5eVVvP1fAS+1dDM+F7OB5pmqa/6g4CdWr533Heykia9J/OOCx8ku3E0k7dQdTM7GpXrzRbdxwAgHqZ3vU98tf5GT9/jyJp0V/2w+v/j9M1x3s017Rbdwg1C67/LstKjd2/Z9yqQb7nUji7PupniYftx04em+odWZkJpslmlcPJooslmnqy0e3cWN/qtiO906oXFJuXtKq2z1m9kmgXcrrLaurgrY0w7cYwYcewUhD/XF6n4/dYznw138wDk+ij2nvzv0ZqbPcugmRvT92dGMS/VNTc1rP7rlavVMEoz7pOLmY37MhRxkUZifyWSmNlbxAk2TibubWa2lerN7rlop58O3O5tVZKas3bWp+DWoOjubjmcTMfzD2zoD/6orVg/h/Zrb2o4U9mfiOupD8y+uPJzQ0brmQSvrVzKbfNaLzxYCzv9Vi3NPvi9Zunj7rdzvOqF2wMlXfKQm+hfxD8K/GMt2DPsftXNarpvXnkTdfSoQoPjzRc6J86D9Bg/yRd2mktZyVUbLDTi8u8rTIgVM2ePEwv/wvylSWXItkfyYh5elo2bQtaXM7JDSb3Cp4KWjL+/nxxBjRdnMEdNOe6cl26GrxZknMlOidNjRzrSWLW9F0Puf8PAAAAAAAAAAAAAAAAAABw0lTxbY2gO/6jDwAAAAAAAAAAAAAAAAAAAAAAYyh+/m9Lx/j838z3AHj+L1CPvwEAAP//pAVz+Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x58)
rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00')
write$FUSE_STATFS(r0, &(0x7f0000000440)={0x60, 0x0, 0x0, {{0x2, 0x5, 0x7, 0x6, 0x101, 0x1, 0x7, 0x3}}}, 0x60)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000000c0)="a6", 0x1, 0x8000c61)

kernel console output (not intermixed with test programs):

y change from 0 to 256
[  310.798330][ T6487] bcachefs: bch2_fs_get_tree() error: EINTR
[  310.891759][ T5789] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  311.413973][ T6533] xt_CT: No such helper "netbios-ns"
[  311.901582][ T6543] loop4: detected capacity change from 0 to 2048
[  312.356264][ T6547] loop2: detected capacity change from 0 to 164
[  312.420791][ T6547] iso9660: Unknown parameter '…Œùs¬³êÆóºÙ)lap6eaw'
[  312.583045][ T6545] loop1: detected capacity change from 0 to 32768
[  312.661999][ T6543] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  312.714744][ T6551] netlink: 'syz.0.121': attribute type 29 has an invalid length.
[  312.768434][ T6543] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  312.786156][ T6551] netlink: 'syz.0.121': attribute type 29 has an invalid length.
[  312.807498][ T6551] netlink: 500 bytes leftover after parsing attributes in process `syz.0.121'.
[  312.880917][ T6545] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  312.880917][ T6545]   allowing incompatible features above 0.0: (unknown version)
[  312.910447][ T6545] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  312.920128][ T6545] bcachefs (loop1): Version upgrade required:
[  312.920128][ T6545] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  312.920128][ T6545] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  312.920128][ T6545]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  313.014979][ T6545] bcachefs (loop1): dropping and reconstructing all alloc info
[  313.036856][ T6543] netlink: 'syz.4.122': attribute type 5 has an invalid length.
[  313.074617][ T6545] bcachefs (loop1): accounting_read... done
[  313.088788][ T6545] bcachefs (loop1): alloc_read... done
[  313.095051][ T6545] bcachefs (loop1): snapshots_read... done
[  313.101545][ T6545] bcachefs (loop1): check_allocations...
[  313.166000][ T6543] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  313.185016][ T6543] NILFS (loop4): error -5 reading inode: ino=15
[  313.209512][ T6545]  done
[  313.219606][ T6545] bcachefs (loop1): going read-write
[  313.252209][ T6543] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  313.262565][ T6543] NILFS (loop4): error -5 reading inode: ino=15
[  313.285761][ T6543] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  313.299405][ T6543] NILFS (loop4): error -5 reading inode: ino=15
[  313.307405][ T6545] bcachefs (loop1): done starting filesystem
[  313.483237][ T5801] bcachefs (loop1): shutting down
[  313.491388][ T5801] bcachefs (loop1): going read-only
[  313.502832][ T5801] bcachefs (loop1): finished waiting for writes to stop
[  313.559613][ T5801] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11
[  313.626703][ T5801] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 11
[  313.662072][ T5801] bcachefs (loop1): unclean shutdown complete, journal seq 12
[  313.764977][ T5801] bcachefs (loop1): done going read-only, filesystem not clean
[  313.886827][ T6569] FAULT_INJECTION: forcing a failure.
[  313.886827][ T6569] name failslab, interval 1, probability 0, space 0, times 0
[  313.909714][ T6569] CPU: 0 UID: 0 PID: 6569 Comm: syz.2.130 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  313.909856][ T6569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  313.909962][ T6569] Call Trace:
[  313.910017][ T6569]  <TASK>
[  313.910062][ T6569]  __dump_stack+0x26/0x30
[  313.910220][ T6569]  dump_stack_lvl+0x1df/0x270
[  313.910377][ T6569]  dump_stack+0x1e/0x25
[  313.910516][ T6569]  should_fail_ex+0x7dc/0x8a0
[  313.910746][ T6569]  should_failslab+0x15b/0x200
[  313.910950][ T6569]  __kvmalloc_node_noprof+0x252/0x14b0
[  313.911100][ T6569]  ? __kvmalloc_node_noprof+0xa95/0x14b0
[  313.911238][ T6569]  ? io_alloc_cache_init+0x53/0x150
[  313.911405][ T6569]  io_alloc_cache_init+0x53/0x150
[  313.911549][ T6569]  io_futex_cache_init+0x3e/0x50
[  313.911718][ T6569]  io_ring_ctx_alloc+0x6e7/0x12f0
[  313.911920][ T6569]  io_uring_create+0x32f/0x1400
[  313.912117][ T6569]  __se_sys_io_uring_setup+0x572/0x590
[  313.912331][ T6569]  __x64_sys_io_uring_setup+0x78/0xb0
[  313.912495][ T6569]  x64_sys_call+0x1d01/0x3db0
[  313.912672][ T6569]  do_syscall_64+0xd9/0x1b0
[  313.912857][ T6569]  ? irqentry_exit+0x16/0x60
[  313.913012][ T6569]  ? clear_bhb_loop+0x25/0x80
[  313.913161][ T6569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.913306][ T6569] RIP: 0033:0x7f2868d8e969
[  313.913407][ T6569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.913520][ T6569] RSP: 002b:00007f2869b8ffc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[  313.913652][ T6569] RAX: ffffffffffffffda RBX: 00007f2868fb5fa0 RCX: 00007f2868d8e969
[  313.913746][ T6569] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 00000000000013ac
[  313.913850][ T6569] RBP: 0000200000000100 R08: 0000000000000000 R09: 0000000000000000
[  313.913935][ T6569] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  313.914013][ T6569] R13: 0000000000000000 R14: 00000000000013ac R15: 0000000000000000
[  313.914121][ T6569]  </TASK>
[  314.228225][ T5801] bcachefs (loop1): shutdown complete
[  314.888547][ T6580] loop3: detected capacity change from 0 to 1024
[  314.986880][ T6582] loop0: detected capacity change from 0 to 256
[  315.485406][ T6579] loop2: detected capacity change from 0 to 32768
[  315.611569][ T6579] JBD2: Ignoring recovery information on journal
[  315.626826][ T6579] jbd2_journal_bmap: journal block not found at offset 32 on loop2-75
[  315.635399][ T6579] JBD2: bad block at offset 32
[  315.725473][ T6579] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  316.058114][ T6586] loop4: detected capacity change from 0 to 32768
[  316.093373][ T6586] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.135 (6586)
[  316.115210][ T6586] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  316.128049][ T6586] BTRFS info (device loop4): using crc32c (crc32c-x86_64) checksum algorithm
[  316.137405][ T6586] BTRFS info (device loop4): disk space caching is enabled
[  316.144980][ T6586] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  316.246527][ T5795] ocfs2: Unmounting device (7,2) on (node local)
[  316.453124][ T6586] BTRFS info (device loop4): rebuilding free space tree
[  316.486696][ T6586] BTRFS info (device loop4): disabling free space tree
[  316.494156][ T6586] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  316.504719][ T6586] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  316.695476][ T5799] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  316.727240][ T6607] loop3: detected capacity change from 0 to 512
[  316.736135][ T6607] udf: Unknown parameter 'Ë'
[  318.424437][ T6623] loop2: detected capacity change from 0 to 256
[  318.669365][ T6623] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  319.283212][ T6630] loop4: detected capacity change from 0 to 32768
[  319.491796][ T6640] FAULT_INJECTION: forcing a failure.
[  319.491796][ T6640] name failslab, interval 1, probability 0, space 0, times 0
[  319.508296][ T6640] CPU: 0 UID: 0 PID: 6640 Comm: syz.0.145 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  319.508435][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  319.508508][ T6640] Call Trace:
[  319.508555][ T6640]  <TASK>
[  319.508600][ T6640]  __dump_stack+0x26/0x30
[  319.508762][ T6640]  dump_stack_lvl+0x1df/0x270
[  319.508930][ T6640]  dump_stack+0x1e/0x25
[  319.509070][ T6640]  should_fail_ex+0x7dc/0x8a0
[  319.509263][ T6640]  should_failslab+0x15b/0x200
[  319.509436][ T6640]  __kmalloc_noprof+0x182/0x1310
[  319.509610][ T6640]  ? genl_family_rcv_msg_attrs_parse+0x11b/0x460
[  319.509773][ T6640]  ? filter_irq_stacks+0x49/0x190
[  319.509909][ T6640]  ? consume_skb+0x83/0x230
[  319.510069][ T6640]  ? kmsan_get_metadata+0x105/0x1b0
[  319.510236][ T6640]  genl_family_rcv_msg_attrs_parse+0x11b/0x460
[  319.510417][ T6640]  ? genl_family_rcv_msg_doit+0x4d/0x3f0
[  319.510577][ T6640]  genl_family_rcv_msg_doit+0x77/0x3f0
[  319.510767][ T6640]  genl_rcv_msg+0xacf/0xc10
[  319.510904][ T6640]  ? __pfx_tipc_nl_net_addr_legacy_get+0x10/0x10
[  319.511083][ T6640]  netlink_rcv_skb+0x54a/0x680
[  319.511279][ T6640]  ? __pfx_genl_rcv_msg+0x10/0x10
[  319.511444][ T6640]  genl_rcv+0x41/0x60
[  319.511572][ T6640]  ? __pfx_genl_rcv+0x10/0x10
[  319.511706][ T6640]  netlink_unicast+0xed5/0x1290
[  319.511883][ T6640]  netlink_sendmsg+0x10b3/0x1250
[  319.512021][ T6640]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.512132][ T6640]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.512247][ T6640]  __sock_sendmsg+0x330/0x3d0
[  319.512393][ T6640]  ____sys_sendmsg+0x7e0/0xd80
[  319.512540][ T6640]  ___sys_sendmsg+0x271/0x3b0
[  319.512695][ T6640]  ? __rcu_read_unlock+0x6d/0xd0
[  319.512838][ T6640]  ? __fget_files+0x3b4/0x4a0
[  319.512979][ T6640]  ? __fget_files+0x3b9/0x4a0
[  319.513125][ T6640]  ? kmsan_get_metadata+0x105/0x1b0
[  319.513280][ T6640]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  319.513476][ T6640]  __x64_sys_sendmsg+0x211/0x3e0
[  319.513621][ T6640]  ? kmsan_get_metadata+0x105/0x1b0
[  319.513804][ T6640]  x64_sys_call+0x32fb/0x3db0
[  319.513980][ T6640]  do_syscall_64+0xd9/0x1b0
[  319.514175][ T6640]  ? irqentry_exit+0x16/0x60
[  319.514325][ T6640]  ? clear_bhb_loop+0x25/0x80
[  319.514486][ T6640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.514637][ T6640] RIP: 0033:0x7ff04b98e969
[  319.514741][ T6640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.514857][ T6640] RSP: 002b:00007ff04c758038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  319.514991][ T6640] RAX: ffffffffffffffda RBX: 00007ff04bbb5fa0 RCX: 00007ff04b98e969
[  319.515093][ T6640] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  319.515182][ T6640] RBP: 00007ff04c758090 R08: 0000000000000000 R09: 0000000000000000
[  319.515268][ T6640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.515358][ T6640] R13: 0000000000000000 R14: 00007ff04bbb5fa0 R15: 00007ffd59485fa8
[  319.515486][ T6640]  </TASK>
[  319.814278][    C0] vkms_vblank_simulate: vblank timer overrun
[  319.887328][ T6643] loop1: detected capacity change from 0 to 1024
[  319.990201][ T6648] FAULT_INJECTION: forcing a failure.
[  319.990201][ T6648] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  320.003856][ T6648] CPU: 0 UID: 0 PID: 6648 Comm: syz.3.147 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  320.003990][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  320.004064][ T6648] Call Trace:
[  320.004110][ T6648]  <TASK>
[  320.004156][ T6648]  __dump_stack+0x26/0x30
[  320.004312][ T6648]  dump_stack_lvl+0x1df/0x270
[  320.004484][ T6648]  dump_stack+0x1e/0x25
[  320.004643][ T6648]  should_fail_ex+0x7dc/0x8a0
[  320.004860][ T6648]  should_fail_alloc_page+0x222/0x240
[  320.005059][ T6648]  __alloc_frozen_pages_noprof+0x30f/0xf00
[  320.005277][ T6648]  alloc_pages_mpol+0x328/0x860
[  320.005479][ T6648]  vma_alloc_folio_noprof+0x382/0x870
[  320.005691][ T6648]  handle_mm_fault+0xadf8/0xdf50
[  320.005973][ T6648]  do_user_addr_fault+0x177d/0x2560
[  320.006170][ T6648]  ? kmsan_get_metadata+0x105/0x1b0
[  320.006340][ T6648]  ? kmsan_get_metadata+0x105/0x1b0
[  320.006527][ T6648]  exc_page_fault+0x5a/0xc0
[  320.006675][ T6648]  asm_exc_page_fault+0x2b/0x30
[  320.006823][ T6648] RIP: 0033:0x7f60b4850cc3
[  320.006922][ T6648] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  320.007036][ T6648] RSP: 002b:00007f60b57d34a0 EFLAGS: 00010206
[  320.007150][ T6648] RAX: 000000000000e000 RBX: 00007f60b57d3540 RCX: 00007f60aa200000
[  320.007242][ T6648] RDX: 00007f60b57d36e0 RSI: 0000000000000001 RDI: 00007f60b57d35e0
[  320.007355][ T6648] RBP: 00000000000000c7 R08: 000000000000000a R09: 00000000000003e1
[  320.007450][ T6648] R10: 00000000000003ea R11: 00007f60b57d3540 R12: 0000000000000001
[  320.007534][ T6648] R13: 00007f60b4a2bfc0 R14: 0000000000000088 R15: 00007f60b57d35e0
[  320.007657][ T6648]  </TASK>
[  320.007721][ T6648] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  320.151289][ T6636] loop2: detected capacity change from 0 to 32768
[  320.240183][ T6648] loop3: detected capacity change from 0 to 164
[  320.331245][ T6630] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  320.331245][ T6630]   allowing incompatible features above 0.0: (unknown version)
[  320.370851][ T6630] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  320.375891][ T6643] EXT4-fs warning (device loop1): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop1.
[  320.382915][ T6630] bcachefs (loop4): Version upgrade required:
[  320.382915][ T6630] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  320.382915][ T6630] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  320.382915][ T6630]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  320.493284][ T6630] bcachefs (loop4): dropping and reconstructing all alloc info
[  320.544338][ T6630] bcachefs (loop4): accounting_read... done
[  320.552924][ T6630] bcachefs (loop4): alloc_read... done
[  320.564381][ T6636] JBD2: Ignoring recovery information on journal
[  320.567720][ T6636] jbd2_journal_bmap: journal block not found at offset 32 on loop2-75
[  320.567805][ T6636] JBD2: bad block at offset 32
[  320.592257][ T6630] bcachefs (loop4): snapshots_read... done
[  320.598807][ T6630] bcachefs (loop4): check_allocations...
[  320.640030][ T6636] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  320.707639][ T6630]  done
[  320.721678][ T6630] bcachefs (loop4): going read-write
[  320.798813][ T6630] bcachefs (loop4): done starting filesystem
[  320.800279][ T5795] ocfs2: Unmounting device (7,2) on (node local)
[  320.952031][ T5799] bcachefs (loop4): shutting down
[  320.957538][ T5799] bcachefs (loop4): going read-only
[  320.962968][ T5799] bcachefs (loop4): finished waiting for writes to stop
[  321.036567][ T5799] bcachefs (loop4): flushing journal and stopping allocators, journal seq 11
[  321.106297][ T5799] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 11
[  321.181852][ T5799] bcachefs (loop4): unclean shutdown complete, journal seq 12
[  321.236173][ T5799] bcachefs (loop4): done going read-only, filesystem not clean
[  321.262448][ T6659] netlink: 88 bytes leftover after parsing attributes in process `syz.1.151'.
[  321.364487][ T1684] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  321.422197][ T5799] bcachefs (loop4): shutdown complete
[  321.610881][ T1684] usb 1-1: config 0 has an invalid interface number: 200 but max is 0
[  321.619592][ T1684] usb 1-1: config 0 has no interface number 0
[  321.626260][ T1684] usb 1-1: config 0 interface 200 has no altsetting 0
[  321.633347][ T1684] usb 1-1: New USB device found, idVendor=0057, idProduct=0000, bcdDevice= 0.00
[  321.642884][ T1684] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.711071][ T1684] usb 1-1: config 0 descriptor??
[  321.742498][ T6664] Sensor A: =================  START STATUS  =================
[  321.750898][ T6664] Sensor A: Test Pattern: 75% Colorbar
[  321.757263][ T6664] Sensor A: Show Information: All
[  321.762895][ T6664] Sensor A: Vertical Flip: false
[  321.768466][ T6664] Sensor A: Horizontal Flip: false
[  321.774488][ T6664] Sensor A: Brightness: 128
[  321.779537][ T6664] Sensor A: Contrast: 128
[  321.787204][ T6664] Sensor A: Hue: 0
[  321.791236][ T6664] Sensor A: Saturation: 128
[  321.797000][ T6664] Sensor A: ==================  END STATUS  ==================
[  322.009921][ T6657] loop0: detected capacity change from 0 to 1024
[  322.020094][ T6657] hfsplus: Unknown parameter 'uyd'
[  322.063361][ T6667] loop2: detected capacity change from 0 to 256
[  322.067772][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  322.274654][   T24] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  322.284294][   T24] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184
[  322.294251][   T24] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  322.306275][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.470838][   T24] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  322.672465][   T24] gspca_sn9c2028: read1 error -71
[  322.690719][   T24] gspca_sn9c2028: read1 error -71
[  322.708152][   T24] gspca_sn9c2028: read1 error -71
[  322.714378][   T24] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71
[  322.732663][ T6671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.154'.
[  322.761762][ T6671] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  322.771778][ T6671] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  322.784161][ T6671] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  322.793196][ T6671] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  322.801572][   T24] usb 4-1: USB disconnect, device number 5
[  322.806489][ T6671] vxlan0: entered promiscuous mode
[  323.086397][ T6674] FAULT_INJECTION: forcing a failure.
[  323.086397][ T6674] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  323.100335][ T6674] CPU: 1 UID: 0 PID: 6674 Comm: syz.2.155 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  323.100463][ T6674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  323.100530][ T6674] Call Trace:
[  323.100592][ T6674]  <TASK>
[  323.100637][ T6674]  __dump_stack+0x26/0x30
[  323.100794][ T6674]  dump_stack_lvl+0x1df/0x270
[  323.100960][ T6674]  dump_stack+0x1e/0x25
[  323.101099][ T6674]  should_fail_ex+0x7dc/0x8a0
[  323.101291][ T6674]  should_fail+0x2a/0x40
[  323.101451][ T6674]  should_fail_usercopy+0x2e/0x40
[  323.101631][ T6674]  strncpy_from_user+0x38/0x470
[  323.101792][ T6674]  ? __se_sys_add_key+0x4c/0x860
[  323.101995][ T6674]  ? __x64_sys_add_key+0xe4/0x150
[  323.102186][ T6674]  __se_sys_add_key+0xa2/0x860
[  323.102367][ T6674]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  323.102523][ T6674]  ? kmsan_get_metadata+0x105/0x1b0
[  323.102689][ T6674]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  323.102880][ T6674]  __x64_sys_add_key+0xe4/0x150
[  323.103097][ T6674]  x64_sys_call+0x22e7/0x3db0
[  323.103263][ T6674]  do_syscall_64+0xd9/0x1b0
[  323.103416][ T6674]  ? irqentry_exit+0x16/0x60
[  323.103549][ T6674]  ? clear_bhb_loop+0x25/0x80
[  323.103683][ T6674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.103816][ T6674] RIP: 0033:0x7f2868d8e969
[  323.103915][ T6674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.104021][ T6674] RSP: 002b:00007f2869b90038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  323.104140][ T6674] RAX: ffffffffffffffda RBX: 00007f2868fb5fa0 RCX: 00007f2868d8e969
[  323.104231][ T6674] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000200
[  323.104314][ T6674] RBP: 00007f2869b90090 R08: 000000001b06a229 R09: 0000000000000000
[  323.104395][ T6674] R10: 0000000000000034 R11: 0000000000000246 R12: 0000000000000001
[  323.104469][ T6674] R13: 0000000000000000 R14: 00007f2868fb5fa0 R15: 00007ffd184a5318
[  323.104583][ T6674]  </TASK>
[  323.437337][ T1684] usb 1-1: string descriptor 0 read error: -71
[  323.452437][ T1684] usbhid 1-1:0.200: couldn't find an input interrupt endpoint
[  323.488472][ T1684] usb 1-1: USB disconnect, device number 5
[  323.656129][ T6672] loop1: detected capacity change from 0 to 4096
[  323.746753][ T6672] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  324.047758][ T6672] ntfs3(loop1): ino=19, mi_enum_attr
[  324.072461][ T6671] ntfs3(loop1): failed to convert "c46c" to cp850
[  324.104873][ T6671] ntfs3(loop1): ino=20, mi_enum_attr
[  324.904410][ T6683] loop3: detected capacity change from 0 to 32768
[  324.950379][ T6683] JBD2: Ignoring recovery information on journal
[  324.968748][ T6683] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75
[  324.977279][ T6683] JBD2: bad block at offset 32
[  325.019777][ T6683] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  325.149500][ T6694] FAULT_INJECTION: forcing a failure.
[  325.149500][ T6694] name failslab, interval 1, probability 0, space 0, times 0
[  325.162924][ T6694] CPU: 1 UID: 0 PID: 6694 Comm: syz.1.161 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  325.163051][ T6694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  325.163121][ T6694] Call Trace:
[  325.163164][ T6694]  <TASK>
[  325.163207][ T6694]  __dump_stack+0x26/0x30
[  325.163356][ T6694]  dump_stack_lvl+0x1df/0x270
[  325.163533][ T6694]  dump_stack+0x1e/0x25
[  325.163674][ T6694]  should_fail_ex+0x7dc/0x8a0
[  325.163867][ T6694]  should_failslab+0x15b/0x200
[  325.164038][ T6694]  __kvmalloc_node_noprof+0x252/0x14b0
[  325.164168][ T6694]  ? io_alloc_cache_init+0x53/0x150
[  325.164301][ T6694]  ? kmsan_get_metadata+0x105/0x1b0
[  325.164446][ T6694]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  325.164653][ T6694]  io_alloc_cache_init+0x53/0x150
[  325.164795][ T6694]  io_rsrc_cache_init+0x74/0xd0
[  325.165000][ T6694]  io_ring_ctx_alloc+0x730/0x12f0
[  325.165196][ T6694]  io_uring_create+0x32f/0x1400
[  325.165395][ T6694]  __se_sys_io_uring_setup+0x572/0x590
[  325.165600][ T6694]  __x64_sys_io_uring_setup+0x78/0xb0
[  325.165772][ T6694]  x64_sys_call+0x1d01/0x3db0
[  325.165960][ T6694]  do_syscall_64+0xd9/0x1b0
[  325.166134][ T6694]  ? irqentry_exit+0x16/0x60
[  325.166295][ T6694]  ? clear_bhb_loop+0x25/0x80
[  325.166448][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.166612][ T6694] RIP: 0033:0x7f369858e969
[  325.166699][ T6694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.166797][ T6694] RSP: 002b:00007f369941dfc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[  325.166907][ T6694] RAX: ffffffffffffffda RBX: 00007f36987b5fa0 RCX: 00007f369858e969
[  325.166999][ T6694] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 00000000000013ac
[  325.167075][ T6694] RBP: 0000200000000100 R08: 0000000000000000 R09: 0000000000000000
[  325.167147][ T6694] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  325.167216][ T6694] R13: 0000000000000000 R14: 00000000000013ac R15: 0000000000000000
[  325.167312][ T6694]  </TASK>
[  325.691455][ T5789] ocfs2: Unmounting device (7,3) on (node local)
[  327.354368][ T6698] loop1: detected capacity change from 0 to 40427
[  327.370914][ T6698] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  327.381959][ T6698] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  327.471615][ T6698] F2FS-fs (loop1): invalid crc value
[  327.920361][ T6698] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  327.934459][ T6698] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  328.738551][ T6715] 9pnet_fd: Insufficient options for proto=fd
[  328.983115][ T6719] loop4: detected capacity change from 0 to 256
[  330.447094][ T6728] loop2: detected capacity change from 0 to 32768
[  330.571656][ T6726] loop3: detected capacity change from 0 to 4096
[  330.671398][ T6728] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  330.671398][ T6728]   allowing incompatible features above 0.0: (unknown version)
[  330.709259][ T6728] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  330.720416][ T6728] bcachefs (loop2): Version upgrade required:
[  330.720416][ T6728] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  330.720416][ T6728] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  330.720416][ T6728]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  330.809678][ T6728] bcachefs (loop2): dropping and reconstructing all alloc info
[  330.834485][ T6726] NILFS (loop3): invalid segment: Checksum error in segment payload
[  330.842910][ T6726] NILFS (loop3): trying rollback from an earlier position
[  330.862826][ T6728] bcachefs (loop2): accounting_read... done
[  330.896736][ T6728] bcachefs (loop2): alloc_read... done
[  330.909972][ T6728] bcachefs (loop2): snapshots_read... done
[  330.921047][ T6728] bcachefs (loop2): check_allocations...
[  330.960622][ T6726] NILFS (loop3): recovery complete
[  331.035446][ T6728]  done
[  331.046228][ T6728] bcachefs (loop2): going read-write
[  331.068323][ T6742] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  331.149975][ T6728] bcachefs (loop2): done starting filesystem
[  331.326790][ T5795] bcachefs (loop2): shutting down
[  331.332132][ T5795] bcachefs (loop2): going read-only
[  331.338436][ T5795] bcachefs (loop2): finished waiting for writes to stop
[  331.412809][ T6749] loop1: detected capacity change from 0 to 512
[  331.418213][ T5795] bcachefs (loop2): flushing journal and stopping allocators, journal seq 11
[  331.444209][ T5795] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 11
[  331.515892][ T6749] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  331.540902][ T5795] bcachefs (loop2): unclean shutdown complete, journal seq 12
[  331.594904][ T5795] bcachefs (loop2): done going read-only, filesystem not clean
[  331.697782][ T6749] EXT4-fs error (device loop1): ext4_orphan_get:1390: inode #17: comm syz.1.170: iget: bad i_size value: -6917529027641081756
[  331.772443][ T5795] bcachefs (loop2): shutdown complete
[  331.788121][ T6749] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.170: couldn't read orphan inode 17 (err -117)
[  331.817224][ T6749] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  332.881913][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.920306][ T6761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.183'.
[  333.827254][ T5841] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  333.865550][ T6773] loop0: detected capacity change from 0 to 1024
[  333.880794][ T6773] EXT4-fs: Ignoring removed nobh option
[  333.890204][ T6772] loop3: detected capacity change from 0 to 256
[  333.917069][ T6773] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  333.927713][ T6773] EXT4-fs (loop0): can't mount with commit=, fs mounted w/o journal
[  333.960903][ T5841] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  334.024380][ T6775] FAULT_INJECTION: forcing a failure.
[  334.024380][ T6775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  334.038193][ T6775] CPU: 1 UID: 0 PID: 6775 Comm: syz.1.187 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  334.038322][ T6775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  334.038396][ T6775] Call Trace:
[  334.038440][ T6775]  <TASK>
[  334.038482][ T6775]  __dump_stack+0x26/0x30
[  334.038628][ T6775]  dump_stack_lvl+0x1df/0x270
[  334.038777][ T6775]  dump_stack+0x1e/0x25
[  334.038945][ T6775]  should_fail_ex+0x7dc/0x8a0
[  334.039131][ T6775]  should_fail+0x2a/0x40
[  334.039282][ T6775]  should_fail_usercopy+0x2e/0x40
[  334.039448][ T6775]  _copy_from_user+0x33/0x100
[  334.039610][ T6775]  __se_sys_add_key+0x47e/0x860
[  334.039775][ T6775]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  334.039940][ T6775]  __x64_sys_add_key+0xe4/0x150
[  334.040125][ T6775]  x64_sys_call+0x22e7/0x3db0
[  334.040277][ T6775]  do_syscall_64+0xd9/0x1b0
[  334.040423][ T6775]  ? irqentry_exit+0x16/0x60
[  334.040548][ T6775]  ? clear_bhb_loop+0x25/0x80
[  334.040679][ T6775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.040828][ T6775] RIP: 0033:0x7f369858e969
[  334.040928][ T6775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.041033][ T6775] RSP: 002b:00007f369941e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  334.041149][ T6775] RAX: ffffffffffffffda RBX: 00007f36987b5fa0 RCX: 00007f369858e969
[  334.041233][ T6775] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000200
[  334.041315][ T6775] RBP: 00007f369941e090 R08: 00000000040a4b28 R09: 0000000000000000
[  334.041393][ T6775] R10: 0000000000000034 R11: 0000000000000246 R12: 0000000000000001
[  334.041466][ T6775] R13: 0000000000000000 R14: 00007f36987b5fa0 R15: 00007fff1c771b58
[  334.041577][ T6775]  </TASK>
[  334.836865][ T6772] xt_CT: No such helper "netbios-ns"
[  334.850172][ T6773] loop0: detected capacity change from 0 to 32768
[  335.135493][ T6773] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  335.135493][ T6773]   allowing incompatible features above 0.0: (unknown version)
[  335.168738][ T6773] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  335.178449][ T6773] bcachefs (loop0): Version upgrade required:
[  335.178449][ T6773] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  335.178449][ T6773] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  335.178449][ T6773]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  335.290504][ T6773] bcachefs (loop0): dropping and reconstructing all alloc info
[  335.346342][ T6773] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree snapshots level 0/0
[  335.346466][ T6773]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  335.346570][ T6773]   node offset 8/16 bset u64s 518: bset past end of btree node (offset 8 len 16 but written 16), exiting
[  335.346657][ T6773]   Unable to continue, halting
[  335.398721][ T6773] bcachefs (loop0): flagging btree snapshots lost data
[  335.412361][ T6773] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  335.426189][ T6773] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  335.446894][ T6773] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing
[  335.470861][ T6773] bcachefs (loop0): scan_for_btree_nodes...
[  335.639436][ T6793] FAULT_INJECTION: forcing a failure.
[  335.639436][ T6793] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  335.663019][ T6793] CPU: 0 UID: 0 PID: 6793 Comm: syz.4.189 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  335.663164][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  335.663257][ T6793] Call Trace:
[  335.663303][ T6793]  <TASK>
[  335.663348][ T6793]  __dump_stack+0x26/0x30
[  335.663508][ T6793]  dump_stack_lvl+0x1df/0x270
[  335.663671][ T6793]  dump_stack+0x1e/0x25
[  335.663815][ T6793]  should_fail_ex+0x7dc/0x8a0
[  335.664012][ T6793]  should_fail_alloc_page+0x222/0x240
[  335.664189][ T6793]  __alloc_frozen_pages_noprof+0x30f/0xf00
[  335.664389][ T6793]  alloc_pages_mpol+0x328/0x860
[  335.664563][ T6793]  vma_alloc_folio_noprof+0x382/0x870
[  335.664799][ T6793]  handle_mm_fault+0xadf8/0xdf50
[  335.665093][ T6793]  do_user_addr_fault+0x177d/0x2560
[  335.665285][ T6793]  ? kmsan_get_metadata+0x105/0x1b0
[  335.665465][ T6793]  ? kmsan_get_metadata+0x105/0x1b0
[  335.665677][ T6793]  exc_page_fault+0x5a/0xc0
[  335.665852][ T6793]  asm_exc_page_fault+0x2b/0x30
[  335.665989][ T6793] RIP: 0033:0x7f3096850cc3
[  335.666091][ T6793] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  335.666211][ T6793] RSP: 002b:00007f30977f34a0 EFLAGS: 00010202
[  335.666324][ T6793] RAX: 0000000000010000 RBX: 00007f30977f3540 RCX: 00007f308c200000
[  335.666416][ T6793] RDX: 00007f30977f36e0 RSI: 0000000000000001 RDI: 00007f30977f35e0
[  335.666518][ T6793] RBP: 0000000000000056 R08: 0000000000000005 R09: 0000000000000008
[  335.666593][ T6793] R10: 000000000000000a R11: 00007f30977f3540 R12: 0000000000000001
[  335.666673][ T6793] R13: 00007f3096a2bfc0 R14: 0000000000000045 R15: 00007f30977f35e0
[  335.666789][ T6793]  </TASK>
[  335.848639][ T6793] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  335.956470][ T6793] loop4: detected capacity change from 0 to 164
[  336.206827][ T6773] bcachefs (loop0): btree node scan found 7 nodes after overwrites
[  336.215251][ T6773]  done
[  336.218221][ T6773] bcachefs (loop0): check_topology...
[  336.267445][ T6773] bcachefs (loop0): btree root snapshots unreadable, must recover from scan
[  336.282604][ T6773] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX
[  336.297462][ T6773] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  336.342995][   T56] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree snapshots level 0/0
[  336.343103][   T56]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  336.343210][   T56]   node offset 8/24 bset u64s 518 bset byte offset 40: bad k->u64s 0 (min 3 max 253), exiting
[  336.343296][   T56]   Unable to continue, halting
[  336.437681][ T6773] bcachefs (loop0): Topology repair: unreadable btree node at
[  336.437788][ T6773]   btree=snapshots level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[  336.483044][ T6773] bcachefs (loop0): empty interior btree node at btree=snapshots level=1
[  336.483146][ T6773]   u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing
[  336.502030][ T6773] bcachefs (loop0): empty btree root snapshots
[  336.509202][ T6773]  done
[  336.512156][ T6773] bcachefs (loop0): accounting_read... done
[  336.520013][ T6773] bcachefs (loop0): alloc_read... done
[  336.528871][ T6773] bcachefs (loop0): snapshots_read...
[  336.545036][ T6773] bcachefs (loop0): running explicit recovery pass reconstruct_snapshots (21), currently at snapshots_read (7)
[  336.565203][ T6773]  done
[  336.568159][ T6773] bcachefs (loop0): check_allocations... done
[  336.679305][ T6773] bcachefs (loop0): going read-write
[  336.787790][ T6773] bcachefs (loop0): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR
[  336.798579][ T6773] bcachefs (loop0): flushing journal and stopping allocators, journal seq 10
[  336.807825][ T6773] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 10
[  336.855949][ T6773] bcachefs (loop0): unclean shutdown complete, journal seq 11
[  336.921379][ T6773] bcachefs (loop0): bch2_fs_recovery(): error EINTR
[  336.929319][ T6773] bcachefs (loop0): bch2_fs_start(): error starting filesystem EINTR
[  336.937833][ T6773] bcachefs (loop0): shutting down
[  336.966258][ T6800] loop3: detected capacity change from 0 to 164
[  337.100880][ T6773] bcachefs (loop0): shutdown complete
[  337.431633][ T6799] loop2: detected capacity change from 0 to 32768
[  337.548332][ T5841] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  337.724259][ T5841] usb 2-1: device descriptor read/64, error -71
[  337.820901][ T6799] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,compression=lz4,background_compression=lz4,metadata_target=invalid label 1791,norecovery,reconstruct_alloc
[  337.820901][ T6799]   allowing incompatible features above 0.0: (unknown version)
[  337.850169][ T6799] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  337.859743][ T6799] bcachefs (loop2): Version upgrade required:
[  337.859743][ T6799] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  337.859743][ T6799] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  337.859743][ T6799]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  337.935735][ T6799] bcachefs (loop2): dropping and reconstructing all alloc info
[  337.996398][ T6799] bcachefs (loop2): bcachefs (loop2): error validating btree node at btree inodes level 0/0
[  337.996515][ T6799]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  337.996616][ T6799]   node offset 8/24 bset u64s 29 bset byte offset 152: bad k->u64s 0 (min 3 max 253), fixing
[  338.034104][ T6799] bcachefs (loop2): bcachefs (loop2): error validating btree node at btree inodes level 0/0
[  338.034210][ T6799]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  338.034328][ T6799]   node offset 16/24 bset u64s 110 bset byte offset 280: keys out of order: u64s 18 type inode_v3 670014898176:4098:U32_MAX len 0 ver 0 > u64s 18 type inode_v3 0:4099:U32_MAX len 0 ver 0, fixing
[  338.085132][ T6799] bcachefs (loop2): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 670014898176:4098:U32_MAX len 0 ver 0: (unpack error)
[  338.085248][ T6799]   nonzero k.p.inode, deleting
[  338.106076][ T6799] bcachefs (loop2): btree_node_read_work: rewriting btree node at due to error
[  338.106076][ T6799]   btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  338.147609][ T6799] bcachefs (loop2): invalid bkey in btree_node btree=dirents level=0: u64s 7 type inode 4096:2695648408715017799:4294901760 len 0 ver 0: (unpack error)
[  338.147730][ T6799]   invalid str hash type (6 >= 4), deleting
[  338.224703][ T6799] bcachefs (loop2): accounting_read... done
[  338.242958][ T6799] bcachefs (loop2): alloc_read... done
[  338.249117][ T6799] bcachefs (loop2): snapshots_read... done
[  338.255670][ T6799] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  338.267437][ T6799] bcachefs (loop2): done starting filesystem
[  338.309830][ T6773] bcachefs: bch2_fs_get_tree() error: EINTR
[  338.400511][ T6816] loop4: detected capacity change from 0 to 512
[  338.481748][ T6816] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  338.513736][ T5841] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  338.609044][ T6816] EXT4-fs error (device loop4): ext4_orphan_get:1390: inode #17: comm syz.4.194: iget: bad i_size value: -6917529027641081756
[  338.657891][ T6816] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.194: couldn't read orphan inode 17 (err -117)
[  338.707567][ T1684] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  338.712073][ T5841] usb 2-1: device descriptor read/64, error -71
[  338.746726][ T6816] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  338.827684][ T5841] usb usb2-port1: attempt power cycle
[  338.914359][ T1684] usb 3-1: Using ep0 maxpacket: 16
[  338.934143][ T1684] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  338.943893][ T1684] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.062323][ T1684] usb 3-1: config 0 descriptor??
[  339.122540][ T1684] gspca_main: sonixj-2.14.0 probing 0471:0327
[  339.556627][ T6826] bcachefs (loop2): dirent to missing inode:
[  339.556784][ T6826]   u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir
[  339.556940][ T6826]   
[  339.738260][ T6822] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 65: padding at end of block bitmap is not set
[  339.804199][ T1684] gspca_sonixj: reg_r err -110
[  339.814830][ T1684] sonixj 3-1:0.0: probe with driver sonixj failed with error -110
[  340.007536][ T5799] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.045188][ T5841] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  340.125876][ T5841] usb 2-1: device descriptor read/8, error -71
[  340.211269][ T1684] usb 3-1: USB disconnect, device number 3
[  340.246162][ T5850] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  340.394085][ T5841] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  340.467734][ T5841] usb 2-1: device descriptor read/8, error -71
[  340.596559][ T5841] usb usb2-port1: unable to enumerate USB device
[  340.620563][ T6837] loop3: detected capacity change from 0 to 64
[  340.704434][ T6837] hfs: unable to locate alternate MDB
[  340.710168][ T6837] hfs: continuing without an alternate MDB
[  340.752479][ T6839] loop1: detected capacity change from 0 to 256
[  340.983773][ T5795] bcachefs (loop2): shutting down
[  341.011701][ T6835] loop0: detected capacity change from 0 to 4096
[  341.074132][ T6835] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  341.186231][ T5795] bcachefs (loop2): shutdown complete
[  341.434717][ T6839] xt_CT: No such helper "netbios-ns"
[  341.791222][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.204'.
[  342.171138][ T6851] loop1: detected capacity change from 0 to 128
[  342.271169][ T6851] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  342.352096][ T6851] UDF-fs: warning (device loop1): udf_fill_super: No fileset found
[  342.457597][ T6851] loop1: detected capacity change from 0 to 8
[  342.511057][ T6855] loop0: detected capacity change from 0 to 1024
[  342.532903][ T6851] SQUASHFS error: lzo decompression failed, data probably corrupt
[  342.541351][ T6851] SQUASHFS error: Failed to read block 0x91: -5
[  342.548064][ T6851] SQUASHFS error: Unable to read metadata cache entry [8f]
[  342.555691][ T6851] SQUASHFS error: Unable to read inode 0x11f
[  342.641873][ T6851] xt_hashlimit: max too large, truncated to 1048576
[  342.771602][ T6851] sctp: [Deprecated]: syz.1.206 (pid 6851) Use of int in maxseg socket option.
[  342.771602][ T6851] Use struct sctp_assoc_value instead
[  343.551260][ T4116] hfsplus: b-tree write err: -5, ino 4
[  344.078873][ T6870] loop0: detected capacity change from 0 to 512
[  344.195105][ T6870] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  344.410023][ T6870] EXT4-fs error (device loop0): ext4_orphan_get:1390: inode #17: comm syz.0.209: iget: bad i_size value: -6917529027641081756
[  344.535750][ T6870] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz.0.209: couldn't read orphan inode 17 (err -117)
[  344.657225][ T6870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.702434][ T6868] loop1: detected capacity change from 0 to 32768
[  344.728748][ T6868] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.210 (6868)
[  344.757911][ T6868] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  344.770231][ T6868] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  344.783399][ T6868] BTRFS info (device loop1): using free-space-tree
[  345.098925][ T6875] netdevsim netdevsim3 netdevsim2: Unsupported IPsec algorithm
[  346.077864][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.386730][ T5850] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  346.558606][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  346.558686][   T30] audit: type=1326 audit(1746170686.758:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6902 comm="syz.2.202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  346.644304][ T5850] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  346.656028][ T5850] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  346.678279][ T5850] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  346.689399][ T5850] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.758737][ T5850] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  346.779308][ T5850] usb 4-1: invalid MIDI out EP 0
[  346.860338][ T6903] loop0: detected capacity change from 0 to 4096
[  346.882102][   T30] audit: type=1326 audit(1746170687.048:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6902 comm="syz.2.202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  346.987044][ T6908] loop2: detected capacity change from 0 to 512
[  347.103251][ T6908] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.116657][ T6908] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.199227][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  347.270213][ T5801] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  347.279153][ T5850] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  347.343919][   T30] audit: type=1326 audit(1746170687.518:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6902 comm="syz.2.202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  347.354126][ T5850] usb 4-1: USB disconnect, device number 7
[  347.901877][ T6921] netlink: 12 bytes leftover after parsing attributes in process `syz.4.217'.
[  348.076958][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.537325][ T6929] FAULT_INJECTION: forcing a failure.
[  348.537325][ T6929] name failslab, interval 1, probability 0, space 0, times 0
[  348.550718][ T6929] CPU: 0 UID: 0 PID: 6929 Comm: syz.4.222 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  348.550854][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  348.550931][ T6929] Call Trace:
[  348.550976][ T6929]  <TASK>
[  348.551022][ T6929]  __dump_stack+0x26/0x30
[  348.551182][ T6929]  dump_stack_lvl+0x1df/0x270
[  348.551354][ T6929]  dump_stack+0x1e/0x25
[  348.551494][ T6929]  should_fail_ex+0x7dc/0x8a0
[  348.551688][ T6929]  should_failslab+0x15b/0x200
[  348.551876][ T6929]  kmem_cache_alloc_noprof+0xf0/0xec0
[  348.552101][ T6929]  ? skb_clone+0x3ca/0x580
[  348.552234][ T6929]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  348.552427][ T6929]  ? kmsan_get_metadata+0x105/0x1b0
[  348.552617][ T6929]  skb_clone+0x3ca/0x580
[  348.552763][ T6929]  __netlink_deliver_tap+0x695/0xdd0
[  348.552970][ T6929]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  348.553143][ T6929]  ? kmsan_get_metadata+0x105/0x1b0
[  348.553347][ T6929]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  348.553518][ T6929]  netlink_sendskb+0x224/0x270
[  348.553686][ T6929]  netlink_unicast+0x746/0x1290
[  348.553840][ T6929]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  348.554012][ T6929]  tipc_nl_net_addr_legacy_get+0x960/0xad0
[  348.554182][ T6929]  ? __pfx_tipc_nl_net_addr_legacy_get+0x10/0x10
[  348.554331][ T6929]  genl_family_rcv_msg_doit+0x335/0x3f0
[  348.554544][ T6929]  genl_rcv_msg+0xacf/0xc10
[  348.554708][ T6929]  ? __pfx_tipc_nl_net_addr_legacy_get+0x10/0x10
[  348.554901][ T6929]  netlink_rcv_skb+0x54a/0x680
[  348.555116][ T6929]  ? __pfx_genl_rcv_msg+0x10/0x10
[  348.555301][ T6929]  genl_rcv+0x41/0x60
[  348.555443][ T6929]  ? __pfx_genl_rcv+0x10/0x10
[  348.555592][ T6929]  netlink_unicast+0xed5/0x1290
[  348.555804][ T6929]  netlink_sendmsg+0x10b3/0x1250
[  348.555977][ T6929]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.556103][ T6929]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.556237][ T6929]  __sock_sendmsg+0x330/0x3d0
[  348.556428][ T6929]  ____sys_sendmsg+0x7e0/0xd80
[  348.556601][ T6929]  ___sys_sendmsg+0x271/0x3b0
[  348.556775][ T6929]  ? __rcu_read_unlock+0x6d/0xd0
[  348.556932][ T6929]  ? __fget_files+0x3b4/0x4a0
[  348.557088][ T6929]  ? __fget_files+0x3b9/0x4a0
[  348.557249][ T6929]  ? kmsan_get_metadata+0x105/0x1b0
[  348.557429][ T6929]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  348.557616][ T6929]  __x64_sys_sendmsg+0x211/0x3e0
[  348.557782][ T6929]  ? kmsan_get_metadata+0x105/0x1b0
[  348.557972][ T6929]  x64_sys_call+0x32fb/0x3db0
[  348.558161][ T6929]  do_syscall_64+0xd9/0x1b0
[  348.558342][ T6929]  ? clear_bhb_loop+0x25/0x80
[  348.558504][ T6929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.558651][ T6929] RIP: 0033:0x7f309698e969
[  348.558754][ T6929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.558875][ T6929] RSP: 002b:00007f30977f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  348.559007][ T6929] RAX: ffffffffffffffda RBX: 00007f3096bb5fa0 RCX: 00007f309698e969
[  348.559108][ T6929] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  348.559193][ T6929] RBP: 00007f30977f4090 R08: 0000000000000000 R09: 0000000000000000
[  348.559285][ T6929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  348.559368][ T6929] R13: 0000000000000000 R14: 00007f3096bb5fa0 R15: 00007ffe065aa148
[  348.559490][ T6929]  </TASK>
[  348.586148][ T1684] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  349.097085][ T1684] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  349.107493][ T1684] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.153451][ T1684] usb 4-1: config 0 descriptor??
[  349.195990][ T6933] loop2: detected capacity change from 0 to 512
[  349.245959][ T6933] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  349.408123][ T6938] loop1: detected capacity change from 0 to 256
[  349.447615][ T6933] EXT4-fs error (device loop2): ext4_orphan_get:1390: inode #17: comm syz.2.223: iget: bad i_size value: -6917529027641081756
[  349.512213][ T6933] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.223: couldn't read orphan inode 17 (err -117)
[  349.577370][ T1684] [drm] vendor descriptor length:b9 data:b9 30 30 30 30 30 00 00 00 00 00
[  349.586326][ T1684] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  349.606867][ T6933] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.649969][ T1684] [drm:udl_init] *ERROR* Selecting channel failed
[  349.927915][ T1684] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  349.935172][ T1684] [drm] Initialized udl on minor 2
[  349.965056][ T1684] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  349.975147][ T1684] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  349.994093][   T24] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  350.003968][ T6938] xt_CT: No such helper "netbios-ns"
[  350.004018][   T24] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  350.017974][   T24] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  350.042151][ T1684] usb 4-1: USB disconnect, device number 8
[  350.820748][ T6949] loop4: detected capacity change from 0 to 32768
[  350.827821][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.848409][ T6949] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.226 (6949)
[  350.897592][ T6949] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  350.908394][ T6949] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  350.918617][ T6949] BTRFS info (device loop4): using free-space-tree
[  351.311925][ T6964] loop1: detected capacity change from 0 to 64
[  351.416908][ T6964] hfs: creator requires a 4 character value
[  351.544868][ T6964] loop8: detected capacity change from 0 to 9
[  351.708563][ T6964] Dev loop8: unable to read RDB block 9
[  351.714724][ T6964]  loop8: unable to read partition table
[  351.875482][   T30] audit: type=1326 audit(1746170692.058:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.3.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60b498e969 code=0x7fc00000
[  351.914559][ T6964] loop8: partition table beyond EOD, truncated
[  351.921060][ T6964] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[  352.092558][ T6973] loop1: detected capacity change from 0 to 512
[  352.211443][   T30] audit: type=1326 audit(1746170692.408:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.3.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f60b498e969 code=0x7fc00000
[  352.260846][ T6970] loop2: detected capacity change from 0 to 32768
[  352.271067][ T6973] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  352.322448][ T6973] EXT4-fs (loop1): orphan cleanup on readonly fs
[  352.337332][ T6973] Quota error (device loop1): find_block_dqentry: Quota for id 0 referenced but not present
[  352.348440][ T6973] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  352.361022][ T6973] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.229: Failed to acquire dquot type 1
[  352.380545][ T6975] loop3: detected capacity change from 0 to 512
[  352.568634][ T6970] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,compression=lz4,background_compression=lz4,metadata_target=invalid label 1791,norecovery,reconstruct_alloc
[  352.568634][ T6970]   allowing incompatible features above 0.0: (unknown version)
[  352.584552][ T6973] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.229: bg 0: block 40: padding at end of block bitmap is not set
[  352.600860][ T6970] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  352.631874][ T6970] bcachefs (loop2): Version upgrade required:
[  352.631874][ T6970] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  352.631874][ T6970] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  352.631874][ T6970]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  352.706931][ T6970] bcachefs (loop2): dropping and reconstructing all alloc info
[  352.725501][ T6975] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  352.738760][ T6970] bcachefs (loop2): bcachefs (loop2): error validating btree node at btree inodes level 0/0
[  352.738868][ T6970]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  352.738934][ T6975] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  352.738979][ T6970]   node offset 8/24 bset u64s 29 bset byte offset 152: bad k->u64s 0 (min 3 max 253), fixing
[  352.751677][ T6973] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  352.767199][ T6973] EXT4-fs (loop1): 1 truncate cleaned up
[  352.803064][ T6970] bcachefs (loop2): bcachefs (loop2): error validating btree node at btree inodes level 0/0
[  352.803183][ T6970]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  352.803302][ T6970]   node offset 16/24 bset u64s 110 bset byte offset 280: keys out of order: u64s 18 type inode_v3 670014898176:4098:U32_MAX len 0 ver 0 > u64s 18 type inode_v3 0:4099:U32_MAX len 0 ver 0, fixing
[  352.805676][ T6973] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  352.865134][ T6970] bcachefs (loop2): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 670014898176:4098:U32_MAX len 0 ver 0: (unpack error)
[  352.865262][ T6970]   nonzero k.p.inode, deleting
[  352.889446][ T6970] bcachefs (loop2): btree_node_read_work: rewriting btree node at due to error
[  352.889446][ T6970]   btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  352.938744][ T6970] bcachefs (loop2): invalid bkey in btree_node btree=dirents level=0: u64s 7 type inode 4096:2695648408715017799:4294901760 len 0 ver 0: (unpack error)
[  352.938855][ T6970]   invalid str hash type (6 >= 4), deleting
[  353.011401][ T6970] bcachefs (loop2): accounting_read... done
[  353.035804][ T6970] bcachefs (loop2): alloc_read... done
[  353.041827][ T6970] bcachefs (loop2): snapshots_read... done
[  353.042594][   T30] audit: type=1326 audit(1746170693.228:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.3.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60b498e969 code=0x7fc00000
[  353.048339][ T6970] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  353.050476][ T6970] bcachefs (loop2): done starting filesystem
[  353.070886][   T30] audit: type=1326 audit(1746170693.228:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.3.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f60b498e969 code=0x7fc00000
[  353.109678][   T30] audit: type=1326 audit(1746170693.228:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.3.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60b498e969 code=0x7fc00000
[  353.135226][   T30] audit: type=1326 audit(1746170693.228:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.3.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60b498e969 code=0x7fc00000
[  353.160137][   T30] audit: type=1326 audit(1746170693.238:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6972 comm="syz.3.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60b498e969 code=0x7fc00000
[  353.467860][ T6993] bcachefs (loop2): dirent to missing inode:
[  353.467954][ T6993]   u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir
[  353.468039][ T6993]   
[  353.782685][ T5795] bcachefs (loop2): shutting down
[  353.822113][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.916697][ T5795] bcachefs (loop2): shutdown complete
[  354.317856][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.364838][ T5086] Bluetooth: hci1: command 0x0406 tx timeout
[  354.371129][ T5086] Bluetooth: hci3: command 0x0406 tx timeout
[  354.382890][ T5086] Bluetooth: hci4: command 0x0406 tx timeout
[  354.387698][ T5798] Bluetooth: hci0: command 0x0406 tx timeout
[  354.390071][ T5086] Bluetooth: hci2: command 0x0406 tx timeout
[  354.424981][ T5799] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  354.745633][ T7002] loop3: detected capacity change from 0 to 512
[  354.793305][ T7002] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  354.933045][ T7002] EXT4-fs error (device loop3): ext4_orphan_get:1390: inode #17: comm syz.3.237: iget: bad i_size value: -6917529027641081756
[  355.034080][ T7002] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.237: couldn't read orphan inode 17 (err -117)
[  355.100514][ T7002] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.382335][ T1684] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  355.389935][ T7009] loop0: detected capacity change from 0 to 256
[  355.569076][ T1684] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  355.581131][ T1684] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.627291][ T1684] usb 2-1: config 0 descriptor??
[  355.855980][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.907088][ T7009] xt_CT: No such helper "netbios-ns"
[  356.055824][ T7007] ALSA: mixer_oss: invalid OSS volume ''
[  356.101459][ T1684] [drm] vendor descriptor length:b9 data:b9 30 30 30 30 30 0a 56 4f 4c 55
[  356.110439][ T1684] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  356.144174][ T1684] [drm:udl_init] *ERROR* Selecting channel failed
[  356.230298][ T1684] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[  356.237526][ T1684] [drm] Initialized udl on minor 2
[  356.271252][ T1684] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  356.280818][ T1684] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  356.296532][   T24] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  356.338560][   T24] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  356.347355][   T24] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  356.379674][ T1684] usb 2-1: USB disconnect, device number 13
[  356.810688][ T5850] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  356.994432][ T5850] usb 4-1: Using ep0 maxpacket: 8
[  357.037839][ T5850] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  357.052296][ T5850] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1511, setting to 1024
[  357.063932][ T5850] usb 4-1: config 1 interface 0 altsetting 8 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  357.079859][ T5850] usb 4-1: config 1 interface 0 has no altsetting 0
[  357.327187][ T5850] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  357.336676][ T5850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.345050][ T5850] usb 4-1: Product: syz
[  357.349470][ T5850] usb 4-1: Manufacturer: syz
[  357.357183][ T5850] usb 4-1: SerialNumber: syz
[  357.503431][ T7017] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  357.960848][ T5850] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  358.173074][ T5850] usb 4-1: USB disconnect, device number 9
[  358.291859][ T7033] FAULT_INJECTION: forcing a failure.
[  358.291859][ T7033] name failslab, interval 1, probability 0, space 0, times 0
[  358.304950][ T7033] CPU: 0 UID: 0 PID: 7033 Comm: syz.4.244 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  358.305108][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  358.305196][ T7033] Call Trace:
[  358.305248][ T7033]  <TASK>
[  358.305299][ T7033]  __dump_stack+0x26/0x30
[  358.305454][ T7033]  dump_stack_lvl+0x1df/0x270
[  358.305654][ T7033]  dump_stack+0x1e/0x25
[  358.305812][ T7033]  should_fail_ex+0x7dc/0x8a0
[  358.306032][ T7033]  should_failslab+0x15b/0x200
[  358.306217][ T7033]  kmem_cache_alloc_noprof+0xf0/0xec0
[  358.306415][ T7033]  ? __rcu_read_unlock+0x6d/0xd0
[  358.306585][ T7033]  ? __send_signal_locked+0x27d/0x14c0
[  358.306801][ T7033]  ? sig_get_ucounts+0x163/0x2d0
[  358.306947][ T7033]  ? kmsan_get_metadata+0x105/0x1b0
[  358.307139][ T7033]  __send_signal_locked+0x27d/0x14c0
[  358.307349][ T7033]  ? stack_depot_save_flags+0x35/0x7c0
[  358.307563][ T7033]  send_signal_locked+0x738/0xb70
[  358.307803][ T7033]  force_sig_info_to_task+0x56c/0x7b0
[  358.307993][ T7033]  force_sig_fault+0xce/0x100
[  358.308155][ T7033]  __bad_area_nosemaphore+0x5bc/0x9d0
[  358.308340][ T7033]  ? kmsan_get_metadata+0x105/0x1b0
[  358.308518][ T7033]  ? up_read+0x6a/0xf0
[  358.308723][ T7033]  bad_area_nosemaphore+0x32/0x40
[  358.308915][ T7033]  do_user_addr_fault+0xa31/0x2560
[  358.309097][ T7033]  ? kmsan_get_metadata+0x105/0x1b0
[  358.309272][ T7033]  ? kmsan_get_metadata+0x105/0x1b0
[  358.309487][ T7033]  exc_page_fault+0x5a/0xc0
[  358.309661][ T7033]  asm_exc_page_fault+0x2b/0x30
[  358.309803][ T7033] RIP: 0033:0x7f309684e9da
[  358.309913][ T7033] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 c1 ff 13 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 9d
[  358.310036][ T7033] RSP: 002b:00007f30977f3fd0 EFLAGS: 00010217
[  358.310150][ T7033] RAX: ffffffffffffffff RBX: 00007f3096bb5fa0 RCX: 00007f309698e9a3
[  358.310254][ T7033] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  358.310338][ T7033] RBP: 0000200000000100 R08: 00000000ffffffff R09: 0000000000000000
[  358.310430][ T7033] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff
[  358.310527][ T7033] R13: 0000000000000000 R14: 00000000000013ac R15: 0000000000000000
[  358.310651][ T7033]  </TASK>
[  359.217363][   T30] audit: type=1326 audit(1746170699.408:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  359.462717][   T30] audit: type=1326 audit(1746170699.648:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  359.524722][ T7045] loop2: detected capacity change from 0 to 512
[  359.748057][ T7045] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  359.761327][ T7045] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  360.001352][   T30] audit: type=1326 audit(1746170700.188:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  360.067068][ T7044] loop1: detected capacity change from 0 to 4096
[  360.172109][ T7044] NILFS (loop1): invalid segment: Checksum error in segment payload
[  360.191371][ T7044] NILFS (loop1): trying rollback from an earlier position
[  360.306988][ T7044] NILFS (loop1): recovery complete
[  360.334616][ T7061] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  360.726422][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.808371][ T7073] loop2: detected capacity change from 0 to 256
[  362.141198][ T7085] netdevsim netdevsim3 netdevsim2: Unsupported IPsec algorithm
[  362.264245][ T7073] xt_CT: No such helper "netbios-ns"
[  363.333363][   T30] audit: type=1326 audit(1746170703.508:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.4.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309698e969 code=0x7fc00000
[  363.459304][ T7101] FAULT_INJECTION: forcing a failure.
[  363.459304][ T7101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  363.478990][ T7101] CPU: 0 UID: 0 PID: 7101 Comm: syz.0.264 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  363.479132][ T7101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  363.479207][ T7101] Call Trace:
[  363.479254][ T7101]  <TASK>
[  363.479299][ T7101]  __dump_stack+0x26/0x30
[  363.479460][ T7101]  dump_stack_lvl+0x1df/0x270
[  363.479657][ T7101]  dump_stack+0x1e/0x25
[  363.479821][ T7101]  should_fail_ex+0x7dc/0x8a0
[  363.480037][ T7101]  should_fail+0x2a/0x40
[  363.480233][ T7101]  should_fail_usercopy+0x2e/0x40
[  363.480440][ T7101]  copy_page_from_iter_atomic+0x56f/0x37f0
[  363.480672][ T7101]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  363.480847][ T7101]  ? kmsan_get_metadata+0x105/0x1b0
[  363.481022][ T7101]  generic_perform_write+0x8eb/0x10c0
[  363.481232][ T7101]  shmem_file_write_iter+0x2b7/0x2f0
[  363.481409][ T7101]  vfs_write+0xb31/0x1560
[  363.481570][ T7101]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  363.481749][ T7101]  __x64_sys_write+0x1fb/0x4d0
[  363.481911][ T7101]  x64_sys_call+0x38c3/0x3db0
[  363.482086][ T7101]  do_syscall_64+0xd9/0x1b0
[  363.482248][ T7101]  ? irqentry_exit+0x16/0x60
[  363.482379][ T7101]  ? clear_bhb_loop+0x25/0x80
[  363.482516][ T7101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.482664][ T7101] RIP: 0033:0x7ff04b98d41f
[  363.482761][ T7101] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  363.482875][ T7101] RSP: 002b:00007ff04c757df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  363.483035][ T7101] RAX: ffffffffffffffda RBX: 0000000000014800 RCX: 00007ff04b98d41f
[  363.483126][ T7101] RDX: 0000000000014800 RSI: 00007ff041200000 RDI: 0000000000000006
[  363.483211][ T7101] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000052e
[  363.483286][ T7101] R10: 00000000000003ea R11: 0000000000000293 R12: 0000000000000006
[  363.483364][ T7101] R13: 00007ff04c757ef0 R14: 00007ff04c757eb0 R15: 00007ff041200000
[  363.483484][ T7101]  </TASK>
[  363.867639][ T7101] loop0: detected capacity change from 0 to 164
[  363.999385][ T7100] loop4: detected capacity change from 0 to 512
[  364.125143][ T7100] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  364.138537][ T7100] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  364.419907][   T30] audit: type=1326 audit(1746170704.598:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7095 comm="syz.4.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f309698e969 code=0x7fc00000
[  365.117165][ T5799] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.184980][ T7104] loop3: detected capacity change from 0 to 4096
[  365.328983][ T7104] NILFS (loop3): invalid segment: Checksum error in segment payload
[  365.337566][ T7104] NILFS (loop3): trying rollback from an earlier position
[  365.444249][ T7104] NILFS (loop3): recovery complete
[  365.476265][ T7122] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  365.596059][   T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  365.790954][   T24] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  365.802944][   T24] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  365.818929][   T24] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  365.829309][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.015365][   T24] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  366.028067][   T24] usb 3-1: invalid MIDI out EP 0
[  366.312586][   T24] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  366.395406][   T24] usb 3-1: USB disconnect, device number 4
[  366.767335][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  366.777381][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  366.787030][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  366.802133][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  366.844801][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  366.949318][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  367.207209][ T7127] loop4: detected capacity change from 0 to 32768
[  367.283733][ T7127] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.271 (7127)
[  367.370383][ T7127] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  367.381561][ T7127] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  367.391906][ T7127] BTRFS info (device loop4): using free-space-tree
[  367.579824][ T7144] loop3: detected capacity change from 0 to 256
[  368.240453][ T7151] netlink: 28 bytes leftover after parsing attributes in process `syz.1.274'.
[  368.249978][ T7151] netlink: 28 bytes leftover after parsing attributes in process `syz.1.274'.
[  368.300757][ T7144] xt_CT: No such helper "netbios-ns"
[  368.880603][ T7151] loop1: detected capacity change from 0 to 164
[  369.295948][ T5799] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  370.123742][ T7181] netlink: 8 bytes leftover after parsing attributes in process `syz.1.284'.
[  371.190618][   T30] audit: type=1326 audit(1746170711.388:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7188 comm="syz.4.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309698e969 code=0x7fc00000
[  371.229483][ T7178] loop2: detected capacity change from 0 to 4096
[  371.371721][ T7178] NILFS (loop2): invalid segment: Checksum error in segment payload
[  371.383095][ T7178] NILFS (loop2): trying rollback from an earlier position
[  371.494076][ T7192] loop4: detected capacity change from 0 to 512
[  371.529881][ T7178] NILFS (loop2): recovery complete
[  371.595784][ T7196] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  371.642507][ T7192] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  371.658475][ T7192] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  371.923777][   T30] audit: type=1326 audit(1746170712.098:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7188 comm="syz.4.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f309698e969 code=0x7fc00000
[  372.749521][ T5799] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.345188][ T7202] loop2: detected capacity change from 0 to 256
[  373.739735][ T7191] loop3: detected capacity change from 0 to 32768
[  373.900739][ T7200] xt_CT: No such helper "netbios-ns"
[  373.958856][ T7207] netlink: 8 bytes leftover after parsing attributes in process `syz.4.290'.
[  374.050541][ T7191] JBD2: Ignoring recovery information on journal
[  374.104527][ T7191] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75
[  374.119980][ T7191] JBD2: bad block at offset 32
[  374.218369][ T7191] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  374.560530][ T5789] ocfs2: Unmounting device (7,3) on (node local)
[  375.423004][ T7223] netdevsim netdevsim0 netdevsim2: Unsupported IPsec algorithm
[  376.391526][ T7233] loop3: detected capacity change from 0 to 1024
[  376.814447][   T30] audit: type=1326 audit(1746170716.988:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7237 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  377.011511][ T7241] loop2: detected capacity change from 0 to 512
[  377.049534][   T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  377.100026][ T7236] loop1: detected capacity change from 0 to 4096
[  377.141462][ T7241] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.157479][ T7241] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  377.235069][   T24] usb 4-1: Using ep0 maxpacket: 8
[  377.274282][   T24] usb 4-1: unable to get BOS descriptor or descriptor too short
[  377.304997][ T7236] NILFS (loop1): invalid segment: Checksum error in segment payload
[  377.313392][ T7236] NILFS (loop1): trying rollback from an earlier position
[  377.362372][   T24] usb 4-1: config 8 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 8
[  377.372495][   T24] usb 4-1: config 8 interface 0 has no altsetting 0
[  377.404247][   T30] audit: type=1326 audit(1746170717.598:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7237 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2868d8e969 code=0x7fc00000
[  377.456369][   T24] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[  377.465953][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.474344][   T24] usb 4-1: Product: syz
[  377.478743][   T24] usb 4-1: Manufacturer: syz
[  377.482332][ T7236] NILFS (loop1): recovery complete
[  377.483643][   T24] usb 4-1: SerialNumber: syz
[  377.570265][ T7250] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  378.281800][ T7249] loop0: detected capacity change from 0 to 32768
[  378.300123][ T7249] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.301 (7249)
[  378.325204][ T7249] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  378.337418][ T7249] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  378.347954][ T7249] BTRFS info (device loop0): using free-space-tree
[  378.487711][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.626701][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  378.634089][   T24] usb 4-1: selecting invalid altsetting 0
[  378.866059][   T24] usb 4-1: USB disconnect, device number 10
[  379.109087][ T5850] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  379.165377][ T7269] loop2: detected capacity change from 0 to 1024
[  379.177363][ T7269] EXT4-fs: Ignoring removed nobh option
[  379.188759][ T7269] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  379.199917][ T7269] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal
[  379.261106][ T5850] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  380.138725][ T5786] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  380.150263][   T24] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  380.167813][ T7269] loop2: detected capacity change from 0 to 32768
[  380.383346][   T24] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  380.392229][ T7269] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  380.392229][ T7269]   allowing incompatible features above 0.0: (unknown version)
[  380.396244][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.428021][ T7269] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  380.441925][ T7269] bcachefs (loop2): Version upgrade required:
[  380.441925][ T7269] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  380.441925][ T7269] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  380.441925][ T7269]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  380.536367][ T7269] bcachefs (loop2): dropping and reconstructing all alloc info
[  380.592126][ T7269] bcachefs (loop2): bcachefs (loop2): error validating btree node on loop2 at btree snapshots level 0/0
[  380.592233][ T7269]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  380.592337][ T7269]   node offset 8/16 bset u64s 518: bset past end of btree node (offset 8 len 16 but written 16), exiting
[  380.592423][ T7269]   Unable to continue, halting
[  380.640857][ T7269] bcachefs (loop2): flagging btree snapshots lost data
[  380.648123][ T7269] bcachefs (loop2): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  380.659971][ T7269] bcachefs (loop2): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  380.687640][ T7269] bcachefs (loop2): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing
[  380.699050][   T24] usb 2-1: config 0 descriptor??
[  380.709081][ T7269] bcachefs (loop2): scan_for_btree_nodes...
[  381.104491][ T7269] bcachefs (loop2): btree node scan found 7 nodes after overwrites
[  381.118954][ T7269]  done
[  381.119857][ T7273] ALSA: mixer_oss: invalid OSS volume 'MONITO'
[  381.121840][ T7269] bcachefs (loop2): check_topology...
[  381.127354][ T7269] bcachefs (loop2): btree root snapshots unreadable, must recover from scan
[  381.146549][ T7269] bcachefs (loop2): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX
[  381.151628][   T24] [drm] vendor descriptor length:b9 data:b9 30 30 30 30 30 0a 56 4f 4c 55
[  381.158172][ T7269] bcachefs (loop2): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  381.166855][   T24] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  381.201632][   T40] bcachefs (loop2): bcachefs (loop2): error validating btree node at btree snapshots level 0/0
[  381.201725][   T40]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  381.201821][   T40]   node offset 8/24 bset u64s 518 bset byte offset 40: bad k->u64s 0 (min 3 max 253), exiting
[  381.201898][   T40]   Unable to continue, halting
[  381.250354][ T7269] bcachefs (loop2): Topology repair: unreadable btree node at
[  381.250457][ T7269]   btree=snapshots level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[  381.291581][ T7269] bcachefs (loop2): empty interior btree node at btree=snapshots level=1
[  381.291665][ T7269]   u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing
[  381.310256][ T7269] bcachefs (loop2): empty btree root snapshots
[  381.317339][ T7269]  done
[  381.320275][ T7269] bcachefs (loop2): accounting_read... done
[  381.333059][ T7269] bcachefs (loop2): alloc_read... done
[  381.339022][ T7269] bcachefs (loop2): snapshots_read...
[  381.365603][ T7269] bcachefs (loop2): running explicit recovery pass reconstruct_snapshots (21), currently at snapshots_read (7)
[  381.388711][ T7269]  done
[  381.391657][ T7269] bcachefs (loop2): check_allocations...
[  381.445782][   T24] [drm:udl_init] *ERROR* Selecting channel failed
[  381.488922][ T7269]  done
[  381.499906][ T7269] bcachefs (loop2): going read-write
[  381.563956][ T7269] bcachefs (loop2): done starting filesystem
[  381.573884][   T24] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[  381.581005][   T24] [drm] Initialized udl on minor 2
[  381.711495][   T24] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  381.720879][   T24] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  381.738654][ T1684] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  381.797801][ T1684] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  381.806668][ T1684] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  381.857928][ T5795] bcachefs (loop2): shutting down
[  381.863166][ T5795] bcachefs (loop2): going read-only
[  381.868718][ T5795] bcachefs (loop2): finished waiting for writes to stop
[  381.938541][   T24] usb 2-1: USB disconnect, device number 14
[  381.962975][ T5795] bcachefs (loop2): flushing journal and stopping allocators, journal seq 12
[  381.994012][ T5795] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 12
[  382.078968][ T5795] bcachefs (loop2): unclean shutdown complete, journal seq 13
[  382.163700][ T5795] bcachefs (loop2): done going read-only, filesystem not clean
[  382.340753][ T5795] bcachefs (loop2): shutdown complete
[  382.679054][ T7288] loop1: detected capacity change from 0 to 512
[  382.709937][ T7288] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  382.728555][ T7288] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  382.738474][ T7288] EXT4-fs (loop1): invalid inodes per group: 393248
[  382.738474][ T7288] 
[  383.864429][   T30] audit: type=1326 audit(1746170724.058:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  383.997328][   T30] audit: type=1326 audit(1746170724.198:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  384.131676][ T7305] loop1: detected capacity change from 0 to 512
[  384.234794][ T7304] loop4: detected capacity change from 0 to 164
[  384.306144][ T7305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  384.319428][ T7305] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  384.422835][   T30] audit: type=1326 audit(1746170724.618:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.446020][   T30] audit: type=1326 audit(1746170724.618:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.471116][   T30] audit: type=1326 audit(1746170724.618:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.714223][   T30] audit: type=1326 audit(1746170724.698:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.737171][   T30] audit: type=1326 audit(1746170724.698:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.762294][   T30] audit: type=1326 audit(1746170724.698:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.781759][ T7314] FAULT_INJECTION: forcing a failure.
[  384.781759][ T7314] name failslab, interval 1, probability 0, space 0, times 0
[  384.785688][   T30] audit: type=1326 audit(1746170724.738:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.785923][   T30] audit: type=1326 audit(1746170724.748:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309698e969 code=0x7ffc0000
[  384.849225][ T7314] CPU: 0 UID: 0 PID: 7314 Comm: syz.3.315 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  384.849377][ T7314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  384.849474][ T7314] Call Trace:
[  384.849543][ T7314]  <TASK>
[  384.849596][ T7314]  __dump_stack+0x26/0x30
[  384.849786][ T7314]  dump_stack_lvl+0x1df/0x270
[  384.849971][ T7314]  dump_stack+0x1e/0x25
[  384.850125][ T7314]  should_fail_ex+0x7dc/0x8a0
[  384.850329][ T7314]  should_failslab+0x15b/0x200
[  384.850515][ T7314]  kmem_cache_alloc_node_noprof+0xf3/0xf00
[  384.850733][ T7314]  ? __alloc_skb+0x1e0/0x7d0
[  384.850916][ T7314]  ? kmsan_get_metadata+0x105/0x1b0
[  384.851084][ T7314]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  384.851286][ T7314]  __alloc_skb+0x1e0/0x7d0
[  384.851506][ T7314]  tcp_stream_alloc_skb+0x4c/0x5f0
[  384.851659][ T7314]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  384.851851][ T7314]  tcp_sendmsg_locked+0x1a1f/0x72a0
[  384.852066][ T7314]  ? tcp_sendmsg_locked+0x771/0x72a0
[  384.852219][ T7314]  ? kmsan_internal_set_shadow_origin+0x50/0x110
[  384.852376][ T7314]  ? kmsan_get_metadata+0x105/0x1b0
[  384.852540][ T7314]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  384.852754][ T7314]  ? __pfx_tcp_sendmsg+0x10/0x10
[  384.852929][ T7314]  tcp_sendmsg+0x4b/0x90
[  384.853073][ T7314]  ? __pfx_tcp_sendmsg+0x10/0x10
[  384.853233][ T7314]  inet_sendmsg+0x134/0x2a0
[  384.853419][ T7314]  __sock_sendmsg+0x278/0x3d0
[  384.853577][ T7314]  __sys_sendto+0x590/0x710
[  384.853764][ T7314]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  384.853929][ T7314]  ? vfs_write+0x1342/0x1560
[  384.854088][ T7314]  ? kmsan_get_metadata+0x105/0x1b0
[  384.854272][ T7314]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  384.854461][ T7314]  __x64_sys_sendto+0x130/0x200
[  384.854679][ T7314]  x64_sys_call+0x3c0b/0x3db0
[  384.854865][ T7314]  do_syscall_64+0xd9/0x1b0
[  384.855036][ T7314]  ? irqentry_exit+0x16/0x60
[  384.855189][ T7314]  ? clear_bhb_loop+0x25/0x80
[  384.855346][ T7314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.855499][ T7314] RIP: 0033:0x7f60b498e969
[  384.855603][ T7314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.855736][ T7314] RSP: 002b:00007f60b57d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  384.855888][ T7314] RAX: ffffffffffffffda RBX: 00007f60b4bb5fa0 RCX: 00007f60b498e969
[  384.855984][ T7314] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003
[  384.856061][ T7314] RBP: 00007f60b57d4090 R08: 0000000000000000 R09: 0000000000000000
[  384.856143][ T7314] R10: 0000000004040000 R11: 0000000000000246 R12: 0000000000000001
[  384.856224][ T7314] R13: 0000000000000000 R14: 00007f60b4bb5fa0 R15: 00007ffe32f38b78
[  384.856340][ T7314]  </TASK>
[  385.131536][    C0] vkms_vblank_simulate: vblank timer overrun
[  385.269512][ T7310] loop0: detected capacity change from 0 to 4096
[  385.515849][ T7310] NILFS (loop0): invalid segment: Checksum error in segment payload
[  385.527138][ T7310] NILFS (loop0): trying rollback from an earlier position
[  385.602337][ T7310] NILFS (loop0): recovery complete
[  385.690923][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  385.703784][ T7317] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  385.782761][ T5850] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  385.823078][ T7318] loop4: detected capacity change from 0 to 1024
[  385.846243][ T7319] loop3: detected capacity change from 0 to 1024
[  385.855656][ T7319] EXT4-fs: Ignoring removed nobh option
[  385.856857][ T7310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.314'.
[  385.868281][ T5850] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  385.871161][ T7310] IPVS: Error joining to the multicast group
[  385.923327][ T7319] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  385.937189][ T7319] EXT4-fs (loop3): can't mount with commit=, fs mounted w/o journal
[  386.358905][ T7318] warning: `syz.4.316' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  386.831419][ T7319] loop3: detected capacity change from 0 to 32768
[  387.025825][ T7319] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  387.025825][ T7319]   allowing incompatible features above 0.0: (unknown version)
[  387.057968][ T7319] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  387.067621][ T7319] bcachefs (loop3): Version upgrade required:
[  387.067621][ T7319] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  387.067621][ T7319] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  387.067621][ T7319]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  387.176868][ T7319] bcachefs (loop3): dropping and reconstructing all alloc info
[  387.231898][ T7319] bcachefs (loop3): bcachefs (loop3): error validating btree node on loop3 at btree snapshots level 0/0
[  387.232016][ T7319]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  387.232131][ T7319]   node offset 8/16 bset u64s 518: bset past end of btree node (offset 8 len 16 but written 16), exiting
[  387.232229][ T7319]   Unable to continue, halting
[  387.281030][ T7319] bcachefs (loop3): flagging btree snapshots lost data
[  387.288353][ T7319] bcachefs (loop3): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  387.300225][ T7319] bcachefs (loop3): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  387.326037][ T7319] bcachefs (loop3): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing
[  387.352827][ T7319] bcachefs (loop3): scan_for_btree_nodes...
[  388.008584][ T7319] bcachefs (loop3): btree node scan found 7 nodes after overwrites
[  388.023852][ T7319]  done
[  388.026839][ T7319] bcachefs (loop3): check_topology...
[  388.032625][ T7319] bcachefs (loop3): btree root snapshots unreadable, must recover from scan
[  388.059418][ T7319] bcachefs (loop3): bch2_get_scanned_nodes(): recovery btree=snapshots level=0 POS_MIN - SPOS_MAX
[  388.074343][ T7319] bcachefs (loop3): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  388.101148][   T40] bcachefs (loop3): bcachefs (loop3): error validating btree node at btree snapshots level 0/0
[  388.101266][   T40]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  388.101368][   T40]   node offset 8/24 bset u64s 518 bset byte offset 40: bad k->u64s 0 (min 3 max 253), exiting
[  388.101457][   T40]   Unable to continue, halting
[  388.176612][ T7319] bcachefs (loop3): Topology repair: unreadable btree node at
[  388.176715][ T7319]   btree=snapshots level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 24 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[  388.210095][ T7319] bcachefs (loop3): empty interior btree node at btree=snapshots level=1
[  388.210197][ T7319]   u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing
[  388.226479][ T7319] bcachefs (loop3): empty btree root snapshots
[  388.236301][ T7319]  done
[  388.239394][ T7319] bcachefs (loop3): accounting_read... done
[  388.254438][ T7319] bcachefs (loop3): alloc_read... done
[  388.260377][ T7319] bcachefs (loop3): snapshots_read...
[  388.269327][ T7319] bcachefs (loop3): running explicit recovery pass reconstruct_snapshots (21), currently at snapshots_read (7)
[  388.287100][ T7319]  done
[  388.290073][ T7319] bcachefs (loop3): check_allocations... done
[  388.411908][ T7319] bcachefs (loop3): going read-write
[  388.531135][ T7319] bcachefs (loop3): done starting filesystem
[  388.841983][ T5789] bcachefs (loop3): shutting down
[  388.847894][ T5789] bcachefs (loop3): going read-only
[  388.853336][ T5789] bcachefs (loop3): finished waiting for writes to stop
[  388.915612][ T7349] loop0: detected capacity change from 0 to 764
[  389.033333][ T5789] bcachefs (loop3): flushing journal and stopping allocators, journal seq 12
[  389.046547][ T5789] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 12
[  389.097475][ T5789] bcachefs (loop3): unclean shutdown complete, journal seq 13
[  389.125908][ T7349] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  389.151600][ T5789] bcachefs (loop3): done going read-only, filesystem not clean
[  389.335437][ T5789] bcachefs (loop3): shutdown complete
[  389.687686][ T7356] netlink: 16 bytes leftover after parsing attributes in process `syz.4.327'.
[  389.967605][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  389.967678][   T30] audit: type=1326 audit(1746170730.168:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7357 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04b98e969 code=0x7fc00000
[  390.122246][   T30] audit: type=1326 audit(1746170730.308:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7357 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff04b98e969 code=0x7fc00000
[  390.265224][ T7359] loop0: detected capacity change from 0 to 512
[  390.514797][ T7359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.531126][ T7359] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  391.273879][   T30] audit: type=1326 audit(1746170731.438:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7357 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04b98e969 code=0x7fc00000
[  391.470066][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.552361][ T7367] loop4: detected capacity change from 0 to 4096
[  391.699985][ T7367] NILFS (loop4): invalid segment: Checksum error in segment payload
[  391.708633][ T7367] NILFS (loop4): trying rollback from an earlier position
[  391.866199][ T7367] NILFS (loop4): recovery complete
[  391.905416][ T7372] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  393.562954][ T7384] netdevsim netdevsim3 netdevsim2: Unsupported IPsec algorithm
[  393.635162][ T7385] netlink: 'syz.0.336': attribute type 3 has an invalid length.
[  393.643185][ T7385] netlink: 84 bytes leftover after parsing attributes in process `syz.0.336'.
[  394.017838][ T7392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.338'.
[  394.060400][ T7395] netlink: 'syz.3.339': attribute type 29 has an invalid length.
[  394.117340][ T7396] netlink: 'syz.3.339': attribute type 29 has an invalid length.
[  394.146091][   T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  394.173823][ T7395] netlink: 500 bytes leftover after parsing attributes in process `syz.3.339'.
[  394.228532][ T7398] netlink: 'syz.4.340': attribute type 29 has an invalid length.
[  394.256550][ T7398] netlink: 'syz.4.340': attribute type 29 has an invalid length.
[  394.278534][ T7398] netlink: 500 bytes leftover after parsing attributes in process `syz.4.340'.
[  394.360562][   T24] usb 1-1: Using ep0 maxpacket: 32
[  394.376655][   T24] usb 1-1: config 0 has no interfaces?
[  394.382563][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  394.402826][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.466324][   T24] usb 1-1: config 0 descriptor??
[  394.569923][   T30] audit: type=1326 audit(1746170734.758:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  394.700721][   T24] usb 1-1: USB disconnect, device number 6
[  394.725070][   T30] audit: type=1326 audit(1746170734.928:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  394.747276][    C1] vkms_vblank_simulate: vblank timer overrun
[  394.750190][ T7406] loop1: detected capacity change from 0 to 512
[  394.917172][ T7406] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.930590][ T7406] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  395.030263][ T7412] mmap: syz.2.344 (7412) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  395.929032][   T30] audit: type=1326 audit(1746170736.108:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  395.952011][   T30] audit: type=1326 audit(1746170736.108:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  395.974948][   T30] audit: type=1326 audit(1746170736.108:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  395.997223][    C1] vkms_vblank_simulate: vblank timer overrun
[  396.003899][   T30] audit: type=1326 audit(1746170736.108:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  396.029164][   T30] audit: type=1326 audit(1746170736.108:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  396.052767][   T30] audit: type=1326 audit(1746170736.108:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  396.075464][   T30] audit: type=1326 audit(1746170736.108:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.1.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369858e969 code=0x7fc00000
[  396.097820][    C1] vkms_vblank_simulate: vblank timer overrun
[  396.597372][ T7422] loop2: detected capacity change from 0 to 1024
[  396.607166][ T7422] EXT4-fs: Ignoring removed orlov option
[  396.613220][ T7422] EXT4-fs: Ignoring removed nomblk_io_submit option
[  397.018436][ T7422] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  397.491338][ T7427] veth1_to_bond: entered allmulticast mode
[  397.535115][ T7427] veth1_to_bond: left allmulticast mode
[  397.596261][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.703882][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.305893][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  399.408532][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  401.454087][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  401.970995][ T7441] loop0: detected capacity change from 0 to 131072
[  402.001203][ T7441] F2FS-fs (loop0): QUOTA feature is enabled, so ignore qf_name
[  402.012092][ T7441] F2FS-fs (loop0): invalid crc value
[  402.102528][ T7443] xt_l2tp: invalid flags combination: 8
[  402.154905][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  402.317163][ T7441] F2FS-fs (loop0): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:1027,ofs:0,cpver:0,blkaddr:4097]
[  402.333690][ T7441] F2FS-fs (loop0): Failed to read root inode
[  403.444330][ T7447] delete_channel: no stack
[  408.706545][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  410.521807][ T7534] loop2: detected capacity change from 0 to 256
[  410.530057][ T7534] vfat: Unknown parameter 'shortnime'
[  411.095692][ T7536] Bluetooth: MGMT ver 1.23
[  411.189631][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  411.248187][ T7535] Bluetooth: hci0: Opcode 0x0401 failed: -112
[  412.251724][   T24] usb 2-1: Using ep0 maxpacket: 16
[  412.853841][ T5788] Bluetooth: hci0: command 0x0406 tx timeout
[  412.860395][   T52] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  412.908294][   T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  412.917531][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  412.930743][   T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  412.942589][   T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  413.010762][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  413.020434][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.031066][   T24] usb 2-1: Product: syz
[  413.036422][   T24] usb 2-1: Manufacturer: syz
[  413.041227][   T24] usb 2-1: SerialNumber: syz
[  413.465072][   T24] usb 2-1: USB disconnect, device number 15
[  414.934192][   T52] Bluetooth: hci0: command 0x0406 tx timeout
[  415.062532][ T5788] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  415.081037][ T5788] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  415.091558][ T5788] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  415.113104][ T5788] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  415.144802][ T5788] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  416.650320][ T7553] chnl_net:caif_netlink_parms(): no params data found
[  417.258416][ T5788] Bluetooth: hci5: command tx timeout
[  417.312834][ T7568] loop3: detected capacity change from 0 to 1024
[  417.555752][ T7568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  418.186639][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.286704][ T7577] loop2: detected capacity change from 0 to 512
[  419.374433][ T5788] Bluetooth: hci5: command tx timeout
[  419.880782][ T7553] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.900391][ T7553] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.908340][ T7553] bridge_slave_0: entered allmulticast mode
[  419.920779][ T7553] bridge_slave_0: entered promiscuous mode
[  420.696337][ T7553] bridge0: port 2(bridge_slave_1) entered blocking state
[  420.716084][ T7553] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.724040][ T7553] bridge_slave_1: entered allmulticast mode
[  420.733350][ T7553] bridge_slave_1: entered promiscuous mode
[  420.786857][ T7577] EXT4-fs (loop2): 1 orphan inode deleted
[  420.798067][ T7577] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.882641][ T7584] loop0: detected capacity change from 0 to 1024
[  420.904372][ T7577] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  420.925989][ T4220] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  420.936455][ T4220] EXT4-fs error (device loop2): ext4_release_dquot:6971: comm kworker/u8:19: Failed to release dquot type 1
[  420.987253][ T7584] EXT4-fs: Ignoring removed orlov option
[  421.209179][ T7584] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  421.315228][ T7577] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  421.356576][ T7553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  421.378421][ T7577] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.884475][ T7553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  421.925579][ T5788] Bluetooth: hci5: command tx timeout
[  423.869272][ T7553] team0: Port device team_slave_0 added
[  423.899031][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  423.969144][ T7553] team0: Port device team_slave_1 added
[  423.973863][   T52] Bluetooth: hci5: command tx timeout
[  424.195282][ T7553] batman_adv: batadv0: Adding interface: batadv_slave_0
[  424.202464][ T7553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.231543][ T7553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  424.375084][ T5788] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  424.384708][ T5788] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  424.412490][ T7553] batman_adv: batadv0: Adding interface: batadv_slave_1
[  424.419912][ T7553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.448410][ T7553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  424.463287][ T5788] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  424.561242][ T5788] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  424.648838][ T7553] hsr_slave_0: entered promiscuous mode
[  424.659000][ T7553] hsr_slave_1: entered promiscuous mode
[  424.670628][ T7553] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  424.678510][ T7553] Cannot create hsr debugfs directory
[  424.687351][ T5788] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  425.075800][ T7608] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma?
[  425.971301][ T7615] loop1: detected capacity change from 0 to 512
[  426.016795][ T7615] EXT4-fs: Ignoring removed nobh option
[  426.250725][ T7615] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.387: invalid indirect mapped block 256 (level 2)
[  426.304775][ T7615] EXT4-fs (loop1): 2 truncates cleaned up
[  426.314098][ T7615] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.511983][ T7553] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  426.609643][ T7623] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  426.888221][ T5788] Bluetooth: hci6: command tx timeout
[  426.931357][ T7615] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.387: bg 0: block 5: invalid block bitmap
[  427.230295][ T7615] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  427.248799][ T7615] EXT4-fs (loop1): This should not happen!! Data will be lost
[  427.248799][ T7615] 
[  427.286744][ T7615] EXT4-fs (loop1): Total free blocks count 0
[  427.293389][ T7615] EXT4-fs (loop1): Free/Dirty block details
[  427.299795][ T7615] EXT4-fs (loop1): free_blocks=0
[  427.312409][ T7615] EXT4-fs (loop1): dirty_blocks=66
[  427.318024][ T7615] EXT4-fs (loop1): Block reservation details
[  427.324640][ T7615] EXT4-fs (loop1): i_reserved_data_blocks=66
[  428.036175][ T7553] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  429.207226][ T5788] Bluetooth: hci6: command tx timeout
[  429.533764][ T7553] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  429.741433][ T7500] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28
[  429.851216][ T7553] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  430.982697][ T7635] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  430.991780][ T7635] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  431.245744][ T5788] Bluetooth: hci6: command tx timeout
[  432.886583][ T7602] chnl_net:caif_netlink_parms(): no params data found
[  433.326423][ T5788] Bluetooth: hci6: command tx timeout
[  433.948668][ T4220] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.212622][ T4220] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.456054][ T4220] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.778448][ T4220] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.106725][ T7553] 8021q: adding VLAN 0 to HW filter on device bond0
[  436.343272][ T7602] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.353861][ T7602] bridge0: port 1(bridge_slave_0) entered disabled state
[  436.361694][ T7602] bridge_slave_0: entered allmulticast mode
[  436.375679][ T7602] bridge_slave_0: entered promiscuous mode
[  436.456206][ T7553] 8021q: adding VLAN 0 to HW filter on device team0
[  436.546083][ T7602] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.553986][ T7602] bridge0: port 2(bridge_slave_1) entered disabled state
[  436.561783][ T7602] bridge_slave_1: entered allmulticast mode
[  436.571493][ T7602] bridge_slave_1: entered promiscuous mode
[  436.667005][ T7508] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.674623][ T7508] bridge0: port 1(bridge_slave_0) entered forwarding state
[  436.694628][ T7508] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.702211][ T7508] bridge0: port 2(bridge_slave_1) entered forwarding state
[  436.892315][ T4220] bridge_slave_1: left allmulticast mode
[  436.898645][ T4220] bridge_slave_1: left promiscuous mode
[  436.905412][ T4220] bridge0: port 2(bridge_slave_1) entered disabled state
[  436.953065][ T4220] bridge_slave_0: left allmulticast mode
[  436.959356][ T4220] bridge_slave_0: left promiscuous mode
[  436.966101][ T4220] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.230572][ T7664] loop1: detected capacity change from 0 to 1024
[  437.960657][ T4220] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  438.187900][ T4220] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  438.266188][ T4220] bond0 (unregistering): Released all slaves
[  438.654449][ T7602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  438.764649][ T7602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  440.712239][ T7602] team0: Port device team_slave_0 added
[  441.774501][ T7602] team0: Port device team_slave_1 added
[  443.009130][ T4220] hsr_slave_0: left promiscuous mode
[  443.551118][ T4220] hsr_slave_1: left promiscuous mode
[  443.565253][ T4220] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  443.573060][ T4220] batman_adv: batadv0: Removing interface: batadv_slave_0
[  443.598635][ T4220] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  443.608381][ T4220] batman_adv: batadv0: Removing interface: batadv_slave_1
[  443.689179][ T4220] veth1_macvtap: left promiscuous mode
[  443.700001][ T4220] veth0_macvtap: left promiscuous mode
[  443.716674][ T4220] veth1_vlan: left promiscuous mode
[  443.723996][ T4220] veth0_vlan: left promiscuous mode
[  447.708848][ T4220] team0 (unregistering): Port device team_slave_1 removed
[  447.750916][ T4220] team0 (unregistering): Port device team_slave_0 removed
[  451.430456][ T7602] batman_adv: batadv0: Adding interface: batadv_slave_0
[  451.438304][ T7602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  451.465305][ T7602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  451.907837][ T7602] batman_adv: batadv0: Adding interface: batadv_slave_1
[  451.915628][ T7602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  451.915798][ T7602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  452.909340][ T7602] hsr_slave_0: entered promiscuous mode
[  452.918976][ T7602] hsr_slave_1: entered promiscuous mode
[  453.419212][ T4220] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.757574][ T4220] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.026642][ T4220] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.327803][ T4220] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  455.010839][ T7553] 8021q: adding VLAN 0 to HW filter on device batadv0
[  455.607819][ T4220] bridge_slave_1: left allmulticast mode
[  455.618322][ T4220] bridge_slave_1: left promiscuous mode
[  455.638440][ T4220] bridge0: port 2(bridge_slave_1) entered disabled state
[  455.815437][ T4220] bridge_slave_0: left allmulticast mode
[  455.821549][ T4220] bridge_slave_0: left promiscuous mode
[  455.839931][ T4220] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.425401][ T4220] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  457.481688][ T4220] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  457.503127][ T4220] bond0 (unregistering): Released all slaves
[  458.053741][ T7602] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  458.288462][ T7602] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  458.315291][ T5788] Bluetooth: hci2: Malformed Event: 0x02
[  458.540003][ T7602] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  458.605556][ T7602] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  458.712724][ T4220] hsr_slave_0: left promiscuous mode
[  459.249492][ T4220] hsr_slave_1: left promiscuous mode
[  459.256683][ T4220] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  459.266371][ T4220] batman_adv: batadv0: Removing interface: batadv_slave_0
[  460.297425][ T4220] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  460.307856][ T4220] batman_adv: batadv0: Removing interface: batadv_slave_1
[  461.545134][ T4220] batadv0: left promiscuous mode
[  461.550502][ T4220] veth1_macvtap: left promiscuous mode
[  461.556392][ T4220] veth0_macvtap: left promiscuous mode
[  461.564528][ T4220] veth1_vlan: left promiscuous mode
[  461.570159][ T4220] veth0_vlan: left promiscuous mode
[  462.147795][ T7742] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  462.163172][ T7742] Cannot find add_set index 0 as target
[  462.757187][ T4220] team0 (unregistering): Port device team_slave_1 removed
[  462.887959][ T4220] team0 (unregistering): Port device team_slave_0 removed
[  465.369719][ T7553] veth0_vlan: entered promiscuous mode
[  465.418375][ T7756] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  465.426590][ T7553] veth1_vlan: entered promiscuous mode
[  465.914404][ T7602] 8021q: adding VLAN 0 to HW filter on device bond0
[  465.928779][ T7553] veth0_macvtap: entered promiscuous mode
[  466.000604][ T7553] veth1_macvtap: entered promiscuous mode
[  466.072891][ T7602] 8021q: adding VLAN 0 to HW filter on device team0
[  466.201892][ T7553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  466.216179][ T7553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.227260][ T7553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  466.238091][ T7553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.248240][ T7553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  466.259037][ T7553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.276838][ T7553] batman_adv: batadv0: Interface activated: batadv_slave_0
[  466.292755][ T4220] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.300344][ T4220] bridge0: port 1(bridge_slave_0) entered forwarding state
[  466.464846][ T4220] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.472444][ T4220] bridge0: port 2(bridge_slave_1) entered forwarding state
[  466.612606][ T7553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  466.624892][ T7553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.635268][ T7553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  466.645982][ T7553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.656102][ T7553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  466.666920][ T7553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.683336][ T7553] batman_adv: batadv0: Interface activated: batadv_slave_1
[  466.935152][ T7553] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  466.944341][ T7553] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  466.953367][ T7553] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  466.962521][ T7553] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  467.013200][ T7602] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  467.025158][ T7602] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  468.895907][ T7602] 8021q: adding VLAN 0 to HW filter on device batadv0
[  469.154912][ T7790] loop1: detected capacity change from 0 to 2048
[  469.188113][ T7790] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  469.398824][ T7790] syz.1.432: attempt to access beyond end of device
[  469.398824][ T7790] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  469.414491][ T7793] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  470.076977][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  470.353685][ T7804] loop1: detected capacity change from 0 to 64
[  470.544925][ T7804] =====================================================
[  470.552159][ T7804] BUG: KMSAN: uninit-value in hfs_free_fork+0x929/0xa70
[  470.559623][ T7804]  hfs_free_fork+0x929/0xa70
[  470.564615][ T7804]  hfs_cat_delete+0x47c/0xb90
[  470.569500][ T7804]  hfs_rename+0x1cb/0x550
[  470.575997][ T7804]  vfs_rename+0x1e87/0x2460
[  470.580704][ T7804]  do_renameat2+0x175e/0x1d70
[  470.586417][ T7804]  __x64_sys_rename+0xd7/0x140
[  470.591391][ T7804]  x64_sys_call+0x3553/0x3db0
[  470.596430][ T7804]  do_syscall_64+0xd9/0x1b0
[  470.601154][ T7804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.608003][ T7804] 
[  470.610433][ T7804] Uninit was created at:
[  470.615462][ T7804]  __kmalloc_noprof+0x95f/0x1310
[  470.620660][ T7804]  hfs_find_init+0x93/0x260
[  470.625627][ T7804]  hfs_free_fork+0x392/0xa70
[  470.630418][ T7804]  hfs_cat_delete+0x47c/0xb90
[  470.635541][ T7804]  hfs_rename+0x1cb/0x550
[  470.640057][ T7804]  vfs_rename+0x1e87/0x2460
[  470.644928][ T7804]  do_renameat2+0x175e/0x1d70
[  470.649820][ T7804]  __x64_sys_rename+0xd7/0x140
[  470.654991][ T7804]  x64_sys_call+0x3553/0x3db0
[  470.659908][ T7804]  do_syscall_64+0xd9/0x1b0
[  470.664774][ T7804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.670875][ T7804] 
[  470.675442][ T7804] CPU: 1 UID: 0 PID: 7804 Comm: syz.1.434 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  470.688369][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  470.699066][ T7804] =====================================================
[  470.706302][ T7804] Disabling lock debugging due to kernel taint
[  470.712581][ T7804] Kernel panic - not syncing: kmsan.panic set ...
[  470.719176][ T7804] CPU: 1 UID: 0 PID: 7804 Comm: syz.1.434 Tainted: G    B               6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
[  470.732978][ T7804] Tainted: [B]=BAD_PAGE
[  470.737259][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  470.747489][ T7804] Call Trace:
[  470.750894][ T7804]  <TASK>
[  470.753936][ T7804]  __dump_stack+0x26/0x30
[  470.758466][ T7804]  dump_stack_lvl+0x53/0x270
[  470.763316][ T7804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  470.769394][ T7804]  dump_stack+0x1e/0x25
[  470.773774][ T7804]  panic+0x4bd/0xd50
[  470.777922][ T7804]  kmsan_report+0x29d/0x2a0
[  470.782658][ T7804]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  470.789208][ T7804]  ? __msan_warning+0x96/0x120
[  470.794162][ T7804]  ? hfs_free_fork+0x929/0xa70
[  470.799134][ T7804]  ? hfs_cat_delete+0x47c/0xb90
[  470.804194][ T7804]  ? hfs_rename+0x1cb/0x550
[  470.808886][ T7804]  ? vfs_rename+0x1e87/0x2460
[  470.813762][ T7804]  ? do_renameat2+0x175e/0x1d70
[  470.818820][ T7804]  ? __x64_sys_rename+0xd7/0x140
[  470.823991][ T7804]  ? x64_sys_call+0x3553/0x3db0
[  470.829090][ T7804]  ? do_syscall_64+0xd9/0x1b0
[  470.834000][ T7804]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.840296][ T7804]  ? _raw_spin_unlock_irqrestore+0x3f/0x60
[  470.846310][ T7804]  ? stack_depot_save_flags+0x60f/0x7c0
[  470.852110][ T7804]  ? kmsan_get_metadata+0x105/0x1b0
[  470.857539][ T7804]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  470.864082][ T7804]  ? kmsan_get_metadata+0x105/0x1b0
[  470.869510][ T7804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  470.875566][ T7804]  ? hfs_brec_find+0x20f/0x9f0
[  470.880590][ T7804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  470.886624][ T7804]  ? kmsan_get_metadata+0x105/0x1b0
[  470.892054][ T7804]  __msan_warning+0x96/0x120
[  470.896851][ T7804]  hfs_free_fork+0x929/0xa70
[  470.901677][ T7804]  hfs_cat_delete+0x47c/0xb90
[  470.906614][ T7804]  hfs_rename+0x1cb/0x550
[  470.911148][ T7804]  ? __pfx_hfs_rename+0x10/0x10
[  470.916215][ T7804]  vfs_rename+0x1e87/0x2460
[  470.920964][ T7804]  do_renameat2+0x175e/0x1d70
[  470.925911][ T7804]  __x64_sys_rename+0xd7/0x140
[  470.930912][ T7804]  x64_sys_call+0x3553/0x3db0
[  470.935844][ T7804]  do_syscall_64+0xd9/0x1b0
[  470.940625][ T7804]  ? irqentry_exit+0x16/0x60
[  470.945443][ T7804]  ? clear_bhb_loop+0x25/0x80
[  470.950344][ T7804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.956437][ T7804] RIP: 0033:0x7f369858e969
[  470.961006][ T7804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.980821][ T7804] RSP: 002b:00007f369941e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  470.989444][ T7804] RAX: ffffffffffffffda RBX: 00007f36987b5fa0 RCX: 00007f369858e969
[  470.997629][ T7804] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000000
[  471.005778][ T7804] RBP: 00007f3698610ab1 R08: 0000000000000000 R09: 0000000000000000
[  471.013917][ T7804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  471.022039][ T7804] R13: 0000000000000000 R14: 00007f36987b5fa0 R15: 00007fff1c771b58
[  471.030223][ T7804]  </TASK>
[  471.033718][ T7804] Kernel Offset: disabled
[  471.038126][ T7804] Rebooting in 86400 seconds..